SlideShare a Scribd company logo

Android Enigma Simulator Fundraises for Bletchley Park

C
Craig Heath

Presented at Over The Air 2012, Bletchley Park

EducationTechnology
1 of 25
Download to read offline
Fund Raising with an Android Enigma Machine Simulator 02 June 2012 Franklin Heath Ltd
What Shall We Talk About?  How the World War II Enigma machine works  Potential for mobile apps to raise money for charities  How bad is Android fragmentation and how best to deal with it  What mechanical cryptography can teach us about today's security software © Franklin Heath Ltd 02 June 2012 CC BY 3.0 2
Android Enigma Simulator: Why?  2012 is Alan Turing’s centenary year  One of Bletchley Park’s “Wicked Uncles” working on Enigma  Real WWII Enigma machines can cost > $200,000  Touch screen animation gives an idea of the real thing  Education  Strong cryptography existed before computers  Fund raising  Bletchley Park Trust needs matching funds to restore the site  Experiment in Android development and monetisation © Franklin Heath Ltd 02 June 2012 CC BY 3.0 3
Bletchley Park’s “Wicked Uncles”  Senior codebreakers recruited in 1939  Introduced mathematical and mechanised methods  1941 memo delivered to P.M Winston Churchill  Response: “Make sure they have all they want on extreme priority and report to me that this had been done.” Alan Turing 1912-1954 Stuart Milner-Barry 1906-1995 Hugh Alexander 1909-1974 Gordon Welchman 1906-1985 © Franklin Heath Ltd 02 June 2012 CC BY 3.0 4
Enigma Machine Components Scrambler Rotors and reflector Output Battery-powered lamps Input Keys (switch and lever) Plug Board Static, swaps letters © Franklin Heath Ltd 02 June 2012 CC BY 3.0 5
Enigma Machine Components Scrambler Rotors and reflector Output Battery-powered lamps Input Keys (switch and lever) © Franklin Heath Ltd 02 June 2012 CC BY 3.0 6
Fully Functional Paper Model © Franklin Heath Ltd 02 June 2012 CC BY 3.0 7
Enigma Simulator App Demo © Franklin Heath Ltd 02 June 2012 CC BY 3.0 8
Google Play International Reach 0% 5% 10% 15% 20% 25% 30% USA 670 UK 450 Germany 264 Spain 151 Top 20 countries (of 99) Italy 112 Poland 111 Netherlands 63 Australia 61 France 59 Canada 47 Czech Republic 46 Brazil 45 Croatia 44 Sweden 43 India 41 Turkey 39 Mexico 35 Hungary 33 Indonesia 30 0 Finland 27 100 200 300 400 500 600 700 800 © Franklin Heath Ltd 02 June 2012 CC BY 3.0 9
Revenue Stats (by 2012 Week Nos.) 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 300 £15.00 In-App. Payments 250 £12.50 Advert. Revenue Nook Sales 200 £10.00 New Installs Revenue 150 £7.50 100 £5.00 50 £2.50 0 £0.00 © Franklin Heath Ltd 02 June 2012 CC BY 3.0 10
How the Revenue Divides Up  Google Play (user charged £1)  17p to Her Majesty’s Revenue and Customs (V.A.T.)  25p to Google (30% Android billing fee)  29p to us (until development costs covered)  29p to the Bletchley Park Trust  AdMob (variable rates per click)  Remitted in $US so no V.A.T. due  50% to the Bletchley Park Trust  Nook sales (user charged $2.49)  $0.75 to Barnes & Noble (30% transaction fee)  $0.87 to us  $0.87 to the Bletchley Park Trust © Franklin Heath Ltd 02 June 2012 CC BY 3.0 11
Fundraising: What Have We Learned?  People will donate using in-app billing  ~ 2% of ~2,700 installs so far  People do click on in-app advertisements  ~ 0.8% of ~36,000 impressions so far  Revenue so far is low  Street corner tin rattling could have been more productive!  BUT software revenue scales effortlessly, so good potential  What we need to do better  Marketing (increase awareness and donations)  Continuing user engagement (increase ad revenue) © Franklin Heath Ltd 02 June 2012 CC BY 3.0 12
Android Testing Strategy  448 different device models in 2864 installs!  Clearly impossible to test on every device  What is the best mix of devices to test on?  Use Android resource qualifiers to identify categories  “small” → “xlarge”, “ldpi” → “xhdpi”  Using Android’s layout engine to adapt to different screens  Also need to cover all supported Android API levels  We don’t support Android 1.5  0.23% of category, mandates extra permissions for compatibility © Franklin Heath Ltd 02 June 2012 CC BY 3.0 13
Android Device Variability: Screen Size and Density 60% 1600 ldpi Percentage of all EnigmaSim installs 1370 mdpi 1400 50% hdpi 1200 40% xhdpi 1000 30% 800 600 20% 359 335 400 10% 142 129 120 119 200 67 1 16 0 0 4 26 0 0 0% 0 small normal large xlarge © Franklin Heath Ltd 02 June 2012 CC BY 3.0 14
Android Device Variability: API Level / Android Version 1308 1400 Percentage of all EnigmaSim installs 50.0% 1200 40.0% 1000 30.0% 800 600 20.0% 424 383 400 10.0% 195 159 200 27 19 49 48 0 0 2 0.0% 0 API level: 4 5 6 7 8 9 10 11 12 13 14 15 Version: 1.6 2.0 2.1 2.2 2.3 3.0 3.1 3.2 4.0 © Franklin Heath Ltd 02 June 2012 CC BY 3.0 15
Device-Specific Android Issues  Samsung Galaxy S app data directory bug  Android 4 XT9 soft keyb. ignores “no suggestion” flag  Android 1.6 ghost status bar on resume  System font changed in Android 4 (size changes)  Nook default dialog title colour different  Android 1.6 in-app billing hangs  Samsung Galaxy Note pixel density © Franklin Heath Ltd 02 June 2012 CC BY 3.0 16
Android Testing Strategy: Representative Devices  Most popular devices in the commonly used categories normal-hdpi 51.0% Samsung Galaxy S2 normal-mdpi 13.4% Samsung Galaxy Ace xlarge-mdpi 12.5% Asus EeePad Transformer TF101 small-ldpi 5.3% Samsung Galaxy Mini small-mdpi 4.8% Sony Ericsson Xperia X10 Mini Pro normal-xhdpi 4.5% Samsung Galaxy Nexus large-mdpi 4.4% Samsung Galaxy Tab large-xhdpi 2.5% Samsung Galaxy Note  How to avoid having to buy all these devices?  Remote access testing services (DeviceAnywhere, TestDroid) © Franklin Heath Ltd 02 June 2012 CC BY 3.0 17
Android Fragmentation: What Have We Learned?  Support for all versions/screens took 80% of our effort  But 70% installed on Android 2.x, 51% on “normal-hdpi”  Best strategy to release on a limited subset, at least initially?  Automated tests are essential  Overnight tests on 15 different emulated devices  Android extensions to JUnit are extremely flaky  Unpredictable data corruption caused by test framework,we gave up  MonkeyRunner is usable but still unreliable  We will be looking at Robotium in future  Remote access could help with device-specific issues © Franklin Heath Ltd 02 June 2012 CC BY 3.0 18
The Crypto Lessons that Enigma and Bletchley Park Can Teach Us  Don’t assume that key length is equivalent to security  User-selected passwords may be the weakest link  Plan for your keys to be compromised  Use really random numbers, not random-looking ones  Don't underestimate the attacker © Franklin Heath Ltd 02 June 2012 CC BY 3.0 19
Enigma Machine Key Length  4-rotor Enigma M4  2 possible reflectors  672 possible rotor choices  676 possible notch positions  532,985,208,200,576 possible combinations of plugs  456,976 possible starting positions  = 221,286,292,668,406,558,235,295,744 possible keys  Log2 gives equivalent binary key length: ~88 bits  This is still export-controlled!  Yet it could be broken with 70-year old mechanical technology  Key length isn’t the most important factor © Franklin Heath Ltd 02 June 2012 CC BY 3.0 20
Users Pick Poor Passwords  Many Enigma messages were read by guessing the message key that the operator chose (“Cillies”)  AAA BBB, QWE ASD, BER LIN, etc.  This was addressed later in the war by operational procedures  Daily settings used as a pseudo-random generator  Cryptographic keys need more entropy than users can supply in the form of a password  Salts, nonces, etc. © Franklin Heath Ltd 02 June 2012 CC BY 3.0 21
Plan for Key Compromise  “Pinches” were an important way into new Enigma networks  1941 HMS Tartar: code books from weather ship Lauenberg  1942 HMS Petard: machine and code books from U-559  1940 HMS Gleaner: rotors VI and VII from U-33  1941 HMS Somali: rotors and code books from armed trawler Krebs  1940 HMS Griffin: settings and cribs from armed trawler Polares  1941 HMS Somali: code books from weather ship München  1941 HMS Bulldog: machine and code books from U-110  They had emergency procedures to switch to other settings  Modern security systems need to have “renewability” too © Franklin Heath Ltd 02 June 2012 CC BY 3.0 22
Use Really Random Numbers  Don’t be tempted to interfere to make it look random  German cipher staff had rules for not repeating rotor order and not plugging adjacent letters  This significantly reduced the number of possible settings that needed to be tried on the Bombe  Many security vulnerabilities in modern systems are due to poor randomness  e.g. Debian OpenSSL vulnerability in 2008 © Franklin Heath Ltd 02 June 2012 CC BY 3.0 23
Don’t Underestimate the Enemy  German high command told Enigma was “unbreakable”  German cryptographers knew it was theoretically breakable, but thought no one would put in that much effort  Bletchley Park’s mathematical approach and production line methods led to industrial-scale cryptanalysis  Today: it only needs a handful of bright and bored attackers to find a “class break” and then millions of “script kiddies” can use it. © Franklin Heath Ltd 02 June 2012 CC BY 3.0 24
Questions?  If we have time! © Franklin Heath Ltd 02 June 2012 CC BY 3.0 25

