Cybersecurity explained with a Shipping Metaphor
Cybersecurity in general can be best explained using the shipping industry for key visual elements.
Sketch 1 (1,500 characters)
Please read the entire article (attached), but in general I believe that ships should be used to describe http requests, and docks should be used to describe servers that process those requests.
The shipping industry tends to deal in commodities. Think of these like the sheep, wheat, ore, brick, wood, and gold from Settlers of Catan. In a computerized system, the commodity that is shipped is data. Some of this data is rich like http requests and some of this data is simple text based emails.
Most ships don’t just go around randomly selling wares like a tinker. Instead, a buyer purchases the commodity from a seller, and they figure out the details of when the commodity should arrive and what to do if a ship is lost at sea. Then all the work is left up to a ship captain and a dock foreman. The captain of a ship is often given a shipping manifest describing some of these details as shorthand instructions. In this metaphor, these instructions are ‘request headers’ that adhere to certain protocols like http or smtp. Assuming the captain is shipping the right type of commodity, the request headers will make sense to any dock foreman that receives a shipment. However, the captain himself is unlikely to understand the instructions because they are in shorthand. He can be tricked by switching out his manifest or his cargo, and he would be none the wiser. Because the captain has been tricked, he may trick dock foreman unknowingly as well.
Sketch 2 (1,500 characters)
Please read the entire article (attached), but in general I believe that telescopes should be used to describe private keys, and flags should be used to describe public keys.
In the 90s, I played a board game that had these cards with a blue word obscured by red dots covering it. After making a guess, a player took a red lens magnifying glass, and looked at the card. Suddenly, the word was revealed clearly because the red lens filtered out the red dots.
Encryption works much the same way, with ships having these cards as their flags, and dock foreman having various colored lens telescopes to read the flags. The flags are referred to as a public key and the telescopes are referred to as a private key. Any person can make a flag by writing a message on a piece of cloth, and spraying it with the correct color. The captain of a ship might not even know what the flag says, but he has his shipping instructions that tell him what flag to fly at each dock. The flag creator uses spray paint of a certain color to obfuscate any message or symbol, and the dock foreman has a lens of that exact color to decrypt the message. If the dock foreman recognizes the flag, he will allow the ship to park at the dock, and unload its cargo.
What have you learned through this sketching process? (1,000 characters)
Originally, I thought I could organize this process by describing a few different types of attacks, and then building a metaphor of breaking into a house off of these attacks. After some research, I realized that this metaphor was too simplistic. First, I needed some way to capture how busy the internet is. Data is constantly moving, and I needed a metaphor to reflect that. Second, I read an article called the "law of leaky abstractions", and I realized that I needed a metaphor that was diverse enough to deal with how the internet has many entities that build things on top of each other.
Tell us more about you. (1,000 characters)
I went to school originally to be a material science engineer. Toward the end of my undergrad degree, I realized I did not have a passion for that subject. I started looking into other areas of study, and realized I could make a decent living as a patent attorney. I went to law school, and became a patent attorney. After practicing a few years writing patents for Cisco and Oracle, I again lost my passion. At this point, I am writing articles, entering challenges, and building web projects trying to find my place in the world.
Why are you participating in this Challenge? (750 characters)
I ready the book "Creative Confidence", and I was excited to find out more about openIDEO, and what it had to offer. After reviewing the challenges, I decided that I could participate in this challenge, so I figured I would give it a shot. I love learning about the various facets of the internet and using my research to develop blog articles and bigger software projects. I haven't figured out how to make money in this new found passion yet, but hopefully challenges like these will give me a place to start.
What is your experience with the field of cybersecurity?
I have minimal experience and/or knowledge in the cybersecurity field.
How did you hear about this OpenIDEO Challenge?
Location: State / District