O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.
Historical code cracking with phones: What if Pontus, the Gauls, Germans, Nervii, Egyptians and Helvetii had iphones?Over ...
http://www.mobilephonesecurity.org<br />Some Information<br />About Me<br />12 years in the mobile industry<br />Hardware ...
Histiaeous<br />http://www.mobilephonesecurity.org<br />In 499BC sent a trusted slave to encourage a revolt against the Pe...
Scytale<br />http://www.mobilephonesecurity.org<br />Transposition cipher<br />Ancient Greeks, particularly the Spartans u...
CAESAR Shift<br />http://www.mobilephonesecurity.org<br />Supposedly used by Caesar to protect military messages – by shif...
Phaistos Disc…<br />http://www.mobilephonesecurity.org<br />Still plenty of mystery text to decipher out there…<br />Sourc...
Code Cracking Challenge<br />http://www.mobilephonesecurity.org<br />After each battle I describe there will be some codes...
Some Source Code to Help!<br />http://www.mobilephonesecurity.org<br />Hint: The codes are all Caesar ciphers but with dif...
Julius Caesar (Briefly!)<br />http://www.mobilephonesecurity.org<br />100BC – 44BC<br />Spent 9 years campaigning in Gaul ...
http://www.mobilephonesecurity.org<br />
List of Battles<br />http://www.mobilephonesecurity.org<br />58BC Battle of the Arar – Helvetii<br />58BC Battle of Vosges...
Battle of the Arar<br />http://www.mobilephonesecurity.org<br />58BC Caesar v Helvetii, Switzerland<br />
Break This Roman Code!<br />http://www.mobilephonesecurity.org<br />Also here: http://blog.mobilephonesecurity.org<br />Ca...
Battle of Vosges<br />http://www.mobilephonesecurity.org<br />58BC Caesar v Germans, River Rhine, Alsace<br />
Break This Roman Code!<br />http://www.mobilephonesecurity.org<br />Also here: http://blog.mobilephonesecurity.org<br />Sh...
Battle of the Sabis<br />http://www.mobilephonesecurity.org<br />57BC Caesar v Nervii, Wallonia<br />
Break This Roman Code!<br />http://www.mobilephonesecurity.org<br />Also here: http://blog.mobilephonesecurity.org<br />Ar...
Battle of ALesia<br />http://www.mobilephonesecurity.org<br />52BC Caesar v Gauls, France<br />
Break This Roman Code!<br />http://www.mobilephonesecurity.org<br />Also here: http://blog.mobilephonesecurity.org<br />Is...
Battle of the NILE<br />http://www.mobilephonesecurity.org<br />47BC Caesar & Cleopatra v Ptoloemic forces, Alexandria, Eg...
Break This Roman Code!<br />http://www.mobilephonesecurity.org<br />Also here: http://blog.mobilephonesecurity.org<br />Ar...
Battle of Zela<br />http://www.mobilephonesecurity.org<br />47BC Caesar v Pontus, Turkey<br />
Break This Roman Code!<br />http://www.mobilephonesecurity.org<br />Also here: http://blog.mobilephonesecurity.org<br />Sa...
http://www.mobilephonesecurity.org<br />Mobile Phones!<br />Open discussion on mobile application security<br />
Don’t Use Roman Codes!<br />http://www.mobilephonesecurity.org<br />ROT13 and XORing / obfuscation are not adequate!!<br /...
Mobile Development<br />http://www.mobilephonesecurity.org<br />How are you storing keys for both symmetric and asymmetric...
Mobile Development<br />http://www.mobilephonesecurity.org<br />Think about security when designing your apps<br />Are you...
Mobile Development<br />http://www.mobilephonesecurity.org<br />Do your research<br />Are you using weak / insecure method...
Discussion<br />http://www.mobilephonesecurity.org<br />From: http://stackoverflow.com/questions/4671859/storing-api-keys-...
Discussion<br />http://www.mobilephonesecurity.org<br />“I look at KeyStore but it does not really solve my problem. It ca...
Platform Security Guidelines<br />http://www.mobilephonesecurity.org<br />Apple: http://developer.apple.com/library/mac/#d...
http://www.mobilephonesecurity.org<br />Romans with iphones….<br />Contact<br />Email: david.rogers@copperhorses.com<br />...
http://www.mobilephonesecurity.org<br />Code Solutions<br />Don’t look at the next slide if you don’t want the answers!<br />
Code Solutions<br />http://www.mobilephonesecurity.org<br />Helvetii: I need more time for reinforcements (h shift)<br />G...
Próximos SlideShares
Carregando em…5
×

Hacking Roman Codes with Mobile Phones

3.669 visualizações

Publicada em

This presentation was given at the Over The Air event #ota11 at Bletchley Park. The idea was to get developers thinking about how they are securing their applications (or not) and to have an open discussion about methods that could be employed to help developers. Julius Caesar was nearly defeated a few times and had his codes have been broken, just maybe, the world might have been a different place. For more information on the individual battles (I did a verbal run through, check out the great wikipedia pages on them). The code breaking exercise contained within is a fun tool to help people understand about the need to protect information.