Recommended

Final Chocolate Assignment
Final Chocolate AssignmentFinal Chocolate Assignment
Final Chocolate Assignmentclmacdonald
 
Deutsche EuroShop | Company Presentation | 01/10
Deutsche EuroShop | Company Presentation | 01/10Deutsche EuroShop | Company Presentation | 01/10
Deutsche EuroShop | Company Presentation | 01/10Deutsche EuroShop AG
 
Raddon Chart of the Day, December 22, 2011
Raddon Chart of the Day, December 22, 2011Raddon Chart of the Day, December 22, 2011
Raddon Chart of the Day, December 22, 2011Raddon Financial Group
 
Toronto Market Watch East
Toronto Market Watch EastToronto Market Watch East
Toronto Market Watch EastRichard Silver, Certified International REALTOR®
 
EOLE / OWF 12 - USA practices in m&a-l. philip odence (eole2012)
EOLE / OWF 12 - USA practices in m&a-l. philip odence (eole2012)EOLE / OWF 12 - USA practices in m&a-l. philip odence (eole2012)
EOLE / OWF 12 - USA practices in m&a-l. philip odence (eole2012)Paris Open Source Summit
 
parker hannifin _ar02
parker hannifin _ar02parker hannifin _ar02
parker hannifin _ar02finance25
 
