SlideShare a Scribd company logo
1 of 34
Historical code cracking with phones: What if Pontus, the Gauls, Germans, Nervii, Egyptians and Helvetii had iphones?Over The Air 2011, Bletchley Park http://www.mobilephonesecurity.org David Rogers, Copper Horse Solutions Ltd. 1st October 2011
http://www.mobilephonesecurity.org Some Information About Me 12 years in the mobile industry Hardware and software background Head of Product Security at Panasonic Mobile Worked with industry and government on IMEI and SIMlock security Pioneered some early work in mobile phone forensics Brought industry together on security information sharing Director of External Relations at OMTP Programme Manager for advanced hardware security tasks Chair of Incident Handling task Head of Security and Chair of Security Group at WAC Owner and Director at Copper Horse Solutions Blog: http://blog.mobilephonesecurity.org, Twitter: @drogersuk About Copper Horse Solutions Ltd. Established in 2011 Software and security company Focussed on the mobile phone industry Services: Mobile phone security consultancy Industry expertise Standards representation Mobile application development http://www.copperhorsesolutions.com
Histiaeous http://www.mobilephonesecurity.org In 499BC sent a trusted slave to encourage a revolt against the Persians Shaved the head of the slave Tattooed a message to his head, let the hair grow back Recipient shave off the slave’s hair to get the message This is an early form of steganography From: http://www.retroworks.co/scytale.htm
Scytale http://www.mobilephonesecurity.org Transposition cipher Ancient Greeks, particularly the Spartans used it for military communication (also apparently used by the Romans): From: http://www.retroworks.co/scytale.htm
CAESAR Shift http://www.mobilephonesecurity.org Supposedly used by Caesar to protect military messages – by shifting the alphabet 3 places to the left: Still used today (scarily!) – e.g. ROT13 It helped that a lot of Caesar’s enemies were illiterate anyway… From: http://www.retroworks.co/scytale.htm
Phaistos Disc… http://www.mobilephonesecurity.org Still plenty of mystery text to decipher out there… Source: PRA
Code Cracking Challenge http://www.mobilephonesecurity.org After each battle I describe there will be some codes to crack in which you would be able to change the course of history. You can also get these at: http://blog.mobilephonesecurity.org From: http://www.retroworks.co/scytale.htm
Some Source Code to Help! http://www.mobilephonesecurity.org Hint: The codes are all Caesar ciphers but with different rotations https://github.com/mkoby/RotationCipher (not mine!) and a cheat: http://textmechanic.com/ROT13-Caesar-Cipher.html
Julius Caesar (Briefly!) http://www.mobilephonesecurity.org 100BC – 44BC Spent 9 years campaigning in Gaul (and made a fortune) Invaded Britain Was involved in a civil war with Pompey Defeated the Egyptians Assassinated on the ‘Ides of March’ in 44BC
http://www.mobilephonesecurity.org
List of Battles http://www.mobilephonesecurity.org 58BC Battle of the Arar – Helvetii 58BC Battle of Vosges - Germans 57BC Battle of the Sabis – Nervii 52BC Battle of Alesia - Gauls 47BC Battle of the Nile - Egyptians 47BC Battle of Zela - Pontus
Battle of the Arar http://www.mobilephonesecurity.org 58BC Caesar v Helvetii, Switzerland
Break This Roman Code! http://www.mobilephonesecurity.org Also here: http://blog.mobilephonesecurity.org Can the Helvetians defeat Caesar? bgxxwfhkxmbfxyhkkxbgyhkvxfxgml
Battle of Vosges http://www.mobilephonesecurity.org 58BC Caesar v Germans, River Rhine, Alsace
Break This Roman Code! http://www.mobilephonesecurity.org Also here: http://blog.mobilephonesecurity.org Should the Germans attack the Romans? bpmumvizmnqopbqvonqbemkivpwtlwcbnwzivwbpmzemms
Battle of the Sabis http://www.mobilephonesecurity.org 57BC Caesar v Nervii, Wallonia
