Beruflich Dokumente
Kultur Dokumente
of Contents
Acknowledgments:
Preface:
Chapter 1: Introduction to Cryptography
1.1 What is Cryptography?:
1.2 Basic Terminology:
1.3 Application of Mathematics:
Chapter 2: Classical Ciphers
2.1 Substitution Ciphers:
2.2 Caesar Cipher (Shift Cipher):
2.3 ROT1 Cipher:
2.4 ROT13 Cipher:
2.5 Atbash Cipher:
2.6 Transposition Ciphers:
2.7 Morse Code:
2.8 Fractionated Morse Cipher:
2.9 Book Ciphers:
2.10 Masonic Cipher (Pigpen Cipher):
2.11 Monoalphabetic Ciphers:
2.12 Polyalphabetic Cipher:
2.13 Homophonic Ciphers:
2.14 Vigenre Cipher:
2.15 Gronfeld Cipher:
2.16 Polybius Square:
2.17 Rail Fence Cipher:
Chapter 3: Cryptography encountered today
Chapter 4: Applications of Cryptography
4.1 Investigative Applications:
4.2 Applying what youve learned:
Chapter 5: Cryptanalysis Code Breaking Tips
Chapter 6: Mechanical Ciphers
6.1 Greek Scytale (First known appearance of a Cipher Device):
6.2 Alberti Cipher Wheel:
6.3 Vigenres Cipher Wheel:
6.4 16th Century Cipher Machine:
6.5 Jefferson Cipher Cylinder:
6.6 Wheatstone Wheel:
6.7 Mexican Army Cipher Wheel:
6.8 First known Rotor Cipher Machine:
6.9 Enigma & Lorenz:
6.10 Bombe and Bomba:
6.11 Swiss NEMA Cipher Machine:
6.12 Later Cipher Machines:
Chapter 7: Modern Ciphers
7.1 Symmetric Ciphers:
7.2 Binary:
7.3 Hexadecimal:
7.4 Block Ciphers:
7.5 Public Key Cryptography:
7.6 RSA:
7.7 DES (Data Encryption Standard):
7.8 3DES (Triple Data Encryption Standard):
7.9 Multipurpose Internet Mail Extensions (MIME):
7.10 Secure Multipurpose Internet Mail Extensions (S/MIME):
7.11 Privacy Enhanced Messaging (PEM):
7.12 AES:
7.13 IDEA:
7.14 Digital Signatures:
7.15 Certificate Authority (CA):
7.16 Digital Certificates:
7.17 Paired-keys:
7.18 Pretty Good Privacy (PGP):
7.19 Public Key Infrastructure (PKI):
7.20 Diffie-Hellman Key Exchange:
7.21 Elliptical Curve Cipher Algorithms:
7.22 Secure Socket Layer (SSL) & Transport Layer Security (TLS):
7.23 Virtual Private Networks (VPNs) and Internet Protocol Security (IPSec):
7.24 Quantum Ciphers:
7.25 Using Encryption With Your Devices:
Chapter 8: The Future of Cryptography
8.1 Legal Developments in cryptography:
8.2 Privacy Advocate:
8.3 National Security Advocates:
8.4 Global Trends Leaning Toward Evasive Surveillance Legislation:
8.5 The Political side of this issue:
8.6 US Court decisions:
8.7 Authors Insights:
Cryptography
An
Introductory
Crash Course on the Science and
Art of Coding and Decoding of
Messages, Ciphers,
Cryptograms and
Encryption
by
George Bull
Bull, G. (2016).
This book is the intellectual property of the author. If referencing content within this book,
follow copyright and intellectual property laws concerning fair use. Following fair use
guidelines on citation respects the author by giving proper credit for the work and time
spent on writing this book.
(Beyond that, I dont really care.)
Warning:
If you are an individual that is more concerned with Political Correctness then dealing
with reality, this may not be the right book for you. If you choose to continue to read this
book, know this, Youve Been Warned.
Acknowledgments:
I would like to express my gratitude and thanks to my family and friends for their support
and dedicate this book to my Parents. I also express my thanks to all my students whom
encouraged me to write. Additionally, I thank all Professors throughout my educational
career for sharing their knowledge and experiences with their students. I express special
thanks to the Stockton University Oratorio Society lead by Professor Beverly Vaughn. Her
outlook on life and never-ending energy inspires all and encourages everyone to sing.
Lastly, to all my colleagues over the years whom expressed an interest in seeing my
scholarly works published. I thank all of you!
Preface:
This book provides a crash course in Cryptography and Cryptanalysis. As the description
indicated this book is presented using a ground-up approach to learning so that readers of
all knowledge levels can understand the content. It was specifically designed to allow
readers with no prior Cryptography or Cryptanalysis knowledge the chance to gain some
practical cryptographic skills. Readers will start with a brief history of Cryptography and
be able to define what Cryptography is and why it is so important in securing everyones
digital data today. Classical Ciphers will be discussed in chapter 2. Chapters 3 and 4 will
cover Cryptography encountered within our daily lives, and Applications of Cryptography.
The focus is on two specific areas. First on the average individuals need to ensure their
information is secure. The second focuses on Investigative Applications. In discussing
investigative applications short stories are provided to highlight how Cryptography can be
applied within the fields of Law Enforcement, National Security as well as Archeology. In
4.2 readers have the opportunity to practice their new found Cryptography skill set.
Several Cryptanalysis code breaking tips are also provided within chapter 5. Within
chapters 6 and 7 discussions touch on Mechanical Ciphers and Modern Computerized
Ciphers. This book ends with a candid discussion on the Future of Cryptography focusing
on evolving legal issues. These include arguments from Privacy and National Security
Advocates; current international legislative trends; US Court Decisions and a few Author
Insights.
This book contains a small part of the culmination of Cryptographic Knowledge I have
acquired over the years. This wealth of knowledge draws upon various investigative and
scientific fields. My expertise, lead me to became a security professional specializing in
Forensic Science, Cybersecurity, Digital Forensic Investigation and Healthcare
Information Privacy and Security. I began my Cybersecurity and Digital Forensics
Training from, among other places, The University of New Havens Henry C. Lee College
of Criminal Justice and Forensic Sciences and the National Criminal Justice Computer
Laboratory and Training Center or Search Group in Sacramento California. Ive earned
recognition for my Cybersecurity and Digital Forensics expertise and hold professional
membership with NC4s DHS-Sponsored Cybercop Portal also known as the Cybercop
Situational Readiness Network. This affiliation allows me to stay current with updates
from Cybercop Global, The Homeland Security Group, and the Electronic Crime
Technology Center of Excellence through Cybercops Secure Network. As such,
Cryptography has been an interest of mine for years. My Forensic Science education was
also received from The University of New Havens Henry C. Lee College of Criminal
Justice and Forensic Sciences (UNH) in West Haven Connecticut as well as Stockton
University in Galloway New Jersey. Currently, I teach part-time at the rank of Assistant
Professor. Due to University needs and mostly fast-track classes, my course load consisted
of 25 undergraduate credits for the 2015-2016 academic year. Additional Security related
training includes National Security Incident Mapping, Security Vulnerability Assessments,
and Bio-Terrorism and Defense received from the University of New Haven in
collaboration with the Sandia National Laboratory in Livermore California. As a
Professor, I have taught coursework in Computer Science, Cybersecurity, Digital
Forensics and Healthcare Information Security at a University in North New Jersey since
January 2008.
A brief background the reader might find interesting, is that some news stations in the
northeastern US have occasionally talked about me over the past few years. Not for
ground breaking research or such, but because I was singing to some of my classes during
class. Not every course section, but still, now and then. They mentioned me for that and
later in 2015 for stopping a small riot on my campus by singing This is My Wish by
Kevin Ross after someone posted it online. So yes, Im the Singing Professor. This is why
I thank Dr. Vaughn in the Acknowledgments. Her inspiration is a key reason my singing
style continues to develop along the path it has taken allowing me to vocally perform Sole,
Motown, Jazz as well as other vocal genres. As for my students, over the years many
seemed confused by the explanations found in the typical albeit more traditional texts
when discussing course topics. Since many of my students are not shall we say the most
technologically savvy individuals when first enrolled in my classes, I have had to come up
with innovative ways of explaining things so that such students could at least begin to
comprehend the basic concepts of various course topics discussed including principles,
methodologies, and techniques found within cryptography and cryptanalysis. Several have
commented over the years that I should write a book on various subjects as my expertise
and explanations allowed them to have a better grasp of concepts they had previously
thought of as very complex and confusing fields of study. So I took their advice! As a
result, I acknowledge and thank all the students whom encouraged me to write. I wrote
this book in the hopes it will help others in the same way Ive helped them understand the
topics discussed within this book. To past students, this book contains more Cryptographic
knowledge then Ive ever conveyed during class. At this time, if it was not already
previously disclosed by the news media or social networks, the name of the School in
Bergen County NJ NYC Metro area where Im employed is Felician University, formerly
Felician College in 2015. Some students pointed out that there was another Professor with
the same name working for a different school in the NYC Metro area. Therefore, to
remove any confusion for those in that area, Felician is the only School Ive worked for as
a Professor in the NYC Metro area. I continue to ask the media to respect my wishes and
leave me be as I am merely a Professor not a public figure. As for my School, Felician
University follows the beliefs of the Franciscan Order of the Roman Catholic Church and
was founded by the Felician Sisters whom still reside on the Universitys Lodi campus. If
visiting the campus, please show proper respect and courtesy to the Sisters, Bothers, and
Fathers whose efforts promote peace and good will. I should also mention for potential
legal reason, at no time was any University resources or collaborative consultation with
others at the University used in writing this book. Nor did the University have any prior
knowledge of my writing activities. I wrote this book entirely on my own using free time
in July during the 2016 summer break. Having said that, this book should reflect
positively upon the University as an academic contribution that emerged from within the
ranks of its Faculty. While this book was primarily wrote in July, due to editing and
revisions release was delayed until August. Due to the time sensitive nature surrounding
this book release, I will monitor it and make corrections as needed. Due to the nature of
Amazons ebook distribution system, all updates will be available for download to your
devices. If critical errors are located, Amazon will notify each purchaser of the update. If
other important non-critical updates are made, your manage kindle content page will show
an update is available. I recommend looking now and then as the book may have new
content added or revisions made for a more enjoyable experience on some devices or for
better clarification purposes.
Lastly, given the multitude of sub-disciplines within Cybersecurity I would like to explain
why this subject was chosen. Cryptography is in my opinion, one of the most multidisciplinary fields of study today as it encompasses Computer Science, Cybersecurity,
Engineering, National Security, Forensic Analysis, and various Branches of Mathematics.
