This presentation was given at the Over The Air event #ota11 at Bletchley Park. The idea was to get developers thinking about how they are securing their applications (or not) and to have an open discussion about methods that could be employed to help developers. Julius Caesar was nearly defeated a few times and had his codes have been broken, just maybe, the world might have been a different place. For more information on the individual battles (I did a verbal run through, check out the great wikipedia pages on them). The code breaking exercise contained within is a fun tool to help people understand about the need to protect information.
1. Historical code cracking with phones: What if Pontus, the Gauls, Germans, Nervii, Egyptians and Helvetii had iphones?Over The Air 2011, Bletchley Park http://www.mobilephonesecurity.org David Rogers, Copper Horse Solutions Ltd. 1st October 2011
2. http://www.mobilephonesecurity.org Some Information About Me 12 years in the mobile industry Hardware and software background Head of Product Security at Panasonic Mobile Worked with industry and government on IMEI and SIMlock security Pioneered some early work in mobile phone forensics Brought industry together on security information sharing Director of External Relations at OMTP Programme Manager for advanced hardware security tasks Chair of Incident Handling task Head of Security and Chair of Security Group at WAC Owner and Director at Copper Horse Solutions Blog: http://blog.mobilephonesecurity.org, Twitter: @drogersuk About Copper Horse Solutions Ltd. Established in 2011 Software and security company Focussed on the mobile phone industry Services: Mobile phone security consultancy Industry expertise Standards representation Mobile application development http://www.copperhorsesolutions.com
3. Histiaeous http://www.mobilephonesecurity.org In 499BC sent a trusted slave to encourage a revolt against the Persians Shaved the head of the slave Tattooed a message to his head, let the hair grow back Recipient shave off the slave’s hair to get the message This is an early form of steganography From: http://www.retroworks.co/scytale.htm
5. CAESAR Shift http://www.mobilephonesecurity.org Supposedly used by Caesar to protect military messages – by shifting the alphabet 3 places to the left: Still used today (scarily!) – e.g. ROT13 It helped that a lot of Caesar’s enemies were illiterate anyway… From: http://www.retroworks.co/scytale.htm
7. Code Cracking Challenge http://www.mobilephonesecurity.org After each battle I describe there will be some codes to crack in which you would be able to change the course of history. You can also get these at: http://blog.mobilephonesecurity.org From: http://www.retroworks.co/scytale.htm
8. Some Source Code to Help! http://www.mobilephonesecurity.org Hint: The codes are all Caesar ciphers but with different rotations https://github.com/mkoby/RotationCipher (not mine!) and a cheat: http://textmechanic.com/ROT13-Caesar-Cipher.html
9. Julius Caesar (Briefly!) http://www.mobilephonesecurity.org 100BC – 44BC Spent 9 years campaigning in Gaul (and made a fortune) Invaded Britain Was involved in a civil war with Pompey Defeated the Egyptians Assassinated on the ‘Ides of March’ in 44BC
11. List of Battles http://www.mobilephonesecurity.org 58BC Battle of the Arar – Helvetii 58BC Battle of Vosges - Germans 57BC Battle of the Sabis – Nervii 52BC Battle of Alesia - Gauls 47BC Battle of the Nile - Egyptians 47BC Battle of Zela - Pontus
12. Battle of the Arar http://www.mobilephonesecurity.org 58BC Caesar v Helvetii, Switzerland
13. Break This Roman Code! http://www.mobilephonesecurity.org Also here: http://blog.mobilephonesecurity.org Can the Helvetians defeat Caesar? bgxxwfhkxmbfxyhkkxbgyhkvxfxgml
14. Battle of Vosges http://www.mobilephonesecurity.org 58BC Caesar v Germans, River Rhine, Alsace
15. Break This Roman Code! http://www.mobilephonesecurity.org Also here: http://blog.mobilephonesecurity.org Should the Germans attack the Romans? bpmumvizmnqopbqvonqbemkivpwtlwcbnwzivwbpmzemms
16. Battle of the Sabis http://www.mobilephonesecurity.org 57BC Caesar v Nervii, Wallonia
17. Break This Roman Code! http://www.mobilephonesecurity.org Also here: http://blog.mobilephonesecurity.org Are the Nervii ready for Caesar? muqhuweydwjeruqjiqryiydjmetqoi
18. Battle of ALesia http://www.mobilephonesecurity.org 52BC Caesar v Gauls, France
19. Break This Roman Code! http://www.mobilephonesecurity.org Also here: http://blog.mobilephonesecurity.org Is there anything the Gauls do to help themselves? qebobfpxtbxhmlfkqfklrotxiikbxoqebqobbp
20. Battle of the NILE http://www.mobilephonesecurity.org 47BC Caesar & Cleopatra v Ptoloemic forces, Alexandria, Egypt
21. Break This Roman Code! http://www.mobilephonesecurity.org Also here: http://blog.mobilephonesecurity.org Are the Egyptians ready for action? wbssrgiddcfhhcpfsoycihobrtwuvhdhczsam
22. Battle of Zela http://www.mobilephonesecurity.org 47BC Caesar v Pontus, Turkey
23. Break This Roman Code! http://www.mobilephonesecurity.org Also here: http://blog.mobilephonesecurity.org Save Pontus? sbkfsfafsfzf
25. Don’t Use Roman Codes! http://www.mobilephonesecurity.org ROT13 and XORing / obfuscation are not adequate!! Modern crypto (not surprisingly) is significantly better However, developers don’t have access to secure hardware APIs on mobile
27. Mobile Development http://www.mobilephonesecurity.org Think about security when designing your apps Are you playing fast and loose with your users’ private data? Have you explained to users why you used certain permissions? What have you (not) encrypted? Is your application designed badly? – gift to hackers / fraudsters? E.g. asking for credit card details from a QR code
30. Discussion http://www.mobilephonesecurity.org “I look at KeyStore but it does not really solve my problem. It can store my keys given that I can provide a password. Then I need to find a secure place to store this password which is same as my original problem.”