Break This Roman Code! http://www.mobilephonesecurity.org Also here: http://blog.mobilephonesecurity.org Are the Nervii ready for Caesar? muqhuweydwjeruqjiqryiydjmetqoi
Battle of ALesia http://www.mobilephonesecurity.org 52BC Caesar v Gauls, France
Break This Roman Code! http://www.mobilephonesecurity.org Also here: http://blog.mobilephonesecurity.org Is there anything the Gauls do to help themselves? qebobfpxtbxhmlfkqfklrotxiikbxoqebqobbp
Battle of the NILE http://www.mobilephonesecurity.org 47BC Caesar & Cleopatra v Ptoloemic forces, Alexandria, Egypt
Break This Roman Code! http://www.mobilephonesecurity.org Also here: http://blog.mobilephonesecurity.org Are the Egyptians ready for action? wbssrgiddcfhhcpfsoycihobrtwuvhdhczsam
Battle of Zela http://www.mobilephonesecurity.org 47BC Caesar v Pontus, Turkey
Break This Roman Code! http://www.mobilephonesecurity.org Also here: http://blog.mobilephonesecurity.org Save Pontus? sbkfsfafsfzf
http://www.mobilephonesecurity.org Mobile Phones! Open discussion on mobile application security
Don’t Use Roman Codes! http://www.mobilephonesecurity.org ROT13 and XORing / obfuscation are not adequate!! Modern crypto (not surprisingly) is significantly better However, developers don’t have access to secure hardware APIs on mobile 
Mobile Development http://www.mobilephonesecurity.org How are you storing keys for both symmetric and asymmetric ciphers? Common issue amongst developers Also application signing keys
Mobile Development http://www.mobilephonesecurity.org Think about security when designing your apps Are you playing fast and loose with your users’ private data? Have you explained to users why you used certain permissions? What have you (not) encrypted? Is your application designed badly? – gift to hackers / fraudsters? E.g. asking for credit card details from a QR code
Mobile Development http://www.mobilephonesecurity.org Do your research Are you using weak / insecure methods? Do you understand basic secure coding techniques? Do you understand the platform security guidelines?
Discussion http://www.mobilephonesecurity.org From: http://stackoverflow.com/questions/4671859/storing-api-keys-in-android-is-obfustication-enough
Discussion http://www.mobilephonesecurity.org “I look at KeyStore but it does not really solve my problem. It can store my keys given that I can provide a password. Then I need to find a secure place to store this password which is same as my original problem.”
Platform Security Guidelines http://www.mobilephonesecurity.org Apple: http://developer.apple.com/library/mac/#documentation/Security/Conceptual/SecureCodingGuide/Introduction.html Android:http://developer.android.com/guide/topics/security/security.html Blackberry: http://docs.blackberry.com/en/developers/deliverables/29302/index.jsp?name=Security+-+Development+Guide+-+BlackBerry+Java+SDK7.0&language=English&userType=21&category=Java+Development+Guides+and+API+Reference&subCategory= Windows Phone 7 (Nokia Guidelines): http://www.developer.nokia.com/Community/Wiki/Windows_Phone_Platform_Security
http://www.mobilephonesecurity.org Romans with iphones…. Contact Email: david.rogers@copperhorses.com Twitter: @drogersuk Blog: http://blog.mobilephonesecurity.org http://www.flickr.com/photos/laurenthaug/4127870976/sizes/l/in/photostream/
http://www.mobilephonesecurity.org Code Solutions Don’t look at the next slide if you don’t want the answers!
Code Solutions http://www.mobilephonesecurity.org Helvetii: I need more time for reinforcements (h shift) Germans: the men are fighting fit we can hold out for another week (s shift) Nervii: we are going to beat sabis in two days (k shift) Gauls: there is a weak point in our wall near the trees (d) Egyptians: I need support to break out and fight ptolemy (m shift) Pontus: venividivici(d shift) The famous: I came, I saw, I conquered message Of course, the Pontic army could not save themselves!

