A puzzle, spies … and a beheading

A puzzle about secrets

Ayo wants to send her friends Guang and Elham who live together secret messages that only the person she sends the message to can read. She doesnt want Guang to read the messages to Elham and vice versa.

An ornate padlock with key — Image by Bernd from Pixabay

Guang buys them all small lockable notebooks for Christmas. They are normal notebooks except that they have a lock that can be locked shut using a small in-built padlock. Each padlock can be opened with a different single key. Guang suggests that they write messages in their notebook and post it and the key separately to the person who they wish to send the message to. After reading the message that person tears that page out and destroys it, then returns the notebook and key. They try this and it appears to be working, apparently preventing the others from reading the messages that aren’t for them. They exchange lots of secrets…until one day Guang gets a letter from Ayo that includes a note with an extra message added on the end by Elham in the locked notebook. It says “I can read your messages. I know all your secrets – Elham”. She has been reading Ayo’s messages to Guang all along and now knows all their secrets. She now wants them to know how clever she has been.

How did she do it? (And what does it have to do with the beheading of Mary Queen of Scots?)

Breaking the system

Elham has, of course, been getting to the post first, steaming open the envelopes, getting the key and notebook, reading the message (and for the last one adding her own note). She then seals them back in the envelopes and leaves them for Guang.

A similar thing happened to betray Mary Queen of Scots to her cousin Queen Elizabeth I. It led to Mary being beheaded.

Is there a better way?

Ayo suggests a solution that still uses the notebooks and keys, but in which no keys are posted anywhere. To prove her method works, she sends a secret message to Guang, that Elham fails to read. How does she do it? See if you can work it out before reading on…and what is the link to computer science?

Mary Queen of Scots

The girls face a similar problem to that faced by Mary Queen of Scots and countless spies and businesses with secrets to exchange before and since…how to stop people intercepting and reading your messages. Mary was beheaded because she wasn’t good enough at it. The girls in the puzzle discovered, just like Mary, that weak encryption is worse than no encryption as it gives false confidence that messages are secret.

There are two ways to make messages secret – hide them so no one realises there is a message to read or disguise the message so only people in the know, are aware it exists (or both). Hiding the message is called Steganography. Disguising a message so it cannot be read even if known about is called encryption. Mary Queen of Scots did both and ultimately lost her life because her encryption was easy to crack, when she believed the encryption would protect her, it had given her the confidence to write things she otherwise would not have written.

House arrest

Mary had been locked up – under house arrest – for 18 years by Queen Elizabeth I, despite being captured only because she came to England asking her cousin Elizabeth to give her refuge after losing her Scottish crown. Elizabeth was worried that Mary and her allies would try to overthrow her and claim the English crown if given the chance. Better to lock her up before she even thought of treason? Towards the end of her imprisonment, in 1586 some of Mary’s supporters were in fact plotting to free her and assassinate Elizabeth. Unfortunately, they had no way of contacting Mary as letters were allowed neither in nor out by her jailors. Then, a stroke of good fortune arose. A young priest called Gilbert Gifford turned up claiming he had worked out a way to smuggle messages to and from Mary. He wrapped the messages in a leather package and hid them in the hollow bungs of barrels of beer. The beer was delivered by the brewer to Chartley Hall where Mary was held and the packages retrieved by one of Mary’s servants. This, a form of steganography, was really successful allowing Mary to exchange a long series of letters with her supporters. Eventually the plotters decided they needed to get Mary’s agreement to the full plot. The leader of the coup, Anthony Babington, wrote a letter to Mary outlining all the details. To be absolutely safe he also encrypted the message using a cipher that Mary could read (decipher). He soon received a reply in Mary’s hand also encrypted that agreed to the plot but also asked for the names of all the others involved. Babington responded with all the names. Unfortunately, unknown to Babington and Mary the spies of Elizabeth were reading everything they wrote – and the request for names was not even from Mary.

Spies and a Beheading

Unfortunately for Mary and Babington all their messages were being read by Sir Francis Walsingham, the ruthless Principal Secretary to Elizabeth and one of the most successful Spymasters ever. Gifford was his double agent – the method of exchanging messages had been Walsingham’s idea all along. Each time he had a message to deliver, Gifford took it to Walsingham first, whose team of spies carefully opened the seal, copied the contents, redid the seal and sent it on its way. The encrypted messages were a little more of a problem, but Walsingham’s codebreaker could break the cipher. The approach, called frequency analysis, that works for simple ciphers, involves using the frequency of letters in a message to guess which is which. For example, the most common letter in English is E, so the most common letter in an encrypted message is likely to be E. It is actually the way people nowadays solve crossword like code-puzzles know as Cross References that can be found in puzzle books and puzzle columns of newspapers.

When they read Babington’s letter they had the evidence to hang him, but let the letter continue on its way as when Mary replied, they finally had the excuse to try her too. Up to that point (for the 18 years of her house arrest) Elizabeth had not had strong enough evidence to convict Mary – just worries. Walsingham wanted more though, so he forged the note asking for the names of other plotters and added it to the end of one of Mary’s letters, encrypted in the same code. Babington fell for it, and all the plotters were arrested. Mary was tried and convicted. She was beheaded on February 8th 1587.

Private keys…public keys

What is Ayo’s method to get round their problems of messages being intercepted and read? Their main weakness was that they had to send the key as well as the locked message – if the key was intercepted then the lock was worthless. The alternative way that involves not sending keys anywhere is the following…

Top Secret written on a notebook with flowers — Image by Paul Curzon

Suppose Ayo wants to send a message to Guang. She first asks Guang to post her notebook (without the key but left open) to her. Ayo writes her message in Guang’s book then snaps it locked shut and posts it back. Guang has kept the key safe all along. She uses it to open the notebook secure in the knowledge that the key has never left her possession. This is essentially the same as a method known by computer scientist’s as public key encryption – the method used on the internet for secure message exchange, including banking, that allows the Internet to be secure. In this scheme, keys come in 2 halves a “private key” and a “public key”. Each person has a secret “private key” of their own that they use to read all messages sent to them. They also have a “public key” that is the equivalent to Guang’s open padlock.

