Communications Encryption Exhibition - Content

What is Encryption?

Encryption disguises messages so that they can only be read by the intended recipient.

Caesar Cipher – Julius Caesar
Incryptography, aCaesar cipher, also known asCaesar's cipher, theshift cipher,Caesar's codeorCaesar shift, is one of the simplest and most widely knownencryptiontechniques. It is a type ofsubstitution cipherin which each letter in theplaintextis replaced by a letter some fixed number of positions down thealphabet.The method is named afterJulius Caesar, who used it in his private correspondence.
Note: Love story mentioned above used it (one-letter shift)

Artifact: n/a
Image/AV: Graphic showing how it works (encryption and decryption)
Interactive: Send a message/decode a message?

Recommended section: What is encryption?
Why – Keep private correspondence private. Simple to use: Even as late as 1915, the Caesar cipher was in use: the Russian army employed it as a replacement for more complicated ciphers which had proved to be too difficult for their troops to master; German and Austrian cryptanalysts had little difficulty in decrypting their messages / Jobs – no
How - "If he had anything confidential to say, he wrote it in cipher, that is, by so changing the order of the letters of the alphabet, that not a word could be made out. If anyone wishes to decipher these, and get at their meaning, he must substitute the fourth letter of the alphabet, namely D, for A, and so with the others."
It is unknown how effective the Caesar cipher was at the time, but it is likely to have been reasonably secure, not least because most of Caesar's enemies would have beenilliterateand others would have assumed that the messages were written in an unknown foreign language / Daily life – no
Canada/CSE - no / Cyber security - no
Baseball signals -
Coaches give players in-game instructions from the sidelines using individualized hand/body signals. Opposing teams try to decipher the signals to anticipate their opponent’s moves.

Artifact: no
Image or AV: Video showing montage of signals
Interactive: Could play with elaborateness of some signals by inviting people to make up their own (silly, kid-focused); Could have a digital baseball game (memory game) where you interpret your coach’s signals and act accordingly and/or try to decipher the other team’s signals?

Recommended section: What is encryption?
Why – Yes. Clear example of transmitting information while keeping it secret / Jobs – No
How – example of the “man” side of “man or machine” / Daily life – Yes
Canada/CSE – No / Cyber security – No
References: Paul Dickson The Hidden Language of Baseball
Commercial code
Development of code book to keep telegraphs secret (any example of use?)

Artifact: Slater’s telegraph code book; telegraph machine
Image or AV: n/a? Graphic of different codes in action. Telegraph office?
Interactive: Encode or decode a message

Recommended section: What is encryption?
Why – Conceal the meaning of a telegraph message from all but the intended recipients (including telegraph operators). / Jobs – No
How – Pre-arranged key (i.e., addition/subtraction of pre-arranged number; transposition of numbers; or both) / Daily life - No
Canada/CSE – No / Cyber security - No

Why do we encrypt communication?

We encrypt communication to keep messages secret.

Enigma

Artifact: Enigma Machine (CSE)
Image or AV: Graphic breaking down how the Enigma machine works
Interactive: Could be broken down as an interactive? Kids could write a message and see it encrypted?

This is a must obviously. It was a great success in the last partnership amongst NMST, CSE and myself in 1999-2000. It was the exhibit that had the most attention and questions. [Artifacts: CSE’s 4-rotor Kriegsmarine Enigma, rotors, perhaps the printing mechanism for the Enigma, etc.]
“This particular Enigma Cipher Machine was retrieved from a U-Boat [by whom?] The fact that it has four rotors increases the permutations and complexity of the cypher, which was more critical for naval Enigma.”
Recommended section: How to we encrypt communication
With CSE highlight Typex Rotors?
Why – Spying During Wartime
During war, the ability to communicate securely saves lives on your side, and ensures that your plans succeed. At the same time, being able to decipher your opponent’s communications gives you more information to plan how best to foil their plans. / Jobs – no
How – Break down this complicated machine / Daily life - no
Canada/CSE - ? / Cyber security - no
References:
Typex Rotors/KL-7 Adonis Rotors
In thehistory of cryptography,Typex(alternatively,Type XorTypeX) machines wereBritishcipher machines used from 1937. It was an adaptation of the commercial GermanEnigmawith a number of enhancements that greatly increased its security. The cipher machine (and its many revisions) was used until the mid-1950s when other more modern military encryption systems came into use.
One German cryptanalyst stated that the Typex was more secure than the Enigma since it had seven rotors, therefore no major effort was made to crack Typex messages as they believed that even the Enigma's messages were unbreakable.
DID CSE PRODUCE TYPEX ROTORS or JUST KEY TAPE?

Artifact: Typex rotors
Image/AV: Graphic showing how they work (although probably not bc overlap with Enigma)
Interactive: ?

Recommended section: CSE highlight to accompany Engima
Why - / Jobs -
How - / Daily life -
Canada/CSE - Typex was used by the British armed forces and was also used by Commonwealth countries includingCanadaandNew Zealand. / Cyber security -
References
Keytape?

How do we encrypt communication?

Stuxnet
Alleged hacking of Iranian nuclear facilities by USA and Israel using a computer worm.

Artifact: No
Image or AV: Infographic? Or AV representation?
Interactive: Is there something in the transmission aspect of a worm?