Building Successful Free-to-Play Apps on Android
Building Successful Free-to-Play Apps on Android Building Successful Free-to-Play Apps on Android
Building Successful Free-to-Play Apps on Android Tapjoy
 
Chintay Shih — Role of Public Research Institutes
Chintay Shih — Role of Public Research InstitutesChintay Shih — Role of Public Research Institutes
Chintay Shih — Role of Public Research InstitutesRenata George
 

Recommended

Final Chocolate Assignment
Final Chocolate AssignmentFinal Chocolate Assignment
Final Chocolate Assignmentclmacdonald
 
Deutsche EuroShop | Company Presentation | 01/10
Deutsche EuroShop | Company Presentation | 01/10Deutsche EuroShop | Company Presentation | 01/10
Deutsche EuroShop | Company Presentation | 01/10Deutsche EuroShop AG
 
Raddon Chart of the Day, December 22, 2011
Raddon Chart of the Day, December 22, 2011Raddon Chart of the Day, December 22, 2011
Raddon Chart of the Day, December 22, 2011Raddon Financial Group
 
Toronto Market Watch East
Toronto Market Watch EastToronto Market Watch East
Toronto Market Watch EastRichard Silver, Certified International REALTOR®
 
EOLE / OWF 12 - USA practices in m&a-l. philip odence (eole2012)
EOLE / OWF 12 - USA practices in m&a-l. philip odence (eole2012)EOLE / OWF 12 - USA practices in m&a-l. philip odence (eole2012)
EOLE / OWF 12 - USA practices in m&a-l. philip odence (eole2012)Paris Open Source Summit
 
parker hannifin _ar02
parker hannifin _ar02parker hannifin _ar02
parker hannifin _ar02finance25
 
Building Successful Free-to-Play Apps on Android
Building Successful Free-to-Play Apps on Android Building Successful Free-to-Play Apps on Android
Building Successful Free-to-Play Apps on Android Tapjoy
 
Chintay Shih — Role of Public Research Institutes
Chintay Shih — Role of Public Research InstitutesChintay Shih — Role of Public Research Institutes
Chintay Shih — Role of Public Research InstitutesRenata George
 
Paper Enigma Machine
Paper Enigma MachinePaper Enigma Machine
Paper Enigma MachineMike Koss
 
Rotor Cipher and Enigma Machine
Rotor Cipher and Enigma MachineRotor Cipher and Enigma Machine
Rotor Cipher and Enigma MachineSaurabh Kaushik
 
Superficial Study on the Concept of Cryptography
Superficial Study on the Concept of CryptographySuperficial Study on the Concept of Cryptography
Superficial Study on the Concept of CryptographyMonil Adhikari
 
The enigma machine lesson 2
The enigma machine lesson 2The enigma machine lesson 2
The enigma machine lesson 24011cassandra
 
Enigma matemàtiques
Enigma matemàtiquesEnigma matemàtiques
Enigma matemàtiquesescolamura
 
The Engima Cipher
The Engima CipherThe Engima Cipher
The Engima Cipherguestfaf89d
 
Enigma
EnigmaEnigma
Enigmamaruanbenali
 
Enigma History
Enigma HistoryEnigma History
Enigma HistoryMike Koss
 
Cracking the Enigma Machine - Rejewski, Turing and the Math that saved the world
Cracking the Enigma Machine - Rejewski, Turing and the Math that saved the worldCracking the Enigma Machine - Rejewski, Turing and the Math that saved the world
Cracking the Enigma Machine - Rejewski, Turing and the Math that saved the worldBradYoung
 
History of cryptography
History of cryptographyHistory of cryptography
History of cryptographyFarah Shaikh
 
Cipher techniques
Cipher techniquesCipher techniques
Cipher techniquesMohd Arif
 
SPICE MODEL of GT10Q301 (Professional+FWDS LTspice Model) in SPICE PARK
SPICE MODEL of GT10Q301 (Professional+FWDS LTspice Model) in SPICE PARKSPICE MODEL of GT10Q301 (Professional+FWDS LTspice Model) in SPICE PARK
SPICE MODEL of GT10Q301 (Professional+FWDS LTspice Model) in SPICE PARKTsuyoshi Horigome
 
View from paper industry: energy management, Laurent De Munck, Cobelpa, Belgium
View from paper industry: energy management, Laurent De Munck, Cobelpa, BelgiumView from paper industry: energy management, Laurent De Munck, Cobelpa, Belgium
View from paper industry: energy management, Laurent De Munck, Cobelpa, BelgiumEuropeanPaper
 
SPICE MODEL of GT10Q301 (Professional+FWD+SP LTspice Model) in SPICE PARK
SPICE MODEL of GT10Q301 (Professional+FWD+SP LTspice Model) in SPICE PARKSPICE MODEL of GT10Q301 (Professional+FWD+SP LTspice Model) in SPICE PARK
SPICE MODEL of GT10Q301 (Professional+FWD+SP LTspice Model) in SPICE PARKTsuyoshi Horigome
 
SPICE MODEL of GT10Q301 (Professional+FWDP LTspice Model) in SPICE PARK
SPICE MODEL of GT10Q301 (Professional+FWDP LTspice Model) in SPICE PARKSPICE MODEL of GT10Q301 (Professional+FWDP LTspice Model) in SPICE PARK
SPICE MODEL of GT10Q301 (Professional+FWDP LTspice Model) in SPICE PARKTsuyoshi Horigome
 