If someone wants to send me a message, they first get my public key – which anyone who asks for can have as it is not used to decrypt messages, just for other people to to encrypt them (close the padlock) before sending them to me. It is of no use to decrypt any message (reopen the padlock). Only the person with the private key (the key to the padlock) can get at the message. So messages can be exchanged without the important decryption key going anywhere. It remains safe from interception.

Saving Mary

Would this have helped Mary? No. Her problem was not in exchanging keys but that she used a method of encryption that was easy to crack – in effect the lock itself was not very strong and could easily be picked. Walsingham’s code breakers were better at decryption than Babington was at encryption.

by Paul Curzon, Queen Mary University of London, updated from the archive

Magazines …

Issue 29: Diversity

Subscribe to be notified whenever we publish a new post to the CS4FN blog.

EPSRC supports this blog through research grant EP/W033615/1.

Byte Queens

Women have made vital contributions to computer science ever since Ada Lovelace debugged the first algorithm for an actual computer (written by Charles Babbage) almost 200 years ago (more on CS4FN’s Women Portal). Despite this, women make up only a fraction (25%) of the STEM workforce: only about a fifth of senior tech roles and only a fifth of computer science students are women. The problem starts early: research by the National Centre for Computing Education suggests that female student’s intension to study computing drops off between the ages of 8 and 13. Ilenia Maietta, a computer science student at Queen Mary, talks about her experiences of studying in a male-dominated field and how she is helping to build a network for other women in tech.

Ilenia’s love for science hasn’t wavered since childhood and she is now studying for a master’s degree in computer science – but back in sixth form, the decision was between computer science and chemistry:

“I have always loved science, and growing up my dream was to become a scientist in a lab. However, in year 12, I dreaded doing the practical experiments and all the preparation and calculations needed in chemistry. At the same time, I was working on my computer science programming project, and I was enjoying it a lot more. I thought about myself 10 years in the future and asked myself ‘Where do I see myself enjoying my work more? In a lab, handling chemicals, or in an office, programming?’ I fortunately have a cousin who is a biologist, and her partner is a software engineer. I asked them about their day-to-day work, their teams, the projects they worked on, and I realised I would not enjoy working in a science lab. At the same time I realised I could definitely see myself as a computer scientist, so maybe child me knew she wanted to be scientist, just a different kind.”

The low numbers of female students in computer science classrooms can have the knock-on effect of making girls feel like they don’t belong. These faulty stereotypes that women don’t belong in computer science, together with the behaviour of male peers, continue to have an impact on Ilenia’s education:

“Ever since I moved to the UK, I have been studying STEM subjects. My school was a STEM school and it was male-dominated. At GCSEs, I was the only girl in my computer science class, and at A-levels only one of two. Most of the time it does not affect me whatsoever, but there were times it was (and is) incredibly frustrating because I am not taken seriously or treated differently because I am a woman, especially when I am equally knowledgeable or skilled. It is also equally annoying when guys start explaining to me something I know well, when they clearly do not (i.e. mansplaining): on a few occasions I have had men explain to me – badly and incorrectly – what my degree was to me, how to write code or explain tech concepts they clearly knew nothing about. 80% of the time it makes no difference, but that 20% of the time feels heavy.”

Many students choose computer science because of the huge variety of topics that you can go on to study. This was the case for Ilenia, especially being able to apply her new-found knowledge to lots of different projects:

“Definitely getting to explore different languages and trying new projects: building a variety of them, all different from each other has been fun. I really enjoyed learning about web development, especially last semester when I got to explore React.js: I then used it to make my own portfolio website! Also the variety of topics: I am learning about so many aspects of technology that I didn’t know about, and I think that is the fun part.”

“I worked on [the portfolio website] after I learnt about React.js and Next.js, and it was the very first time I built a big project by myself, not because I was assigned it. It is not yet complete, but I’m loving it. I also loved working on my EPQ [A-Level research project] when I was in school: I was researching how AI can be used in digital forensics, and I enjoyed writing up my research.”

Like many university students, Ilenia has had her fair share of challenges. She discussed the biggest of them all: imposter syndrome, as well as how she overcame it.

“I know [imposter syndrome is] very common at university, where we wonder if we fit in, if we can do our degree well. When I am struggling with a topic, but I am seeing others around me appear to understand it much faster, or I hear about these amazing projects other people are working on, I sometimes feel out of place, questioning if I can actually make it in tech. But at the end of the day, I know we all have different strengths and interests, so because I am not building games in my spare time, or I take longer to figure out something does not mean I am less worthy of being where I am: I got to where I am right now by working hard and achieving my goals, and anything I accomplish is an improvement from the previous step.”

Alongside her degree, Ilenia also supports a small organisation called Byte Queens, which aims to connect girls and women in technology with community support.

“I am one of the awardees for the Amazon Future Engineer Award by the Royal Academy of Engineering and Amazon, and one of my friends, Aurelia Brzezowska, in the programme started a community for girls and women in technology to help and support each other, called Byte Queens. She has a great vision for Byte Queens, and I asked her if there was anything I could do to help, because I love seeing girls going into technology. If I can do anything to remove any barriers for them, I will do it immediately. I am now the content manager, so I manage all the content that Byte Queens releases as I have experience in working with social media. Our aim is to create a network of girls and women who love tech and want to go into it, and support each other to grow, to get opportunities, to upskill. At the Academy of Engineering we have something similar provided for us, but we wanted this for every girl in tech. We are going to have mentoring programs with women who have a career in tech, help with applications, CVs, etc. Once we have grown enough we will run events, hackathons and workshops. It would be amazing if any girl or woman studying computer science or a technology related degree could join our community and share their experiences with other women!”

