Your Turn: Improve the Security

In Try This: Calculate the Benefit of Access Control, you calculated the increase in isolation by adding group as well as group and address.  The AI was asked to use channel, group, and address. 

  • Do the scripts work correctly?
  • Did it follow the instructions correctly?  
  • If not, how would you correct this? 
  • What else could you do to increase the security of this system?

 

User

Below are two scripts that run on BBC micro:bit modules.  Please increase their security by adding any features that might not have already been this recommendation:

  • 7: Access Control and Isolation:

    Utilize micro:bit's communication features such as channel, group, and address settings to restrict communication to specific devices or groups. This helps isolate the micro:bit from unauthorized interactions, enhancing the overall security of script updates.

# Module 1: Sender

… (script omitted, see Scripts section in this activity.)

# Module 2: Receiver

… (script omitted, see Scripts section in this activity.)

 

ChatGPT

To enhance the security of communication between the sender and receiver micro:bits, you can implement access control and isolation using the micro:bit's communication features. In this case, you can utilize the group setting to restrict communication to specific devices or groups.

Here's an updated version of your scripts:

Module 1: Sender

import radio

def get_input_string():
    print("Enter text:")
    return input()

def xor_encrypt(message, key):
    encrypted_message = ""
    for char in message:
        encrypted_message += chr(ord(char) ^ key)
    return encrypted_message

# Replace 'YOUR_XOR_KEY' with a value between 0 and 255
xor_key = 42

# Set a specific group for communication
radio.on()
radio.config(length=250, channel=7, group=1)  # Change the group number as needed

while True:
    user_input = get_input_string()
    encrypted_message = xor_encrypt(user_input, xor_key)
    radio.send(encrypted_message)
    print("Sent:", user_input)

 

Module 2: Receiver

import radio

def xor_decrypt(encrypted_message, key):
    decrypted_message = ""
    for char in encrypted_message:
        decrypted_message += chr(ord(char) ^ key)
    return decrypted_message

def execute_python_code(script_lines, key):
    try:
        script = "\n".join(script_lines)
        exec(script)
    except Exception as e:
        print("Error:", e)

# Replace 'YOUR_XOR_KEY' with the same key used in the sender script
xor_key = 42

# Set the same group for communication
radio.on()
radio.config(length=250, channel=7, group=1)  # Change the group number as needed

script_lines = []
indent_level = 0

while True:
    encrypted_message = radio.receive()
    if encrypted_message is not None:
        try:
            decrypted_message = xor_decrypt(encrypted_message, xor_key)
            print("Received:", decrypted_message)

            if decrypted_message == "run":
                execute_python_code(script_lines, xor_key)
                script_lines = []
                indent_level = 0
            else:
                line_indent = len(decrypted_message) - len(decrypted_message.lstrip())
                if line_indent > indent_level:
                    script_lines.append(decrypted_message[indent_level:])
                else:
                    script_lines.append(decrypted_message)
        except Exception as e:
            print("Error decrypting message:", e)

In this version, both the sender and receiver scripts use the group setting to ensure that they communicate only with micro:bits in the same group. Adjust the group number as needed for your specific scenario.