Recommended section: Why do we encrypt communication or How do we encrypt communication
With possible CSE highlight. Would Assemblyline help protect against this kind of thing?
Why –State-on-state cyber warfare
Example of cybersecurity failure having physical work consquences / Jobs –No
How –Yes. Example of a worm as an offensive tool / Daily life –No
Canada/CSE –No but maybe there’s an equivalent protection provided by CSE? We should ask. Could be linked with Assemblyline? / Cyber security –Yes
Assemblyline
Assemblylineis a malware detection and analysis tool developed by the CSE and released to the cybersecurity community in October 2017.

Artifact: n/a
Image/AV: Graphic showing how it works
Interactive: Is there something we can do with the “assembly line” concept – making it literal/physical instead of digital – that could help make this easier to understand?

Recommended section: CSE highlight to accompany Stuxnet?
Why - Malicious files can allow threat actors to access sensitive systems, extract valuable data or corrupt vital services.Assemblylinewill benefit small and large businesses by allowing them to better protect their data from theft and compromise. Most software of a similar nature is proprietary to a company and not available to the software development community. CSE is releasingAssemblylineto businesses, security researchers, industry, and academia, with no economic benefit to CSE. The release ofAssemblylinebenefits the country and CSE’s work to protect Canadian systems, and allows the cybersecurity community to build and evolve this valuable open-source software. The public release ofAssemblylineenables malware security researchers to focus their efforts on creating new methods to detect malicious files. / Jobs – Maybe?
How - Assemblylineis a platform for the analysis of malicious files. It is designed to assist cyber defence teams to automate the analysis of files and to better use the time of security analysts. The tool recognizes when a large volume of files is received within the system, and can automatically rebalance its workload. Users can add their own analytics, such as antivirus products or custom-built software, in toAssemblyline. The tool is designed to be customized by the user and provides a robust interface for security analysts. / Daily life – Maybe?
Canada/CSE - Yes / Cyber security - Yes
Slidex/manual cipher/variable cipher and Cray
Need particular example – related to diplomacy?
[signals intelligence – what were we looking for?]

Artifact: tbd (CSE?)
Image/AV: photos or graphics of arctic signals collection?
Interactive: ?

Recommended section: How do we encrypt communication – OR TODAY? WHAT DO WE DO?
Why - ? / Jobs – no
How – Machine? / Daily life - no
Canada/CSE - Yes / Cyber security - no

Today

Blackberry
An excellent Canadian story in the smart phone industry in the 2000’s. Adopted by the GoC for a number of years and incorporated novel encryption schemes including Elliptic Curve Cryptography. [Artifacts: a smattering of Blackberry models along with a notional explanation of ECC with math equations and graphs in a faded background?]

Artifact: BlackBerry (it would be cool to get a specific person’s)
Image/AV: Photo
Interactive: ?

Why –Protect data on mobile devices / Jobs - no
How –Software are hardware are BlackBerry-built, providing an end-to-end layered defense. Verify authenticity of the OS and software every time a BlackBerry boots up. Fortified foundations of the QNX Neutrino microkernel provide integrity, resiliency and security. / Daily life - yes
Canada/CSE - no / Cyber security - ?
Cyber Attack - Hacking
Offences that are committed against individuals or groups of individuals with a criminal motive to intentionally harm the reputation of the victim or cause physical or mental harm, or loss, to the victim directly or indirectly, using modern telecommunication networks such as Internet (networks including but not limited to Chat rooms, emails, notice boards and groups) and mobile phones (Bluetooth/SMS/MMS)

Artifact:
Image/AV: CSE’s AV of a hacker’s perspective
Interactive: Could we do something 2-person, where one person is trying to accomplish a task, and the other person tries to disrupt – playful? Is this a good place for a metaphor-style interactive rather than something literal?

Why - / Jobs -
How - / Daily life - YES
Canada/CSE - / Cyber security -
End-to-end Encryption (E2EE)
a system ofcommunicationwhere only the communicating users can read the messages. In principle, it prevents potential eavesdroppers – includingtelecom providers,Internet providers, and even the provider of the communication service – from being able to access thecryptographic keysneeded todecryptthe conversation.[1]The systems are designed to defeat any attempts atsurveillanceor tampering because no third parties can decipher the data being communicated or stored. For example, companies that use end-to-end encryption are unable to hand over texts of their customers' messages to the authorities.
Example of an update of the Slater Code Book (i.e., similar principle, motivation, etc.)

Artifact: n/a (slash Slater Code Book)
Image/AV: ?
Interactive: ?

Why - / Jobs -
How - / Daily life -
Canada/CSE - / Cyber security - Yes
Ashley Madison data breach
The Impact Team threatened to expose the identities of Ashley Madison users if the site was not shut down, to bring attention to the site’s practice of requiring people to pay to “fully delete” their profiles but failing to deliver. Personal information was released, and lawsuits were settled for $11.2 million

Artifact: ?
Image or AV:
Interactive: Could do something about passwords/breaking passwords?

Why - murky / Jobs - No
How – Passwords were hashed using the bcrypt algorithm / Daily life – Yes
Canada/CSE – Canadians were involved, but I don’t think government/CSE involved? / Cyber security – Yes

30 December 20181