Top

Published in:

2020 | OriginalPaper | Chapter

Learning and Grading Cryptology via Automated Test Driven Software Development

Author : Konstantin Knorr

Published in: Information Security Education. Information Security in Action

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Understanding common cryptological concepts like encryption, hashing, signatures, and certificates is a prerequisite when working as an IT security professional but it is also a major challenge in security education. Often students struggle with cryptology as sound previous mathematical knowledge is required and study time is limited. Teachers face the problem to fairly assess the students’ knowledge and understanding of cryptology. The paper presents an approach to face these challenges by utilizing test driven software development techniques for students who have taken courses in programming and theoretical cryptology. The paper describes the practical experience gained in courses with ~30 students utilizing a specialized client-server system to automate the tests. We propose that this setup is beneficial for learning as it gives immediate feedback and allows students to focus on the erroneous parts of their software. The test cases can also be used to grade students’ code by weighting the test cases e.g. in an exam setting.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

next chapter An Institutional Risk Reduction Model for Teaching Cybersecurity

Available only for authorised users

Galois Counter Mode = modern block mode for symmetric ciphers like AES which allows for encryption and authentication of data.

Note that some encryption schemes like Playfair in combination with certain padding schemas can yield different decrypted ciphertexts than the original plaintext.

If you are interested, please contact the author. Note that the material is currently only available in German.

Edwards, S., Pérez-Quiñones, M.: Experiences using test-driven development with an automated grader. J. Comput. Sci. Coll. 22(3), 44–50 (2007)

Beck, K.: Test-Driven Development: By Example. Addison Wesley, Boston (2002)

JUnit Homepage. https://junit.org. Accessed 29 Jan 2020

Iffländer, L., et al.: PABS – a programming assignment feedback system. In: Proceedings of the 2nd Workshop Automatische Bewertung von Programmieraufgaben (2015)

Isong, J.: Developing an automated program checker. J. Comput. Small Coll. 16(3), 218–224 (2001)

Krusche, S., Seitz, A.: ArTEMiS - an automatic assessment management system for interactive learning. SIGCSE 2018, 21–24 February, Baltimore, MD, USA (2018)

Herres, B., Oechsle, R., Schuster, D.: Der Grader ASB. In: Herausgeber Oliver, J. et al. Automatisierte Bewertung in der Programmierausbildung, pp. 255–271. Waxmann-Verlag (2017)

Schuster, D., et al.: Automatische Bewertung von JavaFX-Anwendungen. In: Proceedings of the 3rd Workshop Automatische Bewertung von Programmieraufgaben (2017)

Knudsen, K.: Java Cryptography. O’Reilly, Sebastopol (1998)MATH

10.

Weiss, J.: Java Cryptography Extensions, 1st edn. Morgan Kaufmann, Burlington (2004)MATH

11.

Bouncy Castle. https://www.bouncycastle.org. Accessed 12 Mar 2020

12.

Lazar, D., et al.: Why does cryptographic software fail? A case study and open problems. In: Proceedings of 5th Asia-Pacific Workshop on Systems, pp. 1–7 (2014)

13.

Kahn, D.: The Codebreakers: The Comprehensive History of Secret Communication from Ancient Times to the Internet. Scribner, New York (1996)

14.

Stinson, D., Paterson, M.: Cryptography: Theory and Practice, 4th edn. CRC, Boca Raton (2018)CrossRef

15.

Hook, D.: Beginning Cryptography with Java. Wrox, Birmingham (2005)

16.

Hook, D., Eaves, J.: Java Cryptography: Tools and Techniques, ebook (2020). https://leanpub.com/javacryptotoolsandtech

17.

Long, F., et al.: The CERT Oracle Secure Coding Standard for Java. Addison-Wesley, Boston (2011)

18.

McGraw, G.: Software Security – Building Security. Addison-Wesley, Boston (2006)CrossRef

19.

Desai, C., Janzen, D.: Savage, K: A survey of evidence for test-driven development in academia. ACM SIGCSE Bull. 40, 97–101 (2008)CrossRef

20.

Braga, A., Schwab, D., Vannucci, A.: The use of acceptance test-driven development in the construction of cryptographic software. In: 9th International Conference on Emerging Security Information, Systems and Technologies (2015)

21.

Takanen, A., DeMott, J., Miller, C.: Fuzzing for Software Security Testing and Quality Assurance. Artech House, Norwood (2008)MATH

22.

Aumasson, J., Romaillerm, Y.: Automated testing of crypto software using differential fuzzing. In: Blackhat Conference, US (2017)

23.

NIST homepage for post-quantum cryptography. https://csrc.nist.gov/Projects/Post-Quantum-Cryptography. Accessed 9 Feb 2020

Title: Learning and Grading Cryptology via Automated Test Driven Software Development
Author: Konstantin Knorr
Publisher: Springer International Publishing
Book: Information Security Education. Information Security in Action
Print ISBN: 978-3-030-59290-5

Electronic ISBN: 978-3-030-59291-2

Copyright Year: 2020
DOI: https://doi.org/10.1007/978-3-030-59291-2_1

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner