SlideShare a Scribd company logo

Security Lessons from Bletchley Park and Enigma

C
Craig Heath

Presented at DC4420 in London. A brief review of how the Enigma machine works, how it was broken, and how security people keep making similar mistakes today.

1 of 20
Download to read offline
Franklin Heath Ltd28 May 2013 Security Lessons from Bletchley Park and Enigma Image: Bletchley Park Mansion by Antoine Taveneaux
CC BY 3.0 Topics  How the Enigma machine works  How Bletchley Park exploited German mistakes  Five lessons we can draw from this 28 May 2013 2 © Franklin Heath Ltd
CC BY 3.0 The Enigma Machine  Invented by Arthur Scherbius in 1918  Commercially available from 1923  Adopted by German military from 1927  Several variants, notably:  Enigma I, German army 1932  Enigma M4, German U-boats 1941  Principally mechanical  Battery is used only to illuminate the output letter  Used throughout WWII by German military + agencies  Estimated 100,000 machines produced 28 May 2013 3 © Franklin Heath Ltd
CC BY 3.0 Enigma Machine Components 28 May 2013 4 © Franklin Heath Ltd Scrambler Rotors and reflector Output Battery-powered lamps Input Keys (switch and lever) Plug Board Static, swaps letters
CC BY 3.0 Enigma Machine Components 28 May 2013 5 © Franklin Heath Ltd Scrambler Rotors and reflector Output Battery-powered lamps Input Keys (switch and lever)
CC BY 3.0 Fully Functional Paper Model 28 May 2013 6 © Franklin Heath Ltd
CC BY 3.0 Example Enigma Settings Sheet 28 May 2013 7 © Franklin Heath Ltd
CC BY 3.0 Enigma Simulator 28 May 2013 8 © Franklin Heath Ltd
CC BY 3.0 Enigma Cipher Characteristics  26-letter alphabet  Numbers typically spelled out  Reciprocal substitution cipher  Operation is its own inverse  Independent of preceding text  Message key sets start “state”  Never encrypts a letter as itself  Keys are SPDT switches selecting input or output 28 May 2013 9 © Franklin Heath Ltd
CC BY 3.0 Enigma Machine Key Length  4-rotor Enigma M4  2 possible reflectors  672 possible rotor choices  676 possible notch positions  532,985,208,200,576 possible combinations of plugs  456,976 possible starting positions  = 221,286,292,668,406,558,235,295,744 possible keys  Log2 gives equivalent binary key length: ~88 bits  Still export-controlled today!  Yet it could be broken with 70-year old mechanical technology  Key length isn’t the most important characteristic 28 May 2013 10 © Franklin Heath Ltd
CC BY 3.0 Bletchley Park’s “Wicked Uncles”  Senior codebreakers recruited in 1939  Introduced mathematical and mechanised methods  1941 memo delivered to P.M Winston Churchill  Response: “Make sure they have all they want on extreme priority and report to me that this had been done.” 28 May 2013 11 © Franklin Heath Ltd Alan Turing 1912-1954 Gordon Welchman 1906-1985Hugh Alexander 1909-1974Stuart Milner-Barry 1906-1995
CC BY 3.0 Types of Breaks into Enigma  Polish Cipher Bureau, 1932 onwards  Common start positions (mitigated 1938)  Repeated message key (mitigated 1940)  UK GC&CS, 1937 onwards  “Rodding” using cribs (mitigated by plug board)  Herivel tip, to deduce ring settings  Cillies, to deduce message keys  Banburismus, to identify likely rotor orders  Bombe menus from cribs, to test rotor orders  EINS catalogue, to deduce message keys and bigram tables 28 May 2013 12 © Franklin Heath Ltd
CC BY 3.0 The Turing-Welchman Bombe 28 May 2013 13 © Franklin Heath Ltd Images Credit: Antoine Taveneaux
CC BY 3.0 Aside: What is This?  Part of the Turing exhibit at the Science Museum  “a cryptographic aid used at Bletchley Park” 28 May 2013 14 © Franklin Heath Ltd
CC BY 3.0 Lesson 1: Cryptosystems have Subtle Flaws  Long keys do not alone make a strong cryptosystem  Stream ciphers can have unfortunate interactions with themselves (especially reciprocal synchronous ones)  Attackers can take advantage of predictable plain text or even predictable repetitions in otherwise unknown plaintext  Best practice for modern systems seems to be to use block ciphers like AES with chaining modes  2001 break of WEP (“Wired Equivalent Privacy”) exploited use of duplicate initialisation vectors with RC4 stream cipher 28 May 2013 15 © Franklin Heath Ltd
CC BY 3.0 Lesson 2: Plan for Key Compromise  “Pinches” provided a way into new Enigma networks  1940 HMS Gleaner: rotors VI and VII from U-33  1940 HMS Griffin: settings and cribs from armed trawler Polares  1941 HMS Tartar: code books from weather ship Lauenberg  1941 HMS Somali: rotors and code books from armed trawler Krebs  1941 HMS Somali: code books from weather ship München  1941 HMS Bulldog: machine and code books from U-110  1942 HMS Petard: machine and code books from U-559  They had emergency procedures to switch to other settings  Modern security systems need to have “renewability” too  for recovery from “class breaks” like the DVD CSS key breach in 1999 28 May 2013 16 © Franklin Heath Ltd
CC BY 3.0 Lesson 3: Users Pick Poor Passwords  Many Enigma messages were read by guessing the message key that the operator chose (“Cillies”)  AAA BBB, QWE ASD, BER LIN, etc.  This was addressed later in the war by operational procedures  Daily settings used as a pseudo-random generator  Cryptographic keys need more entropy than users can supply in the form of a password  Salts, nonces, initialisation vectors, etc.  You can crack many unsalted MD5 passwords just with Google 28 May 2013 17 © Franklin Heath Ltd
CC BY 3.0 Lesson 4: Pick a Good RNG and Trust It  Don’t be tempted to interfere to make it look random  German cipher staff had rules for not repeating rotor order and not plugging adjacent letters  This significantly reduced the number of possible settings that needed to be tried on the Bombe  Many security vulnerabilities in modern systems are due to poor randomness  e.g. Debian OpenSSL vulnerability in 2008 28 May 2013 18 © Franklin Heath Ltd
CC BY 3.0 Lesson 5: Don’t Underestimate the Enemy  German high command told Enigma was “unbreakable”  German cryptographers knew it was theoretically breakable, but thought no one would put in that much effort  Bletchley Park’s mathematical approach and production line methods led to industrial-scale cryptanalysis  Modern example:  2009 breaking of GSM A5/1 using precomputed rainbow tables  Used GPUs in a distributed collaborative project 28 May 2013 19 © Franklin Heath Ltd
CC BY 3.0 Summary  The Enigma machine cipher is elegant, efficient and has few significant inherent flaws  Bletchley Park benefited greatly from weaknesses in the key establishment procedures and from analysis of traffic for which keys had been compromised  Five lessons:  Cryptosystems have subtle flaws  Plan for key compromise  Users pick poor passwords  Pick a good RNG and trust it  Don’t underestimate the enemy 28 May 2013 20 © Franklin Heath Ltd

