Cryptography

The History and Mathematics of Codes and Code Breaking

Author: MattGu

Surveillence Weakens Security

Giving any entity broad power of surveillance allows for the possibility of said surveillance being used for malicious purposes. We can see that, in many countries with stricter government, citizens are under scrutiny and often, dissenters or overly vocal critics are silenced through arrest or worse. But while this surveillance allows for malicious government action, it also weakens overall security against criminals, making it more possible to compromise financial info, online identity, and other sensitive data.

Cybersecurity relies on a reliable encryption method in order to keep communications, transactions, and documents secure. The encryption must be reversible by the recipient and keep the message inaccessible to interceptors. Allowing the government to read messages would necessitate some sort of backdoor in the encryption. This has two disadvantages: by introducing a backdoor, we create flaws and weaken the cipher. This results in the difficult task of making a backdoor accessible to only the government. The second disadvantage is related, in that the nature of the backdoor and the details of its functioning must be kept secret as well to prevent third parties from gaining the ability to decrypt any encrypted message. If those details were to leak, say in an Edward Snowden-like scenario, the cryptography would become useless.

We saw in Chapter 7 of Singh’s The Code Book that, in the case of Phil Zimmerman and his Pretty Good Privacy program, his packaging of RSA and IDEA encryptions conflicted with a law in a recent anticrime bill requiring electronic communications services to allow government access to any plaintext communication if requested. The danger posed to the government by PGP resulted in Zimmerman being classified as an arms dealer, as powerful encryption was a risk to the security of the country. The mathematics behind RSA does not allow for an easy installation of a backdoor without majorly decreasing the strength of encryption.

Giving the government wide latitude to use electronic surveillance can provide a temporary security; we can’t deny that. However, we are creating flaws in our security; flaws that can be exploited by criminals and governments overreaching their power. Allowing broad electronic surveillance can give more security now, but in the long run will only lead to weaker privacy for everyone.

Iron_Bishop. Wikimedia Commons. Creative Commons.

 

On the Shoulders of Giants

In the beginning of World War II, Great Britain was under less threat from the ever-expanding German forces on the European continent. Poland, on the other hand, was sandwiched between the Soviet Union to the east and rapidly encroaching Nazi armies to the west. Under the pressure of otherwise being forced under Nazi rule, the Polish cipher bureau made incredible headway in analysis of early German Enigma intercepts.

Bletchley Park Bombe

"Bletchley Park Bombe"
Photo by Antoine Taveneaux- Licensed under Public Domain by Wikipedia Commons

When Great Britain’s ships were attacked by German subs, a greater need to decipher Enigma arose. What was perhaps the most important contribution to British cryptanalysts’ efforts was the fact that they were able to build upon the Polish cryptanalysts’ work. Without those insights, the analysts at Bletchley Park might never have developed a full image of how the Enigma machine worked. Or rather, they might not have fully understood the weaknesses of the cipher (as well as its operators). For example, the Polish cipher bureau supplied copies of the military models of the Enigma machines to the British and French, and also provided the operator procedures that were in use at the time. This allowed groups like Bletchley Park’s Hut 6 to focus on finding a way to crack Enigma without the use of fragments such as the six-letter message key repeats at the beginning of every message. Additionally, the cryptological bombe that Alan Turing developed was based on a model designed by Polish cryptoanalyst Marian Rejewski, mechanizing the process of working out daily message keys.

Through collaboration and the ability to build upon the work of earlier cryptanalysts, the British were able to break the Enigma cipher. Not only did this save Allied lives and make victory much easier, but also the decryption shortened World War II in Europe and saved the lives of many in the Axis states who would have otherwise been killed in the longer fighting.

Statistically Suspicious

Corey Doctorow's novel Little Brother is a rousing look at a society where security has become dominant over privacy and liberty. In the aftermath of a terrorist attack on San Francisco, Marcus Yallow sparks and leads an underground movement to take back the rights of citizens from an oppressive police-state government.

I've read Little Brother before, but the issues and solutions regarding online security always fascinate me. The problem of the increased levels of encrypted traffic standing out particularly interested me. In the novel's universe, an agent monitoring web traffic and noticing a large amount of encrypted information passing to a single machine compared to the relatively larger number of people with unencrypted data would have his or her suspicion aroused. In some investigations, you don't need to know what someone is hiding, only that they are hiding something. However, this also brings to mind the possibility that a large amount of encrypted traffic from a computer doesn't always imply that illegal activity is occurring. Just as walking down the street with your hands in your coat pockets doesn't imply you're hiding drugs, stolen goods, or a weapon.

