It will not be marked, however, everybody should be able to do Part 1 by hand;
good programmers should be able to write a program to help them solve Part 2.
1
Computer Security Exercise 0
This is an un-assessed exercise for the Computer Security module. It will not be marked, however, everybody should be able to do Part 1 by hand; good programmers should be able to write a program to help them solve Part 2. There will be a prize for the first person to e-mail me (
[email protected]) a solution to Part 3.
1.1
Background: Substitution Ciphers
The aim of this exercise is break some simple substitution ciphers. These ciphers encrypt a message by replacing each symbol with a different symbol. For instance, a substitution cipher for the Latin alphabet might replace each letter from the top of the following table with the letter below it: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z P L M O K I J N U H B Y G V T F C R D X E S Z W A Q To encrypt a message in English using this cipher first all spaces and punctuation are removed, then all of the letters are changed to upper case, finally the substitution is applied. For example: to to
Send reinforcements, we are going to advance. SENDREINFORCEMENTSWEAREGOINGTOADVANCE DKVORKUVITRMKGKVXDZKPRKJTUVJXTPOSPVMK
To decode messages the reverse substitution is applied and then the decoder has to look at the text carefully to work out where the spaces and punctuation go.
1.2
Frequency Analysis
There are 26 factorial possible Latin alphabet substitution ciphers, this would make a brute force attack difficult, however if the attacker knows that the plain text message is written in English then substitution ciphers can be effectively broken by frequency analysis. The following table contains the frequencies (as a percentage) of each letter in common English texts. e:12.7 s 6.3 u 2.8 p 1.9 q 0.1
t 9.1 r 6.0 m 2.4 b 1.5 z 0.1
a 8.2 h 6.1 w 2.4 v 1.0
o 7.5 d 4.3 f 2.2 k 0.8
i 7.0 l 4.0 g 2.0 j 0.2
n 6.7 c 2.8 y 2.0 x 0.2
The attacker can break the cipher by counting the frequency of letters in the cipher text and then try to match up each letter in the cipher text with a plain text letter that occurs with a similar frequency. You can find example cipher texts at: http://www.cs.bham.ac.uk/~tpc/CompSec/ Exercises/Exercise0/.
1.3
The Exercise
The following 3 paragraphs are all English text encode with a different substitution cipher.
1
1.3.1
Part 1
Break this substitution cipher, either by hand or by writing a simple program. ZYEMOUSOUSIZWYIXOKSOTZQSOBSYLSWDKHTMOWARMSKSRRSILISFESWBHSTOISQISR RZWSOIRYRMSOUSIODSTLYISWDKHTMOWAWYEWBYXXYWSWDKHTMGYIATOISQISTSWRRM SYRMSIRSVRTGHKKWYRJSTYSOTZOWAXOZJSMOIARYAYJISONHWDRMHTBHQMSIJZMOWA TMYEKAWYRJSAHLLHBEKRRYAYMYGSUSIRMHTSVSIBHTSOTNTZYERYGIHRSOQIYDIOXR MORORROBNTBHQMSITOERYXORHBOKKZOWAJISONTRMSXGHRMYEROETSIMOUHWDRYPEX QHWOWAXONSOBMOWDSOTHXQKSJIERSLYIBSOQQIYOBMHTWYRWSBSTTOIHKZRMSWHBST RGOZRYAYWSRMHTRMSRIHBNRYAYHWDRMHTGHKKJSRYASRSBRGMSWRMSTEJTRHRERHYW HTWYRIHDMROWARYLHWAOJSRRSIYWSETHWDRMSLISFESWBHSTRYDEHASZYEDYYAKEBN 1.3.2
Part 2
Part 1 is easy to decode because it contains very typical English. For harder texts you will have to automatically detect when you have found a good guess that the cipher. Find a list of words (by, for instance, googling “word list”), and then create a program that: 1. Tries to decrypt the text as in part 1. 2. Counts the number of English words in the guessed plain text. 3. Makes a small change to the guessed cipher (e.g. swaps two letters). 4. If the guessed plain text has more English words, keep the change to the cipher, otherwise discard it. 5. Repeat from step 2 for a fixed number of cycles of until no more progress is made. Apply this program to break the cipher text in Part 1 and the following cipher text: KXGAAEZRVIGJDBXDDBRGKYVVDJKUGQBXRYGJBVRJDARSDAQGOUVRJDBDVIDJGBDJRY PXWEOUKURKXGLDBXDUGJAEOPHYUKRTVGQGOUKYVVDJKADGKDXGBXGAABRRKXRJBGUG BDKRVDBEVDBRRXRBBXDDQDRTXDGSDOKXEODKGOURTBDOEKXEKPRAUZRVIADMEROUEV VDUGOUDSDJQTGEJTJRVTGEJKRVDBEVDUDZAEODKHQZXGOZDRJOGBYJDKZXGOPEOPZR YJKDYOBJEVVDUHYBBXQDBDJOGAKYVVDJKXGAAORBTGUDORJARKDIRKKDKKERORTBXG BTGEJBXRYRWKBORJKXGAAUDGBXHJGPBXRYWGOUJDKBEOXEKKXGUDWXDOEODBDJOGAA EODKBRBEVDBXRYPJRWKBKRAROPGKVDOZGOHJDGBXDRJDQDKZGOKDDKRAROPAESDKBX EKGOUBXEKPESDKAETDBRBXDD 1.3.3
Part 3
Improve your program from Part 2, so that it can identify good guessed ciphers, and make effective changes to improve the guessed cipher. Develop your program so that it can break cipher texts such as the following in less than half an hour, on one of the schools desktop computers. TDGWCKCMWGADWSGWPHDDSIAWSTEDWMGASIHWMWKKAWSWGJAMWPSDTDMADXHUDMEAHPA SBHTDJWHDSMCWTMADDULWMGASWPHWTMADTDDDUASHAISAUALWSTRDPATALAWSHKMDXI ETWSGRWAGUDMKCWMALEWSGLDMMXRTWSIPDLWSWGAWSKWSBASILDMRDMWTADSASUDMJX HWPPDUEDYDXMLDXSTMCSDYMAHBHGCASIDUHTWMZWTADSWMXJDXMTEWTHJCASATAWPTE DXIETWHAHYATLEDUUJCMWGADWMXJDXMDMRDHHAKPCWEDWFRMDRWIWSGWAJXMJXMWSFA DXHPCWHTEDXIEOXHTKCHWCASIHDAJAIETWPPWCJCGDXKTHTCRALWPRDPATALAWSHRMD RWIWSGWKXTRXKPALDRASAADSIMWGXWPPCWKHDMGHATWHUWLTASGAZAGXWPHHTWMTHTM XTTASIWMDXSGYATEHTDXTLPXKHUDDGIPDMADXHUDDGAHWLDJJDSLMCDLLWHADSWPPCH XSITDKWMTHJXHALYATEDMGASWMCEWMGYDMBASIUDPBEWMWHHASIDUUALWPHKDTEPDLW PWSGSWTADSWPWSGLXMHASILWRATWPAHTHWSGLWRTWASHDUASGXHTMC
2