Recommended

Cryptanalysis of the Engima - 44CON 2012
Cryptanalysis of the Engima - 44CON 2012Cryptanalysis of the Engima - 44CON 2012
Cryptanalysis of the Engima - 44CON 2012
44CON
 
Alan M. Turing and the Enigma Machine
Alan M. Turing and the Enigma MachineAlan M. Turing and the Enigma Machine
Alan M. Turing and the Enigma Machine
Birkbeck College
 
Enigma History
Enigma HistoryEnigma History
Enigma History
Mike Koss
 
Paper Enigma Machine
Paper Enigma MachinePaper Enigma Machine
Paper Enigma Machine
Mike Koss
 
Mobile Security Sticks and Carrots
Mobile Security Sticks and CarrotsMobile Security Sticks and Carrots
Mobile Security Sticks and Carrots
Craig Heath
 
Final Paper for Senior Seminar
Final Paper for Senior SeminarFinal Paper for Senior Seminar
Final Paper for Senior SeminarKasner Margaret
 
Implementation of AES Algorithm in MicroController Using PIC18F452
Implementation of AES Algorithm in MicroController Using PIC18F452Implementation of AES Algorithm in MicroController Using PIC18F452
Implementation of AES Algorithm in MicroController Using PIC18F452
IOSR Journals
 
History of Human Computer Interaction
History of Human Computer InteractionHistory of Human Computer Interaction
History of Human Computer Interaction
Erik Duval
 

