Raspberry Pi Cyber Security Workshop - Reflection

Following last month’s post, we planned and delivered a pilot cybersecurity workshop aimed at learners within Progression Step 4 (age 11-14). As previously mentioned, cybersecurity is an essential, yet often neglected aspect of computer science teaching. In this workshop we focused on the concept of ‘secret keys’ and ‘ethical hacking’. Using projects from the Raspberry Pi Foundation’s fantastic resource base.

We worked with a small group of Year 8 pupils from St Clare’s School, Porthcawl. They were enthusiastic and knowledgeable. And were excited to be involved in the pilot session.

We began by exploring their current understanding of cybersecurity and looked at examples of way that we spend our time online, what information we share and how this is kept safe. We looked at how secret keys work and where this would be essential.

As discussed in our previous blog in the series, we used the Caesar Cipher first. It was ideal doing this with paper first as it gave the learners an understanding of what we would be creating later using Python. Initially, some were unsure of what they needed to do. Or were reluctant to create their own messages to share with each other. Next time I will have several messages prepared for the learners to decrypt first before creating their own messages. This will help them understand the process before having to create their own. We began quite slowly, but they soon increased in confidence and were encrypting and decrypting messages to each other. Providing examples and the outset would accelerate this process.

As the pupils had not experienced Python before we spent a little time discussing what it is, where it is used and navigating the Mu IDE (Integrated Development Environment). We then began to create our encrypted message using the secret key. This project allowed us to introduce the concept of variables and lists, which the pupils enjoyed. I was a bit concerned that the step-by-step nature of this part of the workshop would lead to some of the pupils becoming frustrated or bored. But there were opportunities to tinker with their code and discuss ideas or errors. So, everyone was fully engaged.

The way each part of the session built upon the previous proved helpful. As the pupils learned how to encrypt a letter, before moving onto a word, then a phrase. Having Gemma, a Sony team player participating in the workshop was invaluable as she was happy to ask questions that I am sure everyone else was thinking of.

One aspect that some pupils struggled with was copying from the screen. The teacher noted that this was a skill that is not usually challenged in her class as the pupils are often provided with the code that they need. In future, I will have the step-by-step instructions available for some learners. Particularly those with sight issues. Or learners who struggle to copy from their board in school. This is something I will check with each teacher before future workshops.

If we had more time, or as a follow up workshop we would discuss the limitations of a secret key as a form of encryption. There are only 25 possible keys that can be used, without moving around the circle multiple times. Such as key could be cracked by using each possible number until a pattern emerged. Also, common short words could be used to solve the key. Words like ‘I, a, and, the, of, if, you’ would provide quick ways of checking each possible key. A more secure method of encryption would be to use a one-time pad. Here each letter has its own secret key that is chosen at random, making the cipher almost impossible to break. We are currently working on a workshop that would act as a follow up or for older, more experienced pupils.

Our final activity in the workshop was an introduction to ethical hacking. We began by discussing the pupil’s understanding of hacking. This would have been an opportunity to introduce the Computer Misuse Act 1990 (and it’s 2021 updates), which I will do in future sessions. I will also provide more real life examples of ethical hacking. Possibly incorporating examples of what Sony does in this field.

To start the activity, we downloaded the pretend viruses using a Bash command. This tells the files to run automatically after being downloaded, demonstrating how easy it is to download a virus and infect a computer.

At first, the pupils moved quite slowly, referring to the handouts before each step. But they soon got the hang of the commands and were moving between locations quite easily. In future, I will have a tree diagram of the different file locations with the commands, demonstrating how we move up and down levels. This visual representation will give pupils a better understanding of the folder locations and how to move between them. I would also emphasise the cd~ command as this will always return them to their ’home’ folder, the highest level. If they ever became unsure of what level of folder they were in. This was particularly important before creating their quarantine folder, as several pupils created the folder within lower directories rather than their home folder.

We will discuss the importance of understanding where they are within the file system before using the ‘rm’ command and checking before using it, as this command permanently removes a folder/file. One learner accidentally removed his documents folder!

We had a fantastic time during the workshop. I was pleased with the pupil’s feedback, and they seemed to enjoy themselves. We will be running further workshops over the coming months. Hopefully our secondary school programme will prove as popular as our Primary programme.

The projects used are available here.

by Steve Lewis @Steve_Lewis81