34. Code Solutions http://www.mobilephonesecurity.org Helvetii: I need more time for reinforcements (h shift) Germans: the men are fighting fit we can hold out for another week (s shift) Nervii: we are going to beat sabis in two days (k shift) Gauls: there is a weak point in our wall near the trees (d) Egyptians: I need support to break out and fight ptolemy (m shift) Pontus: venividivici(d shift) The famous: I came, I saw, I conquered message Of course, the Pontic army could not save themselves!
Notes de l'éditeur
Picture – Julius Caesar and Divico parlay after the battle at the river SaoneThe Helvetian tribe were planning to migrate towards the west coast of Gaul, cutting off Gaul and causing a threat to Roman Spain.Mass migration of 300,000 people!Caesar had to play for time because of a lack of soldiersHelvetii were attacked during the night while crossing the riverCaesar ultimately chased down the Helvetii and they eventually surrendered after the battle of BribacteThree opportunities that the Helvetii could have seized:Discovering that Caesar had left RomeRealising that Caesar was playing for timeDiscovering Caesar’s planned night time attack for the river crossing
58BC Caesar v GermansLocation: River Rhine, AlsaceGerman tribes (Suebi and others) made a move into GaulAriovistus moved his camp onto the Roman supply lineHe delayed battle deliberately to starve and weaken the Roman soldiersRomans charged down on the Germans who formed a Phalanx with their shields – roman soldiers jumped onto the shields and wrenched them away, stabbing down onto the soldiersOn learning that the Germans believed in a prophecy that they should lose the battle if they fought before the new moon, Caesar forced a battle upon them immediately.Their leader Ariovistus escaped but was defeated. Caesar had forced the Germans out of GaulAriovistus could have realised that Caesar’s men were not starving and delayed the battle further, therefore defeating him once his men were truly weakened
Caesar was surprised and nearly defeatedThey would not “partake of alcoholic beverages or other such imported Roman luxuries” – wine was banned by decree by the NerviiThe Nervii caught javelins in flight and hurled them back at legionnaires!Nervii used typical Gallic warfare tactics which could be defeated with missilesNervii used mounds of the fallen as ramparts by the end of the battleCaesar lost all of his standards and most of his centuriansNervii could have discovered how swiftly Caesar was travelling and ambushed before they reached the SabisResult was Caesar gained control of what is now Belgium
Vercingetorix and Julius CaesarSeige around a hill fortThe last major engagement between the Gauls and the RomansMarks the end of Celtic dominance80,000 fighting men were under seigeCaesar constructed a second wall around him, in case he was attacked after some cavalry managed to break out of the seigeCaesar would not allow the women and children out of the seige, so they were left to starve in no-mans land.The relief force arrivedRomans were also beginning to starve as they were being beseigedLots of skirmishes and combined attacks from without and withinGauls discovered a weakness in the walls that was hidden (this is a point that could have been exploited earlier if the Gauls had known)The Roman cavalry defended this and nearly collapsed, Caesar sent a force of 6000 cavalry to relieve them and defeated the 60,000 attackersSeeing the defeat of the relief force, Vercingetorix surrendered to Caesar
(after civil war with Pompey)Roman ‘peacekeeping’ between King Ptolemy and Cleopatra (his sister) in the Egyptian civil warCaesar was relatively cut off in Alexandria but sent a message for allied supportPtolemy died when his ship capsized while escapingCaesar installed Cleopatra on the throne of EgyptCaesar could have been defeated had the Egyptians been able to cut him off from his ally, Mithridates
After the battle of the Nile, Caesar travelled up to fight Pharnaces after he had defeated a roman army and committeed atrocities against prisoners and civiliansCaesar refused appeals for peace as he approachedAs Caesar’s troops were setting up their camp on a nearby hilltop, the Pontic army attacked from their own safe strategic hilltop postionAlthough initially successful, the romans recovered and drove the Pontics back fown the hill, routing themPharnaces escaped only to be later killed by one of his ownThe whole campaign lasted only 5 days.After the battle, Caesar sent his famous message, Veni, vidi, vici – I came, I saw, I conquered ***