English
Italiano
Products & Services
BLOG
LATEST BLOG POSTS
Enigma: a story about cipher mishandling
Enigma was a portable cipher machine producing a polyalphabetic substitution cipher. It had up to 5 rotor scramblers. Many versions included many sets of plugboard connections, which allowed a further swap of a letter with another once encrypted. Its inventor Arthur Scherbius originally developed it for commercial use in the 1920s. He later sold it to German Armed Forces since the early 1930s. The military Enigma equipped with 5 rotors and 10 plugboard connections has 158,962,555,217,826,360,000 possible combinations. Good operating procedures, properly enforced, would have made Enigma unbreakable in the 1940s. History teaches us that this was not the case. Many historians agree that the Allies won WW2 thanks to the deciphering of Enigma. What happened then? A mix structural weaknesses and poor handling made Enigma vulnerable. Let’s find out more below! Enigma: structural weaknesses Was Enigma unbreakable? No, it was not in fact. The security of Enigma ciphers did have fundamental weaknesses that proved helpful to Allied cryptanalysts. To start off our analysis, you should know that Polish criptoanalysts designed a special system, “the bombe”, in attempting to break the cipher. The British would later develop an augmented version of the bombe. Let’s turn now to the actual weaknesses of Enigma. First, Enigma could not encrypt a letter to itself as a result of the structural architecture of the machine. This gave cryptanalysts a key hint. They knew they could ignore a number of sequences. Secondly, the plugboard connections were reciprocal, so that if A was plugged to N, then N likewise became A. Because of this property, British cryptoanalysts introduced a diagonal board into the bombe substantially reducing the number of incorrect rotor settings that the bombes found. The augmented version of the bombe, also known as the Turing machine, was the first computing machine in history. Alun Turing designed it to find the correct initial setting of the rotors. Knowing the initial setting would have allowed Turing and his team the decryption of Enigma. Finally, the notches in the alphabet rings of rotors I to V laid in different positions, which helped cryptanalysts to work out the wheel order by observing when the right-hand rotor turned over the middle one. Thus, thanks to these flows Polish, French and British governments started working on decrypting Enigma since the 1930s. Britain was able to decrypt a substantial number of German communications since the summer of 1941. The human error in handling Enigma The technologies Allied powers possessed did not allow the full exploits of those structural weaknesses, however. The main vulnerabilities of Enigma came from poor handling and lack of safe procedures. First of all, the choice of the message was not totally random – Germans sometimes opted for obvious keys (three successive letters). Also, the Germans made the mistake of repeating the same key. This feature made Enigma a vulnerable pseudo-Vernam cipher, where the key is repeated more than once. The security measures taken by those responsible for creating the notebooks with the daily key settings were lacking, too. They did not allow any rotor to repeat the position from one day to another. In addition, sometimes the Allies managed to obtain a notebook of key settings, which gave the analysts a boost from which to continue advancing in solving the Enigma. Conclusion: ciphers and proper procedures In conclusion, the mixture of inherent and human error greatly reduced the total number of possible configurations and provided shortcuts to cryptanalysts. The entire Allied deciphering of the Enigma codes can be attributed to human error and/or human carelessness. Built-it weaknesses were pretty limited and were not sufficient to allow pattern spotting with the technology the Allies could rely on.
24. Feb 2021
Phishing: how to detect one of the subtlest online threats
Phishing is one the subtlest threats in the dark world of cyber threats. The world has been witnessing a surge in phishing attacks since the outbreak of the pandemic. It may be extremely disruptive and carry big security problems, but there are several ways to mitigate this threat. With a caveat: enhancing your cybersecurity through software is essential, but it is not a silver bullet. Indeed, much depends on users’ behavior and threat actors know that. Let’s explore how, then! How to avoid phishing: identifying threats Scammers have increased their sophistication to induce victims into trap. Phishing emails and text messages may look like they’re from a company you know or trust. Particularly, imitations may include fake notifications or communication from one’s bank, credit card company. They may come from a social networking site, an online payment website or app, or an online store. They have a common feature. Phishing emails and text messages often tell a story to trick you into clicking on a link or opening an attachment. Detection of these threat has been being more difficult over time. Generally, scammers send spear-phishing emails so that they really look like they’re from your friend or a colleague. Moreover, hackers made this matter more complicated as they exploits real emails accounts from a genuine entity. This usually happens because attackers have successfully broken that organization or people victims know. Recommendations But what potential victims can do to meet its dangers? Do not despair, precautions are actually simple. To ensure maximum protection, you may start not clicking on email from senders you do not know. However, we have seen that spear phishing may come from people you know – let them be hacked or impersonated. In this case, you should ask yourself whether it is weird you receive, for instance, an email from your mom when walking down the street. Especially, if this message has a request or an attachment. In that case, you may contact the send by phone or by other social media messaging apps and ask about the message. Precautions of the sort may save you a lot troubles, including a ransomware. Including in your daily life simple and effective cybersecurity practices would help to tackle phishing, too. One of them is Two-Factors Identification. In the case of email accounts, an attacker would need pass a second security check to gain access to your email. Indeed, TFI requires the user to identify themselves by a second method of identification such as a text message containing a one-time code. Physical code-generator token may also be a suitable way to protect assets from remote access. Do not forget that human intuition is, at the same time, the core of the problem and of its solution. To deal with cyber threats you have to be smart. Let us be honest on this point. True, there is no cybersecurity silver bullet. Cybersecurity would not exist if a program, software, plug-in, etc. would effectively -and automatically, deal with threats. Do not let your guard down, then! Conclusion: phishing and the human factor. The case of phishing suggests that the human factor is a determinant factor for the origin and the solution of this threat. Here is our dedicated blog on it. That of spear phishing is becoming a very sophisticated threat. To great extent, it plays on psychological mechanisms and genuineness. The main solution is, then, being patient and vigilant. Attackers rely on the rashness of today’s life in both the private and work spheres. In almost any case, they need your consent to get in. Do not give it to them!
