csci-100 introduction to computing privacy & security part ii
TRANSCRIPT
CSCI-100Introduction to Computing
Privacy & SecurityPart II
• Monoalphabetic CipherRather than just shifting the alphabet
Could shuffle (jumble) the letters arbitrarily
Each plaintext letter maps to a different random
ciphertext letter
Hence key is 26 letters long
Cryptanalysis of Monoalphabetic Cipher? (DONE IN CLASS)
Plain: abcdefghijklmnopqrstuvwxyz Cipher: DKVQFIBJWPESCXHTMYAUOLRGZN
Plaintext: ifwewishtoreplacelettersCiphertext: WIRFRWAJUHYFTSDVFSFUUFYA
• Monoalphabetic Cipher SecurityWith so many keys, might think is secure
But would be !!!WRONG!!!
Problem is language characteristics• Can exploit them to do better than brute force search
• Language Redundancy and CryptanalysisHuman languages are redundant
Letters are not equally commonly used
In English e is by far the most common letter
then T,R,N,I,O,A,S
Other letters are fairly rare
cf. Z,J,K,Q,X
Have tables of single, double & triple letter frequencies
• Use in CryptanalysisKey concept - monoalphabetic substitution ciphers do
not change relative letter frequencies
Discovered by Arabian scientists in 9th century• Calculate letter frequencies for ciphertext• Compare counts/plots against known values • Tables of common double/triple letters help
• Example CryptanalysisGiven ciphertext:UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ
VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX
EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ
Count relative letter frequencies
Guess P & Z are e and t
Guess ZW is th and hence ZWP is the
Proceeding with trial and error finally get:it was disclosed yesterday that several informal
but direct contacts have been made with political
representatives of the viet cong in moscow
• Privacy in Cyberspace
Privacy refers to an individual’s ability to restrict the collection, use, and sale of confidential personal information
The Internet is eroding privacy through the selling of information collected through Web sites
Few laws regulate selling personal information
• CookiesCookies are small text files that are written to an individual’s hard drive whenever a Web site is visitedFile is sent back to the server each time you visit that site
• Stores preferences, allowing Web site to be customized• Stores passwords, allowing you to visit multiple pages within
the site without logging in to each one• Tracks surfing habits, targeting you for specific types of
advertisements
Legitimate purposes of cookies include recording information for future use. Example: retail sites using “shopping carts”
Questionable practices include banner ad companies tracking a user’s browsing actions and placing banner ads on Web sites based on those actions
• HackerSomeone who attempts to gain access to computer systems illegally
Hacker noun (see Raymond, 1991)• A person who enjoys learning the details of computer
systems and how to stretch their capabilities – as opposed to the most users of computers, who prefer to learn only the minimum amount necessary
• One who programs enthusiastically or who enjoys programming rather than just theorizing about programming
• First Network Hack (Telephone)John Draper (AKA Cap’n Crunch)
1970’s• Free long distance calls using a whistle found in a cereal box
Whistle emits the same frequency as AT&T long lines to indicate a line was ready to route a new call (2600 Hz)
Flaw:• AT&T took cost cutting measures• The signaling and voice used the same circuit• This flaw made the system vulnerable to anybody that can
generate 2600 Hz
Solution:• Now signaling takes place on a separate path from the one
you talk on
Video