Transcript PPT - Search

CSCI-100
Introduction to Computing
Privacy & Security
Part II
• Monoalphabetic Cipher
Rather than just shifting the alphabet
Could shuffle (jumble) the letters arbitrarily
Each plaintext letter maps to a different random
ciphertext letter
Hence key is 26 letters long
Plain: abcdefghijklmnopqrstuvwxyz
Cipher: DKVQFIBJWPESCXHTMYAUOLRGZN
Plaintext: ifwewishtoreplaceletters
Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA
Cryptanalysis of Monoalphabetic Cipher? (DONE IN
CLASS)
• Monoalphabetic Cipher Security
With so many keys, might think is secure
But would be !!!WRONG!!!
Problem is language characteristics
• Can exploit them to do better than brute force search
• Language Redundancy and Cryptanalysis
Human languages are redundant
Letters are not equally commonly used
In English e is by far the most common letter
then T,R,N,I,O,A,S
Other letters are fairly rare
cf. Z,J,K,Q,X
Have tables of single, double & triple letter frequencies
• Use in Cryptanalysis
Key concept - monoalphabetic substitution ciphers do
not change relative letter frequencies
Discovered by Arabian scientists in 9th century
• Calculate letter frequencies for ciphertext
• Compare counts/plots against known values
• Tables of common double/triple letters help
• Example Cryptanalysis
Given ciphertext:
UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ
VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX
EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ
Count relative letter frequencies
Guess P & Z are e and t
Guess ZW is th and hence ZWP is the
Proceeding with trial and error finally get:
it was disclosed yesterday that several informal
but direct contacts have been made with political
representatives of the viet cong in moscow
• Privacy in Cyberspace
Privacy refers to an individual’s ability to restrict the
collection, use, and sale of confidential personal
information
The Internet is eroding privacy through the selling of
information collected through Web sites
Few laws regulate selling personal information
• Cookies
Cookies are small text files that are written to an
individual’s hard drive whenever a Web site is visited
File is sent back to the server each time you visit that
site
• Stores preferences, allowing Web site to be customized
• Stores passwords, allowing you to visit multiple pages within
the site without logging in to each one
• Tracks surfing habits, targeting you for specific types of
advertisements
Legitimate purposes of cookies include recording
information for future use. Example: retail sites using
“shopping carts”
Questionable practices include banner ad companies
tracking a user’s browsing actions and placing banner
ads on Web sites based on those actions
• Hacker
Someone who attempts to gain access to computer
systems illegally
Hacker noun (see Raymond, 1991)
• A person who enjoys learning the details of computer
systems and how to stretch their capabilities – as opposed to
the most users of computers, who prefer to learn only the
minimum amount necessary
• One who programs enthusiastically or who enjoys
programming rather than just theorizing about programming
• First Network Hack (Telephone)
John Draper (AKA Cap’n Crunch)
1970’s
• Free long distance calls using a whistle found in a cereal box
Whistle emits the same frequency as AT&T long lines to
indicate a line was ready to route a new call (2600 Hz)
Flaw:
• AT&T took cost cutting measures
• The signaling and voice used the same circuit
• This flaw made the system vulnerable to anybody that can
generate 2600 Hz
Solution:
• Now signaling takes place on a separate path from the one
you talk on
Video