More Related Content

What's hot

Dorking & Pentesting with Tacyt
Dorking & Pentesting with TacytDorking & Pentesting with Tacyt
Dorking & Pentesting with TacytChema Alonso
 
Hacking Airwaves with Pineapples
Hacking Airwaves with PineapplesHacking Airwaves with Pineapples
Hacking Airwaves with PineapplesHostway|HOSTING
 
Personal Data Security in a Digital World
Personal Data Security in a Digital WorldPersonal Data Security in a Digital World
Personal Data Security in a Digital Worldalxdvs
 
Intermediate Vocabulary on Tech
Intermediate Vocabulary on TechIntermediate Vocabulary on Tech
Intermediate Vocabulary on TechLaurie Barth
 
A Survey of Threats in OS X and iOS(FFRI Monthly Research 201507)
A Survey of Threats in OS X and iOS(FFRI Monthly Research 201507)A Survey of Threats in OS X and iOS(FFRI Monthly Research 201507)
A Survey of Threats in OS X and iOS(FFRI Monthly Research 201507)FFRI, Inc.
 
Power Point Hacker
Power Point HackerPower Point Hacker
Power Point Hackeryanizaki
 
Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...
Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...
Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...viaForensics
 
AndroIDS: Mobile Security Reloaded
AndroIDS: Mobile Security ReloadedAndroIDS: Mobile Security Reloaded
AndroIDS: Mobile Security ReloadedJaime Sánchez
 
Computing on the Move - Mobile Security
Computing on the Move - Mobile SecurityComputing on the Move - Mobile Security
Computing on the Move - Mobile SecurityAVG Technologies AU
 

What's hot (12)

Dorking & Pentesting with Tacyt
Dorking & Pentesting with TacytDorking & Pentesting with Tacyt
Dorking & Pentesting with Tacyt
 
Hacking Airwaves with Pineapples
Hacking Airwaves with PineapplesHacking Airwaves with Pineapples
Hacking Airwaves with Pineapples
 
Personal Data Security in a Digital World
Personal Data Security in a Digital WorldPersonal Data Security in a Digital World
Personal Data Security in a Digital World
 
Intermediate Vocabulary on Tech
Intermediate Vocabulary on TechIntermediate Vocabulary on Tech
Intermediate Vocabulary on Tech
 
A Survey of Threats in OS X and iOS(FFRI Monthly Research 201507)
A Survey of Threats in OS X and iOS(FFRI Monthly Research 201507)A Survey of Threats in OS X and iOS(FFRI Monthly Research 201507)
A Survey of Threats in OS X and iOS(FFRI Monthly Research 201507)
 
Power Point Hacker
Power Point HackerPower Point Hacker
Power Point Hacker
 
Hacking final
Hacking finalHacking final
Hacking final
 
Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...
Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...
Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...
 
AndroIDS: Mobile Security Reloaded
AndroIDS: Mobile Security ReloadedAndroIDS: Mobile Security Reloaded
AndroIDS: Mobile Security Reloaded
 
Computing on the Move - Mobile Security
Computing on the Move - Mobile SecurityComputing on the Move - Mobile Security
Computing on the Move - Mobile Security
 
The state of the art in iOS Forensics
The state of the art in iOS ForensicsThe state of the art in iOS Forensics
The state of the art in iOS Forensics
 
IoT - Rise of New Zombies Army
IoT - Rise of New Zombies ArmyIoT - Rise of New Zombies Army
IoT - Rise of New Zombies Army
 

Similar to Hacking Roman Codes with Mobile Phones

Introduction to the Internet of Things
Introduction to the Internet of ThingsIntroduction to the Internet of Things
Introduction to the Internet of Thingsardiri
 
2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer Conference2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer ConferenceFabio Pietrosanti
 