Publicada em: Tecnologia, Negócios
  • Seja o primeiro a comentar

Hacking Roman Codes with Mobile Phones

  1. 1. Historical code cracking with phones: What if Pontus, the Gauls, Germans, Nervii, Egyptians and Helvetii had iphones?Over The Air 2011, Bletchley Park<br />http://www.mobilephonesecurity.org<br />David Rogers, Copper Horse Solutions Ltd.<br />1st October 2011<br />
  2. 2. http://www.mobilephonesecurity.org<br />Some Information<br />About Me<br />12 years in the mobile industry<br />Hardware and software background<br />Head of Product Security at Panasonic Mobile<br />Worked with industry and government on IMEI and SIMlock security<br />Pioneered some early work in mobile phone forensics<br />Brought industry together on security information sharing<br />Director of External Relations at OMTP<br />Programme Manager for advanced hardware security tasks<br />Chair of Incident Handling task<br />Head of Security and Chair of Security Group at WAC<br />Owner and Director at Copper Horse Solutions<br />Blog: http://blog.mobilephonesecurity.org, Twitter: @drogersuk<br />About Copper Horse Solutions Ltd.<br />Established in 2011<br />Software and security company<br />Focussed on the mobile phone industry<br />Services:<br />Mobile phone security consultancy<br />Industry expertise<br />Standards representation<br />Mobile application development<br />http://www.copperhorsesolutions.com<br />
  3. 3. Histiaeous<br />http://www.mobilephonesecurity.org<br />In 499BC sent a trusted slave to encourage a revolt against the Persians<br />Shaved the head of the slave<br />Tattooed a message to his head, let the hair grow back<br />Recipient shave off the slave’s hair to get the message<br />This is an early form of steganography<br />From: http://www.retroworks.co/scytale.htm<br />
  4. 4. Scytale<br />http://www.mobilephonesecurity.org<br />Transposition cipher<br />Ancient Greeks, particularly the Spartans used it for military communication (also apparently used by the Romans):<br />From: http://www.retroworks.co/scytale.htm<br />
  5. 5. CAESAR Shift<br />http://www.mobilephonesecurity.org<br />Supposedly used by Caesar to protect military messages – by shifting the alphabet 3 places to the left:<br />Still used today (scarily!) – e.g. ROT13<br />It helped that a lot of Caesar’s enemies were illiterate anyway…<br />From: http://www.retroworks.co/scytale.htm<br />
  6. 6. Phaistos Disc…<br />http://www.mobilephonesecurity.org<br />Still plenty of mystery text to decipher out there…<br />Source: PRA<br />
  7. 7. Code Cracking Challenge<br />http://www.mobilephonesecurity.org<br />After each battle I describe there will be some codes to crack in which you would be able to change the course of history. You can also get these at:<br />http://blog.mobilephonesecurity.org<br />From: http://www.retroworks.co/scytale.htm<br />
  8. 8. Some Source Code to Help!<br />http://www.mobilephonesecurity.org<br />Hint: The codes are all Caesar ciphers but with different rotations<br />https://github.com/mkoby/RotationCipher (not mine!)<br />and a cheat: http://textmechanic.com/ROT13-Caesar-Cipher.html<br />
  9. 9. Julius Caesar (Briefly!)<br />http://www.mobilephonesecurity.org<br />100BC – 44BC<br />Spent 9 years campaigning in Gaul (and made a fortune)<br />Invaded Britain<br />Was involved in a civil war with Pompey<br />Defeated the Egyptians<br />Assassinated on the ‘Ides of March’ in 44BC<br />
  10. 10. http://www.mobilephonesecurity.org<br />
  11. 11. List of Battles<br />http://www.mobilephonesecurity.org<br />58BC Battle of the Arar – Helvetii<br />58BC Battle of Vosges - Germans<br />57BC Battle of the Sabis – Nervii<br />52BC Battle of Alesia - Gauls<br />47BC Battle of the Nile - Egyptians<br />47BC Battle of Zela - Pontus<br />
  12. 12. Battle of the Arar<br />http://www.mobilephonesecurity.org<br />58BC Caesar v Helvetii, Switzerland<br />
  13. 13. Break This Roman Code!<br />http://www.mobilephonesecurity.org<br />Also here: http://blog.mobilephonesecurity.org<br />Can the Helvetians defeat Caesar?<br />bgxxwfhkxmbfxyhkkxbgyhkvxfxgml<br />
  14. 14. Battle of Vosges<br />http://www.mobilephonesecurity.org<br />58BC Caesar v Germans, River Rhine, Alsace<br />
  15. 15. Break This Roman Code!<br />http://www.mobilephonesecurity.org<br />Also here: http://blog.mobilephonesecurity.org<br />Should the Germans attack the Romans?<br />bpmumvizmnqopbqvonqbemkivpwtlwcbnwzivwbpmzemms<br />
  16. 16. Battle of the Sabis<br />http://www.mobilephonesecurity.org<br />57BC Caesar v Nervii, Wallonia<br />
