Computer Science
This is the lesson plan which got me the job. I couldn’t be sure of the resources I would have available, so I opted to teach about the CIA Model (set by the College) without anything more than a PowerPoint and a bunch of envelopes and cards. Use freely. Expand as you wish. Post improvements in the comments.
File Name: Microteach-CIA-model.pptx
The CIA Triad
Triad means 3, so there are 3 parts to the CIA triad model
Confidentiality, Integrity and Availability.
Let me illustrate with a bunch of envelopes…
Confidentiality:
Access Control
I have a list of people who are allowed the data. I ask a requesting student for their name and password which I check on a clipboard and if they are correct I give them the envelope.
I give another student the wrong password card and they ask 3 times which I reject and throw them out, showing that brute force password attacks can be foiled.
Authentication
Another student has a clipboard and a piece of paper with “Permission” on it. The requesting student gives their name and password to the clipboard student who gives me the “Permission” paper and I give the requesting student the envelope.
One issue can be the Man in the Middle attack with these two, so a student stands in between us and takes the envelope. He might not pass it on if he is a bad router and open it himself, so we must ensure the data is safe if it falls into the wrong hands with encryption.
Encryption
I have another envelope which I show as having something in code inside it. A student who is unauthorised asks for the envelope and I give them the one without the solution inside it. It doesn’t make sense. An authorised requesting student asks me for the envelope, and I give the one with the decrypted side to them, which they open and turn over which has the message on it decrypted.
Integrity:
Checksums
The requesting student asks for the envelope, I give them an envelope and tell them that the checksum of this data should be 1024, but on the outside of this envelope the checksum says “63”. I ask them if the checksum is correct and they will say no, so I give them an envelope with “1024” on it and ask if it is correct. If it is, they can open the envelope and get the data confident that it is correct.
Malware such as viruses and trojans often affect the checksum of a file, so the discarded envelopes could contain infected files.
Digital Signatures
I give the requesting student an envelope when they ask for it which I have signed. The first envelope isn’t my name. I ask them if it is correct and they say no, so they should discard it as it isn’t properly signed. I sign another one with my own signature and they can confirm it is correct and again can open it in the knowledge that it is correct.
Availability:
Backups
I create two envelopes. A student is given an envelope, and another student is encouraged to take it off them and throw it away. That is a cyber-attack. I ask him for the envelope, but it is lost. I have a second envelope somewhere, but I have to search for a moment before I hand it to them. This is restoring from a backup.
Redundancy
I create two envelopes. A student is given an envelope and then is told to throw it away. I ask him for the envelope, but it is lost. Luckily, I have a second envelope, and I give it to them immediately. This is redundancy.
These two deal with disaster recovery after systems failure, malicious damage or user error.
Denial of Service Prevention
The requesting student asks for the envelope, but all the other students start asking for the envelope at the same time, and I don’t know who to give it to. I ask the requesting student for a token, and they give me the card which says “Permission” on it and so I can give it to them, explaining that without the right token, a firewall or rate limiter will ignore all the other requests and only give the data to the right person.
Worksheet
Resources
Envelopes:
- Basic x 5
- Encrypted x 1
- Encrypted with solution x 1
- Checksum 63
- Checksum 3794
- Checksum 1024
- Envelope for wrong signature
- Envelope for right signature = 12 envelopes in total.
Cards:
- Password card
- Wrong password card
- Permission
- Example of my signature = 4 cards