For women and girls looking to excel in computer science, Ilenia has this advice:

“I would say don’t doubt yourself: you got to where you are because you worked for it, and you deserve it. Do the best you can in that moment (our best doesn’t always look the same at different times of our lives), but also take care of yourself: you can’t achieve much if you are not taking care of yourself properly, just like you can’t do much with your laptop if you don’t charge it. And finally, take space: our generation has the possibility to reframe so much wrongdoing of the past generations, so don’t be afraid to make yourself, your knowledge, your skills heard and valued. Any opportunities you get, any goals you achieve are because you did it and worked for it, so take the space and recognition you deserve.”

Ilenia also highlighted the importance of taking opportunities to grow professionally and personally throughout her degree, “taking time to experiment with careers, hobbies, sports to discover what I like and who I want to become” mattered enormously. Following her degree, she wants to work in software development or cyber security. Once the stress of coursework and exams is gone, Ilenia intends to “try living in different countries for some time too”, though she thinks that “London is a special place for me, so I know I will always come back.”

Ilenia encourages all women in tech who are looking for a community and support, to join the Byte Queens community and share with others: “the more, the merrier!”

– lenia Maietta and Daniel Gill, Queen Mary University of London

Visit the Byte Queens website for more details. Interested women can apply here.

Magazines …

Front cover of CS4FN issue 29 - Diversity in Computing

Cover of Issue 20 of CS4FN, celebrating Ada Lovelace

Subscribe to be notified whenever we publish a new post to the CS4FN blog.

This blog is funded by EPSRC on research agreement EP/W033615/1.

Navajo Code Talkers

Bletchley Park, the British code cracking centre helped win World War II, but it is not just breaking codes and ciphers that wins wars, creating unbreakable ones to keep your own secrets safe matters too. Bletchley Park wasn’t the first or only time a secret cryptography team helped win battles or even wars. In World War I secret messages had been successfully sent using Choctaw, the language of a tribe of Native Americans, including to help organise a surprise attack. It worked with their messages left un-cracked. This led to an even more successful code-creating team in World War II based on Navajo. The Navajo “Code Talkers” as they were called, could encode, transmit and decode messages in minutes when it would take hours using conventional codes and ciphers.

In World War II, the US forces used a range of Native American languages to communicate, but a code based on a native Indian language, Navajo, was especially successful. The use of a Navajo-based code was the idea of Philip Johnston after the attack on Pearl Harbour. His parents were missionaries so he had grown up on a Navajo reservation, speaking the language fluently despite how difficult it was. Aged only 9, he acted as an interpreter for a group who went to Washington to try to improve Indian rights.

He suggested using Navajo as a secret language and enlisted in the marines to help bring the idea to fruition. He thought it would work as a secret code because there was no written version of Navajo. It was a purely a spoken language. That meant he was one of very few people who were not Navajo who could speak it. It was also a complex language unlike any other language. The US marines agreed to trial the idea.

To prove it would work, Johnston had Navajo transmit messages in the way they would need to on the battlefield. They could do it close to 100 times faster than it would take using standard cipher machines. That clinched it.

Many Navajo had enlisted after Pearl Harbour and a platoon soley of Navajo were recruited to the project, including a 15 year old, William Dean Yazzie. However, they didn’t just speak in Navajo to transmit messages. The original 29 Navajo recruited worked out the details of the code they would use. Once deployed to the Pacific a group of them also met to further improve the code. None of it was written down apart from in training manuals that did not leave the training site, so there was no chance the code book could be captured in battle. All those involved memorised it and practiced sending messages quickly and accurately. Messages were also always spoken, eg over radio and never written down, making it harder for the code to be cracked based on analysing intercepted messages.

Commonly needed words, like ‘difficult’ or ‘final’ had direct Navajo code words (NA-NE-KLAH and TAH-AH-KWO-DIH). However for critical words (countries, kinds of planes, kinds of ships, etc) they first swapped English words for other English words using one code. They then translated those words into Navajo. That meant even a Navajo speaker outside their trained group wouldn’t immediately understand a message. The code, for example, used birds names in place of kinds of planes. So the English code word for a bomber plane was Buzzard. But then the Navajo for Buzzard was actually used: (JAY-SHO).

Another part of the code was to use Navajo words for letters of the alphabet, so A is for ant translated to WOL-LA-CHE in Navajo. However, to make this more secure two other words stood for A too (apple: BE-LA-SANA and axe: TSE-NILL). Each letter had three alternatives like this and any of the three could be used.

Finally the way that it was used meant a message would always just be a series of unconnected words making no sense even to a Navajo speaker.

The code talkers played a key part in many battles including the iconic battle of Iwo Jima, capturing the heavily defended Japanese controlled island of that name. The US Major responsible for communications said of the battle, “Were it not for the Navajos, the Marines would never have taken Iwo Jima.”

Not only did it make communications much faster than they would have been, unlike other US codes and ciphers, the code talker’s code was never cracked … all thanks to the Navajo team who devised it.

– Paul Curzon, Queen Mary University of London

Magazines …

Issue 29 – Diversity

Subscribe to be notified whenever we publish a new post to the CS4FN blog.

This blog is funded through EPSRC grant EP/W033615/1.

Cyber Security at the movies: Rogue one (Part II: Authentication)

A Stormtrooper looking the other way — Image by nalik25390 from Pixabay

SPOILER ALERT

In a galaxy far, far away cyber security matters. So much so, that the whole film Rogue One is about it. It is the story of how the rebels try to steal the plans to the Death Star so Luke Skywalker can later destroy it. Protecting information is everything. The key is good authentication. The Empire screws up!