Additionally, when including Quantum Ciphers elements within the Natural Sciences
begin to play an important role as well. As such, this book encompasses greater levels of
scientific knowledge then a general Cybersecurity or Digital Forensics book could convey.
In other words, I chose the hardest most excruciating Cybersecurity related topic I could
think of and began writing. Glancing through the available book offerings on
cryptography, none of them seem to adequately teach exactly how cryptography works to
the layperson. Most seem to make assumptions that a baseline of knowledge is already
present. Others explain the concepts of modern computerized encryption and how to
implement different cryptosystems in textbook format, but do not explain exactly what is
being done behind the scenes to encrypt and decrypt data. This book provides a
rudimentary introduction (crash course) to Cryptography and Cryptanalysis that readers
can begin to apply within their own lives by teach them exactly how Cryptography works
to protect information in our modern Digital Age as well as its use in Ancient Times. This
provides a foundation which readers can continue to build upon. My original intentions
were to write this book as if it was a lecture being read rather then heard. Sometime during
the writing process the book took on a different form. It ended up resembling a
combination of traditional textbook format, presented with explanations similar to what
the reader would receive from in-person course lectures.
Now that all of this is out of the way and without any further ado, this book begins with an
Introduction to Cryptography.
known as a Scytale during the fifth century BC. The Scytale was believed to have been
implemented as a field cipher used by military commanders. Later, Julius Caesar used a
shift cipher for military and political use from 100-44 BC. These are just some examples
to show that cryptography has been around for many thousands of years. Sometime
around the 1950s, the term classical ciphers began to be used to generally describe PreWorld War II era ciphers. Within the next few chapters of this book, we will delve indepth into several popularly used classical ciphers. The simple substitution ciphers are
examples of classical ciphers. They replaced each letter in a message with another. Each
time that letter appears throughout the message, the new letter will instead take its place
thus encoding the message. Some forms of classical ciphers include but are not limited to
Caesar/Shift, ROT1, ROT13, Atbash, Vigenre Cipher, Transposition Ciphers, Book
Ciphers, and Block Ciphers. These and other non-computerized classical ciphers are still
used by many today throughout the world. Ciphers that were used during WWII are
generally referred to as Mechanical Ciphers which included the German Enigma and
Lorenz Cipher Machines. It should be noted that the Enigma and Lorenz Cipher Machines
are not the first examples of mechanical ciphers, but are the most advanced currently
known to have existed. Ciphers developed Post-World War II are considered modern
ciphers. Todays modern computer technologies have obviously greatly increased the
sophistication of todays computerized encryption based ciphers with multiply keys using
symmetric algorithms while other more secure ciphers utilize asymmetric algorithms or a
combination of both symmetric and asymmetric algorithms. These are more advanced
ciphers utilized in modern encryption and will be discussed within a later chapter. Several
examples of ciphers used today in the modern digital world include RSA, DES, 3DES,
S/MIME, AES, PEM, IDEA, SSL, Diffie-Hellman key exchange, Public-Key
Cryptography, PGP, PKI, IPSec, as well as the technologies used for Digital Signatures
and Digital Certificates. The following pictures represent some of the ciphers discussed
within this book.
Ciphers use a key which can also be used to decode the encrypted message back into its
readable form.
Ciphertext:
The content of the enciphered message or code generated from plain text message by
applying a cipher used to encrypt it into an unreadable form.
Plaintext:
The contents of a message in its intelligible readable form. It is the message as it existed
before the application of a cipher is used to encode it, and post application of a cipher used
to decode the ciphertext form back into an intelligible message. In other words, the
intelligible message, information or data is completely and entirely readable to all
provided they understand the particular language in which the original message was wrote.
Encoding:
The process of coding plaintext into ciphertext. This is also known as coding, encrypting
or enciphering.
Decoding:
The process of decoding ciphertext back into plaintext, known as decrypting, or
deciphering
Encipher:
The process of using ciphers to code plaintext into ciphertext. Also known as coding,
encoding, encrypting or encryption
Decipher:
Deciphering is the process of retrieving plaintext from ciphertext. Also known as
decoding, decrypting or decryption
Encryption:
Derived from the word encrypt meaning the process of coding or change information from
one form to another to hide its true meaning. Additionally, the word is used to describe
modern mathematical algorithms utilized by computing technologies to hide or conceal
information using keys available to only the parties the information is intended for thus
concealing it from unauthorized parties. This is also referred to as coding or encoding.
Decryption:
The process of converting encrypted ciphertext back into readable plaintext. Before the
Digital Age, it refers to the processes the Cryptanalyst would employ to decode ciphered
documents manually. In the information age and beyond, it referred to the process of
utilizing computerized technologies using mathematical algorithms to reveal the message
hidden within encrypted ciphertext. However, in some cases it is still required for the
cryptanalyst to utilize their own knowledge and still manually decrypt ciphered messages.
Hash:
In the previous illustration, notice the flow of data. On the left, you start with your
plaintext message. You then combine the plaintext with the secret key to create your
encrypted ciphertext message. Once in ciphertext form, you transmit it over networks such
as the internet as depicted here, to the party with whom you wish to communicate. Once
they receive it, they combine the ciphertext and secret key, thus decoding the message
back into its intelligible plaintext form.
Observe the below ciphertext.
J XFOU UP UIF TUPSF.
In this case, the secret key was to take every letter in your plaintext message and count
exactly one character forward in the alphabet to code it. Once you understand this, you can
easily reverse this process by counting one back to the previous letter within the alphabet
to decode it. Using this reversal method, the above message decodes to read as follows.
I WENT TO THE STORE.
Congratulation, you have just learned your very first cryptographic cipher, the ROT1
We just learned how symmetric cryptography using symmetric ciphers works by using a
single key known as a secret key to code and decode messages. Especially in the modern
technological world, computers can break these types of ciphers almost as easily as they
can use dictionary attacks to crack simple password. For those unfamiliar with password
attach methods, a computer programs or app uses a dictionary to crack a users password
by attempting to apply every single word within it as the possible password. These attack
methods can be completed in minutes to as little as seconds with modern notebook
computers as well as some tablets and high-end Smartphones. As a result, much stronger
encryption ciphers are needed to keep sensitive information safe and secure from the
prying eyes of unauthorized individuals. Asymmetric cryptography begins to address this
need. Asymmetric ciphers use two keys. One codes the message and the other decodes it.
The best forms of asymmetric ciphers use a system known as Public Key Cryptography.
Public Key Cryptography:
Public Key cryptographic ciphers use two key. One key the sender uses to code the
message into ciphertext. The receiving party that the sender wishes to securely
communicate with must use another key to decode the message into plaintext. An
important note to make is that once the message is coded with the senders key, their key
cannot decode it into plaintext. Only the key the receiving party has will be able to
successfully decode the encrypted ciphertext message back into readable plaintext. These
keys are referred to as the Public Key and Private Key respectively.
Public Key:
In Public Key Cryptography, the Public Key is used by the sender to code plaintext into
the ciphertext that they wish to securely transmit to another party over a network.
Private Key:
Public Keys used to code messages unlike secret key as seen in symmetric cryptography
cannot decode the passage of ciphertext it was just used to encrypt. Instead the recipient
uses the Private Key youve shared with them to decode the ciphertext into its intelligible
plaintext form. The concept is that public keys can only code messages. Once they are
coded, only its matching private key will be able to decode the message successfully into
plaintext.
The following illustration shows the concept of applying asymmetric public key ciphers to
encrypt and decrypt messages.
In the illustration above, notice the flow of data and how it differs from the illustration
shown for symmetric ciphers. On the left, you start with your plaintext message. You then
combine the plaintext with the public key to create your encrypted ciphertext message.
Once in ciphertext form, you transmit it through the internet to your desired
correspondent. Once they receive it, they combine the ciphertext with your private key to
successfully decode the message into intelligible plaintext form.
The following example attempts to illustrate the usefulness of employing Public Key
Cryptography over Symmetric Cryptography. Lets call this short story Jane and Dan.
These two individuals wish to secretly communicate with each other over the internet via
a messaging service. If a nefarious third party attempts to intercept the message they
would be able to read all correspondence unless they used cryptography to code their
messages. If encryption was used, the nefarious party would see gibberish instead of an
intelligible message. The nefarious party could be a number of different types of
individuals. They could be anything from a hacker, a technologically savvy identity thief,
cyberstalker or any number of other individuals engaged in utilizing technology to commit
criminal or illicit activities. Lets say this is a case involving cyberstalking. Dan is
unaware that he knows his stalker personally as they are friends. Knowing Dan in this way
would give the stalker access to where he lives. They could conceivably locate and gain
access to Dans cipher key used to code messages he sends to Jane. If a symmetric cipher
was used the stalker would than be able to read all messages in Dan and Janes
correspondence. If asymmetric cryptography was used instead, the stalker would only be
able to read Janes responses back to Dan but not the messages Dan sends to Jane. This
may have just confused readers that are about to say didnt you just say the public key
only codes and the private key only decodes. I understand this confusion, so allow me to
elaborate. When Dan and Jane decided to use asymmetric cryptography, one of them lets
say Dan creates the keys they will both use for their secure communications. Yes when
Dan codes his message he uses his Public Key to code it and only Janes Private Key can
now decode it. However, when Jane wishes to send a response back to Dan she then uses
her key to code her response she sends back to Dan and only Dans key can decode the
message Janes key coded. So think of the keys as a two way pairing system. Regardless
of which one codes the message, the encoded ciphertext can only be decoded by the
second matching key. So, if Dan codes the message at that moment his is the public key
and only its matching private key used by Jane can decode the message. If Jane codes the
message with her key, at that moment her key is acting as the public key and once Dan
receives the message and attempts to decode it, his key at that moment is acting as Janes
Private Key. So you see that regards of which direction the correspondence is occurring,
the one used to code the ciphertext message acts as the Public Key and the one actively
used to decode the ciphertext created by the other acts as the others Private Key.
Critical Characteristics of Information:
In Information Security, all information whether it be cyber or physical in nature, can be
broken down into what is known as their Critical Characteristics. Cybersecurity Specialist
focus on the CIA triangle (also called triad) within the Critical Characteristics of
Information. In this case, CIA does not stand for Central Intelligence Agency, but rather
Confidentiality, Integrity, and Availability. Some books say A stands for Authentication,
but in Cybersecurity the A in CIA is Availability. These are the three crucial
characteristics all information security professional must address when analyzing,
addressing, implementing, and maintaining an organizations Information Security Posture.
However, when it comes to cryptography in our modern world, it is not enough to just
focus on these three Critical Characteristics and should be expanded to 5 or more. Six of
the critical characteristics of information that impact productivity and concerning modern
cryptography are Confidentiality, Integrity, Availability, Authorization, Authentication,
and Nonrepudiation.
