Fund Raising with an Android Enigma Machine Simulator 02 June 2012             Franklin Heath Ltd
What Shall We Talk About? How the World War II Enigma machine works Potential for mobile apps to raise money for chariti...
Android Enigma Simulator: Why? 2012 is Alan Turing’s centenary year    One of Bletchley Park’s “Wicked Uncles” working o...
Bletchley Park’s “Wicked Uncles”  Senior codebreakers recruited in 1939      Introduced mathematical and mechanised meth...
Enigma Machine Components         Scrambler      Rotors and reflector                      Output               Battery-po...
Enigma Machine Components         Scrambler      Rotors and reflector                      Output               Battery-po...
Fully Functional Paper Model               © Franklin Heath Ltd02 June 2012           CC BY 3.0      7
Enigma Simulator App Demo               © Franklin Heath Ltd02 June 2012           CC BY 3.0      8
Google Play International Reach                           0%                5%               10%                  15%     ...
Revenue Stats                        (by 2012 Week Nos.)                     5   6    7   8   9   10   11    12    13   14...
How the Revenue Divides Up Google Play (user charged £1)      17p to Her Majesty’s Revenue and Customs (V.A.T.)      25...
Fundraising:What Have We Learned? People will donate using in-app billing    ~ 2% of ~2,700 installs so far People do c...
Android Testing Strategy 448 different device models in 2864 installs!    Clearly impossible to test on every device    ...
Android Device Variability:                     Screen Size and Density                                       60%         ...
Android Device Variability:                            API Level / Android Version                                        ...
Device-Specific Android Issues Samsung Galaxy S app data directory bug Android 4 XT9 soft keyb. ignores “no suggestion” ...
Android Testing Strategy:Representative Devices Most popular devices in the commonly used categories normal-hdpi    51.0%...
Android Fragmentation:What Have We Learned? Support for all versions/screens took 80% of our effort    But 70% installed...
The Crypto Lessons that Enigmaand Bletchley Park Can Teach Us Don’t assume that key length is equivalent to security Use...
Enigma Machine Key Length 4-rotor Enigma M4      2 possible reflectors      672 possible rotor choices      676 possib...
Users Pick Poor Passwords Many Enigma messages were read by guessing the  message key that the operator chose (“Cillies”)...
Plan for Key Compromise “Pinches” were an important way into new Enigma networks      1941 HMS Tartar: code books from w...
Use Really Random Numbers Don’t be tempted to interfere to make it look random German cipher staff had rules for not rep...
Don’t Underestimate the Enemy German high command told Enigma was “unbreakable” German cryptographers knew it was theore...
Questions? If we have time!                     © Franklin Heath Ltd02 June 2012                 CC BY 3.0      25
Upcoming SlideShare
Loading in …5
×

Fund Raising with an Android Enigma Machine Simulator

1,468 views
1,331 views

Published on

Presented at Over The Air 2012, Bletchley Park

Published in: Education, Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,468
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
18
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Fund Raising with an Android Enigma Machine Simulator

