Swiss high school students copying their own fingers and locked their phones on. That was not copied from the sex education, but in other areas there are amazing parallels.
(Photo: Daniel AJ Sokolov)
teach the proper handling of credentials school students is not easy. A pilot project in Zurich pointed to what (not) going well, and revealed parallels with good sexual education.
Striking parallels between good sex education and good teaching in IT security locates the Canadian scientist Elizabeth Stobert. This doctrine she pulls out a pilot project in some Zurich school gymnasiums. Students should it work out how to deal with login information such as passwords, PINs, Entsperrmustern and fingerprints. Last week presented their findings Stobert at Usenix Workshop on Advances in Security Education (ASE '17) in Vancouver.
the youth of external experts were Instructed: "Currently, we can not rely on the normal teacher us", Stobert found "Over time, however, they are able to take on more tasks." She has published teaching materials in English and German, the original version on request. Stobert hopes that there is a wealth of educational teaching materials for IT security soon and that Educators been inspired in the teaching methods from the experience of sex education.
In the heart of Zurich's curriculum concentrated on work in small groups of two to four students. The first of five sections devoted to choosing a good password. "It turns out that we have too high", Stobert admitted in their presentation, "The students did not have the math skills for those formulas that show how easily a specific password is to guess."
The maiden name of Justin Biebers MotherA finger copy of silicone, such as those made by Zürcher high school students to circumvention of Fingerabdrucksensorsen.(Photo: Daniel AJ Sokolov)
In the second section, the students calculated hashes PINs, went to graphical passwords, such as images or patterns in the third. was discussed the "shoulder surfing"Where you abschaut the right solution, or fat attacks, reveal the unlock pattern in the finger marks on a display. In addition, the relationship between memorability and Erratbarkeit passwords was discussed.
Special fun should young people have had in the last two chapters: first, it was about the right answers to "security questions" to find for the accounts celebrities like Justin Bieber, Rihanna and Roger Federer. This was achieved by the bank. And finally tried the students to clone with silicon and graphite powder their own fingerprint. Some then also managed to unlock her artificial fingers their own cell phones.
Parallel with sex education
"The relationship between IT security and computer science corresponds approximately to the ratio of the sex-Biology", Stobert illustrated in her presentation on the ASE workshop. to teach IT security belongs to them so not only in a specialized computer science. As with the sex education it was important to start early to lay a foundation for good habits, and refresh and expand the knowledge over the years in small bites.
Too much information at once while the children, too little leads to misconceptions about demand. In addition, every now changed as there state of science and risks over time. While it certainly go to serious scientific issues that stood in the favor of teenagers but practical applications in the foreground that are associated with fun.
Both during sex and on the Internet it was important to analyze risks, which can be very difficult. And in both areas each time passing necessarily something bad if you do not do everything right. They also state that it is not easy in both subject areas to measure the success of teaching. Given these parallels, it was obvious to adapt proven didactic concepts for the transmission of knowledge about IT security in the sex education.(Ds)