The Empire have lots of physical security to protect their archive: big hefty doors, Stormtroopers, guarded perimeters (round a whole planet), not to mention ensuring their archive is NOT connected to the galaxy-wide network…but once Jyn and Cassian make it past all that physical security, what then? They need to prove they are allowed to access the data. They need to authenticate! Authentication is about how you tell who a person is and so what they are, and are not, allowed to do. The Empire have a high-tech authentication system. To gain access you have to have the right handprint. Luckily, for the rest of the series, Jyn easily subverts it.

Sharing a secret

Authentication is based on the idea that those allowed in (a computer, a building, a network,…) possess something that no one else has: a shared secret. That is all a password is: a secret known to only you and the computer. The PIN you use to lock your phone is a secret shared between you and your phone. The trouble is that secrets are hard to remember and if we write them down or tell them to someone else they no longer work as a secret.

A secure token

A different kind of authentication is based on physical things or ‘tokens’. You only get in if you have one. Your door key provides this kind of check on your identity. Your bank card provides it too. Tokens work as long as only people allowed them actually do possess them. They have to be impossibly hard to copy to be secure. They can also be stolen or lost (and you can forget to take them with you when you set off to save the Galaxy).

Biometrics

Biometrics, as used by the Empire, avoids these problems. They rely on a feature unique to each person like their fingerprint. Others rely on the uniqueness of the pattern in your iris or your voice print. They have the advantage that you can’t lose them or forget them. They can’t be stolen or inadvertently given to someone else. Of course for each galactic species, from Ewok to Wookie, you need a feature unique to each member of that species.

Just because Biometrics are high-tech, doesn’t mean they are foolproof, as the Empire found out. If a biometric can be copied, and a copy can fool the system, then it can be broken. The rebels didn’t even need to copy the hand print. They just killed a person who had access and put their hand against the reader. If it works when the person is dead they are just a token that someone else can possess. In real life 21st century Japan, at least one unfortunate driver had his finger cut off by thieves stealing his car as it used his fingerprint as the key! Biometric readers need to be able to tell whether the thing being read is part of a living person.

The right side of the door

Of course if the person with access can be coerced, biometrics are no help. Perhaps all Cassian needed to do was hold a blaster to the archivist’s head to get in. If a person with access is willing to help it may not matter whether they have to be alive or not (except of course to them). Part of the flaw in the Empire’s system is that the archivist was outside the security perimeter. You could get to him and his console without any authentication. Better to have him working on the other side of the door, the other side of the authentication system.

Anything one can do …

The Empire could have used ‘Multi-factor authentication’: ask for several pieces of evidence. Your bank cashpoint asks for a shared secret (something you know – your PIN) and a physical token (something you possess – your bank card). Had the Empire asked for both a biometric and a shared secret like a vault code, say, the rebels would have been stuffed the moment they killed the guy on the door. You have to be careful in your choice of factors too. Had the two things been a key and handprint, the archive would have been no more secure than with the handprint alone. Kill the guard and you have both.

We’re in!

A bigger problem is once in they had access to everything. Individual items, including the index, should have been separately protected. Once the rebels find the file containing the schematics for the Death Star and beam it across the Galaxy, anyone can then read it without any authentication. If each file had been separately protected then the Empire could still have foiled the rebel plot. Even your computer can do that. You can set individual passwords on individual files. The risk here is that if you require more passwords than a person can remember, legitimate people could lose access.

Level up!

Levels help. Rather than require lots of passwords, you put documents and people into clearance levels. When you authenticate you are given access to documents of your clearance level or lower. Only if you have “Top Secret” clearance are you able to access “Top Secret” documents. The Empire would still need a way to ensure information can never be leaked to a lower clearance level area though (like beaming it across the galaxy).

So if you ever invent something as important to your plans as a Death Star, don’t rely on physical security and a simple authentication system. For that matter, don’t put your trust in your mastery of the Force alone either, as Darth Vader discovered to his cost. Instead of a rebel planet, your planet-destroying-planet may just be destroyed itself, along with your plans for galactic domination.

– Paul Curzon, Queen Mary University of London,

Magazines …

Subscribe to be notified whenever we publish a new post to the CS4FN blog.

This blog is funded by EPSRC on research agreement EP/W033615/1.

Cyber Security at the movies: Rogue one (Part I: Physical Security)

Stormtroopers standing to attention — Image by Paul Curzon

SPOILER ALERT

In a galaxy far, far away cyber security matters quite a lot. So much so, in fact, that the whole film Rogue One is about it. The plot is all about the bad guys trying to keep their plans secret, and the good guys trying to steal them.

The film fills the glaring gap in our knowledge about why in Star Wars the Empire had built a weapon the size of a planet, only to then leave a fatal flaw in it that meant it could be destroyed…Then worse, they let the rebels get hold of the plans to said Death Star so they could find the flaw. Protecting information is everything.

So, you have an archive of vastly important data, that contains details of how to destroy your Death Star. What do you do with it to keep the information secure? Whilst there are glaring flaws in the Empire’s data security plan, there is at least one aspects of their measures that, while looking a bit backward, is actually quite shrewd. They use physical security. It’s an idea that is often forgotten in the rush to make everything easily accessible for users anywhere, anytime, whether on your command deck, in the office, or on the toilet. That of course applies to hackers too. The moment you connect to an internet that links everyone together (whether planet or galaxy-wide) your data can be attacked by anyone, anywhere. Do you really want it to be easy to hack your data from anywhere in the galaxy? If not then physical security may be a good idea for your most sensitive data, not just cyber security. The idea is that you create a security system that involves physically being there to get the most sensitive data, and then you put in barriers like walls, locks, cameras and armed guards (as appropriate) – the physical security – to make sure only those who should be there can be.

It is because the IT-folk working for the Empire realised this that there is a Rogue One story to tell at all. Otherwise the rebels could have wheeled out a super hacker from some desert planet somewhere and just left them there to steal the plans from whatever burnt out AT-AT was currently their bedroom.

