The Cybersecurity Imitation Game, or how much is your security worth

Opinion Piece – Neil Martin, Panda Security

Alan Turing, born on 23 June 1912, was recently announced by the Bank of England as the face of the new £50 note due to enter circulation next year.

Alan Turing banknote concept – the Bank of England
Alan Turing banknote concept – the Bank of England

He joins a select group including politician Sir Winston Churchill (£5), writer Jane Austin (£10) and painter Joseph Turner (£20), as the faces of these new polymer bank notes – designed for greater security and resilience.

Alan Turing’s lasting legacy is the Turing Test (which he dubbed The Imitation Game – the title of the 2014 film loosely based on his life) from his 1950 paper “Computing Machinery and Intelligence”, where he hypothesised “A computer would deserve to be called intelligent if it could deceive a human into believing that it was human“. This can be seen as the start of the search for Artificial Intelligence.

Turing Machine

A completely original mathematical thinker, fellow of King’s College, Cambridge, and Olympic-class marathon runner, Turing created a theoretical machine that changed the course of history.

In his seminal Computable Numbers paper, first published in 1936, Turing conceived of a mechanical computing device, vastly superior to human capabilities, able to compute the vast numbers of mathematical calculations needed to solve the Entscheidungsproblem—a problem that had been stumping the mathematical world for the previous decade

He achieved this by taking the pure mathematics required back to first principles in order to teach his “Turing” machine how to identify whether a specific mathematical theorem was essentially incomputable.

It is possible to invent a single machine which can be used to compute any computable sequence.”

Such universal computers as the Turing machine are the basis for all smartphones, laptops, and the Internet.

The Turing machine remained theoretical, way ahead of the level of technology available. But Turing continued to work towards a mechanical brain, using the burgeoning electronics available. Prior to World War II, while studying cryptology at Princeton College, Turing constructed an electromechanical binary multiplier, supposedly built upon a wooden breadboard taken from the kitchen of his lodgings.

Deus Ex Machina

Upon his return England in 1939, Turing was recruited to the Government Code and Cypher School (GC&CS) at Bletchley Park, working to try and crack the German military Enigma codes.

At this time the chief code-breaking technique was the manual paper Zygalski sheets method, attempting to match the encryption cypher used by the German Enigma machines, which changed every day. The Enigma machines at the time had three alphabet rotors, giving 105,456 machine states (26 states for each of the three rotors and 6 rotor orders) for each day.

Within weeks of arrival Turing submitted designs for an advanced electromechanical device—the Bombe—combining superior technology to increase calculation speed with innovative data analytical techniques to identify probable “plaintext”, arising from fallible German message operators believing the Enigma to be unbreakable.

The first British Bombe was installed at Bletchley in March 1940, and proved to be orders of magnitude superior to the Zygalski method.  The Allies were finally starting to break some of the Enigma codes, allowing them to guide their merchant fleets on safer courses.

While decryption of German U-boat Enigma messages allowed many supply ships to safely traverse the Atlantic, it emerged that part of the British merchant shipping fleet was using of obsolete code-book techniques, making it easy for the Germans to decipher their new movements—proving your security is only as strong as your weakest point.

A constant battle between Enigma improvements and more powerful code breaking techniques and technology, continued throughout the war. With the Germans upgrading their U-boat Enigmas with additional rotors and plug-boards increasing the total permutations to over 150 trillion (billion billion) possible states. This is a 1.4 billion-fold increase in permutations, was well above Moore’s Law rate hypothesised three decades later.

Turing’s theories on data analytics and probability were key in the development and design of ‘Colossus’, the first electronic digital programmable computer. Colossus and its sibling machines had a vast impact on the outcome of the war, allowing the Allies to decrypt a vast amount of high-level German military intelligence. This was the power of the electronic computers and intelligence of humans working together in harmony to counter the threat of German military code skills and cutting edge mechanical ingenuity.

The Birth of Computers

Following the war, Alan Turing began work at the National Physical Laboratory, where he laid out the specifications for the Automated Computing Engine (ACE), one of the first designs for an electronic stored-program computer.

Turing’s ACE design called for as simple as possible hardware, for maximum flexibility, with “very large indeed” (25KB) high speed system memory, accessed at a speed of 1 MHz.

Working on ACE and an alternative computer at Manchester University, Turing requested a number of capabilities, now standard in everyday computing, including: Conditional branching (Boolean), the Floating Point concept, Relationship Tables, and, for ease of access to these colossal machines, remote terminals using phone equipment (Cloud Computing).

In 1950 his paper “Computing Machinery and Intelligence”, he developed a criteria known as a Turing Test to determine whether a machine can think: the foundation of Artificial Intelligence.

To answer that question, he came up with the second of his famous thought experiments, The Imitation Game (now known as the Turing test), in which a person poses questions via teletype to two interlocutors, one a human, the other a computer. If the questioner cannot tell the difference between them, then we must grant that the machine thinks.

Turing suggested that by the year 2000 the average interrogator would have less than a 70% chance of making the right decision after five minutes of questioning.

Even humble smartphones have hundreds of thousands of times the storage capacity Turing thought would be required and orders of magnitude more processing power, yet passing the test still seems a long way off.

This is reflected in the relative efficacy of a legacy of Alan Turing, the CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart)—tests stopping ‘bots from completing webforms. It turns out that even today computers are very poor at determining deformed letters, or telling dogs from cats.

Cybersecurity Imitation Game

When Turing arrived at Bletchley Park, the Zygalski sheets methodology being used could be considered the equivalent of early antivirus signature files, matching each identically and requiring a precise match.

Turing’s input into the Bombe & Colossus machines built upon this, being able to identify an imprecise but behaviourally expected match, similar to heuristic detection techniques.

Even with their massive advantages of speed and memory capacity, so far modern computer systems have proven to be fallible to attacks just as humans are.

“If a machine is expected to be infallible, it cannot also be intelligent.”

Hackers are using human intelligence to develop increasingly sophisticated cyberattacks, delivering the speed of machine actions while Imitating legitimate human user behaviour using techniques such as Living-off-the-Land or fileless malware.

Like the new Bank of England polymer notes, the latest solutions from Panda Security are designed for greater resilience and security.

Neil Martin – Panda Security

Our Endpoint Detection and Response (EDR) solution Panda Adaptive Defense 360 combines the best in layered detection technology with the experience, ingenuity and data analytics of experts at PandaLabs Security Operations Center, to deliver 100% attestation and automated threat hunting.

 

 

The post The Cybersecurity Imitation Game, or how much is your security worth appeared first on Panda Security Mediacenter.