Cryptography

The History and Mathematics of Codes and Code Breaking

Tag: security Page 4 of 9

The Nature of Cryptography

In Cory Doctorow’s novel “Little Brother”, the passage which resonated with me the most was the one on page 57 where Marcus had just given up his phone password to Carrie Johnstone. In this passage, he begins to explain the essence of cryptography and the reason why it stood out the most was that in that one short passage, he went over almost everything that we have done in historical aspect of our cryptography class.

Firstly, he touches upon the fact that cryptography  used by the common man is just as strong as the one used by the National Security Agency. This is representative of the progress we’ve made as compared to the cryptography used by Mary Queen of Scots, a topic we discussed in detail as the first chapter of Simon Singh’s “The Code Book”. In that chapter, we see how niche cryptography was and more so cryptanalysis whereas now it is a ubiquitous phenomenon, very often taken for granted.

Secondly, Marcus talks about how his privacy was in question, again something we have deliberated on as we weighed out the balance between public safety and privacy. Reading between the lines, it is also seen that when it comes to cryptography, having enough resources can always crack the code, regardless of the ethics of the means you use to do so. Just like in the San Bernardino’s case, the FBI found a way to get past the encryption, the DHS were able to pressure Marcus into giving up his own privacy, which begs the question that in an absolute sense, can anything ever be kept completely secret?

Finally, Marcus asserts that the best means of measuring the efficacy of an encryption is its prevalence. This argument runs parallel to the ideas of Joseph Bramah’s challenge as explained in “Perfect Security-99 Percent Invisible” where he  explains the mechanism behind it and still exacts the public to try and open it. The fact that his lock was not picked for a substantial period of time reinforces the level of security it provided to its user.

School or Prison – We are naked under monitoring

The most impressive passage for me is chapter 6. The author uses the dialogue between the Turk and Marcus to indicate the situation that citizens are under monitoring, through ways such as tracking their expense record. Marcus’s thinking afterward during school strengthen this point.

“You think it’s no big deal maybe? What is the problem with the government knowing when you buy coffee? Because it’s one way they know where you are, where you been.”

These words of the Turk straightly point out the security system of people in this country. The government can track an individual with their card record, when and where this person has purchased what can provide enough information to know his trend. This is not the only way, there are thousands of cameras in every block. As long as an individual show up in one of these cameras, the moving direction will be grasped and it is easy to use the series of cameras to track this person.

It goes without saying that the security system is useful to find out where a criminal suspect is. In the real world, this is an efficient way for the police to arrest suspects. However, the government can use the system not only find suspects but also monitor innocent citizens. The fact is that they do monitor what’s happening in every corner of the country, even though there is nothing related to criminal issues.

After the conversation with the Turk, Marcus realized his naked situation during school. He intended to have a discussion about the privacy problem in the class but failed by the teacher. The scariest thing is that people are numb and be accustomed to their situation of being monitored, which means they know their privacy is violated but they do not care about this problem and ignore it.

In my opinion, it is appropriate to set the security system to protect the safety of citizens with a strict supervision. The government can request to see the expense record in bank or record in cameras only if there is enough evidence indicates that an individual is related to criminal issues. The supervise will be hard because the definition of a criminal suspect is blurry and the government is actually in charge of the whole system. I believe in the future we can find out an appropriate way to protect people’s security without violated the whole citizens’ privacy.

The Paradox of the False Positive

One passage from Little Brother that particularly caught my attention was the part from chapter 8 in which Marcus discusses the paradox of the false positive.  It begins with Marcus explaining his plan to fight back against the Department of Homeland Security’s ramped-up surveillance and “safety protocols” that he believes to be violating the personal privacy of the citizens of San Francisco.  He talks about a critical flaw in the DHS terrorist detection system, which is that the accuracy of the terrorism tests isn’t nearly good enough to effectively identify actual terrorists without incorrectly accusing hundreds or even thousands of innocent people in the process.  Due to the extreme rarity of true terrorists, the tests meant to increase safety end up generating far too many false positives that result in people feeling even less safe.  As Marcus says, it’s like trying to point out an individual atom with the tip of a pencil.