Sperasoft talks: Android Security Threats
Sperasoft talks: Android Security ThreatsSperasoft talks: Android Security Threats
Sperasoft talks: Android Security ThreatsSperasoft
 
The Library in Your Pocket: Mobile Trends for Libraries
The Library in Your Pocket: Mobile Trends for LibrariesThe Library in Your Pocket: Mobile Trends for Libraries
The Library in Your Pocket: Mobile Trends for LibrariesMeredith Farkas
 
DefCamp 2013 - Are we there yet?
DefCamp 2013 - Are we there yet?DefCamp 2013 - Are we there yet?
DefCamp 2013 - Are we there yet?DefCamp
 
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docxIoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docxmariuse18nolet
 
mLearning planning tools and qrcodes
mLearning planning tools and qrcodesmLearning planning tools and qrcodes
mLearning planning tools and qrcodesInge de Waard
 
Gsm security- a survey and evaluation of the current situation
Gsm security- a survey and evaluation of the current situationGsm security- a survey and evaluation of the current situation
Gsm security- a survey and evaluation of the current situationJamal Meselmani
 
IoT – Breaking Bad
IoT – Breaking BadIoT – Breaking Bad
IoT – Breaking BadNUS-ISS
 
Mobile Application Security Threats through the Eyes of the Attacker
Mobile Application Security Threats through the Eyes of the AttackerMobile Application Security Threats through the Eyes of the Attacker
Mobile Application Security Threats through the Eyes of the Attackerbugcrowd
 
The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014
The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014
The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014Security Weekly
 
Do New Mobile Devices in Enterprises Pose A Serious Security Threat?
Do New Mobile Devices in Enterprises Pose A Serious Security Threat?Do New Mobile Devices in Enterprises Pose A Serious Security Threat?
Do New Mobile Devices in Enterprises Pose A Serious Security Threat?acijjournal
 
Mobile Penetration Testing: Episode III - Attack of the Code
Mobile Penetration Testing: Episode III - Attack of the CodeMobile Penetration Testing: Episode III - Attack of the Code
Mobile Penetration Testing: Episode III - Attack of the CodeNowSecure
 
The Internet of Things: We've Got to Chat
The Internet of Things: We've Got to ChatThe Internet of Things: We've Got to Chat
The Internet of Things: We've Got to ChatDuo Security
 
PROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITYPROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITYSylvain Martinez
 
Tips of Mobile Application Security
Tips of Mobile Application SecurityTips of Mobile Application Security
Tips of Mobile Application SecurityMarie Weaver
 
OWASP Mobile Top 10
OWASP Mobile Top 10OWASP Mobile Top 10
OWASP Mobile Top 10NowSecure
 
Penetration testing of i phone-ipad applications
Penetration testing of i phone-ipad applicationsPenetration testing of i phone-ipad applications
Penetration testing of i phone-ipad applicationsshehab najjar
 

Similar to Hacking Roman Codes with Mobile Phones (20)

Introduction to the Internet of Things
Introduction to the Internet of ThingsIntroduction to the Internet of Things
Introduction to the Internet of Things
 
2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer Conference2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer Conference
 
Sperasoft talks: Android Security Threats
Sperasoft talks: Android Security ThreatsSperasoft talks: Android Security Threats
Sperasoft talks: Android Security Threats
 
The Library in Your Pocket: Mobile Trends for Libraries
The Library in Your Pocket: Mobile Trends for LibrariesThe Library in Your Pocket: Mobile Trends for Libraries
The Library in Your Pocket: Mobile Trends for Libraries
 
DefCamp 2013 - Are we there yet?
DefCamp 2013 - Are we there yet?DefCamp 2013 - Are we there yet?
DefCamp 2013 - Are we there yet?
 
