Cryptography

CryptographyA history, practical, and applied practices

OverviewThe purpose of this presentation is to give a brief overview of cryptography. Both from a historical perspective, through modern usage. The lesson will have one interactive section, taking possibly close to thirty minutes to complete. Topics covered will include:Historic crypto systemsSymbols, Symbology, Anti-LanguageScytaleLetter substitution (Caesar Cipher, and ROT13)Vignre cipher (keyed letter substitituion)The Enigma Machine and Rotordisk EncryptionOne Time Pads (OTP)Secure, but not secure, thanksModern crypto systemsSteganography and Visual Cryptography vs. actual CryptographyShared Key CryptographyDefining A Web of TrustCryptowars V1 (the Right to Privacy)PGP/GPGCryptowars V2 (Post 9/11 Politics)Cryptanalysis: A Very Brief OverviewPhysical AttacksLetter FrequencyCribsStatistical AnalysisActivity: Getting Started With Cryptography and Defining a Web of Trust

Historic Crypto SystemsCryptography and Cryptanalysisits sister studyare extremely old disciplines. While the first known use of cryptography is recorded in Egypt c. 1900 BCE. Where non-standard hieroglyphs were used, apparently playfully, to obscure the meaning of the text for literate readers. Other factors also came into play with hieroglyphs, primarily that the direction the animals were facing in the writing determined the direction the text was to be read.The oldest commercial use dates to near 1500 BCE, where a craftsman wrote down his recipe for pottery glaze in a cipher text.

Even later Hebrew scholars used letter substitution around 500 to 600 BCE.

Asian writing, particularly Chinese writing systems have an easier time encoding their data due to their inherent complexity. In China (as an example) the direction to read/write depended on the class of the writer, the class of the recipient, the era the writing was made, and various other factors.

Arabic based texts are similar in that the texts themselves omit vowel sounds. This means that translation efforts rely heavily on verbal knowledge, as well as contextual based clues. While not deliberately being a cryptographic system the goal was obviously to obscure content to limit its understanding. Essentially the same goal as cryptography.

Symbols, Symbolism, Anti-LanguageSimilar to the hieroglyphic methods of encoding language. Groups may tend to use symbols to hide meanings and definitions, effectively creating a cipher for those that dont know what a symbol means, as opposed to those who do.Examples of this are:

Hobosigns War Chalking Tagging (Anti-Fa sign from Greece)Other examples, of codified language are cryptolects: argots, or anti-languages such as Thieves Cant, Rhyming Slang, Jive.Urban Dictionary useful reference for modern cryptolects, may be slightly off due to crowdsourcing and locale.Disinformation language is hard to prove/disprove due to its constantly fluid state. This also allows for bad translations/disinformation of anti-language to be leveraged to discount a given meaning.

Etymology (n): The origin and historical development of a linguistic form as determined by its basic elements, earliest known use, and changes in form and meaning.

ScytaleThe Scytale was an early form of physical encryption. Roman military leaders and their subordinates were dispatched with octagonal sticks. When a message needed to be dispatched a piece of leather would be wrapped around the stick, and the message written on the leather. After unwrapping the leather the message was scrambled. Only a recipient with a similarly sized stick could decode the message (in theory).

Letter Substitution or Caesar CipherSimple letter substitution ciphers rely on swapping parts of the alphabet in a 1:1 relationship. Decoding these ciphers is as simple as reversing the swap.The principle is to map one letter to another letter. A wide spread example of this is the ROT13 algorithm, which maps the first 13 characters of the alphabet to the last 13 characters. As such the clear text Hello would be translated to UryybAnother example, called a pigpen cipher, works at breaking up the alphabet into pens and swapping out parts of the pen for the location of the letters.A similar scheme to letter substitution is the transposition cipher, which relies on rearranging the plain text in a complex manner, but not actually changing the text itself.

Vignre cipherThe Vignre Cipher is a form of polyalphabetic substitution cipher that combines both a key and multiple scrambled alphabets (that is multiple Caesar ciphers with different offsets). It was one of the strongest early forms of encryption developed without the aid of a computer.To process a Vignre Cipher a table of alphabets (called a tabula recta) was laid out (as pictured to the right), and a key phrase was generated along with the clear text.The key phrase was then repeated until it matched the clear text in length. For example:San Dimas High school Football rules with a key of Whoa would appear similar to:

sandimashighschoolfootballruleswhoawhoawhoawhoawhoawhoawhoawhoBy using the letters in the key (here four letters w, h, o, a) the corresponding row in the table is matched with the column determined by the clear text. That is (in our example):

w + s = o Full cipher text is: h + a = h --------------------o + n = b ohbdetosdpuhojvokstokapahsfuhlga + d = dBefore the algorithm for the Vignre cipher was figured out, attacking the cipher was difficult as it helped to obscure commonly seen letter frequencies. This was a time consuming process to handle by hand and reversing it was equally difficult.

With todays technologies theres multiple websites that can reverse a Vignre and give you the key in seconds.

