Successfully reported this slideshow.

Security Lessons from Bletchley Park and Enigma

2

Share

Loading in …3
×
1 of 20
1 of 20

Security Lessons from Bletchley Park and Enigma

2

Share

Download to read offline

Presented at DC4420 in London.

A brief review of how the Enigma machine works, how it was broken, and how security people keep making similar mistakes today.

Presented at DC4420 in London.

A brief review of how the Enigma machine works, how it was broken, and how security people keep making similar mistakes today.

More Related Content

Related Books

Free with a 14 day trial from Scribd

See all

Related Audiobooks

Free with a 14 day trial from Scribd

See all

Security Lessons from Bletchley Park and Enigma

  1. 1. Franklin Heath Ltd28 May 2013 Security Lessons from Bletchley Park and Enigma Image: Bletchley Park Mansion by Antoine Taveneaux
  2. 2. CC BY 3.0 Topics  How the Enigma machine works  How Bletchley Park exploited German mistakes  Five lessons we can draw from this 28 May 2013 2 © Franklin Heath Ltd
  3. 3. CC BY 3.0 The Enigma Machine  Invented by Arthur Scherbius in 1918  Commercially available from 1923  Adopted by German military from 1927  Several variants, notably:  Enigma I, German army 1932  Enigma M4, German U-boats 1941  Principally mechanical  Battery is used only to illuminate the output letter  Used throughout WWII by German military + agencies  Estimated 100,000 machines produced 28 May 2013 3 © Franklin Heath Ltd
  4. 4. CC BY 3.0 Enigma Machine Components 28 May 2013 4 © Franklin Heath Ltd Scrambler Rotors and reflector Output Battery-powered lamps Input Keys (switch and lever) Plug Board Static, swaps letters
  5. 5. CC BY 3.0 Enigma Machine Components 28 May 2013 5 © Franklin Heath Ltd Scrambler Rotors and reflector Output Battery-powered lamps Input Keys (switch and lever)
  6. 6. CC BY 3.0 Fully Functional Paper Model 28 May 2013 6 © Franklin Heath Ltd
  7. 7. CC BY 3.0 Example Enigma Settings Sheet 28 May 2013 7 © Franklin Heath Ltd
  8. 8. CC BY 3.0 Enigma Simulator 28 May 2013 8 © Franklin Heath Ltd
  9. 9. CC BY 3.0 Enigma Cipher Characteristics  26-letter alphabet  Numbers typically spelled out  Reciprocal substitution cipher  Operation is its own inverse  Independent of preceding text  Message key sets start “state”  Never encrypts a letter as itself  Keys are SPDT switches selecting input or output 28 May 2013 9 © Franklin Heath Ltd
  10. 10. CC BY 3.0 Enigma Machine Key Length  4-rotor Enigma M4  2 possible reflectors  672 possible rotor choices  676 possible notch positions  532,985,208,200,576 possible combinations of plugs  456,976 possible starting positions  = 221,286,292,668,406,558,235,295,744 possible keys  Log2 gives equivalent binary key length: ~88 bits  Still export-controlled today!  Yet it could be broken with 70-year old mechanical technology  Key length isn’t the most important characteristic 28 May 2013 10 © Franklin Heath Ltd
  11. 11. CC BY 3.0 Bletchley Park’s “Wicked Uncles”  Senior codebreakers recruited in 1939  Introduced mathematical and mechanised methods  1941 memo delivered to P.M Winston Churchill  Response: “Make sure they have all they want on extreme priority and report to me that this had been done.” 28 May 2013 11 © Franklin Heath Ltd Alan Turing 1912-1954 Gordon Welchman 1906-1985Hugh Alexander 1909-1974Stuart Milner-Barry 1906-1995
  12. 12. CC BY 3.0 Types of Breaks into Enigma  Polish Cipher Bureau, 1932 onwards  Common start positions (mitigated 1938)  Repeated message key (mitigated 1940)  UK GC&CS, 1937 onwards  “Rodding” using cribs (mitigated by plug board)  Herivel tip, to deduce ring settings  Cillies, to deduce message keys  Banburismus, to identify likely rotor orders  Bombe menus from cribs, to test rotor orders  EINS catalogue, to deduce message keys and bigram tables 28 May 2013 12 © Franklin Heath Ltd
