Hacking Roman Codes with Mobile Phones


Published on

This presentation was given at the Over The Air event #ota11 at Bletchley Park. The idea was to get developers thinking about how they are securing their applications (or not) and to have an open discussion about methods that could be employed to help developers. Julius Caesar was nearly defeated a few times and had his codes have been broken, just maybe, the world might have been a different place. For more information on the individual battles (I did a verbal run through, check out the great wikipedia pages on them). The code breaking exercise contained within is a fun tool to help people understand about the need to protect information.

Published in: Technology, Business
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Picture – Julius Caesar and Divico parlay after the battle at the river SaoneThe Helvetian tribe were planning to migrate towards the west coast of Gaul, cutting off Gaul and causing a threat to Roman Spain.Mass migration of 300,000 people!Caesar had to play for time because of a lack of soldiersHelvetii were attacked during the night while crossing the riverCaesar ultimately chased down the Helvetii and they eventually surrendered after the battle of BribacteThree opportunities that the Helvetii could have seized:Discovering that Caesar had left RomeRealising that Caesar was playing for timeDiscovering Caesar’s planned night time attack for the river crossing
  • 58BC Caesar v GermansLocation: River Rhine, AlsaceGerman tribes (Suebi and others) made a move into GaulAriovistus moved his camp onto the Roman supply lineHe delayed battle deliberately to starve and weaken the Roman soldiersRomans charged down on the Germans who formed a Phalanx with their shields – roman soldiers jumped onto the shields and wrenched them away, stabbing down onto the soldiersOn learning that the Germans believed in a prophecy that they should lose the battle if they fought before the new moon, Caesar forced a battle upon them immediately.Their leader Ariovistus escaped but was defeated. Caesar had forced the Germans out of GaulAriovistus could have realised that Caesar’s men were not starving and delayed the battle further, therefore defeating him once his men were truly weakened
  • Caesar was surprised and nearly defeatedThey would not “partake of alcoholic beverages or other such imported Roman luxuries” – wine was banned by decree by the NerviiThe Nervii caught javelins in flight and hurled them back at legionnaires!Nervii used typical Gallic warfare tactics which could be defeated with missilesNervii used mounds of the fallen as ramparts by the end of the battleCaesar lost all of his standards and most of his centuriansNervii could have discovered how swiftly Caesar was travelling and ambushed before they reached the SabisResult was Caesar gained control of what is now Belgium
  • Vercingetorix and Julius CaesarSeige around a hill fortThe last major engagement between the Gauls and the RomansMarks the end of Celtic dominance80,000 fighting men were under seigeCaesar constructed a second wall around him, in case he was attacked after some cavalry managed to break out of the seigeCaesar would not allow the women and children out of the seige, so they were left to starve in no-mans land.The relief force arrivedRomans were also beginning to starve as they were being beseigedLots of skirmishes and combined attacks from without and withinGauls discovered a weakness in the walls that was hidden (this is a point that could have been exploited earlier if the Gauls had known)The Roman cavalry defended this and nearly collapsed, Caesar sent a force of 6000 cavalry to relieve them and defeated the 60,000 attackersSeeing the defeat of the relief force, Vercingetorix surrendered to Caesar
  • (after civil war with Pompey)Roman ‘peacekeeping’ between King Ptolemy and Cleopatra (his sister) in the Egyptian civil warCaesar was relatively cut off in Alexandria but sent a message for allied supportPtolemy died when his ship capsized while escapingCaesar installed Cleopatra on the throne of EgyptCaesar could have been defeated had the Egyptians been able to cut him off from his ally, Mithridates
  • After the battle of the Nile, Caesar travelled up to fight Pharnaces after he had defeated a roman army and committeed atrocities against prisoners and civiliansCaesar refused appeals for peace as he approachedAs Caesar’s troops were setting up their camp on a nearby hilltop, the Pontic army attacked from their own safe strategic hilltop postionAlthough initially successful, the romans recovered and drove the Pontics back fown the hill, routing themPharnaces escaped only to be later killed by one of his ownThe whole campaign lasted only 5 days.After the battle, Caesar sent his famous message, Veni, vidi, vici – I came, I saw, I conquered ***
