Article: The Design and Evaluation of a Cryptography Teaching Strategy
The article describes the design, implementation, and evaluation of an effective cryptography module for final year software engineering students.
Traditionally cryptography courses have been mathematically involved with an emphasis on theory rather than implementation. This model seemed inappropriate for software engineering students for a number of reasons. Firstly there is a general feeling that software engineering education should incorporate a more “hands-on” application based approach. Software engineering students while studying the basics of mathematics does not necessarily have the in-depth theorem proving or abstract algebraic skills to thrive on such a course. It would be a missed opportunity if the cryptography module catered solely for software engineering students with exceptional mathematical ability. What about the competent software engineer that does not possess this ability? Are they to be left behind? This would have knock on effects later when software engineers were faced with the task of developing secure systems. If they don’t appreciate it or are afraid of it they won’t implement it correctly. There is a relevancy issue here as well. Software engineering students are consistently taught to build practical systems in a structured way incorporating software engineering principles like encapsulation, information hiding, and evolution so any module presented to them should follow this framework.
The key research questions here are how could cryptography fit into such a framework and how could we measure this fit? The benefits to engineering education of addressing these problems are self evident as students will feel more comfortable handling these abstract concepts presented in a more familiar and relevant way. This will lead to increased levels of competence and quality when the students become professional software engineers.
Taking account of the module requirements it was decided to use the Java Cryptographic Architecture, JCA. With this architecture in place and sample skeleton code students can quickly develop and experiment with the concepts presented in the module. The emphasis is then on integrating the different cryptographic primitives into a functioning system rather than trying to re-invent the wheel by painstakingly implementing a standard encryption algorithm. This Java based approach proves particularly useful when deciding on what kind of assessments to post for the module. It allows the course presenter to get to more interesting ideas and problems more quickly than in a traditional module
We tested the hypothesis that there is a better correlation between software engineering results and our cryptography module results than that of traditional mathematics module results and our cryptography module results. The cryptography module results (CR) chosen were the final marks obtained by students in our cryptography module. The software engineering results (SER) chosen were the students’ overall third year marks as this year of the degree contained the most software engineering based modules. The mathematics results (MR) selected were from a module in numerical analysis each student took in the second year of their degree program. It was selected as an example of a traditional mathematics module and was taught by the same lecturer as the cryptography module.
The results show that our cryptography module correlates better to software engineering modules than to traditional mathematics modules. There is a clear trend here that the module is aligning itself to the profile of a software engineering friendly module.
Author 1: Tom DOWLING [email protected]
Article Link: https://www.tandfonline.com/doi/full/10.1080/03043790600797434