The reason to use cryptography is to keep sensitive information private when stored as
well as during transmission thus ensuring information transmitted is protected from
intercepts. This process is addressed by the critical characteristic of Confidentiality.
Whether it is industry or governmental, it is important to ensure the data the entitys
information infrastructure houses and transmits is genuine, accurate, uncorrupted and has
not been fraudulently altered inappropriately. The process to ensure your entitys
information is protected against such things is the critical characteristic known as
Integrity. As Cybersecurity Specialist, we often want to through a variety of security
measure together and implement them without taking into account the need for employees
to securely access information in a timely manner. Taking the need to access sensitive
information within a timely manner into account is addressed by the critical characteristic
Availability. Authorization is the process of assigning personnel access privileges they will
require to access confidential information. In cryptography, this also addresses who is
authorized to encrypt and decrypt ciphertext messages. Authentication is the process of
assuring the parties securely communicating are who they claim to be. In other words,
authorization is proof. If you send a securely encrypted document to someone,
authentication is the means that the receiving party can be assured that the document
received did originate from you. Lastly, Nonrepudiation is essentially proof or origin and
proof of destination. Through nonrepudiation techniques especially as seen in Public Key
Infrastructure, parties cannot refute, dispute or deny knowledge of transactions. This
allows for a means to hold all parties partaking in communications accountable for the
content exchanged during the transactions.
Session:
A session can be described as temporary access. Today, when we log into websites that
require usernames and passwords to access our accounts, a temporary assess is granted.
This access typically remains until the user logs off or if the site is set up for it, once a
predetermined amount of time has elapsed. The elapsed time could be due to user
inactivity, or an arbitrary time the site administrator has configured. In either event, once
the session is terminated, the user is required to sign back in (creating a new session) to
access their accounts.
Stream Ciphers:
Most ciphers are created and implemented before and after transmitting via a network
medium. Stream Ciphers are no exception to this statement. Stream Ciphers work by
encrypting each bit from the plaintext message one bit at a time. Binary Language which
we will discuss in chapter 7 is represented a 0s and 1s. It is the language modern
computer technology understands. Breaking the plaintext message down into its
corresponding bits, and than encoding each single bit one at a time is how the Stream
Cipher encodes data.
Block Ciphers:
This system works differently then that just explained for Stream Ciphers. Stream Ciphers
broke down the message into binary bits and encoded each bit one at a time. Block
Ciphers take groups of bits and encode them as if they were one unit. These bit groups are
known as a block. These blocks usually consist of 64, 128, and 256 bits when
implemented within encryption algorithms. Block Ciphers are discussed further within
chapter 7.
f(x)=18
If it helps the reader, f(x)=18 can also be expressed as
18=((6+3)*2)
When it comes to using Algebraic expressions within this book, the variable y in the
case above is already predetermined for you when using existing ciphers. Plug in the value
that was already chosen by that cipher just as shown above with y=6. In Cryptography,
Algebra is often seen in algorithms for Substitution Ciphers which are explained further
during discussions on Classical Ciphers within Chapter 2.
Modulation (modular arithmetic):
Modular arithmetic is a concept within the mathematical discipline of Calculus. Though
the concept is a fairly simple one, it can be confusing at first. It works be establishing a
number set in which all possible numbers must fall within. The expression is generally
shown as (mod X) where X is the possible number of usable slots within the set. For
example if we used (mod 10) within an expression, then all possible values must fall
within the range of 0-9 or 1-10. While scientists generally express it as 0-9, if it helps
readers to better understand it, you can think of it conceptually as expressing a range from
1-10. Understanding modular arithmetic is of great importance to Cryptography. In the
Latin Language, there are only 24 Alphabetical character letters as opposed to English
which has 26. If a given messages plaintext was written in Latin instead of English, than
the modular expression would be (mod 24) as this confines the accepted characters to only
24 possibilities. English on the other hand would be expressed as (mod 26) to properly
represent the 26 possible character slots that are available within the English Alphabet.
The following table shows the Modular sets for several additional languages.
Statistics:
There are three types of statistical analysis used within this book which include frequency
distribution and combinations. Frequency distribution analysis is a type of attack method
used to break ciphertext utilizing the application of Statistical Probabilities. Break each
letter in a given alphabet down as a separate character. All written languages have
characters used more often in words then other characters. Knowing this, one can analyze
ciphertext to see a pattern begin to form in the way of statistical probability. In the case of
a simple substitution cipher being applied to a plaintext message written English, the
ciphertext character that would appear more then any other within the message would
statistically likely be the letter E. We can make this presumptive statement as the letter
E, has statistically been proven to be the most common alphabetic character that occurs
within passages, messages, articles or chapters when written in the English Language.
Since we can determine E is the most common, we can also discern the likely statistical
probability of each of the remaining letters and apply that to the ciphertext in much the
same way you would apply a ciphers key. When applying the frequency distribution attack
to simple substitution ciphers, more often then not the entire correctly decoded plaintext
message emerges from behind its shroud of ciphertext. Other Statistical Probabilities can
also include double letters, and the use of common words of varying lengths. The use of
combinations is observed when creating hash values as well as during cryptanalysis brute
force attacks. When discussing Statistics, most people have a hard time understanding the
difference between permutations and combinations. To aid readers with their
understanding a little, both permutations and combinations are strings of values. A set of
values are provided for use with the formulas. The main difference is that permutations
can only use each value listed once and never again in the string. The order of the values
matter with permutations. However, with combinations the order does not matter as much
allowing the same value to appear two or more times within a given string. Therefore,
there are more possible combinations then permutations for a given set of values.
Permutations are best seen in determining a Ciphers keyspace but are also employed
elsewhere within cryptography. One example is that some Hash values are created using
permutations.
Discrete Mathematics:
This is a branch or sub discipline within mathematics. The general concept of Discrete
Math is that not every problem can be solved through traditional mathematical
expressions. Logic problems fall into this category. Therefore, a brief explanation of
Discrete Mathematics is using math to solve logic problems. This is done in Propositional
Calculus and sometime in Propositional Algebra. For the purpose of this book, the only
aspects of Propositional Calculus I will use to assist in expressing ciphers mathematically
are the logical connective of implies, the set of, and the AND conjunction. For those
unfamiliar with the connective implies, the use of it in this book, can be thought of as, (if
this than that) and will be expressed Discretely as an arrow. So the expression of (AE)
reads A implies E when used in creating or deciphering ciphertext. This simply means for
every A in your plaintext message, use an E for every occurrence of A as your ciphertext
character. This can also be used for decoding by something like (EA) thus converting
every ciphertext E back into its plaintext A. Next, the mathematical representation of
the set of will be explained. This is represented in expressions as {} brackets. Lets say the
variable for a message is M. Therefore, {M} is the set of contents within message M. In
other words, {M} represents everything within message M. The last discrete mathematical
notion used in this book is the AND conjunction depicted as & in this book. To
understand AND conjunctions Lets look at A&B. This is read as A and B, and can be
thought of as using a true/false concept. Where T equals true and F equals false, the
possible true/false values for the A, B variables consists of, T T, T F, FT and FF
respectively. When using AND conjunction, it requires both variables be true. Now, lets
look at the expression A & BZ read A and B implies Z. In this expression, both A and B
must be true in order to have Z. If either A or B were false, Z would not be possible as Z
requires both A and B be true to exist.
Chapter Summary:
In this chapter, we saw that cryptography is by no means a new scientific field of study
and has its roots dating back to before Biblical times. Cryptography is the science and art
of protecting information in order to keep it confidential. It does so by utilizing
mathematical cipher algorithms to code and decode messages, information and or data.
Coded message are called ciphertext, while the original message as well as decoded
ciphertext is referred to as plaintext. The scope of cryptography ranges from classical
algorithmic ciphers, to mechanical cipher devices, and modern computerized encryption
algorithms used today. As ciphers are essentially mathematical algorithms, we discussed
various branches involving Number Theory, Algebra, Modular Arithmetic, Discrete
Mathematics specifically Propositional Calculus and Statistics as they pertain to
mathematical expressions contained within this book. Several basic terms were discussed
within the chapter. Summing up some of the most notable we start with the field of
Cryptanalysis. Cryptanalysis, also called decoding and code breaking is the field of study
that applies scientific methodologies to decoding ciphertext especially when the key is
unknown. Next we discussed ciphers which are mathematical algorithms for the purpose
of encrypting and decrypting secret messages, information or data. The coded messages
created by ciphers are referred to as ciphertext. In order for the encryption algorithms used
by ciphers require a variable to be plunged into them to encrypt or decrypt data. These
algorithmic variables are called keys. Depending on the types of cryptography being used
you could have just one key or several. If the algorithms only uses one single key to both
code and decode data called a Secret Key and is an example of a symmetric cipher.
However, some ciphers use multiple keys. If the cipher used one key to code known as a
Public Key and another to decode called a Private key then it is an example of an
asymmetric cipher.
To decode a message, you must make an assumption concerning the likely language in
which the plaintext message was written. This is important do to a concept of modulation
within modular arithmetic. This not only will identify the possible alphabetical letters to
choose from while decoding, but limit the possibilities mathematically to a number set.
For example English has 26 character letters within its alphabet. Therefore, the modular
arithmetic expression would be (mod 26) thus limiting a ciphertexts possible plaintext
equivalent to only 26 possible character to choose from. This knowledge is also a factor in
determining possible keyspace. In the example I just gave using English, only 1 key was
used. If a symmetric cipher used 3 different keys to code each with 26 possibilities, that
increases the possible keyspace to 78 possibilities. An explanation provided for Discrete
Mathematical concepts and theories including the use of the logical connective implies,
the set of, and the AND conjunction were discussed. Frequency distribution is a statistical
analysis to determine the likelihood each letter in a specific languages alphabet occurs
during passages. For example E is the most frequently occurring letter in a passage or
message wrote in English. We closed with a description of sessions, stream ciphers and
several critical characteristics of information.
Key Terms:
Cryptology: The scientific study of cryptography and cryptanalysis
Cryptography: The scientific study of coding and decoding message to protect data.
Classical Cryptographic Ciphers: Secret writing, a process of enciphering and
deciphering messages to and from an unreadable form or code called a cipher.
Modern Cryptographic Ciphers: Modern definition computer generated encryption and
decryption of information stored on electronic storage media, or transmitted over a
computerized networks.
Encryption: Another term used to describe a modern cipher.
Cryptogram: A message written in a code
Anagram: Letters from a word, phrase, sentence or name that have been rearranging to
form an entirely new word, phrase, sentence or name.
Cryptanalysis: The discipline of solving cryptograms and cryptographic systems or the art
of devising methods used to decode ciphered messages utilized in the field of
cryptanalysis.