Slidecast KBC
Slidecast KBCSlidecast KBC
Slidecast KBCFredcrie
 
From Technology to Product
From Technology to ProductFrom Technology to Product
From Technology to ProductSVPMA
 
ALIAVIS Company Profile
ALIAVIS Company ProfileALIAVIS Company Profile
ALIAVIS Company ProfileGAiazzi
 
Lego presentation slides
Lego presentation slidesLego presentation slides
Lego presentation slidesBurhan Saiyed
 
Senen Perlada, BETP (21 pm 2nd speaker )
Senen Perlada, BETP (21 pm 2nd speaker )Senen Perlada, BETP (21 pm 2nd speaker )
Senen Perlada, BETP (21 pm 2nd speaker )amrehjoy
 
E-Commerce Developments in Europe - Walter Devenuto, President EMOTA
E-Commerce Developments in Europe - Walter Devenuto, President EMOTAE-Commerce Developments in Europe - Walter Devenuto, President EMOTA
E-Commerce Developments in Europe - Walter Devenuto, President EMOTAWalter Devenuto
 
Videcon 4p And 3c Jaipur
Videcon 4p And 3c JaipurVidecon 4p And 3c Jaipur
Videcon 4p And 3c JaipurNijo Ninan
 

More Related Content

Viewers also liked

Paper Enigma Machine
Paper Enigma MachinePaper Enigma Machine
Paper Enigma MachineMike Koss
 
Rotor Cipher and Enigma Machine
Rotor Cipher and Enigma MachineRotor Cipher and Enigma Machine
Rotor Cipher and Enigma MachineSaurabh Kaushik
 
Superficial Study on the Concept of Cryptography
Superficial Study on the Concept of CryptographySuperficial Study on the Concept of Cryptography
Superficial Study on the Concept of CryptographyMonil Adhikari
 
The enigma machine lesson 2
The enigma machine lesson 2The enigma machine lesson 2
The enigma machine lesson 24011cassandra
 
Enigma matemàtiques
Enigma matemàtiquesEnigma matemàtiques
Enigma matemàtiquesescolamura
 
The Engima Cipher
The Engima CipherThe Engima Cipher
The Engima Cipherguestfaf89d
 
Enigma History
Enigma HistoryEnigma History
Enigma HistoryMike Koss
 
Cracking the Enigma Machine - Rejewski, Turing and the Math that saved the world
Cracking the Enigma Machine - Rejewski, Turing and the Math that saved the worldCracking the Enigma Machine - Rejewski, Turing and the Math that saved the world
Cracking the Enigma Machine - Rejewski, Turing and the Math that saved the worldBradYoung
 
History of cryptography
History of cryptographyHistory of cryptography
History of cryptographyFarah Shaikh
 
Cipher techniques
Cipher techniquesCipher techniques
Cipher techniquesMohd Arif
 

Viewers also liked (11)

Paper Enigma Machine
Paper Enigma MachinePaper Enigma Machine
Paper Enigma Machine
 
Rotor Cipher and Enigma Machine
Rotor Cipher and Enigma MachineRotor Cipher and Enigma Machine
Rotor Cipher and Enigma Machine
 
Superficial Study on the Concept of Cryptography
Superficial Study on the Concept of CryptographySuperficial Study on the Concept of Cryptography
Superficial Study on the Concept of Cryptography
 
The enigma machine lesson 2
The enigma machine lesson 2The enigma machine lesson 2
The enigma machine lesson 2
 
Enigma matemàtiques
Enigma matemàtiquesEnigma matemàtiques
Enigma matemàtiques
 
The Engima Cipher
The Engima CipherThe Engima Cipher
The Engima Cipher
 
Enigma
EnigmaEnigma
Enigma
 
Enigma History
Enigma HistoryEnigma History
Enigma History
 
Cracking the Enigma Machine - Rejewski, Turing and the Math that saved the world
Cracking the Enigma Machine - Rejewski, Turing and the Math that saved the worldCracking the Enigma Machine - Rejewski, Turing and the Math that saved the world
Cracking the Enigma Machine - Rejewski, Turing and the Math that saved the world
 
History of cryptography
History of cryptographyHistory of cryptography
History of cryptography
 
Cipher techniques
Cipher techniquesCipher techniques
Cipher techniques
 

Similar to Android Enigma Simulator Fundraises for Bletchley Park

SPICE MODEL of GT10Q301 (Professional+FWDS LTspice Model) in SPICE PARK
SPICE MODEL of GT10Q301 (Professional+FWDS LTspice Model) in SPICE PARKSPICE MODEL of GT10Q301 (Professional+FWDS LTspice Model) in SPICE PARK
SPICE MODEL of GT10Q301 (Professional+FWDS LTspice Model) in SPICE PARKTsuyoshi Horigome
 
View from paper industry: energy management, Laurent De Munck, Cobelpa, Belgium
View from paper industry: energy management, Laurent De Munck, Cobelpa, BelgiumView from paper industry: energy management, Laurent De Munck, Cobelpa, Belgium
View from paper industry: energy management, Laurent De Munck, Cobelpa, BelgiumEuropeanPaper
 
SPICE MODEL of GT10Q301 (Professional+FWD+SP LTspice Model) in SPICE PARK
SPICE MODEL of GT10Q301 (Professional+FWD+SP LTspice Model) in SPICE PARKSPICE MODEL of GT10Q301 (Professional+FWD+SP LTspice Model) in SPICE PARK
SPICE MODEL of GT10Q301 (Professional+FWD+SP LTspice Model) in SPICE PARKTsuyoshi Horigome
 