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docxIoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
 
mLearning planning tools and qrcodes
mLearning planning tools and qrcodesmLearning planning tools and qrcodes
mLearning planning tools and qrcodes
 
Gsm security- a survey and evaluation of the current situation
Gsm security- a survey and evaluation of the current situationGsm security- a survey and evaluation of the current situation
Gsm security- a survey and evaluation of the current situation
 
IoT – Breaking Bad
IoT – Breaking BadIoT – Breaking Bad
IoT – Breaking Bad
 
Mobile Application Security Threats through the Eyes of the Attacker
Mobile Application Security Threats through the Eyes of the AttackerMobile Application Security Threats through the Eyes of the Attacker
Mobile Application Security Threats through the Eyes of the Attacker
 
The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014
The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014
The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014
 
Do New Mobile Devices in Enterprises Pose A Serious Security Threat?
Do New Mobile Devices in Enterprises Pose A Serious Security Threat?Do New Mobile Devices in Enterprises Pose A Serious Security Threat?
Do New Mobile Devices in Enterprises Pose A Serious Security Threat?
 
Cyber security awareness presentation nepal
Cyber security awareness presentation nepalCyber security awareness presentation nepal
Cyber security awareness presentation nepal
 
Mobile Penetration Testing: Episode III - Attack of the Code
Mobile Penetration Testing: Episode III - Attack of the CodeMobile Penetration Testing: Episode III - Attack of the Code
Mobile Penetration Testing: Episode III - Attack of the Code
 
The Internet of Things: We've Got to Chat
The Internet of Things: We've Got to ChatThe Internet of Things: We've Got to Chat
The Internet of Things: We've Got to Chat
 
PROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITYPROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITY
 
Tips of Mobile Application Security
Tips of Mobile Application SecurityTips of Mobile Application Security
Tips of Mobile Application Security
 
OWASP Mobile Top 10
OWASP Mobile Top 10OWASP Mobile Top 10
OWASP Mobile Top 10
 
NWSLTR_Volume5_Issue2
NWSLTR_Volume5_Issue2NWSLTR_Volume5_Issue2
NWSLTR_Volume5_Issue2
 
Penetration testing of i phone-ipad applications
Penetration testing of i phone-ipad applicationsPenetration testing of i phone-ipad applications
Penetration testing of i phone-ipad applications
 

Recently uploaded

UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2DianaGray10
 
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...FIDO Alliance
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxDavid Michel
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...FIDO Alliance
 
PLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsPLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsStefano
 
Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024Enterprise Knowledge
 
ECS 2024 Teams Premium - Pretty Secure
ECS 2024   Teams Premium - Pretty SecureECS 2024   Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty SecureFemke de Vroome
 
IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoTAnalytics
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIES VE
 
UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1DianaGray10
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityScyllaDB
 
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomSalesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomCzechDreamin
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...CzechDreamin
 
Strategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering TeamsStrategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering TeamsUXDXConf
 
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfFIDO Alliance
 
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfWhere to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfFIDO Alliance
 
Intro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераIntro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераMark Opanasiuk
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeCzechDreamin
 
Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaCzechDreamin
 
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxWSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxJennifer Lim
 

Recently uploaded (20)

UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2
 
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
 
PLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsPLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. Startups
 
Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024
 
ECS 2024 Teams Premium - Pretty Secure
ECS 2024   Teams Premium - Pretty SecureECS 2024   Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty Secure
 
IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and Planning
 
UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through Observability
 
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomSalesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
 
Strategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering TeamsStrategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering Teams
 
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
 
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfWhere to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
 
Intro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераIntro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджера
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
 
Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara Laskowska
 
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxWSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
 

