Encryption (Plain Text Issue): The problem with having no authentication and plain text communication.

Authentication & Encryption

Learning Goals

  • Dangers of plain text communication over a shared medium
  • Authentication (identity verification) through a shared secret (key, password, etc.)
  • Confidentiality through encryption

Description

In the previous modules we've been communicating with the robots by sending them commands and messages wirelessly through the air. These messages pass through different devices and networking mediums before they reach the robot. Very much like talking to a teammate or a classroom, others could be listening on your communication with your robot. In RoboScape, users can achieve the same through a simulated listen command. As you have already seen, anyone can also send commands to your robot by simply knowing its ID.

All online communication has the same challenges, and therefore we need careful and clever solutions to overcome these issues. Authentication and encryption are two key concepts that will help us in this regard.

Authentication is the process of confirming the truth of a claim. An example of this is an identity claim. Some familiar forms of authentication are providing the password to your account, pin to your credit card, security questions, code words, etc.

Encryption is the process of encoding messages (or any information) in such a way that only authorized parties can access and understand it. Some encryption algorithms (symmetric ciphers) are based on a shared key between the communicating parties.

In RoboScape, we use shared keys to both authenticate and ensure confidentiality of the communication between the users and their robots. The initial cipher that we will explore is the Caesar cipher.

Glossary

Required/Authorized Commands

  • listen
  • set key
  • encrypt

Activities

  • Overhearing
    • Demonstrate the overhearing issue, being able to listen in on the commands everyone else is sending.
  • Lack of Authentication
    • Demonstrate how easy it is to control someone else's robot by simply sending unexpected commands to it, similar to previous experiences with Tug of War.
  • Encryption
    • To counter this problem, the secret code will be used to encrypt all messages from the computer to the robot and vice versa. It uses Caesar cipher with the code/key being the shift amount.
    • This can be shown off to the class by running a simple example of robot movement (turning in a circle), but now using encryption. They will not be able to send it off course or delay commands to the robot as they could previously.