This passage made me reconsider just how efficient automatic detection algorithms really are.  It’s logical to believe that a 99% accurate test is reliable, but when there is a very small amount of what you’re looking for in a very large population, a 1% error can cause major problems.  Thinking back to the article that discussed universities’ use of data-mining to identify possible school shooters or other at-risk individuals, it’s clear that the paradox of the false positive could cause similar issues in real-world situations.  The number of would-be school shooters is so small compared to the total student population that it would be extremely difficult for any tests to accurately identify them.  Overall, Little Brother‘s discussion of the paradox of the false positive demonstrates the importance of having reliable identification tests with sufficient accuracy to take on the rarity of what they are meant to find.  Otherwise, you might just end up working against yourself.

Is Little Brother “Not credible” ?

There is a loud slogan in the book: “People over the age of 25 are not credible!” However, the author of this book is over 25 years old. Whoever wants to save the world is so easy and so cool, let’s try it.

Since the author always preached the basic knowledge of encryption, chip positioning, and gesture recognition on the whole page, I just thought that this was a safety technical textbook disguised as a novel. After reading two or three chapters, I found out that there is indeed a story in it. If I look at a few chapters, I will feel that the safety technical textbook is better. There is no reason for it, and the setting is too unreasonable.

A big problem (or big advantage) of sci-fi in the near future is that it is easy for readers to compare reality with fiction and judge whether the virtual scene of the novel makes sense. For example, “Little Brother”, which only discusses existing technology applications, the comparison is readily available. At the beginning of the story, the United States is already a country that widely uses public safety monitoring technology. Then the San Francisco Bay Bridge collapsed with a terrorist attack, killing thousands of people. Based on this, the Department of Homeland Security continued to upgrade San Francisco’s surveillance and security, began illegal arrest and abuse of unrelated citizens, and caused the underground group of middle school students led by the protagonist to fight back by hacking, and was eventually defeated by crime exposure. This book was written in 2007, after the 9/11 era, so it is not necessarily appropriate to take the 911 that does not exist in the Department of Homeland Security. But in 2013, we can have a more appropriate analogy, that is the Boston Marathon explosion. Of course, the Boston explosion did not kill people. More importantly, the suspects were quickly identified through surveillance videos and later arrested. There was no continuous security alert and monitoring upgrades. So which scene is more realistic?

The Problem with Weak Encryption

In Chapter 1 of The Code Book, author Simon Singh states, “The cipher of Mary Queen of Scots clearly demonstrates that a weak encryption can be worse than no encryption at all.”  What this essentially means is that overconfidence with a cipher, especially a relatively weak one, can be dangerous in that it creates an illusion of privacy that may lead to careless communication.  This was problematic for Mary and continues to be problematic today.

The encryption method used by Mary and Babington was called nomenclator, in which both letters and common words are replaced with corresponding symbols in the ciphertext.  In their minds, that system was more than effective, but they were unaware of the advancements in cryptanalysis that were being made at the time which allowed Walsingham and Phelippes to decipher it.  As a result, Mary and Babington had the false impression that they could say anything to each other without their messages being understood if intercepted.  This ended up proving worse for them than if they had no encryption method at all.  Had that been the case, they would have consciously made efforts to be vague and discreet when discussing sensitive information because there would be an obvious threat of self-incrimination.  However, their blind confidence in the encryption masked that threat and led them to speak directly and openly about their plans to assassinate Queen Elizabeth.  When it turned out that Walsingham was able to decipher their messages, they were caught completely off guard.