Recommended

Cryptanalysis of the Engima - 44CON 2012
Cryptanalysis of the Engima - 44CON 2012Cryptanalysis of the Engima - 44CON 2012
Cryptanalysis of the Engima - 44CON 2012
44CON
 
Alan M. Turing and the Enigma Machine
Alan M. Turing and the Enigma MachineAlan M. Turing and the Enigma Machine
Alan M. Turing and the Enigma Machine
Birkbeck College
 
Enigma History
Enigma HistoryEnigma History
Enigma History
Mike Koss
 
Paper Enigma Machine
Paper Enigma MachinePaper Enigma Machine
Paper Enigma Machine
Mike Koss
 
Mobile Security Sticks and Carrots
Mobile Security Sticks and CarrotsMobile Security Sticks and Carrots
Mobile Security Sticks and Carrots
Craig Heath
 
Final Paper for Senior Seminar
Final Paper for Senior SeminarFinal Paper for Senior Seminar
Final Paper for Senior SeminarKasner Margaret
 
Implementation of AES Algorithm in MicroController Using PIC18F452
Implementation of AES Algorithm in MicroController Using PIC18F452Implementation of AES Algorithm in MicroController Using PIC18F452
Implementation of AES Algorithm in MicroController Using PIC18F452
IOSR Journals
 
History of Human Computer Interaction
History of Human Computer InteractionHistory of Human Computer Interaction
History of Human Computer Interaction
Erik Duval
 
enigma cipher machine
enigma cipher machineenigma cipher machine
enigma cipher machine
Aryan Raj
 
J-J.Quisquater
J-J.QuisquaterJ-J.Quisquater
J-J.Quisquater
Information Security Awareness Group
 
D.Samyde
D.SamydeD.Samyde
D.Samyde
Information Security Awareness Group
 
history.ppt
history.ppthistory.ppt
history.ppt
Nivetheni
 
Evolution of computer generation.
Evolution of computer generation. Evolution of computer generation.
Evolution of computer generation.
Mauryasuraj98
 
650a9c8e23d3f_ppt (1).pptx
650a9c8e23d3f_ppt (1).pptx650a9c8e23d3f_ppt (1).pptx
650a9c8e23d3f_ppt (1).pptx
Shiva krishna gupta
 
Sc po some-02
Sc po some-02Sc po some-02
Sc po some-02Fabrice Epelboin
 
Coco co-desing and co-verification of masked software implementations on cp us
Coco co-desing and co-verification of masked software implementations on cp usCoco co-desing and co-verification of masked software implementations on cp us
Coco co-desing and co-verification of masked software implementations on cp us
RISC-V International
 
Episode 2(2): Electronic automation and computation - Meetup session 8
Episode 2(2): Electronic automation and computation - Meetup session 8Episode 2(2): Electronic automation and computation - Meetup session 8
Episode 2(2): Electronic automation and computation - Meetup session 8
William Hall
 
Accelerating Media Business Developments, MPEG-M: MPEG Extensible Middleware
Accelerating Media Business Developments, MPEG-M: MPEG Extensible MiddlewareAccelerating Media Business Developments, MPEG-M: MPEG Extensible Middleware
Accelerating Media Business Developments, MPEG-M: MPEG Extensible Middleware
Alpen-Adria-Universität
 
Computer generations
Computer generationsComputer generations
Computer generationsnellimeghashyam
 
ENCRYPTION
ENCRYPTIONENCRYPTION
ENCRYPTIONCarlos G. Gomez
 
Ca l2 - history
Ca l2 - historyCa l2 - history
Ca l2 - history
Jakaria Khan
 
Mine workers protection slides
Mine workers protection slidesMine workers protection slides
Mine workers protection slides
Arya Ls
 
L12 The Rise of the Machine
L12 The Rise of the MachineL12 The Rise of the Machine
L12 The Rise of the Machine
Ólafur Andri Ragnarsson
 
ScPo - SoMe - History
ScPo - SoMe - HistoryScPo - SoMe - History
ScPo - SoMe - HistoryFabrice Epelboin
 
1 1 vlsi introduction_overview
1 1 vlsi introduction_overview1 1 vlsi introduction_overview
1 1 vlsi introduction_overview
ramesh kumar vuppalanchi
 
