Using AI to Help with Cyber Defenses

In the previous activity, you saw how AI can potentially be misused to create software vulnerabilities and back doors, and both can be considered cybersecurity threats.  It takes a lot of work to mitigate those kind of threats, and AI can help with that too.

In this activity, you will see an example of how AI can be used as a tool to help assess and mitigate threats.  

  • Read through the conversation below. Again, the ... symbol represents script iterations that were omitted here, and final scripts are on the next page.


Development

User

Consider these two scripts for micro:bit modules (from the previous activity).  They have a use in terms of remotely updating the script in the receiver micro:bit.  However, this also creates a vulnerability.  What steps should be taken to harden this system against unauthorized scripts that a user of a different micro:bit could load into the receiver micro:bit?

Module 1: Sender

Module 2: Receiver

ChatGPT

Loading and executing arbitrary code received from an external source, as in Module 2 (Receiver), can indeed pose security risks. To enhance the security of the system, you can implement several measures:

  • 6. Encryption:
    Encrypt the communication between the sender and receiver to prevent eavesdropping or unauthorized interception of the scripts.
  • 7. Access Control and Isolation:
    Utilize micro:bit's communication features such as channel, group, and address settings to restrict communication to specific devices or groups. This helps isolate the micro:bit from unauthorized interactions, enhancing the overall security of script updates.

Remember that security is a multi-layered approach, and it's often beneficial to combine several techniques to create a robust defense against potential threats. Consider the specific requirements and constraints of your application while implementing these measures.

 

User

Please update the two scripts as explained in item 6.

ChatGPT

To implement encryption for the communication between the sender and receiver, you can use the cryptography library in Python. (The AI made a mistake here.)  Here's an updated version of the sender and receiver scripts with encryption using Fernet symmetric key encryption:

( Scripts that caused exceptions omitted )

User

This is the micro:bit we are working with.  Your scripts caused exceptions.  

(Although the AI did figure out its mistake, this simple problem statement could have led to more misunderstandings.  Since the micro:bit sent an exception to its display and the serial monitor, the User could have added that to improve the AI’s chances of a correct response on the first try.)

ChatGPT

I apologize for the inconvenience. The micro:bit has limited resources, and not all libraries that work in a regular Python environment are available.  Additionally, certain cryptographic libraries may not be directly supported on micro:bit.

To address this limitation, you can simplify the encryption by using a lightweight encryption algorithm like XOR. While XOR is not as secure as advanced encryption algorithms, it can provide basic protection for communication in resource-constrained environments like micro:bit.

Here's an updated version using XOR encryption:

Remember to replace 'YOUR_XOR_KEY' with a value between 0 and 255, and ensure that both the sender and receiver use the same XOR key. Note that XOR encryption is a basic form of encryption and may not provide the same level of security as more advanced algorithms. Adjust the key based on your security requirements and constraints.

 

User

The receiver script doesn't seem to actually execute the script.  It displays the lines of script correctly, but then, it does nothing.  Don't revise the scripts yet, just, very briefly, comment on the suspected cause.


ChatGPT

The described behavior suggests that the script lines are successfully received and displayed, but the execution phase might encounter issues. Possible causes could include issues with the execution environment, errors in the script content, or limitations of the micro:bit platform related to dynamic code execution. Further investigation into the execution phase, error handling, and the micro:bit's support for dynamic code interpretation may help pinpoint the root cause.

User

I disagree.  I think it's because the script lacks the exec() function.  Can you use that to fix the scripts?

ChatGPT

Certainly, if the issue is related to the lack of the exec() function, you can incorporate it into the script execution process. Here's a modification to the receiver script:

(script omitted)

In this modification, the execute_python_code function now uses exec() to run the received script. Ensure that this aligns with the capabilities and security considerations of the micro:bit platform.

(Three more iterations followed.  Without Python experience gained from learn.parallax.com micro:bit chapters and lots of practice writing and debugging scripts, this might have turned into an unsuccessful session.  It was only due to the User’s prior experience that they were able to help the AI produce scripts that actually worked.  Even though AI will undoubtedly improve, humans will still need to understand concepts and have the skills to actually get results from Ais.)