Cryptography

The History and Mathematics of Codes and Code Breaking

Author: clausen

Writing Process

In the past, I have written many papers of similar magnitude for purposes varying from competing for an award to a research paper. However, this is the first time I have written a paper of this magnitude with the purpose of informing and persuading the everyday citizen, or college student of something which they should be doing. With that, one of the biggest challenges was getting the tone of the paper correct. Most of my writing prior to this course was extremely formal and/or technical, and so it has been interesting finding the right balance in dropping a slight amount of the formality in the paper while keeping it at the level of an academic paper.

I have a fairly routine process I like to take when writing longer papers, and it is the process I went with to write this one. After choosing my topic, the very first thing which I do is to look for resources which I can use to learn more about the topic and for references to cite in my paper. After I've got a few of these, I outline the paper with a general layout of what I plan on doing, and in what order. My topic is multi-factor authentication. After an intro, I give some background on multi-factor authentication and all of the types of "factors" one can use. Then I discuss why not implementing multi-factor authentication can be harmful by making it significantly easier for hackers to break into your accounts. Next, I go through each of the main additional factors to passwords which college students can/should implement doing a cost-benefit analysis on each one. What I did once I initially sat down to write the paper was get a good start on each of these main sections to the paper. After that, I just go back and fill each section in until complete, which is my current stage in the writing process.

The most enjoyable part of the writing process for me has always been outlining. I love the imagining at the beginning, thinking of all the different ways one could go about writing the paper, and then choosing one and figuring out how to best implement it.

Necessity of Government Surveillance

As the world is currently in an information age and more information is being sent via the world wide web, it is necessary for the U.S. government to be given wide latitude to use electronic surveillance, even if that means citizen's privacy isn't always respected. The potential benefits of the government using electronic surveillance and the possible consequences of the government not utilizing electronic surveillance outweigh the potential loss of privacy of its citizens.

With increases in strength of encryption mechanisms, it is pivotal that the government and law enforcement agencies have wide latitude to use electronic surveillance so that they can stay one step ahead of the "bad guys". In Singh chapter 7, it is noted that "organized crime members are some of the most advanced users of computer systems and strong encryption." Also, there was a group labeled the "four horsemen of the infocalypse", being drug dealers, organized crime, terrorists and pedophiles. According to Singh, these are the four groups which benefit the most from strong encryption. All of these groups are constantly becoming more of a problem in our world today, and without the utilization of electronic surveillance, it can be nearly impossible to gather enough information to deal with these criminals in the best manner. If the government has wide latitude to use electronic surveillance, it would have the ability to catch some of these criminals and even prevent crimes and acts of terror from happening. However, without the use of electronic surveillance there would be many individuals and groups who would get away with criminal acts when they wouldn't otherwise. As seen in Singh chapter 7, the FBI still claims that "court ordered wiretapping is the single most effective investigative technique used by law enforcement to combat illegal drugs, terrorism, violent crime, espionage and organized crime."

It does need to be noted that when the U.S. government has wide latitude to use electronic surveillance, there is a potential invasion of the privacy of individuals. While I believe that the safety of U.S. citizens is more important than their privacy, there are those who disagree with this viewpoint. Even if we give the U.S. government wide latitude to use electronic surveillance, they should still do what they can to protect the privacy of individuals as much as they can at the same time. There are many ways to go about this, from an escrow system, to tighter regulations on the usage of information gained via surveillance. While the privacy of individuals is important, it is their obligation to allow their privacy to potentially be breached if it is for a more secure nation and society.

Camera-IMG_1961

Photo Credit: "Camera-IMG 1961" by Rama via Wikimedia Commons, Creative Commons

Variation of Disciplines

Cryptography is an ever evolving field, and this held especially true around the time of World War II. Up until this point, most cryptanalysis had been performed by linguists and people trained in language. However, as cryptography evolved and became increasingly mathematical and technological, the personnel involved in cryptanalysis needed to evolve as well. One of the primary reasons the Allies had success over the German cryptographers was the Allies use of cryptanalysists from across many disciplines.

As discussed in class, there are many factors which go into solving a code. To break the German code required some each of creativity, logic and luck. One of the best ways to solve an abstract problem, such as breaking an enciphered message, is to think about it from many different angles and have different people each with their own different way of thinking attempting to solve the problem. As Singh noted, there were a great variety of cryptanalysists working on the German codes from mathematicians and linguists to artists and chess players. Having such varied ways of thinking ensured that if one person couldn't come up with an idea, someone else down the line would most likely be able to. Also, British cryptanalysits were specialized into various "huts" on the lawn of Bletchley park. Each of these huts had a specific directive, from working on the German Naval enigma to intelligence gathering and translation. With many different types of thinkers working on them simultaneously, each of the various tasks were able to be completed with the utmost efficiency, saving lives and ultimately helping the Allies gain a pivotal upper hand in the war.

