Anastasia Malashina, a doctoral student at HSE University, has proposed a new method to assess vulnerabilities in encryption systems, which is based on a brute-force search of possible options of symbol deciphering. The algorithm was also implemented in a program, which can be used to find vulnerabilities in ciphers.
Most of online messages are sent in encrypted form since open communication channels are not protected from data interception. Messengers, cloud services, banking systems–all of these need to be protected from data breaches. The problem of data encryption is one of the main issues for cryptographers.
The problem of cipher vulnerability search
The problem of cipher vulnerability search is always a relevant one. To avoid hacks, it is necessary to reinforce the cipher protection from leaks and to test encryption systems for vulnerabilities.
All ciphers can be split into two big classes: block ciphers and stream ciphers. Stream data has a big advantage: they provide an acceptable speed of information transmission, suitable for images and videos.
Stream ciphering is based on a combination of data with random sequencing on a special algorithm. Special keys are used for this kind of ciphering. There are many requirements to the keys, so that the data coded with their use can be produced and stored. Meanwhile, it is not always possible to ensure that a reliable key is used. That’s why stream ciphering systems need to be pre-tested for vulnerabilities.
“I was interested in not only suggesting an algorithm that is able to detect the initial text of a transmitted message, but to find opportunities to restore the text both theoretically and practically in a direct way, without finding the key,” said Anastasia Malashina.
How it works
To find vulnerabilities, she used a method that helps assess the possibility of restoring separate parts of a message without a key, in case a vulnerable cipher is used or there is a leak in the communication channel.
The algorithm uses information about possible options for each of the ciphered symbols in the initial message and brutally searches the values for all the other symbols. In case the initial cipher has a vulnerability, this method helps detect it.
The suggested algorithm was implemented in a special program, part of which has recently been patented. This program helps assess encryption systems’ reliability and breach risks in case of data leaks.
“During my study, I looked at a corpus of social-political texts, and an open corpus of Russian language. A statistical analysis of dictionaries helped me assess the entropy of texts, for which I later assessed the possibility of partial deciphering. Furthermore, corpus-based dictionaries are used in the experimental part of the study to implement a dictionary-based attack. Similar results for the English language were reached based on the iWeb corpus,” said Malashina.