![Page 1: Fund Raising with an Android Enigma Machine Simulator](https://reader033.vdocument.in/reader033/viewer/2022052912/5584c75bd8b42ae0138b495b/html5/thumbnails/1.jpg)
Franklin Heath Ltd 02 June 2012
Fund Raising with an Android Enigma Machine Simulator
![Page 2: Fund Raising with an Android Enigma Machine Simulator](https://reader033.vdocument.in/reader033/viewer/2022052912/5584c75bd8b42ae0138b495b/html5/thumbnails/2.jpg)
CC BY 3.0
What Shall We Talk About?
How the World War II Enigma machine works
Potential for mobile apps to raise money for charities
How bad is Android fragmentation and how best to deal with it
What mechanical cryptography can teach us about today's security software
02 June 2012 2 © Franklin Heath Ltd
![Page 3: Fund Raising with an Android Enigma Machine Simulator](https://reader033.vdocument.in/reader033/viewer/2022052912/5584c75bd8b42ae0138b495b/html5/thumbnails/3.jpg)
CC BY 3.0
Android Enigma Simulator: Why?
2012 is Alan Turing’s centenary year One of Bletchley Park’s “Wicked Uncles” working on Enigma
Real WWII Enigma machines can cost > $200,000 Touch screen animation gives an idea of the real thing
Education Strong cryptography existed before computers
Fund raising Bletchley Park Trust needs matching funds to restore the site
Experiment in Android development and monetisation
02 June 2012 3 © Franklin Heath Ltd
![Page 4: Fund Raising with an Android Enigma Machine Simulator](https://reader033.vdocument.in/reader033/viewer/2022052912/5584c75bd8b42ae0138b495b/html5/thumbnails/4.jpg)
CC BY 3.0
Bletchley Park’s “Wicked Uncles”
Senior codebreakers recruited in 1939 Introduced mathematical and mechanised methods
1941 memo delivered to P.M Winston Churchill Response: “Make sure they have all they want on extreme
priority and report to me that this had been done.”
02 June 2012 4 © Franklin Heath Ltd
Alan Turing 1912-1954
Gordon Welchman 1906-1985 Hugh Alexander 1909-1974 Stuart Milner-Barry 1906-1995
![Page 5: Fund Raising with an Android Enigma Machine Simulator](https://reader033.vdocument.in/reader033/viewer/2022052912/5584c75bd8b42ae0138b495b/html5/thumbnails/5.jpg)
CC BY 3.0
Enigma Machine Components
02 June 2012 5 © Franklin Heath Ltd
Scrambler Rotors and reflector
Output Battery-powered lamps
Input Keys (switch and lever)
Plug Board Static, swaps letters
![Page 6: Fund Raising with an Android Enigma Machine Simulator](https://reader033.vdocument.in/reader033/viewer/2022052912/5584c75bd8b42ae0138b495b/html5/thumbnails/6.jpg)
CC BY 3.0
Enigma Machine Components
02 June 2012 6 © Franklin Heath Ltd
Scrambler Rotors and reflector
Output Battery-powered lamps
Input Keys (switch and lever)
![Page 7: Fund Raising with an Android Enigma Machine Simulator](https://reader033.vdocument.in/reader033/viewer/2022052912/5584c75bd8b42ae0138b495b/html5/thumbnails/7.jpg)
CC BY 3.0
Fully Functional Paper Model
02 June 2012 7 © Franklin Heath Ltd
![Page 8: Fund Raising with an Android Enigma Machine Simulator](https://reader033.vdocument.in/reader033/viewer/2022052912/5584c75bd8b42ae0138b495b/html5/thumbnails/8.jpg)
CC BY 3.0
Enigma Simulator App Demo
02 June 2012 8 © Franklin Heath Ltd
![Page 9: Fund Raising with an Android Enigma Machine Simulator](https://reader033.vdocument.in/reader033/viewer/2022052912/5584c75bd8b42ae0138b495b/html5/thumbnails/9.jpg)
CC BY 3.0
Google Play International Reach
Finland 27 Indonesia 30 Hungary 33 Mexico 35 Turkey 39 India 41 Sweden 43 Croatia 44 Brazil 45 Czech Republic 46 Canada 47
France 59 Australia 61 Netherlands 63
Poland 111 Italy 112
Spain 151 Germany 264
UK 450 USA 670
0% 5% 10% 15% 20% 25% 30%
0 100 200 300 400 500 600 700 800
Top
20
cou
ntri
es (
of 9
9)
02 June 2012 9 © Franklin Heath Ltd
![Page 10: Fund Raising with an Android Enigma Machine Simulator](https://reader033.vdocument.in/reader033/viewer/2022052912/5584c75bd8b42ae0138b495b/html5/thumbnails/10.jpg)
CC BY 3.0
Revenue Stats (by 2012 Week Nos.)