"Hut 6, Army/Airforce Enigma codebreaking" Photo by Matt Crypto-Licensed under Public Domain by Wikimedia Commons

"Hut 6, Army/Airforce Enigma codebreaking" Photo by Matt Crypto-Licensed under Public Domain by Wikimedia Commons

Every Security Measure Has a Weakness

One of the things which stood out to me throughout the book Little Brother was how it was so easy for even everyday people to foil the security measures put in place by the Department of Homeland Security. One of my personal favorites was the "arphid cloners" which could replace all of the electronic information on things such as your credit cards and identification and replace that with those of someone else. A particular passage showcasing this was when Marcus' father came home after being pulled over and questioned twice. This occurred because his father had been all over town recently to many various places, or so the DHS thought from their surveillance data. His father really had done nothing wrong, but various people who had been "given" his identity were making it look like he had very odd travel patterns. This marked a turning point in the novel as Marcus' father finally realized that there were some potential downsides to all of this surveillance the DHS was performing.

This concept of messing with security goes far beyond this one specific type of exploit, and goes further than the book as well. Every method of surveillance must have some weakness, whether that be an ability to avoid it or to attack it with so much information it cannot sort through it all properly. That raises the question of how useful every surveillance implement of the government is in the real world. It is possible that any day a random group of people could come up with a method to completely mess with some form of NSA surveillance. However as seen in the book, it is us as citizens who are the ones that are punished when there are flaws in surveillance systems. Thus we must ask ourselves if we are truly comfortable continuing to give up some of our privacy to groups such as the NSA and if that our relinquishing some of our right to privacy is actually helping in any way at all.

Power of The Great Cipher

There exists a never ending battle in the field of cryptography between those coming up with encryption methods and encrypting messages to those trying to break these ciphers. This back and forth is an ongoing and fairly quick process with each side constantly making advancements. However, the 2nd chapter of Singh discussed "The Great Cipher" which was the cipher used by Louis XIV, which remained unbroken for 200 years. The obvious question is then, what made this particular cipher so difficult and take so long to crack?

There are multiple reasons for this, starting with the complexity of the code itself. The code was comprised of 587 unique numbers with thousands of numbers altogether. This alone makes it very difficult to decipher as if you were assuming these numbers corresponded to letters or a set number of letters, as there would have to be repeated elements of the cipher text corresponding to the same thing in the plain text, which would render frequency analysis practically useless. This leads into the next reason why the cipher was so secure, which is that the numbers corresponded to syllables instead of letters or groups of letters. The majority of the ciphers up till this point revolved around changing something into individual letters, so this not being the case probably threw off many would be deciphers of the text.

Lastly, one of the main reasons this code was so secure is the technology that was available at the time. Nowadays with our computers, excel files, other programs and whatnot it is fairly simple and straightforward to do things such as frequency analysis or substituting in sequences in the cipher text for what we assume it to be in plain text. However, back in the 17th and 18th centuries performing these tasks by hand (especially with a text thousands of characters long) would be an incredibly daunting task. The sheer time commitment it would take to decipher a text of this length would be enormous and this probably discouraged many people from attempting to decipher it.

More Than Just A Password

One of the largest misconceptions I hear from college students is that having a secure password means they are safe. While having a secure password is a good step, there are many more things that a college student should do to protect their online information from being hacked. As we discussed in class, there was recently a security breach in the iCloud in which hackers got into celebrities accounts, and I would venture a guess that those celebrities had fairly secure passwords. As seen in "3Q's: Password and cloud Security," there are many things aside from just having a secure password which we should do to protect our online privacy. As we saw with Professor Bruff's example in class, there are ways to get around just a password such as security questions, or using brute force to guess the password, so a password alone is not enough.

The primary thing I wish to highlight that college students should apply is two-factor authentication. This should be applied not only to the cloud, but to all other accounts that have this as an option. Two-factor authentication simply means that you need some other way to access your accounts than just provide a password, such as a code in an email or text message. This means if someone wants to access your account then they have to not only have your password, but have access to the other method you require to access your account. This significantly increases the difficulty for someone trying to hack into your account while only adding a minor inconvenience to yourself. At the end of the day however, anything which you put online can be found by anyone, so the best thing to do is always be careful with what you put online.

Blog Assignment 1: New Revelations on the Potential Weaknesses of Cryptography

Before this course, when I thought of cryptography I primarily thought of advanced groups and organizations who made unbreakable codes so that nobody else would ever know the information they were communicating except for the people they were communicating to. However, this is definitely not the entire story. First, most everyone in society uses cryptography in some way in their lives. A lot of the time people aren't even aware that they are utilizing cryptography, primarily when they are online. I was previously unaware of how much cryptography was involved in things online such as passwords and other sensitive information. I'm glad though that online passwords and other information gets encrypted before it is sent as if it weren't then it would be extremely easy for anyone to get your sensitive information.

Now the other main thing which my eyes were opened to was the potential weakness in encryption. Before I thought that for the most part, codes weren't ever cracked or figured out by people other than those that the messages are to. The story of Queen Mary taught me otherwise. While there are over 4*10^26 different ways to encrypt using a basic substitution cipher, it is not always that difficult to figure out the encryption methods. Cryptanalysis and its methods are new topics to me, but when thinking about them, I had even used some of them in the past (primarily frequency analysis). The main point however is that any encryption method can be figured out and thus no method of encryption is 100% secure. Other weaknesses include that you can't make an encryption method so complex that your recipient cannot understand the message, and it isn't necessarily possible to tell if someone else has figured out your encryption method. Particularly the latter is a major weakness as one's method of encryption can in fact be used against them and this was an interesting possibility which had never occurred to me before. Cryptography can be extremely useful and has its advantages, but it is not without disadvantages either.

Powered by WordPress & Theme by Anders Norén