A statistically significant outlier might be an individual with malicious intent. But it also might just be one errant but innocent data point. The beginning of chapter 8 mentions the histograms and Bayesian analysis being used to find abnormal behavior. These were "not guilty people, but people with secrets." Privacy and the ability to keep some aspects of one's life out of the public eye are pretty much inalienable natural rights. Secrecy is an integral part of keeping ourselves normal, so it makes no sense to see a desire for privacy as statistically abnormal.

A World That Wanted Privacy

As more and more people gained knowledge of the existence of cryptography, the possibility of more secure communications wouldn’t have been all that unappealing a prospect to the common man. In the later 1800’s, education would have been more prevalent so literacy rates would have gone up significantly. A more educated population could better see the benefit of secure communications and records. Information like business secrets could be encoded to give some degree of deterrence to thieves, and messages sent through an easily intercepted medium such as the postal service would be more secure.

Additionally, with the invention and widespread use of the telegraph, the number of communications greatly increased. Of course, due to the nature of the telegraph, unless you had your own relay and message station, all messages had to be sent out through an operator. The idea that all telegrams would be read without it even being intercepted by a third party would be unnerving for many. This doesn’t even account for the possibility that a telegraph operator might be paid to reveal important messages despite their being sworn to secrecy. Even a simple level of encryption would prevent nearly every instance of a private message being intercepted, barring a third-party interception through the telegraph line.

Today, there is also an interest in ciphers among younger people in trying to keep short messages secret. However, for most people, a simple encryption of a message takes time, and deciphering it is very easy with the invention of digital computers (along with the hundreds of web tools that can decipher a message in seconds). I feel the general public today are more interested in the overall security of a communication method and not necessarily the mechanism behind its action. For example, while many people might know an “https” means a secure connection, they might not care about the mechanisms of the public key encryption used to ensure that security. In general, they are more focused on the end result of various security measures, and knowing the overall degree of protection given.

Passwords are the Key to a Secure Online Profile

College students are more connected online than ever before. Thousands of emails, texts, tweets, Facebook messages, and other communications will pass through their computers and phones over the course of their college years. Of course, this also leads to an equally large number of chances for security breaches and possible stolen information. Thankfully, there are many ways to prevent the loss of your accounts and online identity.

One easy way to increase your security and give your online self a better fighting chance against hackers and identity thieves is to make it harder to gain access to your accounts. Your passwords are important to protect email, social media, and financial accounts. However, a downfall of us being human is thinking along similar lines as others or being too consistent in our own thinking. This leads to many people using common and easily-guessed passwords, or one person using only slight variations of a single password for all their accounts. By varying your passwords and increasing their length/complexity, it will take longer for your password to be broken by a brute-force attack. There will even be a point where, if the complexity and length are sufficient, even a large parallel processing supercomputer will take a significant amount of time to try all possible combinations.

Additionally, by varying your passwords, if one password is found through another possible weakness in a security system, it will be more difficult to determine your other passwords. This may be difficult to manage if you have a bad memory and/or many accounts, but a password manager will automatically generate random strings of characters for a password and only require a single password to be remembered. Alternatively, you could physically write all of your passwords down in a secret place, which might work if you are good at keeping physical objects secure. Whatever method you use, one of the first steps to making your online profile more secure is to ensure that only you have access to it. This starts with the passwords you create.

Blog Assignment #1

The evolution of cryptography and the methods of both hiding and revealing information has had an interesting path. In the early usage transposition ciphers such as the scytale were used, although transposition ciphers seem much less secure (especially for shorter messages) if the scrambling method is too simple and an intercepted message could be translated through a few well-placed key letters. For example, some word scrambles can be solved just by looking at the letters for a while. What I always wondered, though, is why substitution ciphers and transposition ciphers were the norm for so long without any real development past the basic forms.

The statement Singh made discussing how cryptanalysis would only evolve once a society had reached a sufficient level in several disciplines of math and linguistics cleared up a lot for me. Since there were no major breakthroughs in techniques such as frequency analysis until the Renaissance period, stronger ciphers weren’t needed. When it was realized that frequency analysis was being used to break ciphers, different methods of encryption like the Vigenère cipher were created to counter letter frequencies. When that method’s flaws were found, even stronger methods of encryption were developed.

Cryptographers and cryptoanalysts are, in a sense, an extremely smart predator and an extremely smart prey. Those who make ciphers are almost always a little bit ahead of those who try to break them, though, because they are able to see their encryptions’ weaknesses and adjust to hide their information before the cryptoanalysts come along to reveal it. Like many have said, cryptography is a constantly evolving field and also serves to inform us that no matter how secure something may seem, one should never bet the farm on its infallibility.

Powered by WordPress & Theme by Anders Norén