Hacking Roman Codes with Mobile Phones

  • 1. Historical code cracking with phones: What if Pontus, the Gauls, Germans, Nervii, Egyptians and Helvetii had iphones?Over The Air 2011, Bletchley Park http://www.mobilephonesecurity.org David Rogers, Copper Horse Solutions Ltd. 1st October 2011
  • 2. http://www.mobilephonesecurity.org Some Information About Me 12 years in the mobile industry Hardware and software background Head of Product Security at Panasonic Mobile Worked with industry and government on IMEI and SIMlock security Pioneered some early work in mobile phone forensics Brought industry together on security information sharing Director of External Relations at OMTP Programme Manager for advanced hardware security tasks Chair of Incident Handling task Head of Security and Chair of Security Group at WAC Owner and Director at Copper Horse Solutions Blog: http://blog.mobilephonesecurity.org, Twitter: @drogersuk About Copper Horse Solutions Ltd. Established in 2011 Software and security company Focussed on the mobile phone industry Services: Mobile phone security consultancy Industry expertise Standards representation Mobile application development http://www.copperhorsesolutions.com
  • 3. Histiaeous http://www.mobilephonesecurity.org In 499BC sent a trusted slave to encourage a revolt against the Persians Shaved the head of the slave Tattooed a message to his head, let the hair grow back Recipient shave off the slave’s hair to get the message This is an early form of steganography From: http://www.retroworks.co/scytale.htm
  • 4. Scytale http://www.mobilephonesecurity.org Transposition cipher Ancient Greeks, particularly the Spartans used it for military communication (also apparently used by the Romans): From: http://www.retroworks.co/scytale.htm
  • 5. CAESAR Shift http://www.mobilephonesecurity.org Supposedly used by Caesar to protect military messages – by shifting the alphabet 3 places to the left: Still used today (scarily!) – e.g. ROT13 It helped that a lot of Caesar’s enemies were illiterate anyway… From: http://www.retroworks.co/scytale.htm
  • 6. Phaistos Disc… http://www.mobilephonesecurity.org Still plenty of mystery text to decipher out there… Source: PRA
  • 7. Code Cracking Challenge http://www.mobilephonesecurity.org After each battle I describe there will be some codes to crack in which you would be able to change the course of history. You can also get these at: http://blog.mobilephonesecurity.org From: http://www.retroworks.co/scytale.htm
  • 8. Some Source Code to Help! http://www.mobilephonesecurity.org Hint: The codes are all Caesar ciphers but with different rotations https://github.com/mkoby/RotationCipher (not mine!) and a cheat: http://textmechanic.com/ROT13-Caesar-Cipher.html
  • 9. Julius Caesar (Briefly!) http://www.mobilephonesecurity.org 100BC – 44BC Spent 9 years campaigning in Gaul (and made a fortune) Invaded Britain Was involved in a civil war with Pompey Defeated the Egyptians Assassinated on the ‘Ides of March’ in 44BC
  • 11. List of Battles http://www.mobilephonesecurity.org 58BC Battle of the Arar – Helvetii 58BC Battle of Vosges - Germans 57BC Battle of the Sabis – Nervii 52BC Battle of Alesia - Gauls 47BC Battle of the Nile - Egyptians 47BC Battle of Zela - Pontus
  • 12. Battle of the Arar http://www.mobilephonesecurity.org 58BC Caesar v Helvetii, Switzerland
  • 13. Break This Roman Code! http://www.mobilephonesecurity.org Also here: http://blog.mobilephonesecurity.org Can the Helvetians defeat Caesar? bgxxwfhkxmbfxyhkkxbgyhkvxfxgml
  • 14. Battle of Vosges http://www.mobilephonesecurity.org 58BC Caesar v Germans, River Rhine, Alsace
  • 15. Break This Roman Code! http://www.mobilephonesecurity.org Also here: http://blog.mobilephonesecurity.org Should the Germans attack the Romans? bpmumvizmnqopbqvonqbemkivpwtlwcbnwzivwbpmzemms
  • 16. Battle of the Sabis http://www.mobilephonesecurity.org 57BC Caesar v Nervii, Wallonia