SPICE MODEL of GT10Q301 (Professional+FWDP LTspice Model) in SPICE PARK
SPICE MODEL of GT10Q301 (Professional+FWDP LTspice Model) in SPICE PARKSPICE MODEL of GT10Q301 (Professional+FWDP LTspice Model) in SPICE PARK
SPICE MODEL of GT10Q301 (Professional+FWDP LTspice Model) in SPICE PARKTsuyoshi Horigome
 
Slidecast KBC
Slidecast KBCSlidecast KBC
Slidecast KBCFredcrie
 
From Technology to Product
From Technology to ProductFrom Technology to Product
From Technology to ProductSVPMA
 
ALIAVIS Company Profile
ALIAVIS Company ProfileALIAVIS Company Profile
ALIAVIS Company ProfileGAiazzi
 
Lego presentation slides
Lego presentation slidesLego presentation slides
Lego presentation slidesBurhan Saiyed
 
Senen Perlada, BETP (21 pm 2nd speaker )
Senen Perlada, BETP (21 pm 2nd speaker )Senen Perlada, BETP (21 pm 2nd speaker )
Senen Perlada, BETP (21 pm 2nd speaker )amrehjoy
 
E-Commerce Developments in Europe - Walter Devenuto, President EMOTA
E-Commerce Developments in Europe - Walter Devenuto, President EMOTAE-Commerce Developments in Europe - Walter Devenuto, President EMOTA
E-Commerce Developments in Europe - Walter Devenuto, President EMOTAWalter Devenuto
 
Videcon 4p And 3c Jaipur
Videcon 4p And 3c JaipurVidecon 4p And 3c Jaipur
Videcon 4p And 3c JaipurNijo Ninan
 
SPICE MODEL of LQH44PN220MP0 in SPICE PARK
SPICE MODEL of LQH44PN220MP0 in SPICE PARKSPICE MODEL of LQH44PN220MP0 in SPICE PARK
SPICE MODEL of LQH44PN220MP0 in SPICE PARKTsuyoshi Horigome
 
CMD2012 - Niklas Sonkin - Market Area Central Europe and Eurasia
CMD2012 - Niklas Sonkin - Market Area Central Europe and EurasiaCMD2012 - Niklas Sonkin - Market Area Central Europe and Eurasia
CMD2012 - Niklas Sonkin - Market Area Central Europe and EurasiaTele2
 
SPICE MODEL of C4D20120D LTspice Model (Professional Model) in SPICE PARK
SPICE MODEL of C4D20120D LTspice Model (Professional Model) in SPICE PARKSPICE MODEL of C4D20120D LTspice Model (Professional Model) in SPICE PARK
SPICE MODEL of C4D20120D LTspice Model (Professional Model) in SPICE PARKTsuyoshi Horigome
 
SPICE MODEL of LQH55PN220MR0 in SPICE PARK
SPICE MODEL of LQH55PN220MR0 in SPICE PARKSPICE MODEL of LQH55PN220MR0 in SPICE PARK
SPICE MODEL of LQH55PN220MR0 in SPICE PARKTsuyoshi Horigome
 
Borderless Digital Commerce - Walter Devenuto, President EMOTA
Borderless Digital Commerce - Walter Devenuto, President EMOTABorderless Digital Commerce - Walter Devenuto, President EMOTA
Borderless Digital Commerce - Walter Devenuto, President EMOTAWalter Devenuto
 
Small Business Dec.2
Small Business Dec.2Small Business Dec.2
Small Business Dec.2JMcaninch
 
Top 100 Best Global Brands 2007
Top 100 Best Global Brands 2007 Top 100 Best Global Brands 2007
Top 100 Best Global Brands 2007 Targetseo.com
 

Similar to Android Enigma Simulator Fundraises for Bletchley Park (20)

SPICE MODEL of GT10Q301 (Professional+FWDS LTspice Model) in SPICE PARK
SPICE MODEL of GT10Q301 (Professional+FWDS LTspice Model) in SPICE PARKSPICE MODEL of GT10Q301 (Professional+FWDS LTspice Model) in SPICE PARK
SPICE MODEL of GT10Q301 (Professional+FWDS LTspice Model) in SPICE PARK
 
View from paper industry: energy management, Laurent De Munck, Cobelpa, Belgium
View from paper industry: energy management, Laurent De Munck, Cobelpa, BelgiumView from paper industry: energy management, Laurent De Munck, Cobelpa, Belgium
View from paper industry: energy management, Laurent De Munck, Cobelpa, Belgium
 
SPICE MODEL of GT10Q301 (Professional+FWD+SP LTspice Model) in SPICE PARK
SPICE MODEL of GT10Q301 (Professional+FWD+SP LTspice Model) in SPICE PARKSPICE MODEL of GT10Q301 (Professional+FWD+SP LTspice Model) in SPICE PARK
SPICE MODEL of GT10Q301 (Professional+FWD+SP LTspice Model) in SPICE PARK
 
SPICE MODEL of GT10Q301 (Professional+FWDP LTspice Model) in SPICE PARK
SPICE MODEL of GT10Q301 (Professional+FWDP LTspice Model) in SPICE PARKSPICE MODEL of GT10Q301 (Professional+FWDP LTspice Model) in SPICE PARK
SPICE MODEL of GT10Q301 (Professional+FWDP LTspice Model) in SPICE PARK
 
Slidecast KBC
Slidecast KBCSlidecast KBC
Slidecast KBC
 
From Technology to Product
From Technology to ProductFrom Technology to Product
From Technology to Product
 
ALIAVIS Company Profile
ALIAVIS Company ProfileALIAVIS Company Profile
ALIAVIS Company Profile
 