The issue of reliance on weak encryption methods is arguably even more prevalent today in the digital age.  The internet allows more information than ever before to be accessible to more people than ever before, so weak encryption can pose extreme privacy and security risks.  That is why it is important to be careful what information you put online, even if it is protected by a password.  There is always a possibility that hackers can gain access to your personal info.  For that reason, it is important to utilize the best encryption methods, and even then, to avoid putting out sensitive information when possible.

 

The Dangers of Weak Cryptography

For one who is not well-versed in “cryptography,” hearing the word might simply bring to mind the language game Pig Latin. However, Singh is trying to convey, in layman’s terms, that cryptography is not a child’s game for all; in Mary Queen of Scots’ case, it was literally an instance of life or death. The issue at hand is that while encryption is meant to show that one’s guard is up, it actually creates a false sense of security when utilized poorly.

For instance, there has been a time in every person’s life when he or she whispered something to a neighbor in the hopes of keeping the message a secret. Unbeknownst to them, spectators who speak the same language were either able to eavesdrop and hear the secret or possibly even lipread bits and pieces. Yet, to the two that were whispering in their own world, it was as if they had been speaking a foreign language. Babington and Mary were in this same little world, where they had a false sense of reality and security. As Singh stated, this was honestly an unfortunate time for Mary to be communicating through cryptography because the first true cryptanalysts were emerging. The two did little to alter their patterns and believed that only they could read what was intended for one another. The problem is, in an ever-changing world, it is naive to think that one should not have to adapt to remain undiscovered. Like two people whispering, Babington and Mary let their guard down at a critical point of their mission

By trusting her basic encoding system at an essential turning point in the history of cryptanalysis, Mary left herself vulnerable to decryption and was caught openly aligning with the rebels attempting to free her. Had she been writing without encryption, she would not have directly given her blessing for the assassination. Singh wants other cryptographers to be aware that they cannot expect to simply lay encryption over their messages like some form of a safety blanket. If a message is truly meant to be a secret, cryptographers should work to ensure that their ciphers are unbreakable.

Cryptography in the Modern World: Keeping a Information Secret in the Age of Computing

In the first chapter, the examples of cryptography Singh selected were confined to the upper echelons of society: nobles, scholars, religious and military leaders. But perhaps more telling is the affluence of cryptanalysts such as Thomas Phelippes, a linguist fluent in five languages and an accomplished code-breaker; knowing five languages is a feat even in the modern world, but acquiring a new language (much less five) prior to readily accessible educational resources is nothing short of extraordinary.

Phelippes’ impressive education supports the hypothesis that cryptography and cryptanalysis are areas of study suitable for only those who have a sufficient understanding of an array of scholarly disciplines and the resources necessary to achieve it. This is perhaps more true of today’s world, as modern ciphers and cryptographic techniques are far more complex and difficult to crack than simple substitution ciphers and thus require and even more comprehensive education than was necessary centuries ago.

Fortunately, modern society provides us with the ability to attain a level of education sufficient for developing and cracking substitution ciphers by the time we graduate high school; even people who have no formal training in cryptography are capable of employing advanced classical techniques such as frequency analysis to decrypt secret messages. The ubiquity of this approach is a testament to the modern educational system’s ability to produce people capable of thinking creatively to solve new problems.

However, this amount of ingenuity entails a notable problem: it essentially renders substitution ciphers (and other ciphers with similar security levels) useless. If an enciphered message can be cracked by the average person (without the aid of a computer) in the matter of hours, a more secure method of encrypting messages is necessary to hide meaning. Although relatively secure encryption usually doesn’t present much difficulty thanks to the advent of computing, it makes securely encrypting a message or quickly decrpyting a secure message without a computer nearly impossible; furthermore, with the power of modern computing at their fingertips, cryptanalysis are constantly working to develop faster ways to decrypt information, rendering insecure techniques that were among the best we had discovered just decades earlier. Modern cryptographers are then presented with a unique challenge: creating systems of encryption that allow the intended recipient to receive the message but are strong enough to remain unbreakable for decades to come.