£0.00
£2.50
£5.00
£7.50
£10.00
£12.50
£15.00
0
50
100
150
200
250
300 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
Reve
nue
New
Inst
alls
In-App. Payments Advert. Revenue Nook Sales
02 June 2012 10 © Franklin Heath Ltd
![Page 11: Fund Raising with an Android Enigma Machine Simulator](https://reader033.vdocument.in/reader033/viewer/2022052912/5584c75bd8b42ae0138b495b/html5/thumbnails/11.jpg)
CC BY 3.0
How the Revenue Divides Up
Google Play (user charged £1) 17p to Her Majesty’s Revenue and Customs (V.A.T.) 25p to Google (30% Android billing fee) 29p to us (until development costs covered) 29p to the Bletchley Park Trust
AdMob (variable rates per click) Remitted in $US so no V.A.T. due 50% to the Bletchley Park Trust
Nook sales (user charged $2.49) $0.75 to Barnes & Noble (30% transaction fee) $0.87 to us $0.87 to the Bletchley Park Trust
02 June 2012 11 © Franklin Heath Ltd
![Page 12: Fund Raising with an Android Enigma Machine Simulator](https://reader033.vdocument.in/reader033/viewer/2022052912/5584c75bd8b42ae0138b495b/html5/thumbnails/12.jpg)
CC BY 3.0
Fundraising: What Have We Learned? People will donate using in-app billing ~ 2% of ~2,700 installs so far
People do click on in-app advertisements ~ 0.8% of ~36,000 impressions so far
Revenue so far is low Street corner tin rattling could have been more productive! BUT software revenue scales effortlessly, so good potential
What we need to do better Marketing (increase awareness and donations) Continuing user engagement (increase ad revenue)
02 June 2012 12 © Franklin Heath Ltd
![Page 13: Fund Raising with an Android Enigma Machine Simulator](https://reader033.vdocument.in/reader033/viewer/2022052912/5584c75bd8b42ae0138b495b/html5/thumbnails/13.jpg)
CC BY 3.0
Android Testing Strategy
448 different device models in 2864 installs! Clearly impossible to test on every device
What is the best mix of devices to test on?