Cryptanalyst: A person utilizing scientific methodologies skilled in the art of code
breaking. They are also called a decoder or code breaker.
Cryptographic Systems: Computer systems having the specific purpose of using
mathematical algorithms to code and decode message transmitted or stored electronically.
Cipher: In cryptography, ciphers are the way used to change a messages readable state to
conceal its true meaning. Used to code it making it unreadable to others without the key or
knowledge of how to decode the true message from the text provided.
Ciphertext: The content of the enciphered message or code generated from plain text
message by applying a cipher used to encrypt it into an unreadable form.
Plaintext: Information without encryption in its original intelligible/readable form.
Encoding: The process of coding plaintext into ciphertext. This is also known as coding,
encrypting or enciphering.
Decoding: The process of decoding ciphertext back into plaintext, known as decrypting,
deciphering
Encipher: The process of using ciphers to code plaintext into ciphertext. Also known as
coding, encoding, encrypting or encryption
Decipher: Deciphering is the process of retrieving plaintext from ciphertext. Also known
as decoding, decrypting or decryption
Encryption: In modern cryptography, employing computerized technology to the process
of converting plaintext into an unreadable form known a ciphertext.
Decryption: In modern cryptography, employing computerized technology to the process
of converting ciphertext into intelligible plaintext.
Malware: Malware is the general category that malicious computer programs or apps such
as Viruses, Worms, Trojan Horses, Spyware, Adware, and other Potentially Unwanted
For those who prefer a more visual layperson illustration, see the below depiction.
As you can see it looks very much like the old cardboard decoder rings found in cereal
boxes during the 20th century and still occasionally today. Thats because those decoder
rings were based on a system used by the shift cipher. For those unfamiliar with the
decoder rings as presented here allow me to explain. Notice there are two separate rings,
an outer ring and an inner ring. With these rings, the inside track moved or rotated while
the outer ring stayed fixed. The concept was to move (usually in a counterclockwise
manner) the inner ring to the desired rotation aligned with the outer ring. The outer ring
would represent the characters as they appear in your plaintext message, while the inner
ring would provide the cipher character used in your ciphertext message. These decoder or
cipher rings were also in the form of actual rings worn on the hand. It should also be
noted, that some cipher ring layers of decoder rings were not actual alphabetical letters,
but instead shapes, hieroglyphic or hieratic depiction, as well as alphabetic letters from
other languages not the original language in which the original plaintext message was
written. However, in those cases the ciphers are not Shift but Transposition. In either
event, while not very secure by todays encryption standards, they are useful in decoding
encrypted messages found today in everything from TV shows, movies, comic books, and
even modern video games.
However like all substitution ciphers, while this system kept the content of Caesars
messages secret to only those who knew how to decode them, it uses symmetric
cryptography which employs a secret key. As discussed earlier, the secret key both codes
as well as decodes messages. Once a foe learned of this system, they could intercept
messages, read them, and forge fake ones encoded in Caesars Cipher method and pass
them off to Roman troops. As the orders would have been encoded in the correct method,
the false orders to lets say withdraw all forces from the Byzantine Empire would have
been believed to be genuinely authenticated. As such, the Roman forces would have
withdrawn from the Byzantine Empire leaving Byzantine vulnerable to attack.
mathematical expression similar to what Ive provided, Atbash is one of a few ciphers
whose key works exactly the same regardless of whether applying it to plaintext or
ciphertext. While math is confusing for some, this proves that even with math, its best not
to over think the problem.
The last example of a transposition cipher I will discuss is a columnar transposition cipher.
I will explain with the accompanying illustration below.
Write a sentence in a rectangular pattern similar to what is depicted at the top of the
accompanying illustration above. Now imagine there are five distinct vertical columns of
plaintext. In the example provided, from top to bottom they would be read as ITS WOT
ETO NHR TEE. The columnar transposition cipher works by rearrange the order of the
columns. Look at the bottom of the illustration to see the ciphertext. If you look closely,
you can discern the key. There are five columns, and each old numbered column was
moved from their original order exactly one to the right.
Since the last column was an odd number, it simply moved to the front of the columnar
structure. This examples key was to adjust each odd column exactly 1 column to the right.
However, there are many possible keys that could have been used instead. Some include
rearranging the even columns, swapping the order of paired columns, inverting the order
from top to bottom of each column, or changing the order of characters that appear in
every other column to name but a few. While transposition ciphers do encrypt messages in
code structures hard for some to comprehend, with practice an amateur
decoder/cryptanalyst can figure them out with a little effort and patience
The illustration above shows how this code worked. In this illustration you can see each
letter of the International English alphabet has a series of dots and dashes next to it. If
spoken allowed the dots are pronounced as dit, and the dashes as dah which is similar to
the audible sound created using the key when tapping the code during radio transmission.
Using light, a quick flash is used for
dit, while a longer flash is used for dah. Try to decode the following message.
Using the Morse code key shown previously, we can convert the coded message above to
the phrase Peace be with you. While this phrase has religious significance, in the state of
the world today, it should be taken as a general statement of concern for all people and
hopes that their future will be one filled with peace and prosperity.
In the partial table above, you see the letter S represented with 3 dits corresponds to A in
the table above. The xs represent a place holder for no More Code symbol used. Since not
every letter of More Code is represented by at least three symbols as in E which is just one
dit, this allows ciphertext for such letters to be possible. Now, if our message was
DECODED and we wanted to encode it with this system, the resulting ciphertext would
be OHEHCOHO when applying it to the table above. This is the way Fractionated
Morse Code worked to encrypt messages. This means, the letter A seen in the ciphertext is
not equate to the plaintext character A in the original plaintext message.
This next classical cipher is quite commonly used in almost anything that has a Masonic
theme. That is because the Masonic Cipher or Pigpen Cipher is the code that was used by
Freemasons around the 1800s to code their messages, various texts, documents and
records to keep them confidential. It is a class of substitution cipher that works with
geometric symbols within a grid system rather then the methods other substitution ciphers
employ as previously discussed earlier in this chapter. The illustration above depicts this
system. Notice how the alphabet layout is used in this cipher. It is broken into a grid
system with lines and dots separating each character of the alphabet. Please note the
different shapes with and without dots that the grid makes next to each letter. Simplifying
it should help readers better understand what they are looking at. First, take a look at the
following ciphertext shown below.
Now, match the shape of each character of ciphertext to the grid system as shown above.
Doing so we see the first character which looks like an L with a dot corresponds to the
letter F, the second with A, etcWith this understanding the decoded plaintext becomes
the word FAITH. As expressed earlier with the example used for Morse Code, while faith
is generally associated with religion, it can also be applied to almost anything one
completely believes in such as science. However, I will point out that since scientific
experimentation returns tangible results to prove or disprove a hypothesis, it is not true
faith. True faith is believing in something greater then ones-self even when no tangible
proof exists. Whether that faith is in GOD, in individuals we hold with greater importance
than ourselves or both is up to each of us to decide for ourselves. I should also point out
that there are several different variations of this Cipher. Most of them are based on a
similar grid system. However, which letters are placed where can differ from variant to
variant. Using the letter T to illustrate this, T could be where it currently is, or in Us
slots, and most wearable novelty Masonic/Pigpen decoder rings, typically have T in Ns
slot in the illustration above. Other versions change the exact position the dots are located
within the gird, change the dots to another geometric shape or add double lines with one
more bold then the other to outline the shapes, and yet others do not use the X grid
structure but instead the 3x3 checkerboard with a 45 degree tilt. So you see there are many
different possible variations. Only one was provided here to illustrate the concept behind
the Masonic systems used for creating ciphertext.
might say, my message is now only partially coded and I cannot continue so what was the
point in going this far. To you, I say dont jump to conclusions so quickly. Your current
ciphertext should read PRPPRUCLER. Every time you get to the end of the key, just
start from the beginning and continue coding until youve finished coding you ciphertext
message which should read PRPPRUCLERWMNVILDRNNHKPI.
Using this system we match up our plaintext to the letters within the grid. Once located,
the ciphertext would become the numbers to the left and along the top in that order. The
letter Y encodes to 35 and C to 42. Using this method the plaintext Cryptography
becomes the following ciphertext:42 33 35 13 53 51 43 33 11 13 21 35
Chapter Summary:
Classical Ciphers as a category were defined in the 1950s as all cryptographic ciphers that
existed prior to World War 2. These included the most common form of cipher known as
the substitution cipher. As discussed earlier, these cipher take a single character of
plaintext and encrypt it with a single ciphertext character. Simply stated this means that for
every t in plaintext replace it with another character. Therefore, for every t use a w
in its place as the ciphertext character. Some of the many types of substitution ciphers
discussed in this chapter include the Caesar Cipher also known as Shift Cipher, ROT1 and
ROT 13, Atbash, and a variety of Transposition Ciphers. Other classical ciphers discussed
comprise Book Ciphers, Morse Code and Fractionated Morse Code, Monoalphabetic,
Polyalphabetic, Homophonic, Vigenre, Gronfeld, and the Masonic Pigpen Cipher.
Discussed with each was how each are used to code and decode ciphertext to
communicate messages secretly between two or more parties. The reader should now
possess a good understanding of several cryptographic ciphers and how they work to
protect information that parties wish to securely or secretly share with one another.
cryptography to protect you. Whenever you use Apple Pay, Samsung Pay, or similar apps
to purchase items, cryptography is used to protect your financial identity. When you store
your personal data, pictures, documents, etc in the cloud, cryptography is there to
protect your data. When your HIPAA protected health information (PHI) is sent online or
over computerized network, Public Key Infrastructure (PKI) encryption is used to protect
your confidential medical records, as well as your identity, and financial information.
Virtually any secure website uses encryption to protect not only you the consumer, but
also corporate assets. Businesses, Major Corporations and Governments use cryptography
to protect corporate assets, as well as confidential and highly sensitive information. When
people share personal data, pictures, documents, etc on social media sites, cryptography
is there to protect your data. Virtually any secure website you log into today employs
cryptography/encryption to protect electronic information. It use to be that you could
identify a secure website by looking for a little key or lock symbol that would appear in
your web browser. However, for a while that still appear now and then but usually did not
for a time. Instead, you looked for the URL (website address) in your browsers address
bar. If you saw HTTPS:// instead of HTTP:// then you knew that the site was a secure
website and did employ encryption to protect the information you send and receive from
that website. The modern TLS encryption standards discussed in Chapter 7 usually has
HTTPS when first loading the page, and once you log into the online account a lock
should appear to the left of the URL within the address bar. If a Key or Lock symbol does
not appear and there is no HTTPS:// at the start of the URL, than the site you are visiting
is most likely unsecure and does not ensure any information transferred is secure. Be wary
about transmitting personal information over the internet to unsecure websites.