  • 17. Break This Roman Code! http://www.mobilephonesecurity.org Also here: http://blog.mobilephonesecurity.org Are the Nervii ready for Caesar? muqhuweydwjeruqjiqryiydjmetqoi
  • 18. Battle of ALesia http://www.mobilephonesecurity.org 52BC Caesar v Gauls, France
  • 19. Break This Roman Code! http://www.mobilephonesecurity.org Also here: http://blog.mobilephonesecurity.org Is there anything the Gauls do to help themselves? qebobfpxtbxhmlfkqfklrotxiikbxoqebqobbp
  • 20. Battle of the NILE http://www.mobilephonesecurity.org 47BC Caesar & Cleopatra v Ptoloemic forces, Alexandria, Egypt
  • 21. Break This Roman Code! http://www.mobilephonesecurity.org Also here: http://blog.mobilephonesecurity.org Are the Egyptians ready for action? wbssrgiddcfhhcpfsoycihobrtwuvhdhczsam
  • 22. Battle of Zela http://www.mobilephonesecurity.org 47BC Caesar v Pontus, Turkey
  • 23. Break This Roman Code! http://www.mobilephonesecurity.org Also here: http://blog.mobilephonesecurity.org Save Pontus? sbkfsfafsfzf
  • 24. http://www.mobilephonesecurity.org Mobile Phones! Open discussion on mobile application security
  • 25. Don’t Use Roman Codes! http://www.mobilephonesecurity.org ROT13 and XORing / obfuscation are not adequate!! Modern crypto (not surprisingly) is significantly better However, developers don’t have access to secure hardware APIs on mobile 
  • 26. Mobile Development http://www.mobilephonesecurity.org How are you storing keys for both symmetric and asymmetric ciphers? Common issue amongst developers Also application signing keys
  • 27. Mobile Development http://www.mobilephonesecurity.org Think about security when designing your apps Are you playing fast and loose with your users’ private data? Have you explained to users why you used certain permissions? What have you (not) encrypted? Is your application designed badly? – gift to hackers / fraudsters? E.g. asking for credit card details from a QR code
  • 28. Mobile Development http://www.mobilephonesecurity.org Do your research Are you using weak / insecure methods? Do you understand basic secure coding techniques? Do you understand the platform security guidelines?
  • 29. Discussion http://www.mobilephonesecurity.org From: http://stackoverflow.com/questions/4671859/storing-api-keys-in-android-is-obfustication-enough
  • 30. Discussion http://www.mobilephonesecurity.org “I look at KeyStore but it does not really solve my problem. It can store my keys given that I can provide a password. Then I need to find a secure place to store this password which is same as my original problem.”
  • 31. Platform Security Guidelines http://www.mobilephonesecurity.org Apple: http://developer.apple.com/library/mac/#documentation/Security/Conceptual/SecureCodingGuide/Introduction.html Android:http://developer.android.com/guide/topics/security/security.html Blackberry: http://docs.blackberry.com/en/developers/deliverables/29302/index.jsp?name=Security+-+Development+Guide+-+BlackBerry+Java+SDK7.0&language=English&userType=21&category=Java+Development+Guides+and+API+Reference&subCategory= Windows Phone 7 (Nokia Guidelines): http://www.developer.nokia.com/Community/Wiki/Windows_Phone_Platform_Security
  • 32. http://www.mobilephonesecurity.org Romans with iphones…. Contact Email: david.rogers@copperhorses.com Twitter: @drogersuk Blog: http://blog.mobilephonesecurity.org http://www.flickr.com/photos/laurenthaug/4127870976/sizes/l/in/photostream/
  • 33. http://www.mobilephonesecurity.org Code Solutions Don’t look at the next slide if you don’t want the answers!
  • 34. Code Solutions http://www.mobilephonesecurity.org Helvetii: I need more time for reinforcements (h shift) Germans: the men are fighting fit we can hold out for another week (s shift) Nervii: we are going to beat sabis in two days (k shift) Gauls: there is a weak point in our wall near the trees (d) Egyptians: I need support to break out and fight ptolemy (m shift) Pontus: venividivici(d shift) The famous: I came, I saw, I conquered message Of course, the Pontic army could not save themselves!