Use Android resource qualifiers to identify categories “small” → “xlarge”, “ldpi” → “xhdpi”
Using Android’s layout engine to adapt to different screens
Also need to cover all supported Android API levels We don’t support Android 1.5
0.23% of category, mandates extra permissions for compatibility
02 June 2012 13 © Franklin Heath Ltd
![Page 14: Fund Raising with an Android Enigma Machine Simulator](https://reader033.vdocument.in/reader033/viewer/2022052912/5584c75bd8b42ae0138b495b/html5/thumbnails/14.jpg)
CC BY 3.0
Android Device Variability: Screen Size and Density
142
0 0 26 129
359
119
335
1
1370
4 0 16 120
67 0
0
200
400
600
800
1000
1200
1400
1600
0%
10%
20%
30%
40%
50%
60%
small normal large xlarge
Perc
enta
ge o
f al
l Eni
gmaS
im in
stal
ls ldpi
mdpi hdpi xhdpi
02 June 2012 14 © Franklin Heath Ltd
![Page 15: Fund Raising with an Android Enigma Machine Simulator](https://reader033.vdocument.in/reader033/viewer/2022052912/5584c75bd8b42ae0138b495b/html5/thumbnails/15.jpg)
CC BY 3.0
Android Device Variability: API Level / Android Version
27 0 0
195
424
19
1308
2 49
159
48
383
0
200
400
600
800
1000
1200
1400
0.0%
10.0%
20.0%
30.0%
40.0%
50.0%
4 5 6 7 8 9 10 11 12 13 14 15
Perc
enta
ge o
f al
l Eni
gmaS
im in
stal
ls
02 June 2012 15 © Franklin Heath Ltd
API level: Version: 1.6 2.0 2.1 2.2 2.3 3.0 3.1 3.2 4.0
![Page 16: Fund Raising with an Android Enigma Machine Simulator](https://reader033.vdocument.in/reader033/viewer/2022052912/5584c75bd8b42ae0138b495b/html5/thumbnails/16.jpg)
CC BY 3.0
Device-Specific Android Issues
Samsung Galaxy S app data directory bug
Android 4 XT9 soft keyb. ignores “no suggestion” flag
Android 1.6 ghost status bar on resume
System font changed in Android 4 (size changes)
Nook default dialog title colour different
Android 1.6 in-app billing hangs
Samsung Galaxy Note pixel density
02 June 2012 16 © Franklin Heath Ltd
![Page 17: Fund Raising with an Android Enigma Machine Simulator](https://reader033.vdocument.in/reader033/viewer/2022052912/5584c75bd8b42ae0138b495b/html5/thumbnails/17.jpg)
CC BY 3.0
Most popular devices in the commonly used categories
How to avoid having to buy all these devices? Remote access testing services (DeviceAnywhere, TestDroid)
Android Testing Strategy: Representative Devices
normal-hdpi 51.0% Samsung Galaxy S2 normal-mdpi 13.4% Samsung Galaxy Ace xlarge-mdpi 12.5% Asus EeePad Transformer TF101 small-ldpi 5.3% Samsung Galaxy Mini
small-mdpi 4.8% Sony Ericsson Xperia X10 Mini Pro normal-xhdpi 4.5% Samsung Galaxy Nexus
large-mdpi 4.4% Samsung Galaxy Tab large-xhdpi 2.5% Samsung Galaxy Note
02 June 2012 17 © Franklin Heath Ltd
![Page 18: Fund Raising with an Android Enigma Machine Simulator](https://reader033.vdocument.in/reader033/viewer/2022052912/5584c75bd8b42ae0138b495b/html5/thumbnails/18.jpg)
CC BY 3.0
Android Fragmentation: What Have We Learned?
Support for all versions/screens took 80% of our effort But 70% installed on Android 2.x, 51% on “normal-hdpi” Best strategy to release on a limited subset, at least initially?
Automated tests are essential Overnight tests on 15 different emulated devices Android extensions to JUnit are extremely flaky
Unpredictable data corruption caused by test framework,we gave up
MonkeyRunner is usable but still unreliable We will be looking at Robotium in future
Remote access could help with device-specific issues
02 June 2012 18 © Franklin Heath Ltd
![Page 19: Fund Raising with an Android Enigma Machine Simulator](https://reader033.vdocument.in/reader033/viewer/2022052912/5584c75bd8b42ae0138b495b/html5/thumbnails/19.jpg)
CC BY 3.0
The Crypto Lessons that Enigma and Bletchley Park Can Teach Us
Don’t assume that key length is equivalent to security
User-selected passwords may be the weakest link
Plan for your keys to be compromised
Use really random numbers, not random-looking ones
Don't underestimate the attacker
02 June 2012 19 © Franklin Heath Ltd
![Page 20: Fund Raising with an Android Enigma Machine Simulator](https://reader033.vdocument.in/reader033/viewer/2022052912/5584c75bd8b42ae0138b495b/html5/thumbnails/20.jpg)
CC BY 3.0
Enigma Machine Key Length
4-rotor Enigma M4 2 possible reflectors 672 possible rotor choices 676 possible notch positions 532,985,208,200,576 possible combinations of plugs 456,976 possible starting positions = 221,286,292,668,406,558,235,295,744 possible keys Log2 gives equivalent binary key length: ~88 bits This is still export-controlled!