  17. 17. Break This Roman Code!<br />http://www.mobilephonesecurity.org<br />Also here: http://blog.mobilephonesecurity.org<br />Are the Nervii ready for Caesar?<br />muqhuweydwjeruqjiqryiydjmetqoi<br />
  18. 18. Battle of ALesia<br />http://www.mobilephonesecurity.org<br />52BC Caesar v Gauls, France<br />
  19. 19. Break This Roman Code!<br />http://www.mobilephonesecurity.org<br />Also here: http://blog.mobilephonesecurity.org<br />Is there anything the Gauls do to help themselves?<br />qebobfpxtbxhmlfkqfklrotxiikbxoqebqobbp<br />
  20. 20. Battle of the NILE<br />http://www.mobilephonesecurity.org<br />47BC Caesar & Cleopatra v Ptoloemic forces, Alexandria, Egypt<br />
  21. 21. Break This Roman Code!<br />http://www.mobilephonesecurity.org<br />Also here: http://blog.mobilephonesecurity.org<br />Are the Egyptians ready for action?<br />wbssrgiddcfhhcpfsoycihobrtwuvhdhczsam<br />
  22. 22. Battle of Zela<br />http://www.mobilephonesecurity.org<br />47BC Caesar v Pontus, Turkey<br />
  23. 23. Break This Roman Code!<br />http://www.mobilephonesecurity.org<br />Also here: http://blog.mobilephonesecurity.org<br />Save Pontus?<br />sbkfsfafsfzf<br />
  24. 24. http://www.mobilephonesecurity.org<br />Mobile Phones!<br />Open discussion on mobile application security<br />
  25. 25. Don’t Use Roman Codes!<br />http://www.mobilephonesecurity.org<br />ROT13 and XORing / obfuscation are not adequate!!<br />Modern crypto (not surprisingly) is significantly better<br />However, developers don’t have access to secure hardware APIs on mobile <br />
  26. 26. Mobile Development<br />http://www.mobilephonesecurity.org<br />How are you storing keys for both symmetric and asymmetric ciphers?<br />Common issue amongst developers<br />Also application signing keys<br />
  27. 27. Mobile Development<br />http://www.mobilephonesecurity.org<br />Think about security when designing your apps<br />Are you playing fast and loose with your users’ private data?<br />Have you explained to users why you used certain permissions?<br />What have you (not) encrypted?<br />Is your application designed badly? – gift to hackers / fraudsters?<br />E.g. asking for credit card details from a QR code<br />
  28. 28. Mobile Development<br />http://www.mobilephonesecurity.org<br />Do your research<br />Are you using weak / insecure methods?<br />Do you understand basic secure coding techniques?<br />Do you understand the platform security guidelines?<br />
  29. 29. Discussion<br />http://www.mobilephonesecurity.org<br />From: http://stackoverflow.com/questions/4671859/storing-api-keys-in-android-is-obfustication-enough<br />
  30. 30. Discussion<br />http://www.mobilephonesecurity.org<br />“I look at KeyStore but it does not really solve my problem. It can store my keys given that I can provide a password. Then I need to find a secure place to store this password which is same as my original problem.”<br />
  31. 31. Platform Security Guidelines<br />http://www.mobilephonesecurity.org<br />Apple: http://developer.apple.com/library/mac/#documentation/Security/Conceptual/SecureCodingGuide/Introduction.html<br />Android:http://developer.android.com/guide/topics/security/security.html<br />Blackberry: http://docs.blackberry.com/en/developers/deliverables/29302/index.jsp?name=Security+-+Development+Guide+-+BlackBerry+Java+SDK7.0&language=English&userType=21&category=Java+Development+Guides+and+API+Reference&subCategory=<br />Windows Phone 7 (Nokia Guidelines): http://www.developer.nokia.com/Community/Wiki/Windows_Phone_Platform_Security<br />
  32. 32. http://www.mobilephonesecurity.org<br />Romans with iphones….<br />Contact<br />Email: david.rogers@copperhorses.com<br />Twitter: @drogersuk<br />Blog: http://blog.mobilephonesecurity.org<br />http://www.flickr.com/photos/laurenthaug/4127870976/sizes/l/in/photostream/<br />
  33. 33. http://www.mobilephonesecurity.org<br />Code Solutions<br />Don’t look at the next slide if you don’t want the answers!<br />
  34. 34. Code Solutions<br />http://www.mobilephonesecurity.org<br />Helvetii: I need more time for reinforcements (h shift)<br />Germans: the men are fighting fit we can hold out for another week (s shift)<br />Nervii: we are going to beat sabis in two days (k shift)<br />Gauls: there is a weak point in our wall near the trees (d)<br />Egyptians: I need support to break out and fight ptolemy (m shift)<br />Pontus: venividivici(d shift)<br />The famous: I came, I saw, I conquered message<br />Of course, the Pontic army could not save themselves!<br />

×