CSCI-100 Introduction to Computing Privacy & Security Part II

Monoalphabetic Cipher Rather than just shifting the alphabet Could shuffle (jumble) the letters arbitrarily Each plaintext letter maps to a different random ciphertext letter Hence key is 26 letters long Cryptanalysis of Monoalphabetic Cipher? (DONE IN CLASS) Plain: abcdefghijklmnopqrstuvwxyz Cipher: DKVQFIBJWPESCXHTMYAUOLRGZN Plaintext: ifwewishtoreplaceletters Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA

Monoalphabetic Cipher Security With so many keys, might think is secure But would be !!!WRONG!!! Problem is language characteristics Can exploit them to do better than brute force search

Language Redundancy and Cryptanalysis Human languages are redundant Letters are not equally commonly used In English e is by far the most common letter then T,R,N,I,O,A,S Other letters are fairly rare cf. Z,J,K,Q,X Have tables of single, double & triple letter frequencies

Use in Cryptanalysis Key concept - monoalphabetic substitution ciphers do not change relative letter frequencies Discovered by Arabian scientists in 9 th century Calculate letter frequencies for ciphertext Compare counts/plots against known values Tables of common double/triple letters help

Example Cryptanalysis Given ciphertext: UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ Count relative letter frequencies Guess P & Z are e and t Guess ZW is th and hence ZWP is the Proceeding with trial and error finally get: it was disclosed yesterday that several informal but direct contacts have been made with political representatives of the viet cong in moscow

Privacy in Cyberspace Privacy refers to an individual’s ability to restrict the collection, use, and sale of confidential personal information The Internet is eroding privacy through the selling of information collected through Web sites Few laws regulate selling personal information

Cookies Cookies are small text files that are written to an individual’s hard drive whenever a Web site is visited File is sent back to the server each time you visit that site Stores preferences, allowing Web site to be customized Stores passwords, allowing you to visit multiple pages within the site without logging in to each one Tracks surfing habits, targeting you for specific types of advertisements Legitimate purposes of cookies include recording information for future use. Example: retail sites using “shopping carts” Questionable practices include banner ad companies tracking a user’s browsing actions and placing banner ads on Web sites based on those actions

Hacker Someone who attempts to gain access to computer systems illegally Hacker noun (see Raymond, 1991) A person who enjoys learning the details of computer systems and how to stretch their capabilities – as opposed to the most users of computers, who prefer to learn only the minimum amount necessary One who programs enthusiastically or who enjoys programming rather than just theorizing about programming

First Network Hack (Telephone) John Draper (AKA Cap’n Crunch) 1970’s Free long distance calls using a whistle found in a cereal box Whistle emits the same frequency as AT&T long lines to indicate a line was ready to route a new call (2600 Hz)

Flaw: AT&T took cost cutting measures The signaling and voice used the same circuit This flaw made the system vulnerable to anybody that can generate 2600 Hz Solution: Now signaling takes place on a separate path from the one you talk on Video