Unit 4 Software development
Area of Study 2: Cybersecurity: software security
Outcome 2
Respond to a teacher-provided case study to examine the current software development security strategies of an organisation, identify the risks and the consequences of ineffective strategies and recommend a risk management plan to improve current security practices.
Examples of learning activities
Detailed example
Encryption
Teachers employ a range of strategies to demonstrate the concept of encryption, the use of keys and how the process protects data during transmission and when being stored. Examples of approaches include:
- using a simple message encryption/decryption activity or software application
- running packet sniffer/network analysis software.
Simple message encryption/decryption activity (offline)
Students write a short message and then encrypt the message using a substitution cipher. Teachers provide students with a substitution cipher (letters, numbers, and symbols) or ask them to develop their own. In this activity, the substitution cipher acts as the encryption key.
In pairs, students share their messages around (without the cipher). Very quickly, students will discover that without the cipher the messages are not able to be understood. Students provide their cipher to their partner who then decrypts the message.
Simple message encryption/decryption activity (online)
Teachers can find simple message or data encryption/decryption applications online or create their own using a character substitution algorithm that shifts the characters x number of positions in the character table. For example:
- If the algorithm changes a character using original_character_value + 5, the letter A would become F.
- The original ASCII character value of A is 65. 65 + 5 = 70.
- The new ASCII character value is 70, which translates to F.
- Using the same algorithm on the number 7, would transform the character to <.
- The original ASCII character value of 9 is 57. 57 + 5 = 62.
- The new ASCII character value is 62, which translates to >.
Teachers demonstrate the software to students, highlighting how data stored using encryption can protect data by making it unreadable.
Running packet sniffer/network analyser software
Before conducting this activity, teachers should confirm its suitability with their IT Department personnel, and test the software on the school network prior to running it in class.
In consultation with IT staff, context and software chosen, teachers may choose to capture live data travelling through the network during class, or capture data prior to the class. Teachers may also choose to screen record the data capture process and then show the video to their class.
Teachers can select packets and demonstrate to students that while most data is transmitted securely over a network, some data is still transmitted in plain-text.