Build a Vernam Cipher

 DIY, Programming, Science  No Responses »
Feb 152012
 

The current issue of 2600: The Hacker Quarterly has an article on cryptography that outlines the use of the Vernam Cipher (aka One-time pad) to encrypt text by hand. What makes this technique interesting is its ease of implementation, but even more interesting than that is the fact that the Vernam Cipher is the only known method of encryption that is proven to be unbreakable when implemented/used correctly.

Sample One-Time Pad

So how does it work? In simple terms, each character from your text, known as plaintext, is encrypted by modular arithmetic with a character from a secret random key (or pad) of the same length as your plaintext. What results is a ciphertext. If the key is TRULY random and as large as the original text and has never been used then the ciphertext will be impossible to decrypt without knowing the key.

This got me to thinking — what would it take to create a web application to easily implement this encryption method for use on data that I wanted to store, let’s say, in my file based wiki!? Sure, there are numerous tools out there that one could leverage to encrypt text but this seemed like an interesting challenge and an excuse to learn a bit more about this cryptography method.

Before I proceed, let me just state that I am not a cryptographer and that the technique I devised for implementing my cipher is for informational purposes only!

The first step to encrypting our text is to convert our letters, and if we choose, our punctuation, to numbers so we can perform our modular arithmetic operations. The 2600 article described what is known as a straddling checkerboard which gives us numeric values for our non-number text characters while simultaneously introducing fractionation.

Example Straddling Checkerboard Grid

Using this particular implementation of the straddling checkerboard, Geek Tips would translate into 245527 18607. When encrypting by hand, it’s common to break the data up into smaller, easier to manage, groups. In this case we’ll use groups of five digits. Since our third group is less than five digits, we’ll fill in with zeros. Following this pattern, our string becomes, 24552 71860 70000, which is now ready for the next stage of the ciphering process which is to perform modular arithmetic with a key.

As I stated before, to implement this cipher properly, the key should be completely random and at least as long as our new string of numbers. For this example, let’s say our key is 20247 88641 30412. Now I subtract each digit in the key from each digit in the plaintext. If the result is less than zero, I add 10. For example, in the fifth column, I calculate 2 – 7, which results in -5. Because this is less than zero, I add 10 to get 5 as the final answer. In the first column, the result of 2 – 2 is 0, which is not less than zero, so I leave that as my final answer.

  24552 71860 70000 (plaintext)
- 20247 88641 30412 (key)
-------------------------
  04315 93229 40698 (encrypted)

Decrypting our string is as simple as reversing the modular arithmetic by adding the key to the encrypted string. This will reproduce our original plaintext string. To convert the string back to the original message we simply refer back to our straddling checkerboard grid to recompose the message – SIMPLE!!

The first thing I needed to do to move this project forward was write a simple form to gather my data:

<html>
<body>
<form action="process.php" method="post">
<p>Your message:<br /><textarea name="text" rows="40" cols="180" /></textarea></p>
<p>Decode: <input type="checkbox" name="decode" value="yes" /></p>
<p>Enter Key: <input type="password" value="" name="key" autocomplete="off" /></p>
<p><input type="submit" value="Encode/Decode" />&nbsp;&nbsp;&nbsp;<input type="reset" value="Reset" /></p>
</form>
</body>
</html>

With my form in place, now I could start developing the code to replicate the straddling checkerboard cipher that was described in the 2600 article. The resulting script was fully functional but WAY more complex than I wanted. As I thought about ways to simplify my code, I recalled that most programming languages have a number of built-in bitwise operators that I might be able to leverage to really simplify what I was trying to accomplish.

The operator that I narrowed in on is called XOR. It works by looking at two bit patterns of equal length and performs a logical exclusive OR operation on each pair of corresponding bits. The result in each position is 1 if only the first bit is 1 OR only the second bit is 1, but will be 0 if both are 0 or both are 1. This is equivalent to being 1 if the two bits are different, and 0 if they are the same.

Calculating an XOR result (2 ^ 7 = 5)

As this example shows, the 4, 2 and 1 columns have bits in the ON position. Since the 2 column bit is ON for both our numbers it becomes OFF, that leaves the 4 and 1 columns. When we add those together the resulting number is five. Since this XOR functionality is built-in to PHP the complexity of building this computational logic was removed thus allowing me to really simplify my code. Following are the results:

<?php

 $key = $_POST['key'];

 // Our plaintext/ciphertext
 if (strtolower($_POST['decode']) == "yes") {
   $text = base64_decode($_POST['text']);
 } else {
   $text = $_POST['text'];
 }
  
 // Iterate through each character
 for($i=0;$i<strlen($text);)
 {
     for($j=0;$j<strlen($key);$j++,$i++)
     {
         $outText .= $text{$i} ^ $key{$j};
     }
 }
 
 if (strtolower($_POST['decode']) == "yes") {
   echo "<p>Your message:<br /><textarea name=\"text\" rows=\"40\" cols=\"180\">"  . $outText  . "</textarea></p>";
 } else {
   echo "<p>Your encoded message:<br /><textarea name=\"text\" rows=\"40\" cols=\"180\">"  . base64_encode($outText)  . "</textarea></p>";
 }
 
 echo "<br /><br /><a href='https://www.example.com/form.html'>Return</a>";
 
?>

If the key provided matches the criteria outlined previously then the output from this script should be a true one-time pad. The reality, however is that it’s highly impractical to meet the one-time pad key criteria to make our ciphertext unbreakable. If you choose to use the same key for all of your enciphering (more practical) then the resulting ciphertext is, obviously, less secure. If your key is shorter than your plaintext, thus requiring the key to repeat then the resulting ciphertext is now encoded in what is known as a stream cipher.