Lego presentation slides
Lego presentation slidesLego presentation slides
Lego presentation slides
 
Senen Perlada, BETP (21 pm 2nd speaker )
Senen Perlada, BETP (21 pm 2nd speaker )Senen Perlada, BETP (21 pm 2nd speaker )
Senen Perlada, BETP (21 pm 2nd speaker )
 
E-Commerce Developments in Europe - Walter Devenuto, President EMOTA
E-Commerce Developments in Europe - Walter Devenuto, President EMOTAE-Commerce Developments in Europe - Walter Devenuto, President EMOTA
E-Commerce Developments in Europe - Walter Devenuto, President EMOTA
 
Videcon 4p And 3c Jaipur
Videcon 4p And 3c JaipurVidecon 4p And 3c Jaipur
Videcon 4p And 3c Jaipur
 
SPICE MODEL of LQH44PN220MP0 in SPICE PARK
SPICE MODEL of LQH44PN220MP0 in SPICE PARKSPICE MODEL of LQH44PN220MP0 in SPICE PARK
SPICE MODEL of LQH44PN220MP0 in SPICE PARK
 
CMD2012 - Niklas Sonkin - Market Area Central Europe and Eurasia
CMD2012 - Niklas Sonkin - Market Area Central Europe and EurasiaCMD2012 - Niklas Sonkin - Market Area Central Europe and Eurasia
CMD2012 - Niklas Sonkin - Market Area Central Europe and Eurasia
 
SPICE MODEL of C4D20120D LTspice Model (Professional Model) in SPICE PARK
SPICE MODEL of C4D20120D LTspice Model (Professional Model) in SPICE PARKSPICE MODEL of C4D20120D LTspice Model (Professional Model) in SPICE PARK
SPICE MODEL of C4D20120D LTspice Model (Professional Model) in SPICE PARK
 
SPICE MODEL of LQH55PN220MR0 in SPICE PARK
SPICE MODEL of LQH55PN220MR0 in SPICE PARKSPICE MODEL of LQH55PN220MR0 in SPICE PARK
SPICE MODEL of LQH55PN220MR0 in SPICE PARK
 
Videocon ppt
Videocon pptVideocon ppt
Videocon ppt
 
Ucb 2
Ucb 2Ucb 2
Ucb 2
 
Borderless Digital Commerce - Walter Devenuto, President EMOTA
Borderless Digital Commerce - Walter Devenuto, President EMOTABorderless Digital Commerce - Walter Devenuto, President EMOTA
Borderless Digital Commerce - Walter Devenuto, President EMOTA
 
Small Business Dec.2
Small Business Dec.2Small Business Dec.2
Small Business Dec.2
 
Top 100 Best Global Brands 2007
Top 100 Best Global Brands 2007 Top 100 Best Global Brands 2007
Top 100 Best Global Brands 2007
 

More from Craig Heath

DC4420 Bluetooth Security
DC4420 Bluetooth SecurityDC4420 Bluetooth Security
DC4420 Bluetooth SecurityCraig Heath
 
What Security Do You Need From Low-Power Wide-Area Networks?
What Security Do You Need From Low-Power Wide-Area Networks?What Security Do You Need From Low-Power Wide-Area Networks?
What Security Do You Need From Low-Power Wide-Area Networks?Craig Heath
 
The Future of Computer Security and Cybercrime
The Future of Computer Security and CybercrimeThe Future of Computer Security and Cybercrime
The Future of Computer Security and CybercrimeCraig Heath
 
Smartphone Platform Security - What can we learn from Symbian?
Smartphone Platform Security - What can we learn from Symbian?Smartphone Platform Security - What can we learn from Symbian?
Smartphone Platform Security - What can we learn from Symbian?Craig Heath
 
Security Lessons from Bletchley Park and Enigma
Security Lessons from Bletchley Park and EnigmaSecurity Lessons from Bletchley Park and Enigma
Security Lessons from Bletchley Park and EnigmaCraig Heath
 
Security Lessons from Bletchley Park and Enigma
Security Lessons from Bletchley Park and EnigmaSecurity Lessons from Bletchley Park and Enigma
Security Lessons from Bletchley Park and EnigmaCraig Heath
 
Mobile Security Sticks and Carrots
Mobile Security Sticks and CarrotsMobile Security Sticks and Carrots
Mobile Security Sticks and CarrotsCraig Heath
 
People Power in Your Pocket
People Power in Your PocketPeople Power in Your Pocket
People Power in Your PocketCraig Heath
 

More from Craig Heath (8)

DC4420 Bluetooth Security
DC4420 Bluetooth SecurityDC4420 Bluetooth Security
DC4420 Bluetooth Security
 
What Security Do You Need From Low-Power Wide-Area Networks?
What Security Do You Need From Low-Power Wide-Area Networks?What Security Do You Need From Low-Power Wide-Area Networks?
What Security Do You Need From Low-Power Wide-Area Networks?
 
The Future of Computer Security and Cybercrime
The Future of Computer Security and CybercrimeThe Future of Computer Security and Cybercrime
The Future of Computer Security and Cybercrime
 
Smartphone Platform Security - What can we learn from Symbian?
Smartphone Platform Security - What can we learn from Symbian?Smartphone Platform Security - What can we learn from Symbian?
Smartphone Platform Security - What can we learn from Symbian?
 
