Successfully reported this slideshow.
Franklin Heath Ltd28 May 2013Security Lessons from Bletchley Park and EnigmaImage: Bletchley Park Mansion by Antoine Taven...
CC BY 3.0Topics How the Enigma machine works How Bletchley Park exploited German mistakes Five lessons we can draw from...
CC BY 3.0The Enigma Machine Invented by Arthur Scherbius in 1918 Commercially available from 1923 Adopted by German mil...
CC BY 3.0Enigma Machine Components28 May 2013 4© Franklin Heath LtdScramblerRotors and reflectorOutputBattery-powered lamp...
CC BY 3.0Enigma Machine Components28 May 2013 5© Franklin Heath LtdScramblerRotors and reflectorOutputBattery-powered lamp...
CC BY 3.0Fully Functional Paper Model28 May 2013 6© Franklin Heath Ltd
CC BY 3.0Example Enigma Settings Sheet28 May 2013 7© Franklin Heath Ltd
CC BY 3.0Enigma Simulator28 May 2013 8© Franklin Heath Ltd
CC BY 3.0Enigma Cipher Characteristics 26-letter alphabet Numbers typically spelled out Reciprocal substitution cipher...
CC BY 3.0Enigma Machine Key Length 4-rotor Enigma M4 2 possible reflectors 672 possible rotor choices 676 possible not...
CC BY 3.0Bletchley Park’s “Wicked Uncles” Senior codebreakers recruited in 1939 Introduced mathematical and mechanised m...
CC BY 3.0Types of Breaks into Enigma Polish Cipher Bureau, 1932 onwards Common start positions (mitigated 1938) Repeate...
CC BY 3.0The Turing-Welchman Bombe28 May 2013 13© Franklin Heath LtdImages Credit: Antoine Taveneaux
CC BY 3.0Aside: What is This? Part of the Turing exhibit at the Science Museum “a cryptographic aid used at Bletchley Pa...
CC BY 3.0Lesson 1:Cryptosystems have Subtle Flaws Long keys do not alone make a strong cryptosystem Stream ciphers can h...
CC BY 3.0Lesson 2:Plan for Key Compromise “Pinches” provided a way into new Enigma networks 1940 HMS Gleaner: rotors VI ...
CC BY 3.0Lesson 3:Users Pick Poor Passwords Many Enigma messages were read by guessing themessage key that the operator c...
CC BY 3.0Lesson 4:Pick a Good RNG and Trust It Don’t be tempted to interfere to make it look random German cipher staff ...
CC BY 3.0Lesson 5:Don’t Underestimate the Enemy German high command told Enigma was “unbreakable” German cryptographers ...
CC BY 3.0Summary The Enigma machine cipher is elegant, efficient and hasfew significant inherent flaws Bletchley Park be...
Upcoming SlideShare
Loading in …5
×

Security Lessons from Bletchley Park and Enigma

1,380 views

Published on

Presented at DC4420 in London.

A brief review of how the Enigma machine works, how it was broken, and how security people keep making similar mistakes today.

Published in: Education, Technology
  • Thank you Craig Heath for sharing this! Bletchley Park history and Enigma are fascinating, even to lay people like me when it comes to security, codes and the like. ~Fan of The Bletchley Circle : www.facebook.com/TheBletchleyCircleWatchers
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Security Lessons from Bletchley Park and Enigma