The Enigma and Rotor Disk encryptionLetter substitution took a turn shortly before WWII with the inception of Rotordisk Encryption. This was most famously seen in the German Enigma machine.Rotordisk encryption works by having a series of mechanical disks (three in the case of the Enigma) that would be set to a certain pre-defined key. Clear text messages could then be typed in on a keyboard. The mechanical action of the keyboard would turn the rotorsat least the right, but often all of themto change the path of an electrical current which would illuminate letters in an output board, these were noted down and after encoding were radioed out using Morse Code. This allowed a multiple-offset substitutional cipher.Decryption could be handled by setting the rotors to match the initial key, and entering the coded message on the keyboard, recreating the original operators steps. This allowed the electricity to flow back through the enigma on the same pathways and would illuminate the clear text light.It was discovered that an additional layer of security could be added through the addition of a plug board. This allows pairs of letters to be swapped both before and after encoding.Initial attempts at cryptanalysis by Polish mathematicians proved successful, and the information was shared with the Allies. Combined with poor operating practices on the part of the Enigma operators, and recovered information (codebooks, machines, and other intelligence). As well as the development of the Bombe (named after the Polish Bomba) by Alan Turing and his team at Bletchley park. The Enigma was eventually broken. Similar units to the Bombe were also developed by the US Army and US Navy but were engineered differently. This all helped to turn the tide of the war in the Allies favor.

Enigma photo By Alessandro Nassiri - Museo della Scienza e della Tecnologia "Leonardo da Vinci", CC BY-SA 4.0, https://commons.wikimedia.org/w/index.php?curid=47910919

One-Time PadsIntended to be used once and then disposedMultiple pads required to send messagesBoth sender and received must:have copies of the same padmust maintain sequencingMust not stray off established formulaNot as cryptographically secure as one would thinkPseudorandom number generation vs. true random number generationThe Cryptonomicon

Modern CryptosystemsComputers have changed the gameTelecommunicationsPoliticsSoftwareHardwareSocial Media & SteganographyREALLY BIG NUMBERSQuantum computingThe heat death of the Universe

Crypto Wars v1 (the Right to Privacy)The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. Article IV, United States Bill of RightsComputer Fraud and Abuse Act (CFAA) 1985 meets 1984(https://en.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act)The Clipper Chip(https://en.wikipedia.org/wiki/Clipper_chip)Military Grade EncryptionClassified Technology RSA Two-factor EncryptionIllegal to export without munitions license (letters are now bullets)

Shared Key and Public Key CryptographySoftwarePrivate KeyPublic KeyWeb of Trust

Pretty Good Privacy (PGP), OpenPGP, GPGFirst released in 1991 for free (thanks Internet!)Developed as a human rights tool by Philip R. ZimmermanThree year criminal investigation (thanks legal gray area of the Internet!)Offered military grade encryption for the publicBased around Diffie-Hellman, AES, and RSA, also offered Two-FishRedPhone telephone port of PGP that used a modemOpenPGPCreated in July 1997 by PGP in concert with IETF, based around concerns that RSA was legally menacingGPG FOSS port of PGP, compliance with OpenPGP. PGP is Closed Source and now owned by Symantec

Steganography and Visual Cryptography vs. actual CryptographyWhat is Steganography?A process of encoding plaintext information into an existing noise stream. Particularly used with graphic images due to their high noise tolerance. Due how the human eye perceives color, its easier to hide a very small amount of text in the large color pallet of an image while causing minimal distortion of the image. (https://en.wikipedia.org/wiki/Steganography)What is Visual Cryptography?Similar to Steganography and Watermarking, but using some elements of shared-key cryptography. Visual cryptography hides half of a public-private key pair inside another image. When the image is shared the message goes with it, and the recipient (holding half of the key pair) can find the apparent noise in the image, compare it with their key and receive a visual confirmation that the image belongs to the other user. Particularly useful for DRM, and copyright protection. (https://en.wikipedia.org/wiki/Visual_cryptography)How do they differ from actual cryptography?Steganography, and Visual Cryptography rely on hiding a message in existing noise. That is, by breaking the message up and slipping it into an existing image, text, or digital source the information can be obfuscated far enough to be difficult to detect by those not in the Web of Trust. Cryptography instead generates random noise using a key, algorithm, and plaintext in combination. A frequent user of Steganography is ISIS who use it to communicate in plain sight via Reddit, eBay, and other image sharing sites.(http://www.independent.co.uk/news/world/middle-east/isis-and-al-qaeda-sending-coded-messages-through-ebay-pornography-and-reddit-10081123.html)

Crypto Wars v2 (Post 9/11 Politics)Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin FranklinSteady Erosion of Privacy Rights (not to mention other rights)Ubiquity of high-level encryption vs. criminals ability to crimeOne mans freedom fighterTOR, i2p, Freenet, and tools of political dissentThe DarknetNSA monitoringFacebook, Gmail, and Social MediaSmartphones, and 1984(Orwell didnt expect us to buy the cameras.)

Footnote video (iPhone):

On PGPDisk, TrueCrypt and on-disk (OTFE) encryptionOn disk encryption uses a cryptographic format to mask the contents of hard drives (see CGP Grey Footnote video)Previous encryption standards:PGPDisk (still actively developed, no longer free, closed source)TrueCrypt (FOSS, no longer actively developed, closed up and killed the canary)BitLocker (closed source, bundled with Windows, strongly suspected of being back-doored)

CryptanalysisPhysical attacks good for physically guarded systems, such as Scytales, and physical locks.Letter and Frequency AnalysisCribs