Cryptography can be found being utilized in a great many things today. I will break them
down into the following categories commonly observed. Ciphers are woven into plots for
many Novels, Movies, and Television shows. Some examples of TV shows that have
depicted Ciphers include but are not limited to ABCs Alias, Disney Channels Gravity
Falls, TNTs Perception, PBSs Endeavour, and Foxs The following, Fringe, and Sleepy
Hollow. Several examples of movies with Ciphers include, Mercury Rising, National
Treasure, Windtalkers, The Da Vinci Code, Zodiac, U-571, Frozen, various Star Wars and
Star Trek episodes, and The Imitation Game. A few Novelist that have woven Ciphers into
their work include Terry Brennan, Dan Brown, Susan Page Davis, James Becker, Steve
Berry, and David Taylor.
Games: Amazon.coms Codes and Ciphers, a superpuzzle series for puzzle solvers or
those fascinated by puzzles or by solving difficult problems.
Ancient Egyptian Hieroglyphs are a common theme found in many popular movies and
video game series. While the glyph symbols are usually real Egyptian Hieroglyphs, when
found in Video games it is usually not actually the Ancient Egyptian written language, but
instead Ciphertext that can be directly converted into English. Game Designers sometimes
do this to allow the knowledgeable player to be able to read the text without actually
learning Egyptian Hieroglyphs. The ciphertext is often found sketched around wearable
novelty translator rings similar to the secret agent decoder rings of old. The ciphertext key
for this is explained with the accompanying translation in Chapter 4 Applications of
Cryptography.
The video game series Assassins Creed is one of the most popular game series to date.
Each edition attempts to immerse the player into another time where the only weapons
available consisted of the non-firearm variety. Within this game series were ciphers woven
into the stories plot. If you are familiar with the series, think of the ciphers used therein.
They closely resemble the masonic cipher system learned earlier in this book. In-fact it is
a variant of the masonic pigpen cipher the developer chose to weave into the games
storyline. Knowing this can allow the player to easily decode these secret messages
entirely on their own.
While some people can manage without, it is nearly impossible to exist today without a
Smartphone. Everywhere you look, heres someone on their phone. Their use no longer
consists of merely conversations with others, but texting, email, syncing all our multitudes
of social media accounts in a fruitless effort to stay up to date with all our friends activities
every moment of every day. It has gotten to the point for some that almost their entire
itinerary throughout the day concerns using their Smartphones. This means they contain
all our accounts, pictures, videos, texts, emails, web browsing histories, personalized
notes, and calendar of agendas planned for the upcoming future. While this is very
convenient, it posses a severe security risk. Smartphones have not had the same level of
focus by the security communities and developers as securing our personal computers
have had in the past few decades. Encryption is one area the security communities have
made good strides with when applying the technology to protect the data within our
Smartphones. Due to very poor firewall implementation and development for portable
electronic devices, encryption is the best line of defense currently available to us in order
to guard against hackers, identity thieves and other unauthorized individuals from stealing
the information within our Smartphones.
Information Technology has been a rapidly growing field for that past several decades.
Information Security was slower to develop, but now comprises of several specialized
disciplines within whats now called Cybersecurity. Cybersecurity is big business today. Its
implementation and use spans from ordinary citizens to corporate enterprises, strategic
military operations, or classified documents sent to a President, Prime Minister, King,
Emperor, Ambassador or Secretary of State as they all employ some form of cryptography
in the way of modern cryptosystems utilizing advanced cryptographic algorithms.
Virtual Private Networks or VPNs are another security measure that can be implemented
to help increase security. Enterprises, governments and others can predefine each location
their transmissions will follow throughout the transmissions route. These locations are
agreed upon by the parties and are considered as trusted locations. Once established, this
technology creates a virtual encrypted tunnel through the internet only using the agreed
upon trusted location along the route. This high level of protection attempts to ensure the
transmission cannot be intercepted by unauthorized entities. This technology is also used
when accessing information from sensitive networks remotely such as a Doctor accessing
patient information from hospital servers residing in NJ while on vacation abroad in Italy
while touring the city of Rome.
The US Military as well as other Military Forces worldwide utilize encryption for secure
communications. It is of such importance to them, that they officially created specialized
cryptographer positions for this task. For example, the US Navy refers to the men and
women skilled in this field as Cryptographic Technicians. Whatever they are called in their
military branch or whosever military they are employed within; their tasks are essentially
the same. That task is to encrypt message sent, decrypt message received, and break
encrypted ciphers used by foes. Without them, the nations foes would be able to intercept
all military communications. As surprise is often a tactical advantage, this would put
strategic plans in jeopardy, and put the men and women within our troop deployments,
especially those participating in active tactical operations in the gravest of risk. There are
many positions and personnel within the armed forces that receive little recognition. I
recognize these intellectually skilled individuals and thank them for their service. Their
efforts protect the lives of others as well as the lives of men and women they continue to
serve alongside.
Chapter Summary:
In this chapter we highlighted some things everyone should know about cryptography.
These technologies are implemented in all kinds of things most people do every day. From
surfing the web, access secure websites, to e-commerce, securing patient health
information, accessing sensitive or confidential information from work related networks
remotely while at home or on vacation abroad, and several scenarios where encryption
could protect information and ensure it remains privacy and inaccessible to unauthorized
individuals or entities.
from dispatch, he is simply informed that its best not to say over an open channel. Since
he has never had to deal with anything other then complaints and traffic tickets, Greggor
was intrigued and nervous all at the same time. When arriving at the manner, the Deputy
sees the Sheriff and several mischievous teenagers gathered around the front of the
decrepit old structure. After the Deputy follows the Sheriff inside, hes informed the case
started with the teens outside trespassing on restricted property. While exploring the
immense condemned derelicts crumbling dilapidated lower levels, the teens made a
startling discover in the adjacent room. Once he enters the room, the Deputy is met by the
most gruesome scene in his entire career. Inside were the bodies of three slain people. The
corpses were mutilated and eviscerated. Strange markings adorn the room leaving an even
greater sense of dread and tormented angst for what the victims must have suffered
through before departing this mortal coil. Once Deputy Greggor regains some
resemblance of composure he recognizes a pattern to the strange symbols at the crime
scene. Believing the markings are some kind of code, he contacts the Bureau of Justice
Assistance an official US based organization that assists state and local law enforcement
in justice matters they are not currently equipped to handle on their own. They arrange for
Dr. Bull, a Cryptanalyst and Linguist specializing in ancient unusual languages and
ciphers, to assist in deciphering the strange markings.
Serial Killer Investigation:
For this example I thought it was best to use real world cases for illustration. The example
used is the most infamous unsolved serial killer case in modern US history which involved
ciphers, the Zodiac. Although, the Zodiac claimed to have killed many more victims,
authorities could only successfully link 8 known deaths and 2 surviving victims with the
Zodiac Killer. One of the things that made the Zodiac different from other serial killers is
that Zodiac sent letters to various newspapers demanding they publish the letter. Some of
the letters came with pieces of the victims clothing to prove the author of the letters was
likely the killer. Several of these letters were also accompanied by mysterious
cryptograms. Some of the cryptograms were separated into several pieces and sent to
separate newspapers. Only one of the 4 cryptograms sent by the Zodiac have been
authenticated as being successfully decoded. While many have claimed to have solved the
others most notably the 340 character cryptogram, none of them were authenticated as
their methodologies were flawed. The remaining 3 cryptograms remain unsolved to this
day. The Zodiac is by no means the only killer to leave cryptographic ciphers behind, or
sent to authorities via the media or directly to detectives. As such, cryptanalysis is an
important field that law enforcement should endeavor to acquire expertise in.
Archeology Investigation:
An archeologist is on a dig site approximately 320 kilometers north of Mexico City and
about 200 kilometers due east of the city of San Lois Potosi. They located an ancient tomb
of structural designs consistent with Aztec architecture that appears to have been used far
more recently then the structure dates back to. In it they find several old documents with
seemingly random numbers on them. Originally they thought they werent of any value or
importance, but then they discover an artifact resembling a five ringed wooding wheel
with an outer track and four inner tracks. At that moment, they recognize the artifact as an
old Mexican Army cipher wheel. The cipher wheel used by the army had the intelligible
alphabet on the outer track with numbers on all the inner tracks. They understood the
significance of the numbers on the documents at that moment. They were in-fact coded
ciphertext messages left behind by the Mexican Army long ago. After decoding them they
make an enormous discovery. That is these messages were coded during the Mexican
American War. This is a significant find as these cipher discs were only thought to exist
around 100 years ago. This new evidence if authenticated would prove the Mexican Army
used such ciphers much earlier then historians ever previously considered possible.
National Security:
In National Security Investigations, cipher can take on more then just computer generated
encryption. Take ISIS and other groups operating throughout the world. The regional
culture they claim to derive from has an extremely rich history with cryptography and
cryptanalysis. Many cryptographic ciphers have been used throughout those lands even
before Biblical time. A number of ancient languages have begun to reappear arising from
the annals of time for use in modern day. This is a good example of possible correlation
between cryptanalyst and linguists. What many dont understand is that while a good
cryptographer can also be skilled in cryptanalysis, they are not the same thing.
Cryptographers encrypt and decrypt using known keys with established known
cryptosystems. Cryptanalyst work without knowing the cipher key or coding system and
attempt to analyze the ciphertext for patterns, character frequencies, logical combinations,
potential grammar, frequently used words and other linguistic patterns to aid in the
decoding of the ciphertext. Some cryptanalyst are so skilled, they can interpret the
ciphertext as if it was a foreign language to be translated. This parallels with many of the
same skills that linguists use when attempting to learn a new language they have no
knowledge of and may have never encountered before. The latter is frequently seen in
linguistically skilled archeologist uncovering ancient language thousands of years old that
no living person has ever seen before. So you see Cryptanalysts and Linguists have a lot in
common in regards to the skills that they possess.
Once applied, your plaintext will instantly be coded into your ciphertext. To decode it, you
could learn to read it as is.. or, simple select all again, and change the font typeface back
to something like Calibri, Arial or Times New Rome and the word processor will
instantaneously decode it back into readable plaintext for you. This is the absolute easiest
way to utilize a simple substitution cipher today that can make even the beginner feel like
a cryptographer or cryptanalyst.
Translate the following to reveal a statement and web address. Once you have the web
address, go there and search for the Tolkien Dwarf typeface. The author was gracious
enough to provide it free of charge.
A note of disclaimer that should be made is that I do not own or operate this free font
website. While Ive used this and other free font websites to acquire typefaces numerous
times without issue or incident, use caution as any site including reputable ones can be
infected with malware. Your best protection from malware is good anti-virus software.