A survey of cryptologic issues in computer virology
A survey of cryptologic issues in computer virologyA survey of cryptologic issues in computer virology
A survey of cryptologic issues in computer virologyUltraUploader
 
8-encryption.ppt
8-encryption.ppt8-encryption.ppt
8-encryption.ppt
DavidOfosuHamilton
 
Week1 HARDWARE
Week1 HARDWAREWeek1 HARDWARE
Week1 HARDWARE
ezgiie
 
DC4420 Bluetooth Security
DC4420 Bluetooth SecurityDC4420 Bluetooth Security
DC4420 Bluetooth Security
Craig Heath
 
What Security Do You Need From Low-Power Wide-Area Networks?
What Security Do You Need From Low-Power Wide-Area Networks?What Security Do You Need From Low-Power Wide-Area Networks?
What Security Do You Need From Low-Power Wide-Area Networks?
Craig Heath
 

More Related Content

Similar to Security Lessons from Bletchley Park and Enigma

enigma cipher machine
enigma cipher machineenigma cipher machine
enigma cipher machine
Aryan Raj
 
history.ppt
history.ppthistory.ppt
history.ppt
Nivetheni
 
Evolution of computer generation.
Evolution of computer generation. Evolution of computer generation.
Evolution of computer generation.
Mauryasuraj98
 
650a9c8e23d3f_ppt (1).pptx
650a9c8e23d3f_ppt (1).pptx650a9c8e23d3f_ppt (1).pptx
650a9c8e23d3f_ppt (1).pptx
Shiva krishna gupta
 
Coco co-desing and co-verification of masked software implementations on cp us
Coco co-desing and co-verification of masked software implementations on cp usCoco co-desing and co-verification of masked software implementations on cp us
Coco co-desing and co-verification of masked software implementations on cp us
RISC-V International
 
Episode 2(2): Electronic automation and computation - Meetup session 8
Episode 2(2): Electronic automation and computation - Meetup session 8Episode 2(2): Electronic automation and computation - Meetup session 8
Episode 2(2): Electronic automation and computation - Meetup session 8
William Hall
 
Accelerating Media Business Developments, MPEG-M: MPEG Extensible Middleware
Accelerating Media Business Developments, MPEG-M: MPEG Extensible MiddlewareAccelerating Media Business Developments, MPEG-M: MPEG Extensible Middleware
Accelerating Media Business Developments, MPEG-M: MPEG Extensible Middleware
Alpen-Adria-Universität
 
Ca l2 - history
Ca l2 - historyCa l2 - history
Ca l2 - history
Jakaria Khan
 
Mine workers protection slides
Mine workers protection slidesMine workers protection slides
Mine workers protection slides
Arya Ls
 
L12 The Rise of the Machine
L12 The Rise of the MachineL12 The Rise of the Machine
L12 The Rise of the Machine
Ólafur Andri Ragnarsson
 
1 1 vlsi introduction_overview
1 1 vlsi introduction_overview1 1 vlsi introduction_overview
1 1 vlsi introduction_overview
ramesh kumar vuppalanchi
 
A survey of cryptologic issues in computer virology
A survey of cryptologic issues in computer virologyA survey of cryptologic issues in computer virology
A survey of cryptologic issues in computer virologyUltraUploader
 
8-encryption.ppt
8-encryption.ppt8-encryption.ppt
8-encryption.ppt
DavidOfosuHamilton
 
Week1 HARDWARE
Week1 HARDWAREWeek1 HARDWARE
Week1 HARDWARE
ezgiie
 

Similar to Security Lessons from Bletchley Park and Enigma (20)

enigma cipher machine
enigma cipher machineenigma cipher machine
enigma cipher machine
 
J-J.Quisquater
J-J.QuisquaterJ-J.Quisquater
J-J.Quisquater
 
D.Samyde
D.SamydeD.Samyde
D.Samyde
 
history.ppt
history.ppthistory.ppt
history.ppt
 
Evolution of computer generation.
Evolution of computer generation. Evolution of computer generation.
Evolution of computer generation.
 