I wouldn’t necessarily use the results of this script for anything of significant value but it was nonetheless and interesting exercise for gaining a deeper understanding of ciphers and how they can be implemented for obfuscation purposes in ones own solutions.

Until next time – GEEK OUT!

~GT~

   

 Posted by James L at 8:19 pm

Home Automation Overview

 DIY, Home Automation, Insteon  1 Response »
Jan 222012
 

When we receive a first-time visitor to our home they ALWAYS ask about the whole-home control panel mounted in our family room. This panel allows us to control and obtain status on just about every aspect of our house from a single location.  This, invariably, leads to questions about what my Home Automation (HA) system can do.

While not an exhaustive list, following are some of the features I’ve integrated so far:

  • Turn on the lights in the house when arriving home after dark and nobody is home
  • Announce when the garage door opens
  • Notify me and the police if the alarm is tripped
  • Notify me if a motion detector is activated and the house is in AWAY mode
  • Notify me when the alarm state changes (enabled / disabled)
  • Display the alarm status (set / not set) on keypads throughout the house
  • Display garage door status (open / closed) on keypads throughout the house
  • Open / Close the garage door from keypads throughout the house
  • Turn on / off porch lights with the setting / rising of the sun
  • Log upstairs and downstairs temperature and humidity
  • Log incoming and outgoing phone calls
  • Control alarm, fans, lights and thermostats from a central command console
  • Control alarm, fans, lights and thermostats from an iphone / iPad
  • Control alarm, fans, lights and thermostats via SMS
  • Control alarm, fans, lights and thermostats via IR
  • Display incoming caller information on TV
  • Log all motion activity
  • Control household music library and radio stations from central command console
  • Play household music library and radio stations on audio zones throughout the house
  • Notify me when one or more Printer Ink cartridges need to be replaced
  • Display on command console
    • Replace air filters
    • Add salt to softener system
    • Purge water system
    • Printer Ink Cartridge Levels
    • Motion in zones throughout the house
    • Who is home
    • Garage Door status
    • Alarm status
    • Voicemail status
  • Lights Out timer for my daughter (10 / 30 / 60 min intervals)
  • Panic Mode – all lights on instantly
  • Sleep Mode – all lights off instantly
  • Notify me when a HA device needs attention (battery replacement, etc)
  • Backup offsite server data (Wiki / Mail / etc)
  • Automatically filter all internet traffic
  • Notify me when power fails

Developing all of this capability over the years means the inter-workings of my HA system have become increasingly complex.  This is most evident when something ceases to function correctly and I have to jump in and troubleshoot the problem.  As the system grew I started documenting the details in a wiki which has proved invaluable for troubleshooting. I also found it helpful to maintain a high-level visual overview of my network and data flow.

Since these are areas that are the subject of so many of the questions that I receive, I thought I would post some images to give you some inspiration on how you might architect your own HA system.

Until next time – GEEK OUT!

~GT~

   

 Posted by James L at 5:56 pm

Learning to Ride

 DIY  No Responses »
Nov 142011
 

My little girl hit a new milestone today by learning to ride her bike!

Getting here, I can honestly attest, has been a very bumpy ride (pun intended), but alas she prevailed!

Let me start with a little bit of context. Every child is different. I put my son on a bike at about five years of age and he was riding his bike in, literally, a matter of minutes. He only needed a small bit of guidance and he took care of the rest himself. My daughter, on the other hand, is a completely different story. She is currently eight years old. We bought her first bike about three years ago and she rode it for a long time with training wheels. About 18 months ago I took the training wheels off and I spent many hours running with her up and down the street, but she was never able to grasp the whole balance thing. As she continued to grow we got her a bigger bike and spent many additional hours practicing , but again, she just couldn’t manage to keep her balance. Finally in a moment of frustration I searched the Internet for alternative learning methods and ran across a video that demonstrated the “Balance Bike” method.

The idea behind this method is really simple. All you do is remove the pedals and then let your child push themselves and then lift their feet until they get a firm grasp of the balance required to keep the bike upright. What’s great about this technique is that the child stays in control and isn’t hindered by a parent holding their shoulders or the bicycle’s handle bars, and what’s even better is that the parent doesn’t end up with an aching back.

After seeing the video I took the pedals off and let her try to push herself along a few times but she kept hitting the crankarms with her chins and she was ready to quit within a few minutes of starting. I did a bit more research and found that were are a number of bicycles on the market specifically made to teach balance. The only thing that was different about them was that they didn’t have pedal cranks. It seemed silly to me to spend money to buy one of these when I could achieve the same thing for free. Using the examples I saw on the internet as inspiration, I then proceeded to remove the crank assembly, chain and chain guard from my daughters bike and we spent a few minutes on three or four occasions over the next few weeks practicing totaling 30 to 40 minutes.

Today my daughter decided she was ready to try riding “with the pedals” again so I put everything back together, she loaded up and on her first try she was riding her bike down the street without any help!

So the moral of this story is give the “Balance Bike” method a try if your youngster is having difficulty learning to ride and chances are they will acquire the necessary skills in no time!

~GT~

   

 Posted by James L at 7:11 am
 Older Entries  Newer Entries
© 2012 Geek-Tips Suffusion theme by Sayontan Sinha