Therefore, if you download this or other fonts, always scan them before installing. For
those wishing to install this typeface, the keyboard mapping is as follows. The symbols for
all regular letters are typed as lowercase. Three of the double letters are one of the others
capitalized. EE is typed as capital E, ST is capital S, TH is capital T, and EA is lowercase
q. Use a c and w together in your ciphertext to represent the letter Q in your plaintext. If
you are not concerned with being completely true to the language, then you may also just
use the EA symbol for the plaintext letter q, as q is what youll type for that symbol. In
this respect, if you choose not to use the double letter symbols, and instead just type your
message and change between font types, then you can easily highlight the Runes and
choose Times New Roman, Arial or something else, and your Word Processor will easily
convert the entire messages between the Runes to English and back again making things
even easier for kids to play around with this typeface. I chose this route when encoding the
previous ciphertext Runes. Those who liked the Lord of the Rings and or Hobbit movies
may likewise find this typeface interesting to use.
All encrypted ciphertext within exercises from chapters 4 and 5 with the exception of DIY
Exercises 5 and 6 (which are translated within the chapter) are translated/decoded within
an Answer sheet found at the end of this book. Please wait until you have attempted to
decode the ciphertext yourself and if possible wait until you have read the entire book
first.
A video game series such as Tomb Raider, often has ancient languages or ciphers
intricately woven within its plot. Ancient Egyptian is an example of a language similar to
what we have come to expect from this series. Lets say, in an upcoming new edition to
the series players come across a tomb on the 50 kilometers from the outskirts of the Giza
Plato during Laras Adventures. Inside the tomb, is the following script.
Use your new found cryptographic skills and decode the script above.
For any Trekkie or future Trekkie reading this, this exercise is in two parts. First, using the
translation key above, please decipher the following.
Ciphertext:
After successfully decoding the above command, attempt to code your own short message
within the Klingon language using the cipher key above. Since there may be some
confusion with the above key, I will explain the basics. The following characters use the
same symbol. They are as follows: (c or the letters ch together are represented as the same
symbol) ; (g or gh have the same symbol.) For practical purposes you may use the symbol
for character tlh for the letter z, ng for letter f, and capital Q for the letter k. This should
help to aid you in successfully translating the English, Spanish, Italian, French or other
language using a similar alphabetic structure into Klingon.
Exercise 5:(Archeology Case) British Archeologist Lady Val Ancient Cipher in Italy:
British archeologist Lady Val is called in by the Italian Government. While the
government was digging in a remote area of the countryside seeking to expand their
transportation infrastructure, workers unearthed a cavern 10 feet beneath the surface.
Inside were enormous chambers each with great numbers of Ancient Roman Artifacts of
tremendous value, and a piece of parchment. The parchment adorn with gold edging
possessed writing which seemed to be written using some type of cipher to encode its
content. The Italian government immediately establishes the site as an important
archeological dig site. Since Lady Val is on vacation in Venice, and considering that she is
recognized as the most respected Field Archeologist specializing in Ancient
Mediterranean Ciphers, the government calls her into the dig site. Once there, Lady Val
sees the following ciphertext written on a piece of parchment. Assume for this example
that Latin is translated as English.
The ciphertext as found on the Parchment reads:
WUHDVXUH KROG RI JDLXV MXOLXV FDHVDU
Assume the role of Lady Val and decrypt the message. First, while there are numerous
ciphers used by Ancient Mediterraneans, this is from Ancient Rome. Having learned an
Ancient Roman Cipher earlier in this book, proceed and decode the message. Considering
Lady Val is the most respected Archeologist specializing in Ancient Mediterranean
Ciphers, while assuming her role, use due diligence to live up to your reputation.
To help, here is the ciphertext again.
WUHDVXUH KROG RI JDLXV MXOLXV FDHVDU
Remember Caesar Cipher is a substitution cipher that used a key that shifted (counted)
three characters over to the right to code. So, to decode the message simply count thee
characters back to the left. W in that case becomes T. Now keep going until youve
decoded the rest.
Once Lady Val (you) finish decoding the message, it reads as thus:
Treasure hold of Gaius Julius Caesar
As you can see, E is the most common letter that appears within the English Language.
If it is the case of a simple substitution cipher being used to create ciphertext, than the
letter or symbol that appears most often will likely be letter E more often then not. If the
ciphertext has spaces that in relation to the ciphertext appears to be separation of words,
than follow this method. Look for single letter words. They will likely be the letters A
or I within a sentence.
Word Frequency:
Two letter words:
Look for two letter words, which will likely be the words to, it, is, if, of, no,
on, in, am, as, at, my, us, up, do, we, me, he, by, go, be,
etc..
Three letter words:
Some of the most common three letter words are the, and, for, are, any, can,
boy, see, new, now, man, you, men, him, her, she, etc.
Look for spaces. If the ciphertext actually has spaces in it this makes things much easier. If
this is the case, look for words that start with the same paring of characters. For example
thorough, this, that, the as well as other possible words matching patterns such as th
as seen within these words. If you decode one of them, apply the same plaintext to all
remaining occurrences.
If no spaces are readily observed, follow one of these suggestions. Look for a character
that consistently appears at the end of ciphertext groups. If the pattern seems to be about
what you have come to except from a separation of words, than that is probably the space
enciphered as a ciphertext character. Sometimes there are no spaces in the ciphertext
because the ciphertext has been condensed meaning the spaces were removed in an
attempt to guard against this possible method of pattern attack.
Anagram and Puzzle Solving Tips:
When dealing with cryptograms, one of the first things you should try is the see if it is an
anagram. Remember anagrams were defined in chapter 1 and are words, names, or phrases
that are made up of letters from other words, names for phrases. Obviously most people
would think of Sherlock Holmes, The Da Vinci Code or other books by Dan Brown, and
Harry Potter when thinking of anagrams seen in novels or movies. To help identify a
possible anagram I suggest learning techniques used by those who play Scrabble. Think of
the letters as in random order rather then already forming an existing word or phrase and
then applying Scrabble techniques should identify if the cryptogram is or is not an
anagram. Another thing that might help crack a code is thinking of it as a puzzle. Those
who love to solve puzzles look at thing differently then the average every day person.
They can make connections where others cannot due to a combination of mindset,
knowledge and experience. Also remember the solution to hard puzzles often comes from
putting it aside. Intentionally top working on it and do something else often allows the
mind to process the problem and provides the needed solution to the problem or in this
case puzzle. When applied correctly these have a good chance of working for the average
cryptogram.
Digital Forensics Key Identification:
For Digital Forensics Examiners, if you have located encrypted evidence on a drive I
would suggest the following. First, ask the individual for the key to decrypt it. If they are
not willing to provide it do not push them as it could be viewed as a form of self
incrimination. If they are uncooperative, begin looking for possible encryption keys.
Unless on Smartphones or similar portable devices, encryption keys will be longer then
what can typically be written on a post-it note. If your Digital Forensic Suite has the
option to look for encryption keys, using it to do so may result in locating the keys need to
decrypt evidence. If no option exists, start by manually Identifying known signatures
found within encryption keys and let them work to your advantage. Have your forensic
program search for any string of code that has similar characteristics to known Cipher
keys. This may on occasionally locate the required key needed to unlock the potential
evidence. Also try to determine if any digital certificates exists on the computer likely
stored by a cryptosystem when manually encrypting files or via an encrypted messaging
program or app. If you find a certificate that is unusual typically not found within a web
browser I suggest the following. Try to determine the specific Certificate Authority that
issued the digital certificate in question. Remember that digital certificates are usually
governed by a Certificate Authority. Providing them with a warrant should be enough to
get them to look and see if they can identify the matching key needed to decrypt the file or
message. Numerous bills concerning E-Privacy dating as far back as the 1990s Clinton
Administration have shown that even a more liberal approach to E-Privacy especially the
use of encryption would require Tech Companies to assist Law Enforcement in any way
possible including with decrypting encrypted evidence seized under current Wire Tap laws
and concerning physical technologies seized as evidence during active investigations.
Depending on the circumstances involved in the case, it may be possible for companies
presented with a warrant to provide the decryption key to your agency allowing you the
opportunity to decrypt the evidence. However, that will depend on the presiding Judges
interpretive Discretion on whether or not to sign such a warrant and the companies legal
stance on the issue since laws are vague in this area. If they are unwilling to provide the
decryption key or assist in decrypting the evidence for authorities, from a legal stand point
they may still be able to assist authorities in other ways. Specifically, Certificate
Authorities may be able to provide a list of all authorized entity(s) or individual(s) that
were granted access to the encrypted communication channel using the paired encryption
keys in question. This could provide new leads without getting into a debate on evidence
decrypting, and further your investigation in the process. In the US, for National Security
related cases invoking the Patriot Act Trumps all other arguments. However, the Patriot
Act should not be used frivolously and must only be invoked when the circumstances
surrendering the investigation warrants such an action. While the Patriot Act does not
specifically include encryption it does state that organizations, companies, corporations,
and other entities must cooperate with authorities and assist them during active ongoing
investigations involving National/Homeland Security.
Linguistic patterns:
The next suggestion I can give is to look for linguistic patterns. This is especially useful if
you have identified the individual the ciphertext was created by and have several plaintext
examples of their writing style. You can see which words they tend to use more often then
others. Even if you did not identify the individual or have any known writing samples in
which to compare it to, there are still typical patterns that can be expected to occur. At
times, periods, question marks, and exclamation points, are either removed or are encoded
with their own ciphertext. Looking for what appears to be the end of a sentence group can
help to identify if this is the case with your current ciphertext. Another note to point out, if
the individuals behavioral patterns can be observed such as at crime scenes, a technique
known as Criminal Behavioral Analysis can make some assumptions concerning the
individuals level of intelligence and or education. With this, additional linguistic patterns
generally associated with level of intellect can be seen to emerge as well.
Forensic Key Analysis:
Forensically analyzing encryption keys can prove a lengthy and tedious endeavor.
However, once could go about it by devising a system similar to the system already used
in Digital Forensic Suites such as The Forensics Took kit (FTK) and Encase. Both these
as well as other Forensic Suites have password cracking capabilities. Many of the ways
Cryptanalysts employ to crack codes are similar to how passwords are broke via password
cracking programs. The brute force attack method mentioned later in this chapter is
another of the approaches that can be used to break encryption that mirrors methods used
to crack passwords. An alternative approach is to remember encryption uses algorithms to
encrypt and decrypt data. Algorithms are utilized in many areas within our daily lives
including listening to music. In analyzing algorithms such as those used by a shuffle
function that rearranges music files to ensure the playlist never plays the music in exactly
the same order twice, we can make some observations. For example it has been shown that
while they use mathematical algorithms to theoretically randomize your playlists, specific
algorithms tend to pick certain songs over other which is why some play far more
frequently then others. Encryption algorithms can be analyzed for similar patterns and if
located exploited to assist authorities in breaking the security algorithm or encryption
employed on the evidence being analyzed.