  • Hacking Roman Codes with Mobile Phones

    1. 1. Historical code cracking with phones: What if Pontus, the Gauls, Germans, Nervii, Egyptians and Helvetii had iphones?Over The Air 2011, Bletchley Park<br />http://www.mobilephonesecurity.org<br />David Rogers, Copper Horse Solutions Ltd.<br />1st October 2011<br />
    2. 2. http://www.mobilephonesecurity.org<br />Some Information<br />About Me<br />12 years in the mobile industry<br />Hardware and software background<br />Head of Product Security at Panasonic Mobile<br />Worked with industry and government on IMEI and SIMlock security<br />Pioneered some early work in mobile phone forensics<br />Brought industry together on security information sharing<br />Director of External Relations at OMTP<br />Programme Manager for advanced hardware security tasks<br />Chair of Incident Handling task<br />Head of Security and Chair of Security Group at WAC<br />Owner and Director at Copper Horse Solutions<br />Blog: http://blog.mobilephonesecurity.org, Twitter: @drogersuk<br />About Copper Horse Solutions Ltd.<br />Established in 2011<br />Software and security company<br />Focussed on the mobile phone industry<br />Services:<br />Mobile phone security consultancy<br />Industry expertise<br />Standards representation<br />Mobile application development<br />http://www.copperhorsesolutions.com<br />
    3. 3. Histiaeous<br />http://www.mobilephonesecurity.org<br />In 499BC sent a trusted slave to encourage a revolt against the Persians<br />Shaved the head of the slave<br />Tattooed a message to his head, let the hair grow back<br />Recipient shave off the slave’s hair to get the message<br />This is an early form of steganography<br />From: http://www.retroworks.co/scytale.htm<br />
    4. 4. Scytale<br />http://www.mobilephonesecurity.org<br />Transposition cipher<br />Ancient Greeks, particularly the Spartans used it for military communication (also apparently used by the Romans):<br />From: http://www.retroworks.co/scytale.htm<br />
    5. 5. CAESAR Shift<br />http://www.mobilephonesecurity.org<br />Supposedly used by Caesar to protect military messages – by shifting the alphabet 3 places to the left:<br />Still used today (scarily!) – e.g. ROT13<br />It helped that a lot of Caesar’s enemies were illiterate anyway…<br />From: http://www.retroworks.co/scytale.htm<br />
    6. 6. Phaistos Disc…<br />http://www.mobilephonesecurity.org<br />Still plenty of mystery text to decipher out there…<br />Source: PRA<br />
    7. 7. Code Cracking Challenge<br />http://www.mobilephonesecurity.org<br />After each battle I describe there will be some codes to crack in which you would be able to change the course of history. You can also get these at:<br />http://blog.mobilephonesecurity.org<br />From: http://www.retroworks.co/scytale.htm<br />
    8. 8. Some Source Code to Help!<br />http://www.mobilephonesecurity.org<br />Hint: The codes are all Caesar ciphers but with different rotations<br />https://github.com/mkoby/RotationCipher (not mine!)<br />and a cheat: http://textmechanic.com/ROT13-Caesar-Cipher.html<br />
    9. 9. Julius Caesar (Briefly!)<br />http://www.mobilephonesecurity.org<br />100BC – 44BC<br />Spent 9 years campaigning in Gaul (and made a fortune)<br />Invaded Britain<br />Was involved in a civil war with Pompey<br />Defeated the Egyptians<br />Assassinated on the ‘Ides of March’ in 44BC<br />
    10. 10. http://www.mobilephonesecurity.org<br />
    11. 11. List of Battles<br />http://www.mobilephonesecurity.org<br />58BC Battle of the Arar – Helvetii<br />58BC Battle of Vosges - Germans<br />57BC Battle of the Sabis – Nervii<br />52BC Battle of Alesia - Gauls<br />47BC Battle of the Nile - Egyptians<br />47BC Battle of Zela - Pontus<br />
    12. 12. Battle of the Arar<br />http://www.mobilephonesecurity.org<br />58BC Caesar v Helvetii, Switzerland<br />
    13. 13. Break This Roman Code!<br />http://www.mobilephonesecurity.org<br />Also here: http://blog.mobilephonesecurity.org<br />Can the Helvetians defeat Caesar?<br />bgxxwfhkxmbfxyhkkxbgyhkvxfxgml<br />
    14. 14. Battle of Vosges<br />http://www.mobilephonesecurity.org<br />58BC Caesar v Germans, River Rhine, Alsace<br />
    15. 15. Break This Roman Code!<br />http://www.mobilephonesecurity.org<br />Also here: http://blog.mobilephonesecurity.org<br />Should the Germans attack the Romans?<br />bpmumvizmnqopbqvonqbemkivpwtlwcbnwzivwbpmzemms<br />