  1. 1. Franklin Heath Ltd28 May 2013Security Lessons from Bletchley Park and EnigmaImage: Bletchley Park Mansion by Antoine Taveneaux
  2. 2. CC BY 3.0Topics How the Enigma machine works How Bletchley Park exploited German mistakes Five lessons we can draw from this28 May 2013 2© Franklin Heath Ltd
  3. 3. CC BY 3.0The Enigma Machine Invented by Arthur Scherbius in 1918 Commercially available from 1923 Adopted by German military from 1927 Several variants, notably: Enigma I, German army 1932 Enigma M4, German U-boats 1941 Principally mechanical Battery is used only to illuminate the output letter Used throughout WWII by German military + agencies Estimated 100,000 machines produced28 May 2013 3© Franklin Heath Ltd
  4. 4. CC BY 3.0Enigma Machine Components28 May 2013 4© Franklin Heath LtdScramblerRotors and reflectorOutputBattery-powered lampsInputKeys (switch and lever)Plug BoardStatic, swaps letters
  5. 5. CC BY 3.0Enigma Machine Components28 May 2013 5© Franklin Heath LtdScramblerRotors and reflectorOutputBattery-powered lampsInputKeys (switch and lever)
  6. 6. CC BY 3.0Fully Functional Paper Model28 May 2013 6© Franklin Heath Ltd
  7. 7. CC BY 3.0Example Enigma Settings Sheet28 May 2013 7© Franklin Heath Ltd
  8. 8. CC BY 3.0Enigma Simulator28 May 2013 8© Franklin Heath Ltd
  9. 9. CC BY 3.0Enigma Cipher Characteristics 26-letter alphabet Numbers typically spelled out Reciprocal substitution cipher Operation is its own inverse Independent of preceding text Message key sets start “state” Never encrypts a letter as itself Keys are SPDT switches selectinginput or output28 May 2013 9© Franklin Heath Ltd
  10. 10. CC BY 3.0Enigma Machine Key Length 4-rotor Enigma M4 2 possible reflectors 672 possible rotor choices 676 possible notch positions 532,985,208,200,576 possible combinations of plugs 456,976 possible starting positions = 221,286,292,668,406,558,235,295,744 possible keys Log2 gives equivalent binary key length: ~88 bits Still export-controlled today! Yet it could be broken with 70-year old mechanical technology Key length isn’t the most important characteristic28 May 2013 10© Franklin Heath Ltd
  11. 11. CC BY 3.0Bletchley Park’s “Wicked Uncles” Senior codebreakers recruited in 1939 Introduced mathematical and mechanised methods 1941 memo delivered to P.M Winston Churchill Response: “Make sure they have all they want on extremepriority and report to me that this had been done.”28 May 2013 11© Franklin Heath LtdAlan Turing 1912-1954Gordon Welchman 1906-1985Hugh Alexander 1909-1974Stuart Milner-Barry 1906-1995
  12. 12. CC BY 3.0Types of Breaks into Enigma Polish Cipher Bureau, 1932 onwards Common start positions (mitigated 1938) Repeated message key (mitigated 1940) UK GC&CS, 1937 onwards “Rodding” using cribs (mitigated by plug board) Herivel tip, to deduce ring settings Cillies, to deduce message keys Banburismus, to identify likely rotor orders Bombe menus from cribs, to test rotor orders EINS catalogue, to deduce message keys and bigram tables28 May 2013 12© Franklin Heath Ltd
  13. 13. CC BY 3.0The Turing-Welchman Bombe28 May 2013 13© Franklin Heath LtdImages Credit: Antoine Taveneaux
  14. 14. CC BY 3.0Aside: What is This? Part of the Turing exhibit at the Science Museum “a cryptographic aid used at Bletchley Park”28 May 2013 14© Franklin Heath Ltd
  15. 15. CC BY 3.0Lesson 1:Cryptosystems have Subtle Flaws Long keys do not alone make a strong cryptosystem Stream ciphers can have unfortunate interactions withthemselves (especially reciprocal synchronous ones) Attackers can take advantage of predictable plain text or evenpredictable repetitions in otherwise unknown plaintext Best practice for modern systems seems to be to useblock ciphers like AES with chaining modes 2001 break of WEP (“Wired Equivalent Privacy”) exploited useof duplicate initialisation vectors with RC4 stream cipher28 May 2013 15© Franklin Heath Ltd
  16. 16. CC BY 3.0Lesson 2:Plan for Key Compromise “Pinches” provided a way into new Enigma networks 1940 HMS Gleaner: rotors VI and VII from U-33 1940 HMS Griffin: settings and cribs from armed trawler Polares 1941 HMS Tartar: code books from weather ship Lauenberg 1941 HMS Somali: rotors and code books from armed trawler Krebs 1941 HMS Somali: code books from weather ship München 1941 HMS Bulldog: machine and code books from U-110 1942 HMS Petard: machine and code books from U-559 They had emergency procedures to switch to other settings Modern security systems need to have “renewability” too for recovery from “class breaks” like the DVD CSS key breach in 199928 May 2013 16© Franklin Heath Ltd
  17. 17. CC BY 3.0Lesson 3:Users Pick Poor Passwords Many Enigma messages were read by guessing themessage key that the operator chose (“Cillies”) AAA BBB, QWE ASD, BER LIN, etc. This was addressed later in the war by operationalprocedures Daily settings used as a pseudo-random generator Cryptographic keys need more entropy than users cansupply in the form of a password Salts, nonces, initialisation vectors, etc. You can crack many unsalted MD5 passwords just with Google28 May 2013 17© Franklin Heath Ltd
  18. 18. CC BY 3.0Lesson 4:Pick a Good RNG and Trust It Don’t be tempted to interfere to make it look random German cipher staff had rules for not repeating rotororder and not plugging adjacent letters This significantly reduced the number of possible settings thatneeded to be tried on the Bombe Many security vulnerabilities in modern systems aredue to poor randomness e.g. Debian OpenSSL vulnerability in 200828 May 2013 18© Franklin Heath Ltd
  19. 19. CC BY 3.0Lesson 5:Don’t Underestimate the Enemy German high command told Enigma was “unbreakable” German cryptographers knew it was theoreticallybreakable, but thought no one would put in that mucheffort Bletchley Park’s mathematical approach and productionline methods led to industrial-scale cryptanalysis Modern example: 2009 breaking of GSM A5/1 using precomputed rainbow tables Used GPUs in a distributed collaborative project28 May 2013 19© Franklin Heath Ltd
  20. 20. CC BY 3.0Summary The Enigma machine cipher is elegant, efficient and hasfew significant inherent flaws Bletchley Park benefited greatly from weaknesses in thekey establishment procedures and from analysis of trafficfor which keys had been compromised Five lessons: Cryptosystems have subtle flaws Plan for key compromise Users pick poor passwords Pick a good RNG and trust it Don’t underestimate the enemy28 May 2013 20© Franklin Heath Ltd

×