Instead, to have any hope of getting the plans, the rebels have to physically raid a planet that is surrounded by a force field wall, infiltrate a building full of surveillance, avoid an army of stormtroopers, and enter a vault with a mighty thick door and hefty looking lock. That’s quite a lot of physical security!

It gets worse for the rebels though. Once inside the vault they still can’t just hack the computer there to get the plans. It is stored in a tower with a big gap and massive drop between you and it. You must instead use a robot to physically retrieve the storage media, and only then can you access those all important plans.

Pretty good security on paper. Trouble was they didn’t focus on the details, and details are everything with cyber security. Security is only as strong as the weakest link. Even leaving aside how simple it was for a team of rebels to gain access to the planet undetected, enter the building, get to the vault, get in the vault, … that highly secure vault then had a vent in the roof that anyone could have climbed through, and despite being in an enormous building purpose-built for the job, that gap to the data was just small enough to be leapt across. Oh well. As we said detail is what matters with security. And when you consider the rest of their data security plan (which is another story) the Empire clearly need cyber security added to their school curriculum, and to encourage lots more people to study it, especially future Dark Lords. Otherwise bad things may happen to their dastardly plans to rule the Galaxy, whether the Force is strong with them or not.

– Paul Curzon, Queen Mary University of London,

Magazines …

Subscribe to be notified whenever we publish a new post to the CS4FN blog.

This blog is funded by EPSRC on research agreement EP/W033615/1.

Alan Turing’s life

by Jonathan Black, Paul Curzon and Peter W. McOwan, Queen Mary University of London

From the archive

Alan Turing Portrait — Image of Alan Turing: Elliott & Fry, Public domain, via Wikimedia Commons

Alan Turing was born in London on 23 June 1912. His parents were both from successful, well-to-do families, which in the early part of the 20th century in England meant that his childhood was pretty stuffy. He didn’t see his parents much, wasn’t encouraged to be creative, and certainly wasn’t encouraged in his interest in science. But even early in his life, science was what he loved to do. He kept up his interest while he was away at boarding school, even though his teachers thought it was beneath well-bred students. When he was 16 he met a boy called Christopher Morcom who was also very interested in science. Christopher became Alan’s best friend, and probably his first big crush. When Christopher died suddenly a couple of years later, Alan partly helped deal with his grief with science, by studying whether the mind was made of matter, and where – if anywhere – the mind went when someone died.

The Turing machine

After he finished school, Alan went to the University of Cambridge to study mathematics, which brought him closer to questions about logic and calculation (and mind). After he graduated he stayed at Cambridge as a fellow, and started working on a problem that had been giving mathematicians headaches: whether it was possible to determine in advance if a particular mathematical proposition was provable. Alan solved it (the answer was no), but it was the way he solved it that helped change the world. He imagined a machine that could move symbols around on a paper tape to calculate answers. It would be like a mind, said Alan, only mechanical. You could give it a set of instructions to follow, the machine would move the symbols around and you would have your answer. This imaginary machine came to be called a Turing machine, and it forms the basis of how modern computers work.

Code-breaking at Bletchley Park

By the time the Second World War came round, Alan was a successful mathematician who’d spent time working with the greatest minds in his field. The British government needed mathematicians to help them crack the German codes so they could read their secret communiqués. Alan had been helping them on and off already, but when war broke out he moved to the British code-breaking headquarters at Bletchley Park to work full-time. Based on work by Polish mathematicians, he helped crack one of the Germans’ most baffling codes, called the Enigma, by designing a machine (based on earlier version by the Poles again!) that could help break Enigma messages as long as you could guess a small bit of the text (see box). With the help of British intelligence that guesswork was possible, so Alan and his team began regularly deciphering messages from ships and U-boats. As the war went on the codes got harder, but Alan and his colleagues at Bletchley designed even more impressive machines. They brought in telephone engineers to help marry Alan’s ideas about logic and statistics with electronic circuitry. That combination was about to produce the modern world.

Building a brain

The problem was that the engineers and code-breakers were still having to make a new machine for every job they wanted it to do. But Alan still had his idea for the Turing machine, which could do any calculation as long as you gave it different instructions. By the end of the war Alan was ready to have a go at building a Turing machine in real life. If it all went to plan, it would be the first modern electronic computer, but Alan thought of it as “building a brain”. Others were interested in building a brain, though, and soon there were teams elsewhere in the UK and the USA in the race too. Eventually a group in Manchester made Alan’s ideas a reality.

Troubled times

Not long after, he went to work at Manchester himself. He started thinking about new and different questions, like whether machines could be intelligent, and how plants and animals get their shape. But before he had much of a chance to explore these interests, Alan was arrested. In the 1950s, gay sex was illegal in the UK, and the police had discovered Alan’s relationship with a man. Alan didn’t hide his sexuality from his friends, and at his trial Alan never denied that he had relationships with men. He simply said that he didn’t see what was wrong with it. He was convicted, and forced to take hormone injections for a year as a form of chemical castration.

Although he had had a very rough period in his life, he kept living as well as possible, becoming closer to his friends, going on holiday and continuing his work in biology and physics. Then, in June 1954, his cleaner found him dead in his bed, with a half-eaten, cyanide-laced apple beside him.

Alan’s suicide was a tragic, unjust end to a life that made so much of the future possible.

Related Magazines …

Issue 14 – Alan Turing – The genius who gave us the future

This blog is funded through EPSRC grant EP/W033615/1.

I know where your cat lives

Governments pass laws to protect their citizens’ privacy. They outlaw reading email, listening in to phone calls and accessing data without permission or a court order. If you really care about privacy though, you need to protect your ‘metadata’ too: data about data. The police and security services can learn a lot from metadata when they put their minds to it. Anyone else with access can too. You need to take care of yours (and that of your cat).