A hint to help start the reader going is to use frequency distribution analysis to determine
the likely symbol for the letter E. Once located, continue to use frequency distribution
analysis until the entire cryptogram is solved. The answers to the ciphertext above and
below are at the end of this book within an Answer Sheet. Please wait until you are
finished the entire book and after you have attempted them before looking up the answers
to these two Ciphers.
Continuing with your practice, try to decode the next Cipher below. To help readers with
this cryptogram, I can tell you that this cryptogram uses both Shift and Transposition
Ciphers.
JRZ U
RGRN
Man in the Middle:
The Man in the Middle attack occurs when sending data from point A to point B. The old
fashioned early twentieth century spy way involved intercepting messages within postal
systems. In a Passive attack they viewed and or copied it, repackaged the message and
sent it to the intended destination. In Active attacks, they intercepted the message,
modified or replaced it with another misleading message and forwarded it to the intended
destination. In Cybersecurity the concepts are the same only applied when transmitting
data over networks instead of through postal services. If the message was in plaintext, the
intercepting third party would be able to understand its contents, as well as easily try to
forge a fake misleading message to forward on in its place. If the message is in ciphertext,
then it is unintelligible to the intercepting party unless they have the key needed to
successfully decode it. Additionally, without the key used to code the message they would
not be able to encode a fake message to forward on to the receiving party. In Man in the
Middle attacks, whether it is physical or electronic, if the message is not changed or
altered it is considered a Passive attack. If the message was changed or altered, it is
considered an Active Attack. Whether passive or active these Man in the Middle attacks
can occur illegally from criminal elements, as well as from law enforcement authorities
through a legally obtained wire tap warrant.
Brute Force Attack:
The Brute Force Attack is the most time consuming cryptanalysis attack method. Like
frequency distribution attacks it uses Statistics. Unlike frequency distribution which used
probabilities, Brute Force uses combinations. The process consists of generating all
possible combinations of characters that can be used for an encryption key, and then try
each separately one at a time as it attempts to find the possible encryption key needed to
decrypt the encrypted ciphertext targeted for attack. This process is nearly identical to
using Brute Force attacks when trying to crack passwords.
Chapter Summary:
This chapter focused on providing the reader with the opportunity to practice some of their
new found cryptographic skills. It accomplished this by providing exercises that not only
allowed the reader to practice their newly acquired skills, but also provided exercises with
scenarios that can assist the reader with ciphers found in movies and games today. I also
provided those scenarios that one might see in novels, as they could potentially mature
into a fully developed novel at a much later time. Several code breaking tips were
discussed including frequency distribution attack methods ranging from expected letter
occurrences to word frequency, and ended by briefly touching on applying linguist
patterns to code breaking efforts.
In ancient times the Greeks were among the civilizations that employed cryptographic
ciphers. While there were several cryptosystems used during ancient times, the Ancient
Greeks and more specifically the Spartans are accredited with creating the worlds first
known cipher device called a Scytale. The Scytale was first used in the 5th century BC.
The Scytale device was in the shape of a wooden rod. This was not just any rod though.
You wove a strip of parchment similar to a thin leather strap around it, and wrote your
message along the length of the rod. When you reached the end, you simply turned it and
continued writing. Once finished, you sent the coded message to your correspondent. The
message wrote on the thin strap would appear discontinuous to anyone intercepting it.
After the correspondent received it, they wove the parchment around their rod of equal
length and diameter to the senders. Once around the rod, the messages continuity would
be reestablished and the secret message could be read as plaintext. The cipher this device
created is considered to be a type of transposition cipher. As such, cryptanalysis attack
methods used against substitution ciphers including frequency distribution will easily
crack this coding method especially when combining it with anagram techniques and or
pattern recognition.
7.2 Binary:
All modern computing technologies since the creation of the electronic computer with the
exception of quantum computers work by converting data into 1s and 0s. This system is
mathematically known as Base 2, meaning there are only two possibilities a 1 or a 0. All
computer processors convert our data into binary, perform their calculations and the
computer returns its results as intelligible output we see on our devices, monitors, screens,
via print out, or hear through speakers. Every single printable character and even
characters that are not represented on keyboards are converted to Binary. While this was
not intended to be used as a cipher just as Morse Code was not intended as such, for
anyone unfamiliar with how to interpret it, intentionally converting data to binary to hide
the content of the message, data, or document can be viewed as a form of substitution
cipher when implemented in this way.
7.3 Hexadecimal:
Once computing technologies evolved, there was a need to represent data as more then
merely binary. Hexadecimal is the system that arose to fill this need. Unlike binary that
uses Base 2, Hexadecimal uses Base 16 math to represent up to 16 characters instead of
just 2. Note, many students say F in Hexadecimal is 15, so a common mistake students
make is thinking of Hexadecimal as Base 15 instead of Base 16. I will attempt to clarify
for them why it is Base 16. The characters in the Hexadecimal system include
0,1,2,3,4,5,6,7,8,9,A,B,C,D,E,F. As you can see F does in-fact represent 15, but there is
also a 0 present in the hexadecimal system making it Base 16 to represent all 16
possibilities within its keyspace.
7.6 RSA:
Named after its inventors Revest, Shamir, and Adleman RSA cryptography is one of the
most widely used ciphers in the world today. Considered to be a form of Public Key
Cryptography it utilizes asymmetric ciphers. However it is unfair to only consider it
asymmetric as it also employs symmetric cryptography as well. It uses asymmetric
cryptography via Public Key encryption to encrypt data using public keys and decrypt data
using private keys. However, both keys themselves public and private are generated
utilizing symmetric cryptography. This means RSA should be represented as utilizing
both, as both are needed for RSA to perform its desired function.
The Math: As RSA is Public Key Encryption, without explaining exactly how RSA
algorithms differ from other public key cryptosystems, RSA can be express the same as
Public Key above in 7.5.
A:{C}DB:{C}E
7.12 AES:
This cryptosystem stands for Advanced Encryption Standard. This is a fairly strong
symmetric algorithm. While it is not secure enough to protect classified information, it is
considered secure enough to protect sensitive government or confidential enterprise data.
While it uses symmetric cryptographic algorithms, it also utilizes block lengths to encrypt
and decrypt its ciphertext. The block lengths for this algorithm are 128, 192, or 256 bits.
AES can be implemented within hardware or software to secure data. Firewalls and
routers including most newer consumer wireless routers have AES as an option if enabling
router security. The technology may also be used in Secure Socket Layer (SSL), Transport
Layer Security (TLS), as well as other forms of modern electronic devices employing
encryption.
7.13 IDEA:
Standing for International Data Encryption Algorithm, IDEA is a symmetric block cipher
and is available for use within Pretty Good Privacy and S/MIME. Since IDEAs block
cipher uses symmetric algorithms, it was intended to replace both DES and 3DES as the
new symmetric cipher algorithm of choice. This block cipher uses an algorithm that uses
64bit blocks of plaintext and a 128bit cipher key. IDEA can operate in several modes.
They are Electronic Code Book (ECB), Cipher Feedback (CFB), and Cipher Block
Chaining or CBC.
7.17 Paired-keys:
In public key cryptography, two keys are generated. One is the public key and the other
the private key. These key are matched or paired with each other. The public key encrypts
data and the private key decrypts data. The only exception to this being digital signatures.
While digital signatures use paired keys, their functions are different. See descriptions for
Public Key, Private Key, and Digital Signatures for addition information about each.
response. Everything sent and received thus far has been transmitted entirely in plaintext.
The clients next response is to exchanges the encryption keys used to encryption the
connection. The client generates a symmetric key and sends it to the server securely via
Diffie-Hellman Key Exchange using the domains public key found within the digital
certificate to encrypt the symmetric key the client is sharing with the server and sends it as
ciphertext. Once the ciphertext is received, the server uses its private key to decrypt the
symmetric key sent by the client. At this time, both client and server signal each other that
they are about to switch from plaintext to ciphertext exclusively. This is the process
known as Change Cipher Spec. Once done, the secure session has been successfully
establish allowing information sent and received between the client and server to be
encrypted using the agreed upon symmetric key ensuring the information shared will
remain confidential. This secure session will continue until the user logs off or the
connection times out. At which time, if the user wishes to continue to securely
communicate with the domain, a new session will need to be created and the entire
encryption process will begin from scratch once again.
The SSL/TLS sessions use a hybrid or combination of cryptosystems. Public key
cryptography is used for the key exchange while symmetric cryptography is used to
encrypt the information being securely sent and received between the client and server.
Today, current encryption technologies used for access a website securely will typically
show HTTPS instead of HTTP in the web browsers URL address bar. HTTP stands for
Hypertext Transfer Protocol and communicates via unencrypted plaintext. However,
HTTPS or Hypertext Transfer Protocol Secure uses encrypted sessions to ensure data
transmitted and received is secure. Whenever the user sees the HTTPS in their address bar,
they know that SSL or TLS encryption technology is being used to secure the information
they send or receive from that site. If the previously explain process to initial SSL or TLS
secure connections is successful, there should be a lock symbol that appears before your
url in the browsers address bar. If one does not, your connection with that server might not
be secure. Note, if using an extremely old web browser, you may need to update it to
utilize the newest SSL or TLS variants. This encryption technology focuses on three
specific Critical Characteristics of Information. These three characteristics are
Confidentiality, Integrity, and Authenticity.
Once the SSL session has been implemented, it creates a secure encrypted environment or
link between the server and your client web browser. This allows for the sharing of
encrypted data between the web server and your web browser thus protecting your privacy
and the companys assets. Anyone intercepting the encrypted traffic will be unable to
intelligibly understand the content being sent or received. It should be noted that there are
several types of SSL certificates. Some are owner generated without a Certificate
Authority, and others are domain generated which use Certificate Authorities to
authenticate the association between the domain and public key is correct.
Open connections are a problem that needs to be addressed. For example, if you logged
into a website, and you only click the X to close the browser without singing off or
logging out first, the connection is not instantly terminated and remains open. In these
situations, a skilled hacker could locate such an open connection and establish a
piggybacked connection from your opened one. If successful, they would be able to access
your account information just as if they were you. If you work with confidential, sensitive
or classified information, this would be the same as if you were logged into your network
account at work, and walked away from your computer while you were still logged in.