  1. 1. Fund Raising with an Android Enigma Machine Simulator 02 June 2012 Franklin Heath Ltd
  2. 2. What Shall We Talk About? How the World War II Enigma machine works Potential for mobile apps to raise money for charities How bad is Android fragmentation and how best to deal with it What mechanical cryptography can teach us about todays security software © Franklin Heath Ltd02 June 2012 CC BY 3.0 2
  3. 3. Android Enigma Simulator: Why? 2012 is Alan Turing’s centenary year  One of Bletchley Park’s “Wicked Uncles” working on Enigma Real WWII Enigma machines can cost > $200,000  Touch screen animation gives an idea of the real thing Education  Strong cryptography existed before computers Fund raising  Bletchley Park Trust needs matching funds to restore the site Experiment in Android development and monetisation © Franklin Heath Ltd02 June 2012 CC BY 3.0 3
  4. 4. Bletchley Park’s “Wicked Uncles”  Senior codebreakers recruited in 1939  Introduced mathematical and mechanised methods  1941 memo delivered to P.M Winston Churchill  Response: “Make sure they have all they want on extreme priority and report to me that this had been done.” Alan Turing 1912-1954Stuart Milner-Barry 1906-1995 Hugh Alexander 1909-1974 Gordon Welchman 1906-1985 © Franklin Heath Ltd 02 June 2012 CC BY 3.0 4
  5. 5. Enigma Machine Components Scrambler Rotors and reflector Output Battery-powered lamps InputKeys (switch and lever) Plug Board Static, swaps letters © Franklin Heath Ltd02 June 2012 CC BY 3.0 5
  6. 6. Enigma Machine Components Scrambler Rotors and reflector Output Battery-powered lamps InputKeys (switch and lever) © Franklin Heath Ltd02 June 2012 CC BY 3.0 6
  7. 7. Fully Functional Paper Model © Franklin Heath Ltd02 June 2012 CC BY 3.0 7
  8. 8. Enigma Simulator App Demo © Franklin Heath Ltd02 June 2012 CC BY 3.0 8
  9. 9. Google Play International Reach 0% 5% 10% 15% 20% 25% 30% USA 670 UK 450 Germany 264 Spain 151Top 20 countries (of 99) Italy 112 Poland 111 Netherlands 63 Australia 61 France 59 Canada 47 Czech Republic 46 Brazil 45 Croatia 44 Sweden 43 India 41 Turkey 39 Mexico 35 Hungary 33 Indonesia 30 0 Finland 27 100 200 300 400 500 600 700 800 © Franklin Heath Ltd 02 June 2012 CC BY 3.0 9
  10. 10. Revenue Stats (by 2012 Week Nos.) 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 300 £15.00 In-App. Payments 250 £12.50 Advert. Revenue Nook Sales 200 £10.00New Installs Revenue 150 £7.50 100 £5.00 50 £2.50 0 £0.00 © Franklin Heath Ltd 02 June 2012 CC BY 3.0 10
  11. 11. How the Revenue Divides Up Google Play (user charged £1)  17p to Her Majesty’s Revenue and Customs (V.A.T.)  25p to Google (30% Android billing fee)  29p to us (until development costs covered)  29p to the Bletchley Park Trust AdMob (variable rates per click)  Remitted in $US so no V.A.T. due  50% to the Bletchley Park Trust Nook sales (user charged $2.49)  $0.75 to Barnes & Noble (30% transaction fee)  $0.87 to us  $0.87 to the Bletchley Park Trust © Franklin Heath Ltd02 June 2012 CC BY 3.0 11
  12. 12. Fundraising:What Have We Learned? People will donate using in-app billing  ~ 2% of ~2,700 installs so far People do click on in-app advertisements  ~ 0.8% of ~36,000 impressions so far Revenue so far is low  Street corner tin rattling could have been more productive!  BUT software revenue scales effortlessly, so good potential What we need to do better  Marketing (increase awareness and donations)  Continuing user engagement (increase ad revenue) © Franklin Heath Ltd02 June 2012 CC BY 3.0 12
  13. 13. Android Testing Strategy 448 different device models in 2864 installs!  Clearly impossible to test on every device  What is the best mix of devices to test on? Use Android resource qualifiers to identify categories  “small” → “xlarge”, “ldpi” → “xhdpi”  Using Android’s layout engine to adapt to different screens Also need to cover all supported Android API levels  We don’t support Android 1.5  0.23% of category, mandates extra permissions for compatibility © Franklin Heath Ltd02 June 2012 CC BY 3.0 13
  14. 14. Android Device Variability: Screen Size and Density 60% 1600 ldpiPercentage of all EnigmaSim installs 1370 mdpi 1400 50% hdpi 1200 40% xhdpi 1000 30% 800 600 20% 359 335 400 10% 142 129 120 119 200 67 1 16 0 0 4 26 0 0 0% 0 small normal large xlarge © Franklin Heath Ltd 02 June 2012 CC BY 3.0 14
  15. 15. Android Device Variability: API Level / Android Version 1308 1400Percentage of all EnigmaSim installs 50.0% 1200 40.0% 1000 30.0% 800 600 20.0% 424 383 400 10.0% 195 159 200 27 19 49 48 0 0 2 0.0% 0 API level: 4 5 6 7 8 9 10 11 12 13 14 15 Version: 1.6 2.0 2.1 2.2 2.3 3.0 3.1 3.2 4.0 © Franklin Heath Ltd 02 June 2012 CC BY 3.0 15