22. Feb 2021
Olicyber: the future of Italian cybersecurity is here!
Will the curriculum of Italian pupils soon include hacking? There is a chance. Italy is organizing its first CyberOlimpics, Olicyber, organised by CINI and TeamItaly, the Italian white hackers team. The organizing committee means to convey the value and the culture of cybersecurity among younger generations. Hopefully, this initiative will promote the selection and the training of future and talented cybersecurity professionals. Olicyber: what is it? Disciplines of the Cyber Olympics include Web Security, Cryptography, Sofware Security, and Network Security. These special athletes are the pupils of Italian high-school. An additional merit of OliCyber is that the organizers will select the participants without discrimination, especially ensuring gender equality. Participation is conditional on the membership of the Olicyber network by educative institutions. Teachers may enlist their schools swiftly and in a short time as the organizers have set up a simple application process. Their goal is to ensure maximum participation. Participating to Olicyber would benefit teachers, too. Indeed, Olicyber offers them professional updating packages to keep up with the state of the art on cybersecurity. OliCyber brought teachers back to school, then. If curious, you may have a look on their website here. The importance of cyber-education What are the reasons of this attention to the youth? Cybersecurity education has been becoming a leading and key theme in Italian policy. Olicyber means to scale up the awareness of cybersecurity among youngsters. Then, Olicyber is part of bigger and more ambitious project. Italy is investing a lot of money to implement a swift and a painless digital transformation plan. The successful implementation of the plan – observers say – may enhance Italy’s chances of achieving economic growth in the long term. Why? The world has been turning digital and the process of digitalization has revolutionized the economy. However, the main focus of Italian policymakers is purely educative. Initiatives like Olicyber aims at making the young cyber-aware. Nobody can ignore that the digital domain as a key part of our life. Its ultimate objective is thus to prepare the youth in this sense. Conclusion: Olicyber and the future of Italian cybersecurity In conclusion, Pierre de Coubertin, the father of modern Olympics, meant to stress the positive role of the Olympic Games in the future of individual as moral and social advancement. Then, Olicyber deals with advancement not only in a pure technical sense. Their purpose is making the community a better and a more secure place. Indeed, initiatives like Olicyber are a blessing. They lead to change and innovation. They also funnel talent and stimulate curiosity, while developing skills welcomed by the labour market. Such competitions are flowering. Thus, policymakers worldwide should encourage them to provide society with advanced knowledge on cyber threats and defense.
17. Feb 2021
Cablocracy: the history of (and the struggle for) undersea comms
Did you know that nations and power struggle for cablocracy, that is the control for strategic comms? In the age of wireless and mobile, few people know that a long net of submarine cables connects the world and allow communications cablocracy to take place. Today, more than 99% of international communications are carried over fiber optic cables, most of them undersea. In total, around 380 underwater cables in operation literally wrap the world. Data revels that their aggregate length is about 1.2 million kilometers. They deliver internet worldwide and are at the same one of the goals and the tools of today’s geopolitics. Let’s explore what cablocracy is, then. The history of underwater cable communications It all started on July 29, 1858, when two vessel made meeting two ends of a 2,500 mile-long telegraphic cable in the Atlantic Ocean. For the first time in history, an undersea telegraph cable linked North America and Europe. Continuous improvements to deal with technical failures and speed transmission made wired undersea comms the standard for conveying information worldwide. Indeed, 1956 saw the laying of the first telephone cable. Additionally, by 1988, telephone TAT-8 transmitted 280 megabytes per second. In sum, undersea cables allow an impressive scale-up of technological standards in less than a century. Nowadays, Internet giants fund additional cable lays to expand even more the reach of Internet. Cablocracy: the struggle to control comms Above, we have outlined a brief history of undersea comms. Now you may wonder what cablocracy is. If you control the cable itself, you may tapping it or viewing information passing through it. Tapping underwater cables is not novelty in itself. Since the early days of the Cold War, for instance, the US and USSR invented sophisticated submarines to allow interception of or disrupt of the adversary’s cables. However, you should not assume that cablocracy is an historians’ matter. Present struggles in the Pacific Sea suggest that it is a current and sensitive issue. Generally, every geopolitical strife around the world involves the main players’ attempt to control comms and undersea Conclusion: cablocracy, cables and the future of innovation To conclude, undersea cables are strategic. Given their pivotal role in delivering information – let it be military, commercial, or private – they are object of strict regulations. Their important role made them a tool, and a goal, of international politics. Beyond their critical role in world affairs, they are the forefront of technological momentum in the comms industry. Finally, they are crucial to achieve the spread and further the reach of Internet worldwide.
15. Feb 2021