CSCI-100Introduction to Computing

Privacy & SecurityPart II

• Monoalphabetic CipherRather than just shifting the alphabet

Could shuffle (jumble) the letters arbitrarily

Each plaintext letter maps to a different random

ciphertext letter

Hence key is 26 letters long

Cryptanalysis of Monoalphabetic Cipher? (DONE IN CLASS)

Plain: abcdefghijklmnopqrstuvwxyz Cipher: DKVQFIBJWPESCXHTMYAUOLRGZN

Plaintext: ifwewishtoreplacelettersCiphertext: WIRFRWAJUHYFTSDVFSFUUFYA

• Monoalphabetic Cipher SecurityWith so many keys, might think is secure

But would be !!!WRONG!!!

Problem is language characteristics• Can exploit them to do better than brute force search

• Language Redundancy and CryptanalysisHuman languages are redundant

Letters are not equally commonly used

In English e is by far the most common letter

then T,R,N,I,O,A,S

Other letters are fairly rare

cf. Z,J,K,Q,X

Have tables of single, double & triple letter frequencies

• Use in CryptanalysisKey concept - monoalphabetic substitution ciphers do

not change relative letter frequencies

Discovered by Arabian scientists in 9th century• Calculate letter frequencies for ciphertext• Compare counts/plots against known values • Tables of common double/triple letters help

• Example CryptanalysisGiven ciphertext:UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ

VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX

EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ

Count relative letter frequencies

Guess P & Z are e and t

Guess ZW is th and hence ZWP is the

Proceeding with trial and error finally get:it was disclosed yesterday that several informal

but direct contacts have been made with political

representatives of the viet cong in moscow

• Privacy in Cyberspace

Privacy refers to an individual’s ability to restrict the collection, use, and sale of confidential personal information

The Internet is eroding privacy through the selling of information collected through Web sites

Few laws regulate selling personal information

• CookiesCookies are small text files that are written to an individual’s hard drive whenever a Web site is visitedFile is sent back to the server each time you visit that site

• Stores preferences, allowing Web site to be customized• Stores passwords, allowing you to visit multiple pages within

the site without logging in to each one• Tracks surfing habits, targeting you for specific types of

advertisements

Legitimate purposes of cookies include recording information for future use. Example: retail sites using “shopping carts”

Questionable practices include banner ad companies tracking a user’s browsing actions and placing banner ads on Web sites based on those actions

• HackerSomeone who attempts to gain access to computer systems illegally

Hacker noun (see Raymond, 1991)• A person who enjoys learning the details of computer

systems and how to stretch their capabilities – as opposed to the most users of computers, who prefer to learn only the minimum amount necessary

• One who programs enthusiastically or who enjoys programming rather than just theorizing about programming

• First Network Hack (Telephone)John Draper (AKA Cap’n Crunch)

1970’s• Free long distance calls using a whistle found in a cereal box

Whistle emits the same frequency as AT&T long lines to indicate a line was ready to route a new call (2600 Hz)

Flaw:• AT&T took cost cutting measures• The signaling and voice used the same circuit• This flaw made the system vulnerable to anybody that can

generate 2600 Hz

Solution:• Now signaling takes place on a separate path from the one

you talk on

Video