Yet it could be broken with 70-year old mechanical technology
Key length isn’t the most important factor 02 June 2012 20 © Franklin Heath Ltd
![Page 21: Fund Raising with an Android Enigma Machine Simulator](https://reader033.vdocument.in/reader033/viewer/2022052912/5584c75bd8b42ae0138b495b/html5/thumbnails/21.jpg)
CC BY 3.0
Users Pick Poor Passwords
Many Enigma messages were read by guessing the message key that the operator chose (“Cillies”) AAA BBB, QWE ASD, BER LIN, etc.
This was addressed later in the war by operational procedures Daily settings used as a pseudo-random generator
Cryptographic keys need more entropy than users can supply in the form of a password Salts, nonces, etc.
02 June 2012 21 © Franklin Heath Ltd
![Page 22: Fund Raising with an Android Enigma Machine Simulator](https://reader033.vdocument.in/reader033/viewer/2022052912/5584c75bd8b42ae0138b495b/html5/thumbnails/22.jpg)
CC BY 3.0
Plan for Key Compromise
“Pinches” were an important way into new Enigma networks 1941 HMS Tartar: code books from weather ship Lauenberg 1942 HMS Petard: machine and code books from U-559 1940 HMS Gleaner: rotors VI and VII from U-33 1941 HMS Somali: rotors and code books from armed trawler Krebs 1940 HMS Griffin: settings and cribs from armed trawler Polares 1941 HMS Somali: code books from weather ship München 1941 HMS Bulldog: machine and code books from U-110
They had emergency procedures to switch to other settings Modern security systems need to have “renewability” too
02 June 2012 22 © Franklin Heath Ltd
![Page 23: Fund Raising with an Android Enigma Machine Simulator](https://reader033.vdocument.in/reader033/viewer/2022052912/5584c75bd8b42ae0138b495b/html5/thumbnails/23.jpg)
CC BY 3.0
Use Really Random Numbers
Don’t be tempted to interfere to make it look random
German cipher staff had rules for not repeating rotor order and not plugging adjacent letters
This significantly reduced the number of possible settings that needed to be tried on the Bombe
Many security vulnerabilities in modern systems are due to poor randomness
e.g. Debian OpenSSL vulnerability in 2008
02 June 2012 23 © Franklin Heath Ltd
![Page 24: Fund Raising with an Android Enigma Machine Simulator](https://reader033.vdocument.in/reader033/viewer/2022052912/5584c75bd8b42ae0138b495b/html5/thumbnails/24.jpg)
CC BY 3.0
Don’t Underestimate the Enemy
German high command told Enigma was “unbreakable”
German cryptographers knew it was theoretically breakable, but thought no one would put in that much effort
Bletchley Park’s mathematical approach and production line methods led to industrial-scale cryptanalysis
Today: it only needs a handful of bright and bored attackers to find a “class break” and then millions of “script kiddies” can use it.
02 June 2012 24 © Franklin Heath Ltd
![Page 25: Fund Raising with an Android Enigma Machine Simulator](https://reader033.vdocument.in/reader033/viewer/2022052912/5584c75bd8b42ae0138b495b/html5/thumbnails/25.jpg)
CC BY 3.0
Questions?
If we have time!
02 June 2012 25 © Franklin Heath Ltd