Security Lessons from Bletchley Park and Enigma
Security Lessons from Bletchley Park and EnigmaSecurity Lessons from Bletchley Park and Enigma
Security Lessons from Bletchley Park and Enigma
 
Security Lessons from Bletchley Park and Enigma
Security Lessons from Bletchley Park and EnigmaSecurity Lessons from Bletchley Park and Enigma
Security Lessons from Bletchley Park and Enigma
 
Mobile Security Sticks and Carrots
Mobile Security Sticks and CarrotsMobile Security Sticks and Carrots
Mobile Security Sticks and Carrots
 
People Power in Your Pocket
People Power in Your PocketPeople Power in Your Pocket
People Power in Your Pocket
 

Recently uploaded

SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxVishalSingh1417
 
General AI for Medical Educators April 2024
General AI for Medical Educators April 2024General AI for Medical Educators April 2024
General AI for Medical Educators April 2024Janet Corral
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...christianmathematics
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhikauryashika82
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDThiyagu K
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpinRaunakKeshri1
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfAdmir Softic
 

Recently uploaded (20)

INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
General AI for Medical Educators April 2024
General AI for Medical Educators April 2024General AI for Medical Educators April 2024
General AI for Medical Educators April 2024
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 

Android Enigma Simulator Fundraises for Bletchley Park

  • 1. Fund Raising with an Android Enigma Machine Simulator 02 June 2012 Franklin Heath Ltd
  • 2. What Shall We Talk About?  How the World War II Enigma machine works  Potential for mobile apps to raise money for charities  How bad is Android fragmentation and how best to deal with it  What mechanical cryptography can teach us about today's security software © Franklin Heath Ltd 02 June 2012 CC BY 3.0 2
  • 3. Android Enigma Simulator: Why?  2012 is Alan Turing’s centenary year  One of Bletchley Park’s “Wicked Uncles” working on Enigma  Real WWII Enigma machines can cost > $200,000  Touch screen animation gives an idea of the real thing  Education  Strong cryptography existed before computers  Fund raising  Bletchley Park Trust needs matching funds to restore the site  Experiment in Android development and monetisation © Franklin Heath Ltd 02 June 2012 CC BY 3.0 3
  • 4. Bletchley Park’s “Wicked Uncles”  Senior codebreakers recruited in 1939  Introduced mathematical and mechanised methods  1941 memo delivered to P.M Winston Churchill  Response: “Make sure they have all they want on extreme priority and report to me that this had been done.” Alan Turing 1912-1954 Stuart Milner-Barry 1906-1995 Hugh Alexander 1909-1974 Gordon Welchman 1906-1985 © Franklin Heath Ltd 02 June 2012 CC BY 3.0 4
  • 5. Enigma Machine Components Scrambler Rotors and reflector Output Battery-powered lamps Input Keys (switch and lever) Plug Board Static, swaps letters © Franklin Heath Ltd 02 June 2012 CC BY 3.0 5
  • 6. Enigma Machine Components Scrambler Rotors and reflector Output Battery-powered lamps Input Keys (switch and lever) © Franklin Heath Ltd 02 June 2012 CC BY 3.0 6
  • 7. Fully Functional Paper Model © Franklin Heath Ltd 02 June 2012 CC BY 3.0 7
  • 8. Enigma Simulator App Demo © Franklin Heath Ltd 02 June 2012 CC BY 3.0 8
  • 9. Google Play International Reach 0% 5% 10% 15% 20% 25% 30% USA 670 UK 450 Germany 264 Spain 151 Top 20 countries (of 99) Italy 112 Poland 111 Netherlands 63 Australia 61 France 59 Canada 47 Czech Republic 46 Brazil 45 Croatia 44 Sweden 43 India 41 Turkey 39 Mexico 35 Hungary 33 Indonesia 30 0 Finland 27 100 200 300 400 500 600 700 800 © Franklin Heath Ltd 02 June 2012 CC BY 3.0 9
  • 10. Revenue Stats (by 2012 Week Nos.) 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 300 £15.00 In-App. Payments 250 £12.50 Advert. Revenue Nook Sales 200 £10.00 New Installs Revenue 150 £7.50 100 £5.00 50 £2.50 0 £0.00 © Franklin Heath Ltd 02 June 2012 CC BY 3.0 10
  • 11. How the Revenue Divides Up  Google Play (user charged £1)  17p to Her Majesty’s Revenue and Customs (V.A.T.)  25p to Google (30% Android billing fee)  29p to us (until development costs covered)  29p to the Bletchley Park Trust  AdMob (variable rates per click)  Remitted in $US so no V.A.T. due  50% to the Bletchley Park Trust  Nook sales (user charged $2.49)  $0.75 to Barnes & Noble (30% transaction fee)  $0.87 to us  $0.87 to the Bletchley Park Trust © Franklin Heath Ltd 02 June 2012 CC BY 3.0 11
  • 12. Fundraising: What Have We Learned?  People will donate using in-app billing  ~ 2% of ~2,700 installs so far  People do click on in-app advertisements  ~ 0.8% of ~36,000 impressions so far  Revenue so far is low  Street corner tin rattling could have been more productive!  BUT software revenue scales effortlessly, so good potential  What we need to do better  Marketing (increase awareness and donations)  Continuing user engagement (increase ad revenue) © Franklin Heath Ltd 02 June 2012 CC BY 3.0 12
  • 13. Android Testing Strategy  448 different device models in 2864 installs!  Clearly impossible to test on every device  What is the best mix of devices to test on?  Use Android resource qualifiers to identify categories  “small” → “xlarge”, “ldpi” → “xhdpi”  Using Android’s layout engine to adapt to different screens  Also need to cover all supported Android API levels  We don’t support Android 1.5  0.23% of category, mandates extra permissions for compatibility © Franklin Heath Ltd 02 June 2012 CC BY 3.0 13
