CSCI-100 Introduction to Computing Privacy & Security Part II.
-
Upload
jasper-morris -
Category
Documents
-
view
214 -
download
0
Transcript of CSCI-100 Introduction to Computing Privacy & Security Part II.
![Page 1: CSCI-100 Introduction to Computing Privacy & Security Part II.](https://reader036.fdocuments.net/reader036/viewer/2022071718/56649ef65503460f94c0993e/html5/thumbnails/1.jpg)
CSCI-100Introduction to Computing
Privacy & SecurityPart II
![Page 2: CSCI-100 Introduction to Computing Privacy & Security Part II.](https://reader036.fdocuments.net/reader036/viewer/2022071718/56649ef65503460f94c0993e/html5/thumbnails/2.jpg)
![Page 3: CSCI-100 Introduction to Computing Privacy & Security Part II.](https://reader036.fdocuments.net/reader036/viewer/2022071718/56649ef65503460f94c0993e/html5/thumbnails/3.jpg)
• Monoalphabetic CipherRather than just shifting the alphabet
Could shuffle (jumble) the letters arbitrarily
Each plaintext letter maps to a different random
ciphertext letter
Hence key is 26 letters long
Cryptanalysis of Monoalphabetic Cipher? (DONE IN CLASS)
Plain: abcdefghijklmnopqrstuvwxyz Cipher: DKVQFIBJWPESCXHTMYAUOLRGZN
Plaintext: ifwewishtoreplacelettersCiphertext: WIRFRWAJUHYFTSDVFSFUUFYA
![Page 4: CSCI-100 Introduction to Computing Privacy & Security Part II.](https://reader036.fdocuments.net/reader036/viewer/2022071718/56649ef65503460f94c0993e/html5/thumbnails/4.jpg)
• Monoalphabetic Cipher SecurityWith so many keys, might think is secure
But would be !!!WRONG!!!
Problem is language characteristics• Can exploit them to do better than brute force search
![Page 5: CSCI-100 Introduction to Computing Privacy & Security Part II.](https://reader036.fdocuments.net/reader036/viewer/2022071718/56649ef65503460f94c0993e/html5/thumbnails/5.jpg)
• Language Redundancy and CryptanalysisHuman languages are redundant
Letters are not equally commonly used
In English e is by far the most common letter
then T,R,N,I,O,A,S
Other letters are fairly rare
cf. Z,J,K,Q,X
Have tables of single, double & triple letter frequencies
![Page 6: CSCI-100 Introduction to Computing Privacy & Security Part II.](https://reader036.fdocuments.net/reader036/viewer/2022071718/56649ef65503460f94c0993e/html5/thumbnails/6.jpg)
![Page 7: CSCI-100 Introduction to Computing Privacy & Security Part II.](https://reader036.fdocuments.net/reader036/viewer/2022071718/56649ef65503460f94c0993e/html5/thumbnails/7.jpg)
• Use in CryptanalysisKey concept - monoalphabetic substitution ciphers do
not change relative letter frequencies
Discovered by Arabian scientists in 9th century• Calculate letter frequencies for ciphertext• Compare counts/plots against known values • Tables of common double/triple letters help
![Page 8: CSCI-100 Introduction to Computing Privacy & Security Part II.](https://reader036.fdocuments.net/reader036/viewer/2022071718/56649ef65503460f94c0993e/html5/thumbnails/8.jpg)
• Example CryptanalysisGiven ciphertext:UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ
VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX
EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ
Count relative letter frequencies
Guess P & Z are e and t
Guess ZW is th and hence ZWP is the
Proceeding with trial and error finally get:it was disclosed yesterday that several informal
but direct contacts have been made with political
representatives of the viet cong in moscow
![Page 9: CSCI-100 Introduction to Computing Privacy & Security Part II.](https://reader036.fdocuments.net/reader036/viewer/2022071718/56649ef65503460f94c0993e/html5/thumbnails/9.jpg)
• Privacy in Cyberspace
Privacy refers to an individual’s ability to restrict the collection, use, and sale of confidential personal information
The Internet is eroding privacy through the selling of information collected through Web sites
Few laws regulate selling personal information
![Page 10: CSCI-100 Introduction to Computing Privacy & Security Part II.](https://reader036.fdocuments.net/reader036/viewer/2022071718/56649ef65503460f94c0993e/html5/thumbnails/10.jpg)
• CookiesCookies are small text files that are written to an individual’s hard drive whenever a Web site is visitedFile is sent back to the server each time you visit that site
• Stores preferences, allowing Web site to be customized• Stores passwords, allowing you to visit multiple pages within
the site without logging in to each one• Tracks surfing habits, targeting you for specific types of
advertisements
Legitimate purposes of cookies include recording information for future use. Example: retail sites using “shopping carts”
Questionable practices include banner ad companies tracking a user’s browsing actions and placing banner ads on Web sites based on those actions
![Page 11: CSCI-100 Introduction to Computing Privacy & Security Part II.](https://reader036.fdocuments.net/reader036/viewer/2022071718/56649ef65503460f94c0993e/html5/thumbnails/11.jpg)
• HackerSomeone who attempts to gain access to computer systems illegally
Hacker noun (see Raymond, 1991)• A person who enjoys learning the details of computer
systems and how to stretch their capabilities – as opposed to the most users of computers, who prefer to learn only the minimum amount necessary
• One who programs enthusiastically or who enjoys programming rather than just theorizing about programming
![Page 12: CSCI-100 Introduction to Computing Privacy & Security Part II.](https://reader036.fdocuments.net/reader036/viewer/2022071718/56649ef65503460f94c0993e/html5/thumbnails/12.jpg)
• First Network Hack (Telephone)John Draper (AKA Cap’n Crunch)
1970’s• Free long distance calls using a whistle found in a cereal box
Whistle emits the same frequency as AT&T long lines to indicate a line was ready to route a new call (2600 Hz)
![Page 13: CSCI-100 Introduction to Computing Privacy & Security Part II.](https://reader036.fdocuments.net/reader036/viewer/2022071718/56649ef65503460f94c0993e/html5/thumbnails/13.jpg)
Flaw:• AT&T took cost cutting measures• The signaling and voice used the same circuit• This flaw made the system vulnerable to anybody that can
generate 2600 Hz
Solution:• Now signaling takes place on a separate path from the one
you talk on
Video