650a9c8e23d3f_ppt (1).pptx
650a9c8e23d3f_ppt (1).pptx650a9c8e23d3f_ppt (1).pptx
650a9c8e23d3f_ppt (1).pptx
 
Sc po some-02
Sc po some-02Sc po some-02
Sc po some-02
 
Coco co-desing and co-verification of masked software implementations on cp us
Coco co-desing and co-verification of masked software implementations on cp usCoco co-desing and co-verification of masked software implementations on cp us
Coco co-desing and co-verification of masked software implementations on cp us
 
Episode 2(2): Electronic automation and computation - Meetup session 8
Episode 2(2): Electronic automation and computation - Meetup session 8Episode 2(2): Electronic automation and computation - Meetup session 8
Episode 2(2): Electronic automation and computation - Meetup session 8
 
Accelerating Media Business Developments, MPEG-M: MPEG Extensible Middleware
Accelerating Media Business Developments, MPEG-M: MPEG Extensible MiddlewareAccelerating Media Business Developments, MPEG-M: MPEG Extensible Middleware
Accelerating Media Business Developments, MPEG-M: MPEG Extensible Middleware
 
Computer generations
Computer generationsComputer generations
Computer generations
 
ENCRYPTION
ENCRYPTIONENCRYPTION
ENCRYPTION
 
Ca l2 - history
Ca l2 - historyCa l2 - history
Ca l2 - history
 
Mine workers protection slides
Mine workers protection slidesMine workers protection slides
Mine workers protection slides
 
L12 The Rise of the Machine
L12 The Rise of the MachineL12 The Rise of the Machine
L12 The Rise of the Machine
 
ScPo - SoMe - History
ScPo - SoMe - HistoryScPo - SoMe - History
ScPo - SoMe - History
 
1 1 vlsi introduction_overview
1 1 vlsi introduction_overview1 1 vlsi introduction_overview
1 1 vlsi introduction_overview
 
A survey of cryptologic issues in computer virology
A survey of cryptologic issues in computer virologyA survey of cryptologic issues in computer virology
A survey of cryptologic issues in computer virology
 
8-encryption.ppt
8-encryption.ppt8-encryption.ppt
8-encryption.ppt
 
Week1 HARDWARE
Week1 HARDWAREWeek1 HARDWARE
Week1 HARDWARE
 

More from Craig Heath

DC4420 Bluetooth Security
DC4420 Bluetooth SecurityDC4420 Bluetooth Security
DC4420 Bluetooth Security
Craig Heath
 
What Security Do You Need From Low-Power Wide-Area Networks?
What Security Do You Need From Low-Power Wide-Area Networks?What Security Do You Need From Low-Power Wide-Area Networks?
What Security Do You Need From Low-Power Wide-Area Networks?
Craig Heath
 
The Future of Computer Security and Cybercrime
The Future of Computer Security and CybercrimeThe Future of Computer Security and Cybercrime
The Future of Computer Security and Cybercrime
Craig Heath
 
Smartphone Platform Security - What can we learn from Symbian?
Smartphone Platform Security - What can we learn from Symbian?Smartphone Platform Security - What can we learn from Symbian?
Smartphone Platform Security - What can we learn from Symbian?
Craig Heath
 
Security Lessons from Bletchley Park and Enigma
Security Lessons from Bletchley Park and EnigmaSecurity Lessons from Bletchley Park and Enigma
Security Lessons from Bletchley Park and Enigma
Craig Heath
 
Fund Raising with an Android Enigma Machine Simulator
Fund Raising with an Android Enigma Machine SimulatorFund Raising with an Android Enigma Machine Simulator
Fund Raising with an Android Enigma Machine Simulator
Craig Heath
 
People Power in Your Pocket
People Power in Your PocketPeople Power in Your Pocket
People Power in Your Pocket
Craig Heath
 

More from Craig Heath (7)

DC4420 Bluetooth Security
DC4420 Bluetooth SecurityDC4420 Bluetooth Security
DC4420 Bluetooth Security
 
What Security Do You Need From Low-Power Wide-Area Networks?
What Security Do You Need From Low-Power Wide-Area Networks?What Security Do You Need From Low-Power Wide-Area Networks?
What Security Do You Need From Low-Power Wide-Area Networks?
 
The Future of Computer Security and Cybercrime
The Future of Computer Security and CybercrimeThe Future of Computer Security and Cybercrime
The Future of Computer Security and Cybercrime
 
Smartphone Platform Security - What can we learn from Symbian?
Smartphone Platform Security - What can we learn from Symbian?Smartphone Platform Security - What can we learn from Symbian?
Smartphone Platform Security - What can we learn from Symbian?
 