    16. 16. Battle of the Sabis<br />http://www.mobilephonesecurity.org<br />57BC Caesar v Nervii, Wallonia<br />
    17. 17. Break This Roman Code!<br />http://www.mobilephonesecurity.org<br />Also here: http://blog.mobilephonesecurity.org<br />Are the Nervii ready for Caesar?<br />muqhuweydwjeruqjiqryiydjmetqoi<br />
    18. 18. Battle of ALesia<br />http://www.mobilephonesecurity.org<br />52BC Caesar v Gauls, France<br />
    19. 19. Break This Roman Code!<br />http://www.mobilephonesecurity.org<br />Also here: http://blog.mobilephonesecurity.org<br />Is there anything the Gauls do to help themselves?<br />qebobfpxtbxhmlfkqfklrotxiikbxoqebqobbp<br />
    20. 20. Battle of the NILE<br />http://www.mobilephonesecurity.org<br />47BC Caesar & Cleopatra v Ptoloemic forces, Alexandria, Egypt<br />
    21. 21. Break This Roman Code!<br />http://www.mobilephonesecurity.org<br />Also here: http://blog.mobilephonesecurity.org<br />Are the Egyptians ready for action?<br />wbssrgiddcfhhcpfsoycihobrtwuvhdhczsam<br />
    22. 22. Battle of Zela<br />http://www.mobilephonesecurity.org<br />47BC Caesar v Pontus, Turkey<br />
    23. 23. Break This Roman Code!<br />http://www.mobilephonesecurity.org<br />Also here: http://blog.mobilephonesecurity.org<br />Save Pontus?<br />sbkfsfafsfzf<br />
    24. 24. http://www.mobilephonesecurity.org<br />Mobile Phones!<br />Open discussion on mobile application security<br />
    25. 25. Don’t Use Roman Codes!<br />http://www.mobilephonesecurity.org<br />ROT13 and XORing / obfuscation are not adequate!!<br />Modern crypto (not surprisingly) is significantly better<br />However, developers don’t have access to secure hardware APIs on mobile <br />
    26. 26. Mobile Development<br />http://www.mobilephonesecurity.org<br />How are you storing keys for both symmetric and asymmetric ciphers?<br />Common issue amongst developers<br />Also application signing keys<br />
    27. 27. Mobile Development<br />http://www.mobilephonesecurity.org<br />Think about security when designing your apps<br />Are you playing fast and loose with your users’ private data?<br />Have you explained to users why you used certain permissions?<br />What have you (not) encrypted?<br />Is your application designed badly? – gift to hackers / fraudsters?<br />E.g. asking for credit card details from a QR code<br />
    28. 28. Mobile Development<br />http://www.mobilephonesecurity.org<br />Do your research<br />Are you using weak / insecure methods?<br />Do you understand basic secure coding techniques?<br />Do you understand the platform security guidelines?<br />
    29. 29. Discussion<br />http://www.mobilephonesecurity.org<br />From: http://stackoverflow.com/questions/4671859/storing-api-keys-in-android-is-obfustication-enough<br />
    30. 30. Discussion<br />http://www.mobilephonesecurity.org<br />“I look at KeyStore but it does not really solve my problem. It can store my keys given that I can provide a password. Then I need to find a secure place to store this password which is same as my original problem.”<br />
    31. 31. Platform Security Guidelines<br />http://www.mobilephonesecurity.org<br />Apple: http://developer.apple.com/library/mac/#documentation/Security/Conceptual/SecureCodingGuide/Introduction.html<br />Android:http://developer.android.com/guide/topics/security/security.html<br />Blackberry: http://docs.blackberry.com/en/developers/deliverables/29302/index.jsp?name=Security+-+Development+Guide+-+BlackBerry+Java+SDK7.0&language=English&userType=21&category=Java+Development+Guides+and+API+Reference&subCategory=<br />Windows Phone 7 (Nokia Guidelines): http://www.developer.nokia.com/Community/Wiki/Windows_Phone_Platform_Security<br />
    32. 32. http://www.mobilephonesecurity.org<br />Romans with iphones….<br />Contact<br />Email: david.rogers@copperhorses.com<br />Twitter: @drogersuk<br />Blog: http://blog.mobilephonesecurity.org<br />http://www.flickr.com/photos/laurenthaug/4127870976/sizes/l/in/photostream/<br />
    33. 33. http://www.mobilephonesecurity.org<br />Code Solutions<br />Don’t look at the next slide if you don’t want the answers!<br />
    34. 34. Code Solutions<br />http://www.mobilephonesecurity.org<br />Helvetii: I need more time for reinforcements (h shift)<br />Germans: the men are fighting fit we can hold out for another week (s shift)<br />Nervii: we are going to beat sabis in two days (k shift)<br />Gauls: there is a weak point in our wall near the trees (d)<br />Egyptians: I need support to break out and fight ptolemy (m shift)<br />Pontus: venividivici(d shift)<br />The famous: I came, I saw, I conquered message<br />Of course, the Pontic army could not save themselves!<br />