Imagine you are on the run, hoping not to be found. You would make sure no one took a photograph of you that showed where you were, but you might think you were safe enough if you weren’t standing next to a distinctive landmark. Think again. John McAfee (who was on the run from the Police at the time), was located by a photograph, but not because of anything visible in the picture. It was because of the hidden metadata attached to it.

Metadata is all the indexing information that goes with data. So a film on DVD is actual data but the name of the film, the director, information about the actors, and so on – that’s its metadata. Similarly, the words you say in a phone call are the data, but who is calling who and from where is metadata.

With photos (the data), the metadata includes where the photo was taken and the camera it was taken with. Smartphones track very precise location information, and, unless you switch this setting off, this metadata of where it was taken is saved with the picture. If the photo is uploaded to a website, the metadata is uploaded too, and that’s what happened to John McAfee. A journalist interviewed him and took a photo, intending not to give away his whereabouts. However, he uploaded the photo which gave away the precise location in the metadata. This would have made it easier for law enforcement to catch up with him … had he not found out about the location-leak first and made his escape in the nick of time.

Location based services on smartphones are really useful. If you want to find out where you are, how far away something is, or use the inbuilt map apps on the phone to plan how to get somewhere, then you need to let the phone know where it is. But you might not want a photograph you take inside your home to share the information of where that house is to anyone who cares to know, stalkers and trolls included.

The website “I know where your cat lives” aims to make more people aware of the information they give away unintentionally. Plenty of people share photographs of their gorgeous pets on the Internet. Most also unwittingly give away the precise latitude and longitude of where they live. The site collects publicly available cat photos with their metadata and plots them on an aerial photo map, showing where each cat’s photo has been taken, and so likely where the owner lives

German Green party MP, Malte Spitz, went a step further and published 6 months of records kept (at the time by law) by his phone company about him. To emphasise how scary it was privacy-wise he published it in the form of a minute by minute interactive map, so anyone could follow his exact location (just like the phone company) as though in real time from the location metadata his phone was giving away all the time. The metadata was combined with his freely available social networking data, allowing anyone to see not just where he was but often what he was doing. Germany no longer requires phone companies to keep this metadata, but other countries have antiterrorist laws that require similar information to be kept for everyone. You can explore Malte’s movements at (archived link: www.zeit.de/datenschutz/malte-spitz-data-retention) to get an idea of how your life is being tracked by metadata.

Don’t just look after your cat, look after your cat’s metadata too (not to mention your own)!

Jo Brodie, Queen Mary University of London

In the news …

This Guy Is Cyberstalking the World’s Cats in the Name of Privacy (17 July 2014) VICE
“… meant as part art project, part wake up call to people to scrub their photos of the EXIF metadata stored on every photo you take.”
This Website Knows Where Your Cat Lives (22 July 2014) TIME
I Know Where Your Cat Lives: Feline photo mapping website exposes how easy it is to track the owner’s location (21 November 2015) The Independent
How you told the internet everything about you without realising it (22 March 2018) ABC News

Related Magazine

Issue 24: Keep Out! Cyber Security and Privacy

A copy can be found on page 8 in ‘Keep Out’ – Issue 24 of CS4FN magazine, on Cyber Security and Privacy

Our magazines and booklets are free to download from: https://cs4fndownloads.wordpress.com

Subscribe to be notified whenever we publish a new post to the CS4FN blog.

This blog is funded by EPSRC on research agreement EP/W033615/1.

Die another Day? Or How Madonna crashed the Internet

A lone mike in front of stage lights — Image by Pexels from Pixabay

When pop star Madonna took to the stage at Brixton Academy in 2001 for a rare appearance she made Internet history and caused more that a little Internet misery. Her concert performance was webcast; that is it was broadcast real time over the Internet. A record-breaking audience of 9 million tuned in, and that’s where the trouble started…

The Internet’s early career

The Internet started its career as a way of sending text messages between military bases. What was important was that the message got through, even if parts of the network were damaged say, during times of war. The vision was to build a communications system that could not fail; even if individual computers did, the Internet would never crash. The text messages were split up into tiny packets of information and each of these was sent with an address and their position in the message over the wire. Going via a series of computer links it reached its destination a bit like someone sending a car home bit by bit through the post and then rebuilding it. Because it’s split up the different bits can go by different routes.

Express yourself (but be polite please)

To send all these bits of information a set of protocols (ways of communicating between the computers making up the Internet) were devised. When passing on a packet of information the sending machine first asks the receiving machine if it is both there and ready. If it replies yes then the packet is sent. Then, being a polite protocol, the sender asks the receiver if the packets all arrived safely. This way, with the right address, the packets can find the best way to go from A to B. If on the way some of the links in the chain are damaged and don’t reply, the messages can be sent by a different route. Similarly if some of the packets gets lost in transit between links and need to be resent, or packets are delayed in being sent because they have to go by a round about route, the protocol can work round it. It’s just a matter of time before all the packets arrive at the final destination and can be put back in order. With text the time taken to get there doesn’t really matter that much.

The Internet gets into the groove

The problem with live pop videos, like a Madonna concert, is that it’s no use if the last part of the song arrives first, or you have to wait half an hour for the middle chorus to turn up, or the last word in a sentence vanishes. It needs to all arrive in real time. After all, that is how it’s being sung. So to make web casting work there needs to be something different, a new way of sending the packets. It needs to be fast and it needs to deal with lots more packets as video images carry a gigantic amount of data. The solution is to add something new to the Internet, called an overlay network. This sits on top of the normal wiring but behaves very differently.

The Internet turns rock and roll rebel

So the new real time transmission protocol gets a bit rock and roll, and stops being quite so polite. It takes the packets and throws them quickly onto the Internet. If the receiver catches them, fine. If it doesn’t, then so what? The sender is too busy to check like in the old days. It has to keep up with the music! If the packets are kept small, an odd one lost won’t be missed. This overlay network called the Mbone, lets people tune into the transmissions like a TV station. All these packages are being thrown around and if you want to you can join in and pick them up.