Security Lessons from Bletchley Park and Enigma
Security Lessons from Bletchley Park and EnigmaSecurity Lessons from Bletchley Park and Enigma
Security Lessons from Bletchley Park and Enigma
 
Fund Raising with an Android Enigma Machine Simulator
Fund Raising with an Android Enigma Machine SimulatorFund Raising with an Android Enigma Machine Simulator
Fund Raising with an Android Enigma Machine Simulator
 
People Power in Your Pocket
People Power in Your PocketPeople Power in Your Pocket
People Power in Your Pocket
 

Recently uploaded

Introduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp NetworkIntroduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp Network
TechSoup
 
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
Levi Shapiro
 
The Accursed House by Émile Gaboriau.pptx
The Accursed House by Émile Gaboriau.pptxThe Accursed House by Émile Gaboriau.pptx
The Accursed House by Émile Gaboriau.pptx
DhatriParmar
 
Chapter -12, Antibiotics (One Page Notes).pdf
Chapter -12, Antibiotics (One Page Notes).pdfChapter -12, Antibiotics (One Page Notes).pdf
Chapter -12, Antibiotics (One Page Notes).pdf
Kartik Tiwari
 
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
MysoreMuleSoftMeetup
 
Azure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHatAzure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHat
Scholarhat
 
Advantages and Disadvantages of CMS from an SEO Perspective
Advantages and Disadvantages of CMS from an SEO PerspectiveAdvantages and Disadvantages of CMS from an SEO Perspective
Advantages and Disadvantages of CMS from an SEO Perspective
Krisztián Száraz
 
The basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptxThe basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptx
heathfieldcps1
 
Chapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptxChapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptx
Mohd Adib Abd Muin, Senior Lecturer at Universiti Utara Malaysia
 
Synthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptxSynthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptx
Pavel ( NSTU)
 
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
EugeneSaldivar
 
CACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdfCACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdf
camakaiclarkmusic
 
MASS MEDIA STUDIES-835-CLASS XI Resource Material.pdf
MASS MEDIA STUDIES-835-CLASS XI Resource Material.pdfMASS MEDIA STUDIES-835-CLASS XI Resource Material.pdf
MASS MEDIA STUDIES-835-CLASS XI Resource Material.pdf
goswamiyash170123
 
Pride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School DistrictPride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School District
David Douglas School District
 
Best Digital Marketing Institute In NOIDA
Best Digital Marketing Institute In NOIDABest Digital Marketing Institute In NOIDA
Best Digital Marketing Institute In NOIDA
deeptiverma2406
 
Normal Labour/ Stages of Labour/ Mechanism of Labour
Normal Labour/ Stages of Labour/ Mechanism of LabourNormal Labour/ Stages of Labour/ Mechanism of Labour
Normal Labour/ Stages of Labour/ Mechanism of Labour
Wasim Ak
 
Embracing GenAI - A Strategic Imperative
Embracing GenAI - A Strategic ImperativeEmbracing GenAI - A Strategic Imperative
Embracing GenAI - A Strategic Imperative
Peter Windle
 
The Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official PublicationThe Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official Publication
Delapenabediema
 
How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17
Celine George
 
Marketing internship report file for MBA
Marketing internship report file for MBAMarketing internship report file for MBA
Marketing internship report file for MBA
gb193092
 

Recently uploaded (20)

Introduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp NetworkIntroduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp Network
 
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
 
The Accursed House by Émile Gaboriau.pptx
The Accursed House by Émile Gaboriau.pptxThe Accursed House by Émile Gaboriau.pptx
The Accursed House by Émile Gaboriau.pptx
 
Chapter -12, Antibiotics (One Page Notes).pdf
Chapter -12, Antibiotics (One Page Notes).pdfChapter -12, Antibiotics (One Page Notes).pdf
Chapter -12, Antibiotics (One Page Notes).pdf
 
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
 
Azure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHatAzure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHat
 
Advantages and Disadvantages of CMS from an SEO Perspective
Advantages and Disadvantages of CMS from an SEO PerspectiveAdvantages and Disadvantages of CMS from an SEO Perspective
Advantages and Disadvantages of CMS from an SEO Perspective
 
The basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptxThe basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptx
 
Chapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptxChapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptx
 
Synthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptxSynthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptx
 
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
 
CACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdfCACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdf
 
MASS MEDIA STUDIES-835-CLASS XI Resource Material.pdf
MASS MEDIA STUDIES-835-CLASS XI Resource Material.pdfMASS MEDIA STUDIES-835-CLASS XI Resource Material.pdf
MASS MEDIA STUDIES-835-CLASS XI Resource Material.pdf
 
Pride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School DistrictPride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School District
 
Best Digital Marketing Institute In NOIDA
Best Digital Marketing Institute In NOIDABest Digital Marketing Institute In NOIDA
Best Digital Marketing Institute In NOIDA
 
Normal Labour/ Stages of Labour/ Mechanism of Labour
Normal Labour/ Stages of Labour/ Mechanism of LabourNormal Labour/ Stages of Labour/ Mechanism of Labour
Normal Labour/ Stages of Labour/ Mechanism of Labour
 
Embracing GenAI - A Strategic Imperative
Embracing GenAI - A Strategic ImperativeEmbracing GenAI - A Strategic Imperative
Embracing GenAI - A Strategic Imperative
 
The Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official PublicationThe Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official Publication
 
How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17
 
Marketing internship report file for MBA
Marketing internship report file for MBAMarketing internship report file for MBA
Marketing internship report file for MBA
 