  • 14. Android Device Variability: Screen Size and Density 60% 1600 ldpi Percentage of all EnigmaSim installs 1370 mdpi 1400 50% hdpi 1200 40% xhdpi 1000 30% 800 600 20% 359 335 400 10% 142 129 120 119 200 67 1 16 0 0 4 26 0 0 0% 0 small normal large xlarge © Franklin Heath Ltd 02 June 2012 CC BY 3.0 14
  • 15. Android Device Variability: API Level / Android Version 1308 1400 Percentage of all EnigmaSim installs 50.0% 1200 40.0% 1000 30.0% 800 600 20.0% 424 383 400 10.0% 195 159 200 27 19 49 48 0 0 2 0.0% 0 API level: 4 5 6 7 8 9 10 11 12 13 14 15 Version: 1.6 2.0 2.1 2.2 2.3 3.0 3.1 3.2 4.0 © Franklin Heath Ltd 02 June 2012 CC BY 3.0 15
  • 16. Device-Specific Android Issues  Samsung Galaxy S app data directory bug  Android 4 XT9 soft keyb. ignores “no suggestion” flag  Android 1.6 ghost status bar on resume  System font changed in Android 4 (size changes)  Nook default dialog title colour different  Android 1.6 in-app billing hangs  Samsung Galaxy Note pixel density © Franklin Heath Ltd 02 June 2012 CC BY 3.0 16
  • 17. Android Testing Strategy: Representative Devices  Most popular devices in the commonly used categories normal-hdpi 51.0% Samsung Galaxy S2 normal-mdpi 13.4% Samsung Galaxy Ace xlarge-mdpi 12.5% Asus EeePad Transformer TF101 small-ldpi 5.3% Samsung Galaxy Mini small-mdpi 4.8% Sony Ericsson Xperia X10 Mini Pro normal-xhdpi 4.5% Samsung Galaxy Nexus large-mdpi 4.4% Samsung Galaxy Tab large-xhdpi 2.5% Samsung Galaxy Note  How to avoid having to buy all these devices?  Remote access testing services (DeviceAnywhere, TestDroid) © Franklin Heath Ltd 02 June 2012 CC BY 3.0 17
  • 18. Android Fragmentation: What Have We Learned?  Support for all versions/screens took 80% of our effort  But 70% installed on Android 2.x, 51% on “normal-hdpi”  Best strategy to release on a limited subset, at least initially?  Automated tests are essential  Overnight tests on 15 different emulated devices  Android extensions to JUnit are extremely flaky  Unpredictable data corruption caused by test framework,we gave up  MonkeyRunner is usable but still unreliable  We will be looking at Robotium in future  Remote access could help with device-specific issues © Franklin Heath Ltd 02 June 2012 CC BY 3.0 18
  • 19. The Crypto Lessons that Enigma and Bletchley Park Can Teach Us  Don’t assume that key length is equivalent to security  User-selected passwords may be the weakest link  Plan for your keys to be compromised  Use really random numbers, not random-looking ones  Don't underestimate the attacker © Franklin Heath Ltd 02 June 2012 CC BY 3.0 19
  • 20. Enigma Machine Key Length  4-rotor Enigma M4  2 possible reflectors  672 possible rotor choices  676 possible notch positions  532,985,208,200,576 possible combinations of plugs  456,976 possible starting positions  = 221,286,292,668,406,558,235,295,744 possible keys  Log2 gives equivalent binary key length: ~88 bits  This is still export-controlled!  Yet it could be broken with 70-year old mechanical technology  Key length isn’t the most important factor © Franklin Heath Ltd 02 June 2012 CC BY 3.0 20
  • 21. Users Pick Poor Passwords  Many Enigma messages were read by guessing the message key that the operator chose (“Cillies”)  AAA BBB, QWE ASD, BER LIN, etc.  This was addressed later in the war by operational procedures  Daily settings used as a pseudo-random generator  Cryptographic keys need more entropy than users can supply in the form of a password  Salts, nonces, etc. © Franklin Heath Ltd 02 June 2012 CC BY 3.0 21
  • 22. Plan for Key Compromise  “Pinches” were an important way into new Enigma networks  1941 HMS Tartar: code books from weather ship Lauenberg  1942 HMS Petard: machine and code books from U-559  1940 HMS Gleaner: rotors VI and VII from U-33  1941 HMS Somali: rotors and code books from armed trawler Krebs  1940 HMS Griffin: settings and cribs from armed trawler Polares  1941 HMS Somali: code books from weather ship München  1941 HMS Bulldog: machine and code books from U-110  They had emergency procedures to switch to other settings  Modern security systems need to have “renewability” too © Franklin Heath Ltd 02 June 2012 CC BY 3.0 22
  • 23. Use Really Random Numbers  Don’t be tempted to interfere to make it look random  German cipher staff had rules for not repeating rotor order and not plugging adjacent letters  This significantly reduced the number of possible settings that needed to be tried on the Bombe  Many security vulnerabilities in modern systems are due to poor randomness  e.g. Debian OpenSSL vulnerability in 2008 © Franklin Heath Ltd 02 June 2012 CC BY 3.0 23
  • 24. Don’t Underestimate the Enemy  German high command told Enigma was “unbreakable”  German cryptographers knew it was theoretically breakable, but thought no one would put in that much effort  Bletchley Park’s mathematical approach and production line methods led to industrial-scale cryptanalysis  Today: it only needs a handful of bright and bored attackers to find a “class break” and then millions of “script kiddies” can use it. © Franklin Heath Ltd 02 June 2012 CC BY 3.0 24
  • 25. Questions?  If we have time! © Franklin Heath Ltd 02 June 2012 CC BY 3.0 25