Editor's Notes

  1. Picture – Julius Caesar and Divico parlay after the battle at the river SaoneThe Helvetian tribe were planning to migrate towards the west coast of Gaul, cutting off Gaul and causing a threat to Roman Spain.Mass migration of 300,000 people!Caesar had to play for time because of a lack of soldiersHelvetii were attacked during the night while crossing the riverCaesar ultimately chased down the Helvetii and they eventually surrendered after the battle of BribacteThree opportunities that the Helvetii could have seized:Discovering that Caesar had left RomeRealising that Caesar was playing for timeDiscovering Caesar’s planned night time attack for the river crossing
  2. 58BC Caesar v GermansLocation: River Rhine, AlsaceGerman tribes (Suebi and others) made a move into GaulAriovistus moved his camp onto the Roman supply lineHe delayed battle deliberately to starve and weaken the Roman soldiersRomans charged down on the Germans who formed a Phalanx with their shields – roman soldiers jumped onto the shields and wrenched them away, stabbing down onto the soldiersOn learning that the Germans believed in a prophecy that they should lose the battle if they fought before the new moon, Caesar forced a battle upon them immediately.Their leader Ariovistus escaped but was defeated. Caesar had forced the Germans out of GaulAriovistus could have realised that Caesar’s men were not starving and delayed the battle further, therefore defeating him once his men were truly weakened
  3. Caesar was surprised and nearly defeatedThey would not “partake of alcoholic beverages or other such imported Roman luxuries” – wine was banned by decree by the NerviiThe Nervii caught javelins in flight and hurled them back at legionnaires!Nervii used typical Gallic warfare tactics which could be defeated with missilesNervii used mounds of the fallen as ramparts by the end of the battleCaesar lost all of his standards and most of his centuriansNervii could have discovered how swiftly Caesar was travelling and ambushed before they reached the SabisResult was Caesar gained control of what is now Belgium
  4. Vercingetorix and Julius CaesarSeige around a hill fortThe last major engagement between the Gauls and the RomansMarks the end of Celtic dominance80,000 fighting men were under seigeCaesar constructed a second wall around him, in case he was attacked after some cavalry managed to break out of the seigeCaesar would not allow the women and children out of the seige, so they were left to starve in no-mans land.The relief force arrivedRomans were also beginning to starve as they were being beseigedLots of skirmishes and combined attacks from without and withinGauls discovered a weakness in the walls that was hidden (this is a point that could have been exploited earlier if the Gauls had known)The Roman cavalry defended this and nearly collapsed, Caesar sent a force of 6000 cavalry to relieve them and defeated the 60,000 attackersSeeing the defeat of the relief force, Vercingetorix surrendered to Caesar
  5. (after civil war with Pompey)Roman ‘peacekeeping’ between King Ptolemy and Cleopatra (his sister) in the Egyptian civil warCaesar was relatively cut off in Alexandria but sent a message for allied supportPtolemy died when his ship capsized while escapingCaesar installed Cleopatra on the throne of EgyptCaesar could have been defeated had the Egyptians been able to cut him off from his ally, Mithridates
  6. After the battle of the Nile, Caesar travelled up to fight Pharnaces after he had defeated a roman army and committeed atrocities against prisoners and civiliansCaesar refused appeals for peace as he approachedAs Caesar’s troops were setting up their camp on a nearby hilltop, the Pontic army attacked from their own safe strategic hilltop postionAlthough initially successful, the romans recovered and drove the Pontics back fown the hill, routing themPharnaces escaped only to be later killed by one of his ownThe whole campaign lasted only 5 days.After the battle, Caesar sent his famous message, Veni, vidi, vici – I came, I saw, I conquered ***