Security Lessons from Bletchley Park and Enigma

  • 1. Franklin Heath Ltd28 May 2013 Security Lessons from Bletchley Park and Enigma Image: Bletchley Park Mansion by Antoine Taveneaux
  • 2. CC BY 3.0 Topics  How the Enigma machine works  How Bletchley Park exploited German mistakes  Five lessons we can draw from this 28 May 2013 2 © Franklin Heath Ltd
  • 3. CC BY 3.0 The Enigma Machine  Invented by Arthur Scherbius in 1918  Commercially available from 1923  Adopted by German military from 1927  Several variants, notably:  Enigma I, German army 1932  Enigma M4, German U-boats 1941  Principally mechanical  Battery is used only to illuminate the output letter  Used throughout WWII by German military + agencies  Estimated 100,000 machines produced 28 May 2013 3 © Franklin Heath Ltd
  • 4. CC BY 3.0 Enigma Machine Components 28 May 2013 4 © Franklin Heath Ltd Scrambler Rotors and reflector Output Battery-powered lamps Input Keys (switch and lever) Plug Board Static, swaps letters
  • 5. CC BY 3.0 Enigma Machine Components 28 May 2013 5 © Franklin Heath Ltd Scrambler Rotors and reflector Output Battery-powered lamps Input Keys (switch and lever)
  • 6. CC BY 3.0 Fully Functional Paper Model 28 May 2013 6 © Franklin Heath Ltd
  • 7. CC BY 3.0 Example Enigma Settings Sheet 28 May 2013 7 © Franklin Heath Ltd
  • 8. CC BY 3.0 Enigma Simulator 28 May 2013 8 © Franklin Heath Ltd
  • 9. CC BY 3.0 Enigma Cipher Characteristics  26-letter alphabet  Numbers typically spelled out  Reciprocal substitution cipher  Operation is its own inverse  Independent of preceding text  Message key sets start “state”  Never encrypts a letter as itself  Keys are SPDT switches selecting input or output 28 May 2013 9 © Franklin Heath Ltd
  • 10. CC BY 3.0 Enigma Machine Key Length  4-rotor Enigma M4  2 possible reflectors  672 possible rotor choices  676 possible notch positions  532,985,208,200,576 possible combinations of plugs  456,976 possible starting positions  = 221,286,292,668,406,558,235,295,744 possible keys  Log2 gives equivalent binary key length: ~88 bits  Still export-controlled today!  Yet it could be broken with 70-year old mechanical technology  Key length isn’t the most important characteristic 28 May 2013 10 © Franklin Heath Ltd
  • 11. CC BY 3.0 Bletchley Park’s “Wicked Uncles”  Senior codebreakers recruited in 1939  Introduced mathematical and mechanised methods  1941 memo delivered to P.M Winston Churchill  Response: “Make sure they have all they want on extreme priority and report to me that this had been done.” 28 May 2013 11 © Franklin Heath Ltd Alan Turing 1912-1954 Gordon Welchman 1906-1985Hugh Alexander 1909-1974Stuart Milner-Barry 1906-1995
  • 12. CC BY 3.0 Types of Breaks into Enigma  Polish Cipher Bureau, 1932 onwards  Common start positions (mitigated 1938)  Repeated message key (mitigated 1940)  UK GC&CS, 1937 onwards  “Rodding” using cribs (mitigated by plug board)  Herivel tip, to deduce ring settings  Cillies, to deduce message keys  Banburismus, to identify likely rotor orders  Bombe menus from cribs, to test rotor orders  EINS catalogue, to deduce message keys and bigram tables 28 May 2013 12 © Franklin Heath Ltd
  • 13. CC BY 3.0 The Turing-Welchman Bombe 28 May 2013 13 © Franklin Heath Ltd Images Credit: Antoine Taveneaux
  • 14. CC BY 3.0 Aside: What is This?  Part of the Turing exhibit at the Science Museum  “a cryptographic aid used at Bletchley Park” 28 May 2013 14 © Franklin Heath Ltd
  • 15. CC BY 3.0 Lesson 1: Cryptosystems have Subtle Flaws  Long keys do not alone make a strong cryptosystem  Stream ciphers can have unfortunate interactions with themselves (especially reciprocal synchronous ones)  Attackers can take advantage of predictable plain text or even predictable repetitions in otherwise unknown plaintext  Best practice for modern systems seems to be to use block ciphers like AES with chaining modes  2001 break of WEP (“Wired Equivalent Privacy”) exploited use of duplicate initialisation vectors with RC4 stream cipher 28 May 2013 15 © Franklin Heath Ltd
  • 16. CC BY 3.0 Lesson 2: Plan for Key Compromise  “Pinches” provided a way into new Enigma networks  1940 HMS Gleaner: rotors VI and VII from U-33  1940 HMS Griffin: settings and cribs from armed trawler Polares  1941 HMS Tartar: code books from weather ship Lauenberg  1941 HMS Somali: rotors and code books from armed trawler Krebs  1941 HMS Somali: code books from weather ship München  1941 HMS Bulldog: machine and code books from U-110  1942 HMS Petard: machine and code books from U-559  They had emergency procedures to switch to other settings  Modern security systems need to have “renewability” too  for recovery from “class breaks” like the DVD CSS key breach in 1999 28 May 2013 16 © Franklin Heath Ltd
  • 17. CC BY 3.0 Lesson 3: Users Pick Poor Passwords  Many Enigma messages were read by guessing the message key that the operator chose (“Cillies”)  AAA BBB, QWE ASD, BER LIN, etc.  This was addressed later in the war by operational procedures  Daily settings used as a pseudo-random generator  Cryptographic keys need more entropy than users can supply in the form of a password  Salts, nonces, initialisation vectors, etc.  You can crack many unsalted MD5 passwords just with Google 28 May 2013 17 © Franklin Heath Ltd
  • 18. CC BY 3.0 Lesson 4: Pick a Good RNG and Trust It  Don’t be tempted to interfere to make it look random  German cipher staff had rules for not repeating rotor order and not plugging adjacent letters  This significantly reduced the number of possible settings that needed to be tried on the Bombe  Many security vulnerabilities in modern systems are due to poor randomness  e.g. Debian OpenSSL vulnerability in 2008 28 May 2013 18 © Franklin Heath Ltd
  • 19. CC BY 3.0 Lesson 5: Don’t Underestimate the Enemy  German high command told Enigma was “unbreakable”  German cryptographers knew it was theoretically breakable, but thought no one would put in that much effort  Bletchley Park’s mathematical approach and production line methods led to industrial-scale cryptanalysis  Modern example:  2009 breaking of GSM A5/1 using precomputed rainbow tables  Used GPUs in a distributed collaborative project 28 May 2013 19 © Franklin Heath Ltd
  • 20. CC BY 3.0 Summary  The Enigma machine cipher is elegant, efficient and has few significant inherent flaws  Bletchley Park benefited greatly from weaknesses in the key establishment procedures and from analysis of traffic for which keys had been compromised  Five lessons:  Cryptosystems have subtle flaws  Plan for key compromise  Users pick poor passwords  Pick a good RNG and trust it  Don’t underestimate the enemy 28 May 2013 20 © Franklin Heath Ltd