Crazy for you

Like dozens of cars
all racing to get through
a tunnel there were traffic jams.
It was Internet gridlock.

The Madonna webcast was one of the first real tests of this new type of approach. She had millions of eager fans, but it was early days for the technology. Most people watching had slow dial-up modems rather than broadband. Also the number of computers making up the links in the Internet were small and of limited power. As more and more people tuned in to watch, more and more packets needed to be sent and more and more of the links started to clog up. Like dozens of cars all racing to get through a tunnel there were traffic jams. Packets that couldn’t get through tried to find other routes to their destination … which also ended up blocked. If they did finally arrive they couldn’t get through onto the viewers PC as the connection was slow, and if they did, very many were too late to be of any use. It was Internet gridlock.

Who’s that girl?

Viewers suffered as the pictures and sound cut in and out. Pictures froze then jumped. Packets arrived well after their use by date, meaning earlier images had been shown missing bits and looking fuzzy. You couldn’t even recognise Madonna on stage. Some researchers found that packets had, for example, passed over seven different networks to reach a PC in a hotel just four miles away. The packets had taken the scenic route round the world, and arrived too late for the party. It wasn’t only the Madonna fans who suffered. The broadcast made use of the underlying wiring of the Internet and it had filled up with millions of frantic Madonna packets. Anyone else trying to use the Internet at the time discovered that it had virtually ground to a halt and was useless. Madonna’s fans had effectively crashed the Internet!

Webcasts in Vogue

Today’s webcasts have moved on tremendously using the lessons learned from the early days of the Madonna Internet crash. Today video is very much a part of the Internet’s day-to-day duties: the speed of the computer links of the Internet and their processing power has increased massively; more homes have broadband so the packets can get to your PC faster; satellite uplinks now allow the network to identify where the traffic jams are and route the data up and over them; extra links are put into the Internet to switch on at busy times; there are now techniques to unnoticeably compress videos down to small numbers of packets, and intelligent algorithms have been developed to reroute data effectively round blocks. We can also now combine the information flowing to the viewers with information coming back from them so allowing interactive webcasts. With the advent of digital television this service is now in our homes and not just on our PC’s.

Living in a material world

It’s because of thousands of scientists working on new and improved technology and software that we can now watch as the housemate’s antics stream live from the Big Brother house, vote from our armchair for our favourite talent show contestant or ‘press red’ and listen to the director’s commentary as we watch our favourite TV show. Like water and electricity the Internet is now an accepted part of our lives. However, as we come up with even more popular TV shows and concerts, strive to improve the quality of sound and pictures, more people upgrade to broadband and more and more video information floods the Internet … will the Internet Die another Day?

Peter W. McOwan and Paul Curzon, Queen Mary University of London, 2006

More on …

Subscribe to be notified whenever we publish a new post to the CS4FN blog.

This blog is funded by EPSRC on research agreement EP/W033615/1.

Hiding in Elizabethan Binary

Old writing — Image by Michal Jarmoluk from Pixabay

The great Tudor and Stuart philosopher Sir Francis Bacon was a scientist, a statesman and an author. He was also a pretty decent computer scientist. He published* a new form of cipher, now called Bacon’s Cipher, invented when he was a teenager. Its core idea is the foundation for the way all messages are stored in computers today.

The Tudor and Stuart eras were a time of plot and intrigue. Perhaps the most famous is the 1605 Gunpowder plot where Guy Fawkes tried to assassinate King James I by blowing up the Houses of Parliament. Secrets mattered! In his youth Bacon had worked as a secret agent for Elizabeth I’s spy chief, Walsingham, so knew all about ciphers. Not content with using those that existed he invented his own. The one he is best remembered for was actually both a cipher and a form of steganography. While a cipher aims to make a message unreadable, steganography is the science of secret writing: disguising messages so no one but the recipient knows there is a message there at all.

A Cipher …

Bacon’s method came in two parts. The first was a substitution cipher, where different symbols are substituted for each letter of the alphabet in the message. This idea dates back to Roman times. Julius Caesar used a version, substituting each letter for a letter from a fixed number of places down the alphabet (so A becomes E, B becomes F, and so on). Bacon’s key idea was to replace each letter of the alphabet with, not a number or letter, but it’s own series of a’s and b’s (see the cipher table). The Elizabethan alphabet actually had only 24 letters so I and J have the same code as do U and V as they were interchangeable (J was the capital letter version of i and similarly for U and v).

In Bacon’s cipher everything is encoded in two symbols, so it is a binary encoding. The letters a and b are arbitrary. Today we would use 0 and 1. This is the first use of binary as a way to encode letters (in the West at least). Today all text stored in computers is represented in this way – though the codes are different – it is all Unicode is. It allocates each character in the alphabet with a binary pattern used to represent it in the computer. When the characters are to be displayed, the computer program just looks up which graphic pattern (the actual symbol as drawn) is linked to that binary pattern in the code being used. Unicode gives a binary pattern for every symbol in every human language (and some alien ones like Klingon).

Steganography

The second part of Bacon’s cipher system was Steganography. Steganography dates back to at least the Greeks, who supposedly tattooed messages on the shaved heads of slaves, then let their hair grow back before sending them as both messenger and message. The binary encoding of Bacon’s cipher was vital to make his steganography algorithm possible. However, the message was not actually written as a’s and b’s. Bacon realised that two symbols could stand for any two things. If you could make the difference hard to spot, you could hide the messages. Bacon invented two ways of handwriting each letter of the alphabet – two fonts. An ‘a’ in the encoded message meant use one font and a ‘b’ meant use the other. The secret message could then be hidden inside an innocent one. The letters written were no longer the message, the message was in the font used. As Bacon noted, once you have the message in binary you could think of other ways to hide it. One way used was with capital and lower-case letters, though only using the first letter of words to make it less obvious.