Anyone walking by could access information they are not authorized to access via your
access privileges. Therefore, additional security mechanisms may also be implemented to
guard against opened connections. One mechanism to guard against opened connections
are automatic log offs. The automatic log off function looks for inactivity during current
access sessions. If inactivity is located and remains inactive for a predefined amount of
time, the current access session is terminated. Once terminated, the user will need to log
back into the network in order to access information. The same concept also applies to
accessing secure websites from home. This is why you sometimes need to sign back into
sites after getting a drink from the kitchen, or briefly answering the phone. After it detects
inactivity for say two minutes or less if defined as less, to continue accessing information
on that site you will need to sign back in. This auto log off function is a way secured
websites can further protect your account from being accessed by unauthorized
individuals.
While SSL/TLS technology makes it harder for hackers to piggyback on open connections
as described above, or impede attempts to establish a man-in-the-middle attack, it is still
theoretically possible for them to gain enough information to access your information or
online account. Remember, no security is entirely impenetrable.
from points A to B and back again, makes VPN technology by far the most secure method
used for the sending and receiving of confidential or sensitive data through the internet
today. As such, it is best used for securing remote access points, and securing office
connectivity between branch locations.
neighbors. However whether its them or anyone else that just happens to drive by and
stumbles upon your unsecure router (the latter being the more likely scenario), they could
perform unlawful activities through your open unsecure router and the investigating
authorities will come knocking at your door under the assumption that you are the
perpetrator of the illicit activities. A thorough investigation may eventually clear you from
any illegal wrong doing, but how many people really want to go through all that hassle
and subsequent community rumor-mill gossip when it could have all been avoided. The
best way to avoid this from happening is to enable encryption of your wireless routers.
Consult your wireless routers user manual for instruction on how to enable wireless
security. The possible security measures your wireless router offers may differ, but will
likely consist of Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA) or WiFi Protected Access 2 (WPA2) security standards. This author recommends not using
WEP security as it is easily broken within minutes. The WPA standard is stronger and
more secure then WEP encryption. However, while it is still adequate for today, it has
flaws. WPAs encryption standard can be broken by a more complex and lengthier attack.
At present WPA2 is the most secure and best choice to protect your wireless routers and
all devices connected to it. One thing many people do not realize is that once a party has
access to your wireless signal they can access all devices connected to it unless other
security procedures are implemented to guard against such unauthorized access.
Encryption is one method to guard against unauthorized access, although there are others
such a firewalls, port blocking, MAC address filtering as well as other methods to reduce
the risk of unauthorized access. These procedures do not fall within the scope of this book,
but can be found within other Cybersecurity books or via quick internet searches.
Problems arising from invalid certificates:
When accessing a website, you may at times be presented with a message similar to the
one provided below.
Using OpenPGP:
For those who wish to play around with GNU Privacy Guard, it is available for the
following operating systems. Windows, OSX, Debian, RPM, Android, VMS and RISC
OS. If interested, you may download it at the following URL: www.gnupg.org/download
Unless you wish to play around with the source code, be sure to download the GNUPG
Binary releases.
You may also try this version at www.gpg4win.org as you may prefer its graphical user
interface.
Since the graphical user interface is easier for the average user to work with, I suggest
trying gpg4win if you are interested in trying OpenPGP encryption.
Gpg4win installation:
Although you should choose the version that best fits your needs, for the purpose of this
example I downloaded Gpg4win with GnuPG Component only for this demonstration.
After downloading, double click the file (in windows) to begin the installation process.
The following several images will take you through the normal installation of gpg4win.
On this window it tells you the version of Gpg4win you are about to install. Click the next
button to continue.
Read the License Agreement, and if you agree to it click next to continue.
If you chose another version of Gpg4win there will be different options listed here. In that
case close the one you want and then click next to continue.
Chose the options that best fit your needs. I recommend not adding to the Quick Launch
Bar. When ready, click next to continue.
If you chose the option to add to Start Menu, this window will appear. Just leave it as is
and click next.
If all goes well you will see this window appear informing you that the installation
completed successfully. Click Next, and Click Next again on the last screen to complete
the installation and return to desktop.
You should see a desktop Icon entitled Kleopatra. Double click the icon to start the
program. The following pictures will explain the next steps.
At the main Kleopatra window click the file menu in the upper left.
Here click the option that best fits your needs. Note a Certificate Authority will govern the
certificates made by selecting the second option. I do not recommend using the second
option until you are more comfortable in using encryption and understand how it works.
Until then, there is no need to involve a CA especially when its just for learning purposes
as in this example. Therefore, for this example select the option to Create a personal
OpenPGP key pair.
Once Create a personal OpenPGP key par is clicked the window above appears. Fill in all
required fields in this form. Note as its just a personal key locally used and generated any
name or email address will work. However, if using a Certificate Authority, your real
name and actual email address must be provided. I also recommend this if creating a
personal key pair that you intend to share with another youll communicate with via email
or by some other online means. Although that is up to you as it may work fine without.
Clicking Advanced will allow you to choose the encryption algorithm such as RSA to use
with the certificate. You can also just leave it along and click next to continue.
With all necessary information now provided, just click the create key button to
continue.
This window will prompt you to enter a passphrase that will be needed and used for the
keys which you will need to remember. It will inform you if your passphrase is too weak.
In that case ensure it is at least 8 characters in length and has letters numbers and a special
character. Once it accepts the passphrase continue to the last step below.
This window will appear informing you that the keys were successfully created. I
recommend making a backup of your key pair. However, you chose whichever option fits
your needs and then click finish.
As I do not wish to include additional pictures needlessly, for further information on using
Gpg4win there are numerous step by step tutorials that can be found on YouTube that
walk users through how to use and successfully implement Gpg4win as well as Gnu
Privacy Guard to encrypt and decrypt data.
Chapter Summary:
Within chapter 7 we discussed a number of different Modern Ciphers that have been used
since the 1950s. The main categories of modern ciphers consist of symmetric ciphers,
asymmetric ciphers, block ciphers, and a combination of them used within a single
cryptosystem. RSA was the first Public Key Encryption used that gained widely accepted
use throughout the world. It is still used today, although usually within certain
cryptosystems that used it in conjunction with asymmetric cryptographic algorithms. Data
Encryption Standard (DES) as well as its immediate successor Triple Data Encryption
Standard (3DES) use symmetric algorithms to encode and decode data and were industry
accepted standards which are also still in use today. Several varieties of email encryption
to send electronic mail securely ensuring the content of a message is kept confidential and
unintelligible to unauthorized parties intercepting the messages. Additionally, this chapter
also discussed other Public Key cryptosystem including Pretty Good Privacy (PGP) and
Public Key Infrastructure (PKI) as well as Secure Socket Layer IPSec, and Diffie-Hellman
Key Exchange. Concepts involved within Public Key Infrastructure focusing on Digital
Certificate and Digital Signatures as well as PKIs emphases on Confidentiality, Integrity,
Authorization, Authentication and Nonrepudiation were touched upon. Several examples
of implementing encryption for use with email communications, and things people should
consider before making a decision on whether or not to encrypt their Smartphones data.
The chapter ended with a discussion on wireless router security. Standards discussed were
WEP, WPA, and WPA2. Flaws to Wired Equivalent Privacy as well as its successor Wi-Fi
Protected Access that make them vulnerable to attack methods were mention. After
reading this chapter the reader should be versed with several types of modern
computerized encryption algorithms utilized today to ensure our private information stays
private.
would open it and provided the unencrypted intelligible versions to authorities promptly. I
happen to agree with this view partially. Being forced to provide authorities with any and
all requested information without probable cause should not be allowed. If probable cause
can be established and a warrant conveyed to companies presented with such requests, I
believe it is their duty to humanity to cooperate with the authorities submitting the request.
On the other hand, creating an easy to access backdoor is really not a solution to better
protect anyone.
authorities request. The law states that you must furnish the information upon request
provided the authorities have met the essential requirements needed to show that probable
cause has been met to secured a lawful search warrant and have it in hand to present to the
person of interest. However in interpreting these rulings, we see that if no probable cause
could be justified to secure a lawful warrant, than authorities have no grounds to have
access to any encrypted data within an individuals electronic device.
serve to provide criminals with carte blanche access to everyones electronic information
whenever they want, to do with whatever they desire unabated. Developing legislation
leaning towards creating surveillance states will only result in an artificial sense of
security, completely erode any countries law abiding citizens remaining expectation of
privacy, and will likely result in little to no real world tangible proof that surveillance
legislation has better secured any countries national boarders from criminal activities
beyond the capabilities in which they had already possessed prior to passing such evasive
legislation. However, I do support the development of improved cryptanalysis training
programs, increase funding to improve cryptanalysis technologies that investigative
authorities can utilize to aid in their investigations, as well as legislation and other
technologies that when implemented correctly aid investigators in gaining access to the
encrypted evidence they need for their investigations without infringing upon the
individual citizens reasonable expectation of privacy especially not when imposing such
legislation would promote environments criminals can exploit to steal personal
information essentially make every citizens digital information more unsecure in the
process. From an intelligence gathering perspective, the idea of such legislation sounds
great. However, from a law enforcement perspective, it will prove to be nightmarish.
Criminals already have easy enough access in which to steal private information or misuse
technologies to advance their criminal endeavors such as Identity Theft, Malicious
Hacking, Insurance or Financial Fraud, Extortion, Embezzlement, Corporate Espionage,
Cyber-Stalking, Cyber-Defamation, Cyber-Terrorism and the proliferation of malware
usage to name but a few. Passing poorly drafted legislation will only aid these criminal
elements by making it even easier for them to do so in the future. How does this better
protect anyone from being victimized?
Thank you for taking your valuable time to read this book! It is appreciated!
Summary:
This book provides a brief introduction of Cryptography. It emphasizes a multidisciplinary approach as it introduces the reader to this field. This approach utilizes fields
within Computer Science, Cybersecurity, Forensic Analysis, and various branches of
Mathematics. Ciphers discussed range from those used in Ancient Times through Modern
Answer sheet:
Chapter 4 DIY Exercise 2 Frozen/Tolkien Runes:
Translates to:
Elsa and Hans like myfontfree.com
Chapter 4 DIY Exercise 3 Ancient Egyptian:
translates to:
THIS IS THE TOMB OF
SETH-PERIBSEN
PHARAOH OF THE 2ND
DYNASTY OF EGYPT
Chapter 4 DIY Exercise 4 Klingon:
translates to:
Gowrons orders are to engage the cloak!
The answers to the coded messages located in Chapter 5 are as follows:
Translates to:
I wanted to see if a single person was still awake. Additionally, if they paid attention when
looking through this text.
and the mixed Shift and Transposition Cipher
JRZU
RGRN
Translates to:
using Caesar Cipher to first decode pass one, and rail fence read diagonally, the message
reads:
Good Work