  16. 16. Device-Specific Android Issues Samsung Galaxy S app data directory bug Android 4 XT9 soft keyb. ignores “no suggestion” flag Android 1.6 ghost status bar on resume System font changed in Android 4 (size changes) Nook default dialog title colour different Android 1.6 in-app billing hangs Samsung Galaxy Note pixel density © Franklin Heath Ltd02 June 2012 CC BY 3.0 16
  17. 17. Android Testing Strategy:Representative Devices Most popular devices in the commonly used categories normal-hdpi 51.0% Samsung Galaxy S2 normal-mdpi 13.4% Samsung Galaxy Ace xlarge-mdpi 12.5% Asus EeePad Transformer TF101 small-ldpi 5.3% Samsung Galaxy Mini small-mdpi 4.8% Sony Ericsson Xperia X10 Mini Pro normal-xhdpi 4.5% Samsung Galaxy Nexus large-mdpi 4.4% Samsung Galaxy Tab large-xhdpi 2.5% Samsung Galaxy Note How to avoid having to buy all these devices?  Remote access testing services (DeviceAnywhere, TestDroid) © Franklin Heath Ltd02 June 2012 CC BY 3.0 17
  18. 18. Android Fragmentation:What Have We Learned? Support for all versions/screens took 80% of our effort  But 70% installed on Android 2.x, 51% on “normal-hdpi”  Best strategy to release on a limited subset, at least initially? Automated tests are essential  Overnight tests on 15 different emulated devices  Android extensions to JUnit are extremely flaky  Unpredictable data corruption caused by test framework,we gave up  MonkeyRunner is usable but still unreliable  We will be looking at Robotium in future Remote access could help with device-specific issues © Franklin Heath Ltd02 June 2012 CC BY 3.0 18
  19. 19. The Crypto Lessons that Enigmaand Bletchley Park Can Teach Us Don’t assume that key length is equivalent to security User-selected passwords may be the weakest link Plan for your keys to be compromised Use really random numbers, not random-looking ones Dont underestimate the attacker © Franklin Heath Ltd02 June 2012 CC BY 3.0 19
  20. 20. Enigma Machine Key Length 4-rotor Enigma M4  2 possible reflectors  672 possible rotor choices  676 possible notch positions  532,985,208,200,576 possible combinations of plugs  456,976 possible starting positions  = 221,286,292,668,406,558,235,295,744 possible keys  Log2 gives equivalent binary key length: ~88 bits  This is still export-controlled!  Yet it could be broken with 70-year old mechanical technology Key length isn’t the most important factor © Franklin Heath Ltd02 June 2012 CC BY 3.0 20
  21. 21. Users Pick Poor Passwords Many Enigma messages were read by guessing the message key that the operator chose (“Cillies”)  AAA BBB, QWE ASD, BER LIN, etc. This was addressed later in the war by operational procedures  Daily settings used as a pseudo-random generator Cryptographic keys need more entropy than users can supply in the form of a password  Salts, nonces, etc. © Franklin Heath Ltd02 June 2012 CC BY 3.0 21
  22. 22. Plan for Key Compromise “Pinches” were an important way into new Enigma networks  1941 HMS Tartar: code books from weather ship Lauenberg  1942 HMS Petard: machine and code books from U-559  1940 HMS Gleaner: rotors VI and VII from U-33  1941 HMS Somali: rotors and code books from armed trawler Krebs  1940 HMS Griffin: settings and cribs from armed trawler Polares  1941 HMS Somali: code books from weather ship München  1941 HMS Bulldog: machine and code books from U-110 They had emergency procedures to switch to other settings  Modern security systems need to have “renewability” too © Franklin Heath Ltd02 June 2012 CC BY 3.0 22
  23. 23. Use Really Random Numbers Don’t be tempted to interfere to make it look random German cipher staff had rules for not repeating rotor order and not plugging adjacent letters  This significantly reduced the number of possible settings that needed to be tried on the Bombe Many security vulnerabilities in modern systems are due to poor randomness  e.g. Debian OpenSSL vulnerability in 2008 © Franklin Heath Ltd02 June 2012 CC BY 3.0 23
  24. 24. Don’t Underestimate the Enemy German high command told Enigma was “unbreakable” German cryptographers knew it was theoretically breakable, but thought no one would put in that much effort Bletchley Park’s mathematical approach and production line methods led to industrial-scale cryptanalysis Today: it only needs a handful of bright and bored attackers to find a “class break” and then millions of “script kiddies” can use it. © Franklin Heath Ltd02 June 2012 CC BY 3.0 24
  25. 25. Questions? If we have time! © Franklin Heath Ltd02 June 2012 CC BY 3.0 25

×