Suppose you wanted to hide the message “no” in the innocuous message ‘hello world’. The message ‘no’ becomes ‘abbaa abbab’. So far this is just a substitution cipher. Next we hide it in, ‘hello world’. Two different kinds of fonts are those with curls on the tails of letters known as serif fonts and like this one and those without curls known as sans serif fonts and like this one. We can use a sans serif font to represent an ‘a’ in the coded message, and a serif font to represent ‘b’. We just alternate the fonts following the pattern of the a’s and b’s: ‘abbaa abbab’. The message becomes

sans serif, serif, serif, sans serif, sans serif,
sans serif, serif, serif, sans serif, serif.

Using those fonts for our message we get the final mixed font message to send:

Bacon the polymath

Bacon is perhaps best known as one of the principal advocates for rigorous science as a way of building up knowledge. He argued that scientists needed to do more than just come up with theories of how the world worked, and also guard against just seeing the results that matched their theories. He argued knowledge should be based on careful, repeated observation. This approach is the basis of the Scientific Method and one of the foundation stones of modern science.

Bacon was also a famous writer of the time, and one of many authors who has since been suggested as the person who wrote William Shakespeare’s plays. In his case it is because they claim to have found secret messages hidden in the plays in Bacon’s code. The idea that someone else wrote Shakespeare’s plays actually started just because some upper class folk with a lack of imagination couldn’t believe a person from a humble background could turn themselves into a genius. How wrong they were!

Paul Curzon, Queen Mary University of London, Autumn 2017

*Thanks to Pete Langman, whose PhD was on Francis Bacon, for pointing out a mistake in the original version of this blog where I suggested the cipher was published in, 1605, the year of the Gun Powder plot. It was actually first published in 1623 in De augmentis which was a translation/enlargement of his 1605 Advancement of Learning.

He also pointed out that Bacon conceived the idea while working with Elizabethan spymaster, Walsingham’s cipher expert at the time of the Babington plot to assasinate Elizabeth I, Thomas Phileppes, and Mary, Queen of Scots’ jailer, Amias Paulet. Bacon also claimed the cipher was never broken!

Subscribe to be notified whenever we publish a new post to the CS4FN blog.

This blog is funded by EPSRC on research agreement EP/W033615/1.

i-pickpocket

Credit cards in a back pocket. — Image by Kris from Pixabay

Contactless payments seem magical. But don’t get caught out by someone magically scanning your card without you knowing. Almost £7 million was stolen by contactless card fraud in 2016 alone…

Victorian Hi-Tech

Contactless cards talk to the scanner by electromagnetic induction, discovered by Michael Faraday back in 1831. Changes in the current in a coil of wire, which for a contactless card is just an antenna in the form of a loop, creates a changing magnetic field. If a loop antenna on another device is placed inside that magnetic field, then a voltage is created in its circuit. As the current in the first circuit changes, that in the other circuit copies it, and information is passed from one to the other. This works up to about 10cm away.

Picking pockets at a distance

Contactless cards don’t require authentication like a PIN, to prove who is using them, for small amounts. Anyone with the card and a reader can charge small amounts to it. Worse, if someone gets a reader within 10cm of the bag holding your card, they could even take money from it without your knowledge. That might seem unlikely but then traditional pickpockets are easily capable of taking your wallet without you noticing, so just getting close isn’t hard by comparison! For that kind of fraud the crook has to have a legitimate reader to charge money. Even without doing that they can read the number and expiry date from the card and use them to make online purchases though.

A man in the middle

Security researchers have also shown that ‘relay’ attacks are possible, where a fake device passes messages between the shop and a card that is somewhere else. An attacker places a relay device near to someone’s actual card. It communicates with a fake card an accomplice is using in the shop. The shop’s reader queries the fake card which talks to its paired device. The paired device talks to the real card as though it were the one in the shop. It passes the answers from the real card back to the fake card which relays it on to the shop. Real reader and card get exactly the messages they would if the card was in the shop, just via the fake devices in between. Both shop and card think they are talking to each other even though they are a long way apart, and the owner of the real card knows nothing about it.

Block the field

How do you guard against contactless attacks? Never hand over your card, always ask for a receipt and check your statements. You can also keep your card in a blocking sleeve: a metal case that protects the card from electromagnetic fields (even using a homemade sleeve from tin foil should work). Then at least you force the pickpockets back to the Victorian, Artful Dodger style, method of actually stealing your wallet.

Of course Faraday was a Victorian, so a contactless attack is actually a Victorian way of stealing too!

Jane Waite and Paul Curzon, Queen Mary University of London

	The art of animatron… on I’m (not) a little …
	The Decline and Fall… on Victorian volunteers needed…
	Gatsby Benchmarks fo… on Finding work experience, or a…
	BBC Sound Effects li… on AMPER: AI helping future you r…
	PEEECS Bulletin Augu… on Involving disabled people in t…

A puzzle about secrets

Breaking the system

Is there a better way?

Mary Queen of Scots

House arrest

Spies and a Beheading

Private keys…public keys

Saving Mary

More on …

Magazines …

More on …

Magazines …

More on …

Magazines …

Sharing a secret

A secure token

Biometrics

The right side of the door

Anything one can do …

We’re in!

Level up!

More on …

Magazines …

More on …

Magazines …

The Turing machine

Code-breaking at Bletchley Park

Building a brain

Troubled times

More on …

Related Magazines …

More on …

In the news …

Related Magazine

The Internet’s early career

Express yourself (but be polite please)

The Internet gets into the groove

The Internet turns rock and roll rebel

Crazy for you

Who’s that girl?

Webcasts in Vogue

Living in a material world

More on …

A Cipher …

Steganography

Bacon the polymath

Victorian Hi-Tech

Picking pockets at a distance

A man in the middle

Block the field

More on…