If we know the key (shift), the formula f(x)=x-k (mod26) can be used ; x being the encrypted value. w 22 19 t v 21 18 s k 10 7 h x 23 20 u h 7 4 e e 4 1 b f 5 2 c v 21 18 s d 3 0 a h 7 4 e v 21 18 s l 11 8 i d 3 0 a w 22 19 t u 20 17 r x 23 20 u f 5 2 c w 22 19 t l 11 8 i l 11 8 i s 18 15 p r 17 14 o k 10 7 h q 16 13 n h 7 4 e f 5 2 c u 20 17 r u 20 17 r l 11 8 i b 1 24 y v 21 18 s s 18 15 p d 3 0 a w 22 19 t b 1 24 y s 18 15 p l 11 8 i f 5 2 c d 3 0 a w 22 19 t o 14 11 l h 7 4 e h 7 4 e p 15 12 m a 0 23 x d 3 0 a p 15 12 m s 18 15 p o 14 11 l h 4 e r 17 14 o i 8 5 f d 3 0 a w 22 19 t w 22 19 t r 17 14 o v 21 18 s b 1 24 y v 21 18 s Otherwise there are several other ways of decrypting ciphertext. – Brute force attack. – Frequency analysis. – Known plaintext-ciphertext attack. – Chosen plaintext-ciphertext attack. 2 e. g. Frequency analysis. The message below was enciphered using a shift cipher. Letter frequencies, determine the likeliest values of the shift and use a process of eradication to obtain the plaintext. WKH FDHVDU FLSKHU LV D WBSLFDO HADPSOH RI D VXEVWLWXWLRQ FUBSWRVBVWHP
High-frequency letters in English text: E, T, O, I, A, N, R, S High-frequency letters in the ciphertext: W(7) H(6) V (5) D(5) L(4) S(4) B (3) F(3) Guess “WK” is “th”, and hence “WKH” is “the” The string “D” is probably “a” thus “FDHVDU” is “_AE_A_” After trial and error we finally get THE CAESAR CIPHER IS A TYPICAL EXAMPLE OF A SUBSTITUTION CRYPTOSYSTEM. 3 Exercise 3 a) Assume that you are using a web browser to ‘sign in’ to an on-line service that you are a registered user of (e. g. , an e-mail service such as Google Mail or an on-line banking service). How can you tell whether he user name and password that you supply on the ‘sign in’ web page for the service will be encrypted when transmitted between your web browser and the service? There are several ways of checking if the website is encrypted. Some websites secure the connection between the website and the user’s browser which is important especially when entering personal information and making payments online. One way is to look in the lower right part of the window, there is a box in the frame of the window to the left area that indicates which zone the user is in (a common one is the Internet zone – globe icon).
If there is a yellow padlock icon (black for MAC), the website being viewed is encrypted and a “secure website”. If the box is empty, the website does not have a secure connection with the browser being used. For further checking (PC), double click on the lock icon and click View certificates to display the security certificate for the site. Check the Issued to details match the name of the site, including the site owners. For MAC, go to Window, Page info, Security tab and View Certificate. Details on Encryption Check URL prefix = Common Name (CN) Check trusted
CA Check date is valid Another way to check would be to have a look at the URL, if it starts with [https://], the website being viewed is secure; if the URL starts with http://, the website is not secure. 4 b) Load an encrypted web page (different from the one shown during the lectures) into a web browser of your choice, and examine the certificate used by the web page. Answer the following questions: i) What is the URL of the web page, and what field from the certificate has to match part of this URL? What is the value of this field? URL: https://signin. ebay. co. k/ Field from the certificate that has to match part of this URL: Common Name (CN) Value: signin. ebay. com ii) What Certificate Authority issued the certificate? Organization (O): VeriSign, Inc Organization Unit (OU): VeriSign Trust Network iii) How does the web browser decide whether to trust this Certificate Authority? All browsers will only trust a certificate if it is signed by a Certificate Authority (CA). To get a site’s SSL certificate signed by one of these authorities, money has to be paid by the service provider in order for them to do checks to confirm their identity.
Examples of CAs include companies such as Verisign and GeoTrust. . Each browser contains a list of CAs to be trusted. If possible, include a snapshot of the certificate – as displayed by your web browser – in the answer to this part of the exercise; this is optional, and your mark will not be affected if you do not include the snapshot. 5 Exercise 4 a) List two characteristics of phishing emails that their recipients can use to distinguish these emails from normal (i. e. , non-phishing) emails.
Ways to distinguish phishing emails include: ? ? ? ? Incorrect recipient address information e. g. name spelt incorrectly, email addressed to multiple recipients. Phishing scams rarely know the real names of its targets and use impersonal greetings such as ‘Dear user’. Being sent an ultimatum – the email could imply that updating user information is mandatory for the user. If the email includes a convoluted hyperlink e. g. http://userconfirmationform-id485763. ebay. com/userdirectory/EbaY. dll As you can see the URL ends with a . ll file which is very rare and it also includes what appears to be a randomly generated number in the middle. The beginning does not contain https which means the link is not secure. ? No additional information in the email e. g. no URL FAQ or contact numbers for users wanting to enquire further. b) List two other characteristics of phishing emails that an email filter specialised in detecting phishing messages can exploit. (Note: It is not important whether these characteristics are also detectable by a human reading the phishing emails or not.
Email filters work using various techniques to filter through messages and separate the phishing from the non-phishing emails. These methods rely on measures such as: ? Word lists – Certain words that are usually associated with spam are often found in unsolicited emails, such as ‘mortgage’ or ‘sex’ ? Blacklist and Whitelist – these lists contain identified IP addresses of spam senders (blacklists) and non spam senders (e. g. relatives), thus addresses that form part of your contact list are automatically recorded as whitelist and all emails sent from that list will be sent directly to your inbox. Head filters is a more complex technique used. Email headers are looked at to see if they are forged. They usually contain information in addition to the recipient, sender and subject fields displayed on your screen. Most spammers do not want to be traced hence they put false data in the email header to prevent people from contacting them. ? Trend analysis – By analyzing the history of the message sent from someone, trends can help determine the likelihood of an email being real or spam. 6