Internet users are becoming ignorant with their data and the transparency of information due to the nature of high-speed internet today. Regrettably, internet users are deceived by engineering tactics performed by highly trained people, namely cybercriminals. Thus, in order to combat phishing attacks, internet users should be educated on security…

The first step to improving an organization's security posture is to define the organization's security goals. At a technical level, these goals are expressed as security policies. Security policies are predicates over programs, that return true or false if the program adheres to the policy. Defining these policies correctly is thus essential to…

We describe Shamir's secret sharing scheme and explain how it can be used for secure and redundant cryptocurrency storage. We include samples of individual and group assignments that can be used in an upper-division cryptology class for students who are familiar with modular arithmetic. It takes about one class to cover Shamir's secret sharing,…

Remotely proctored online examinations proliferate in academic and corporate learning environments (Grajek, 2020). Remote (virtual) proctoring allows organizations to efficiently offer tests globally while reducing the costs of proctored testing generally associated with traditional paper-and-pencil and computer-based testing center examinations.…

This article describes the author's experience designing and implementing an inquiry-based learning (IBL) pedagogical approach to an upper-division undergraduate cryptology course. The author shares the course goals and how the IBL style supports their achievement. The article concludes with sample activities -- in-class exercises that touch on…

The field of learning analytics has advanced from infancy stages into a more practical domain, where tangible solutions are being implemented. Nevertheless, the field has encountered numerous privacy and data protection issues that have garnered significant and growing attention. In this systematic review, four databases were searched concerning…

In this paper, we describe the development of an in-class exercise designed to teach students how to craft social engineering attacks. Specifically, we focus on the development of phishing emails. Providing an opportunity to craft offensive attacks not only helps prepare students for a career in penetration testing but can also enhance their…

Secure Code Education (SCE) is the compliance requirement for many organizations in the U.S. Consequently, many U.S. companies spend large sums on programs and tooling to meet this requirement and to upskill their developers. This tooling is largely underutilized. Classes beyond the bare required minimum are often not taken advantage of, leaving…

The role of ethics becomes even more significant given the huge advent and increase of cyber-criminal activities in cyberspace. It has become an urgent necessity to curb the menace of unethical practices in cyberspace and contribute ethical guidelines to a safe and secure digital environment. To minimize the growth of cybercrimes and unethical…

Purpose: This study aims to analyze the platforming scenario at a Brazilian university as well as the data security process for students and professors. Design/methodology/approach: This research brings an analysis through a qualitative approach of the platformization process in a Brazilian teaching institution. Findings: The results point to a…

We present a concrete situation where there is a difference between the theoretical security of a cipher and its limitations when implemented in practice. Specifically, when entering a PIN, smudges on the keypad substantially reduce its security. We show how the number of possible keys in the presence of the "smudge attack" can be…

Computer-supported learning technologies are essential for conducting hands-on cybersecurity training. These technologies create environments that emulate a realistic IT infrastructure for the training. Within the environment, training participants use various software tools to perform offensive or defensive actions. Usage of these tools generates…

While the introduction of memory-safe programming languages into embedded, Cyber-Physical Systems (CPS) offers an opportunity to eliminate many system vulnerabilities, a pragmatic adoption of memory-safe programming languages often necessitates incremental deployment due to practical development constraints, such as the size of many legacy code…

In this paper, I analyze the impact of culture and metaphor on cryptology education. I will compare and contrast the historically grounded metaphors of cryptology-is-warfare and encryption-is-security to a set of counter-metaphors: cryptology-is-privacy and encryption-is-communication. Using this explicit understanding of conceptual metaphor, I…

This paper describes Alkaline, a size-reduced version of Kyber, which has recently been announced as a prototype NIST standard for post-quantum public-key cryptography. While not as simple as RSA, I believe that Alkaline can be used in an undergraduate classroom to effectively teach the techniques and principles behind Kyber and post-quantum…