Communication – Talking securely in a word of eavesdroppers – About Me

View Github Repository Open presentation in a new window

WilliamMayor

See all presentation from WilliamMayor

Communication – Talking securely in a word of eavesdroppers – About Me

0 0

present.scytale.xyz

On Github WilliamMayor / present.scytale.xyz

Communication

Talking securely in a word of eavesdroppers

  • You might have heard of the NSA or GCHQ
  • Secure and private communication is a hot topic
  • We're going to look at some of the principles behind secure communication

About Me

I'm Billy...

  • Hi, I'm Billy

Software Engineer

I work for BAFTA and Diversity and Ability

  • I build software and websites for people
  • Currently I work in the R&D team in BAFTA
  • I also work for DnA, a company that provides training for people with disabilities

Education

I studied Computer Science and Security Science at UCL

I did A-levels in Maths, Further Maths, and Drama

  • If you're interested?

Tomorrow...

Encryption

How can we protect messages from prying eyes?

Decryption

How can we read encrypted messages?

Hacking

How can we break into encrypted messages?

Why?

What are secure communications used for?

This evening...

Scytales

(Pronounced like Italy)

Used by the Ancient Greeks and the Spartans as early as 7th century BC

Wrap a long strip of paper around a stick and write a message along the stick Rotate the stick when you reach the end and write another line Unwrap the paper to reveal your ciphertext
  • Demo doing it
  • The message you write down is the plaintext, it's in English
  • The message you read off is the ciphertext, it's not understandable

Demo

Get into groups of 3 Everyone grab a scytale and a worksheet Make sure your group has 3 different coloured scytales
  • There might not be enough scytales to go round, you might have to share
  • Some groups might have to have only 2 scytales

Demo

Encrypt a message using your scytale Swap messages in your group Try to decrypt each other's message Swap scytales and try decrypting again

15:00

Thoughts?

What's good?

Quick, simple, robust

What's bad?

Easy to hack, clumsy for long messages

How could you hack this?

Have lots of scytales, use a computer

Why use it?

Message authentication

See you all tomorrow :)

Good morning

A Quick Primer on...

Substitution Ciphers

e.g. Ceasar Ciphers

Replace letters in your plaintext with random letters to produce your ciphertext

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z W X Y Z A B C D E F G H I J K L M N O P Q R S T U V
HELLO HOW ARE YOU?
DAHHK DKS WNA UKQ?
  • Take a plaintext message and replace each letter with a different one
  • How you pick the replacement letter is important and is dictated by your choice of cipher
  • Shift by 4 along the alphabet
  • The secret key is the amount to shift by
  • Easy to hack because there can only be 26 keys
  • What are some improvements to this cipher that people can see?

Transposition Ciphers

e.g. Scytale

Shuffle the letters in your plaintext to produce your ciphertext

HELLO HOW ARE YOU?
H AOEHRULOE?LW O Y
  • Keep the actual letters the same but change their order
  • The secret key is the size of the scytale
  • Easy to hack because there are limited sizes of stick

Padding

Changing a letter into a number and back again

A=43

08=(

  • Some of your ciphers require arithmetic on the plaintext
  • It's not clear what a*7 might mean
  • So use a padding scheme to change a into a number
  • There's a padding scheme on the website

Modulo Arithmetic

a % n = b or a = b mod n

6 % 5 = 1

(9 * 2) % 5 = 3

34 = 4 mod 6

  • Some of your ciphers require modulo arithmetic
  • It's a form of counting where you go back to 0 when you reach a maximum number
  • Very similar to how a clock works

The Challenge

  • In groups learn two ciphers
  • Your group has an opponent group
  • Can you encrypt messages that your opponents can't hack?
  • Can you hack your opponents' messages?

Today I'm going to split you up into groups of 4 and pit you against each other in a cat and mouse game of encryption, decryption and hacking.

Here's the goal: to use encryption methods in a way that will keep your group's messages secure. You're also tasked with hacking into the encryption created by your opponents.

You have a day to learn about encryption, decryption and hacking. You then have to apply that knowledge and best the other groups.

The Groups

Split the room into 6 groups and assign each group a pair of ciphers (one substitution, one transposition). Then pair groups together to determine who cracks who. A recommended selection is:
  • (affine, rail fence) vs (playfair, fleissner)
  • (checkerboard, single letter) vs (Myszkowski, pig pen)
  • (Trifid, columnar) vs (route, mixed alphabet)

The Teachers

Every group can hack them

They're hacking every group

Task 1

Come up with a group name

Task 2

Learn your ciphers

 

www.scytale.xyz

  • On this website is a page for each cipher
  • Find yours and learn how they work
  • Each has an example plaintext and ciphertext
  • Encrypt and decrypt each and then check with me that you got it right

The Game

  • Create secret keys for your two ciphers
  • Use these keys to encrypt messages that you give to your opponents
  • Try to break the encryption of your opponents' messages

The Rules

To get a message from your opponents you must give one to them You cannot refuse a request You must use English sentences You cannot change your keys Messages must be like-for-like
  • like-for-like means known-plaintext for known-plaintext

Task 3

Decide on your secret keys

  • There are some key sheets
  • Pick a key and write it down on these sheets
  • You cannot change the key when you pick it
  • You must keep these sheets safe

Task 4

Encrypt your first messages

  • You can encrypt any sentence of your choosing
  • You must encrypt two messages
  • One substitution, one transposition
  • There are sheets for writing down your plaintext message and you ciphertext message
  • Give the ciphertext to your opponents
  • Don't give them your key or your plaintext

Hacking

Brute Force

Try every possible key

Frequency Analysis

Works on substitution ciphers

How common are letters in the English language?

How common are letters in the ciphertext?

Known Plaintext

Works on transposition ciphers

If you know how one message was shuffled, you know how they all are

Any Ideas?

Task 5

Encrypt and hack

Key Exchange

Task 6

Prepare a presentation

Social Engineering

The bigger threat

We've seen how hard it is to hack some ciphers. Each of the ciphers you've been using are no longer used seriously, they were all written before computers were built. Applying a brute force, or known plaintext attack to any of your ciphers using a computer is easy. For this reason modern day ciphers (like the one the teachers were using) are vastly more complex and difficult to hack, even for a supercomputer. Hopefully, what you've seen now though is that the biggest threat to a cipher, the easiest way to hack a key or easily obtain the plaintext, is to ask. If you appear to be in a postition of authority and you ask someone for their secrets, they will most likely tell you. That's what the teachers did, and they won. You knew they were competing against you. Some of you were trying to hack their codes and were swapping your encrpyted messages for theirs. Yet when they said "hello, what's your secret key?" you told them.

Social Engineers

  • Kevin Mitnick (6 years)
  • Adrian Lamo (6 months)
  • Matthew Weigman (11 years)
  • Frank Abagnale (13 years)
  • It's not cheating
  • It's a real threat
  • It will happen to you