  13. 13. CC BY 3.0 The Turing-Welchman Bombe 28 May 2013 13 © Franklin Heath Ltd Images Credit: Antoine Taveneaux
  14. 14. CC BY 3.0 Aside: What is This?  Part of the Turing exhibit at the Science Museum  “a cryptographic aid used at Bletchley Park” 28 May 2013 14 © Franklin Heath Ltd
  15. 15. CC BY 3.0 Lesson 1: Cryptosystems have Subtle Flaws  Long keys do not alone make a strong cryptosystem  Stream ciphers can have unfortunate interactions with themselves (especially reciprocal synchronous ones)  Attackers can take advantage of predictable plain text or even predictable repetitions in otherwise unknown plaintext  Best practice for modern systems seems to be to use block ciphers like AES with chaining modes  2001 break of WEP (“Wired Equivalent Privacy”) exploited use of duplicate initialisation vectors with RC4 stream cipher 28 May 2013 15 © Franklin Heath Ltd
  16. 16. CC BY 3.0 Lesson 2: Plan for Key Compromise  “Pinches” provided a way into new Enigma networks  1940 HMS Gleaner: rotors VI and VII from U-33  1940 HMS Griffin: settings and cribs from armed trawler Polares  1941 HMS Tartar: code books from weather ship Lauenberg  1941 HMS Somali: rotors and code books from armed trawler Krebs  1941 HMS Somali: code books from weather ship München  1941 HMS Bulldog: machine and code books from U-110  1942 HMS Petard: machine and code books from U-559  They had emergency procedures to switch to other settings  Modern security systems need to have “renewability” too  for recovery from “class breaks” like the DVD CSS key breach in 1999 28 May 2013 16 © Franklin Heath Ltd
  17. 17. CC BY 3.0 Lesson 3: Users Pick Poor Passwords  Many Enigma messages were read by guessing the message key that the operator chose (“Cillies”)  AAA BBB, QWE ASD, BER LIN, etc.  This was addressed later in the war by operational procedures  Daily settings used as a pseudo-random generator  Cryptographic keys need more entropy than users can supply in the form of a password  Salts, nonces, initialisation vectors, etc.  You can crack many unsalted MD5 passwords just with Google 28 May 2013 17 © Franklin Heath Ltd
  18. 18. CC BY 3.0 Lesson 4: Pick a Good RNG and Trust It  Don’t be tempted to interfere to make it look random  German cipher staff had rules for not repeating rotor order and not plugging adjacent letters  This significantly reduced the number of possible settings that needed to be tried on the Bombe  Many security vulnerabilities in modern systems are due to poor randomness  e.g. Debian OpenSSL vulnerability in 2008 28 May 2013 18 © Franklin Heath Ltd
  19. 19. CC BY 3.0 Lesson 5: Don’t Underestimate the Enemy  German high command told Enigma was “unbreakable”  German cryptographers knew it was theoretically breakable, but thought no one would put in that much effort  Bletchley Park’s mathematical approach and production line methods led to industrial-scale cryptanalysis  Modern example:  2009 breaking of GSM A5/1 using precomputed rainbow tables  Used GPUs in a distributed collaborative project 28 May 2013 19 © Franklin Heath Ltd
  20. 20. CC BY 3.0 Summary  The Enigma machine cipher is elegant, efficient and has few significant inherent flaws  Bletchley Park benefited greatly from weaknesses in the key establishment procedures and from analysis of traffic for which keys had been compromised  Five lessons:  Cryptosystems have subtle flaws  Plan for key compromise  Users pick poor passwords  Pick a good RNG and trust it  Don’t underestimate the enemy 28 May 2013 20 © Franklin Heath Ltd

×