A Weak Cipher Turned Enemy’s Advantage

The quote “weak encryption can be worse than no encryption at all” describes the phenomenon in which sender of an encrypted message is more likely to state clearly and in detail his or her intentions than when writing a unencrypted message with full knowledge the enemy will be inspecting the text. When writing an unencrypted message, the sender will be more inclined to make the contents of the message vague so it is understood by the receiver but confusing to the interceptor. The sender would also take caution not to reveal any secrets in the message which could benefit the enemy or implicate the sender and allies because the sender is acutely aware of the lack of encryption. However, when a text is encrypted the sender has faith in the security of the encryption and writes messages believing the enemy will not be able to interpret the text. As the in case of Queen Mary’s cipher, she and Anthony Babington did not consider the possibility their cipher could be broken and thus, they communicated their plans of revolt explicitly. Furthermore, weak encryption in particular is dangerous because it can be easily cracked and used by the enemy to deceive the correspondents. This is perfectly illustrated in the case of Queen Mary’s cipher which was broken by Thomas Phelippes and used against Queen Mary and Babington to incriminate Babington’s men. 

This implies for those who encrypt secret messages, they should still communicate vaguely, as though their messages are not encrypted and are being inspected by enemy eyes before reaching the receiver. Additionally, correspondents of encrypted messages should be cautious when writing implicating secrets, as Babington was not, resulting in the capture of his men. Babington could have better protected the identities of his men by describing their qualities in his message without revealing their names. When a cipher is used, the strength of its security should be kept in mind, as a weak cipher could become an enemy’s advantage. As the cipher of Mary Queen demonstrates, unsuspecting faith in the security of a cipher can be more dangerous than using no cipher.

What Would I Give Up?

In a post 9/11 America, which is all I’ve ever known, I am paranoid. When I enter public spaces like movie theaters or airports, there’s always an irrational fear in the back of my head that something is going to go wrong. This fear was undoubtedly placed there by terrorists, so they are clearly succeeding in their goal of instilling fear into the public. Oddly enough, my main concern in these scenarios is the lack of apparent security. For example, as I’m sitting down to watch a movie, it dawns on me how easy it would have been to sneak a weapon into the theater, even after the attack at Aurora. The same can be said for school. In fact, I know of someone at my high school who brought a lethal weapon with him to school multiple times. Not once was he caught. I feel like I have a good reason to be paranoid.

So what would I give up to feel safer? If anything, I’d be perfectly ok with more security. The most obvious implementation would be metal detectors at entrances to places. This would be a small inconvenience, and it would ease my paranoia immensely. I’m tired of living in fear, and enhanced security measures would make me feel much safer. Despite popular belief, more security in this regard would not mean the terrorists are winning, because I (and likely many more people) would feel safer as a result.

What Would You Give Up to Feel Safer?

This question posed at the Newseum is a very important one in the world we live in today. Indeed, ever since 9/11 the amount of government surveillance has increased exponentially, threatening our privacy in all aspects of our lives. The formation of the USA PATRIOT Act gave the government the surveil its citizens in the name of preventing terrorism, yet there is still much skepticism from myself and others about whether or not these drastic measures are worth giving up our freedom over. I believe that since this America, we should be entitled to certain freedom that are explicitly laid out in the Bill of Rights, such as the protection from unreasonable search and seizure. Is the government tracking your every Internet search, phone call or text message not unreasonable? I certainly contend that it is unreasonable. I do not consent to the government tracking my every movement because even if it is to save one or two lives, I do not think it is worth it. Sure we could take away every gun and weapon from a citizen and have a dictatorial society to prevent crime but is that the place we want to live? I think America is so unique and so special because of the rights that we have and I do not want to see those taken away. That is why I completely favor measures to increase our privacy and freedom rather than security and surveillance. 

Page 4 of 9

Powered by WordPress & Theme by Anders Norén