Anastasia Malashina, a doctoral student at HSE University, has suggested a new approach for assessing encryption system vulnerabilities that is focused on a brute-force search of potential symbol deciphering options. The algorithm was also put into real-time use in a program that can be used to identify security vulnerabilities in ciphers.
Since open communication networks are not secured from data interception, the majority of online messages are sent in encrypted form. Data breaches should be secured around the board, including messengers, cloud services, and banking systems. One of the most pressing concerns for cryptographers is data encryption.
Challenges of Cipher Vulnerability Search
The issue of cipher vulnerability check is one that is always valid. To prevent hacks, cipher security from leaks must be strengthened, and encryption systems must be tested for vulnerabilities.
Block ciphers and stream ciphers are the two broad categories of ciphers. Stream data has a significant advantage: it allows for a reasonable rate of data transfer, which is ideal for images and videos.
Stream ciphering is based on a special algorithm that combines data with random sequencing. This form of ciphering necessitates the use of special keys. The keys must meet a number of criteria in order for the data coded with their use to be generated and stored. Meanwhile, ensuring that a trustworthy key is used is not always possible. As a result, stream ciphering systems must be pre-tested for flaws.
Commenting on the development, Anastasia Malashina, said “I was interested in not only suggesting an algorithm that is able to detect the initial text of a transmitted message, but to find opportunities to restore the text both theoretically and practically in a direct way, without finding the key,”
Working Mechanism
She used a tool to determine the probability of restoring separate sections of a message without a key in the event of a vulnerable cipher or a communication channel leak to identify vulnerabilities.
The algorithm searches the values for all the other symbols using information from the initial message about potential options for each of the ciphered symbols. This approach aids in the detection of a vulnerability in the initial cipher.
The proposed algorithm was implemented in a unique program that was recently copyrighted in part. This program aids in determining the security of encryption systems as well as the security risks in the event of a data breach.
Malashina said “During my study, I looked at a corpus of social-political texts, and an open corpus of Russian language. A statistical analysis of dictionaries helped me assess the entropy of texts, for which I later assessed the possibility of partial deciphering. Furthermore, corpus-based dictionaries are used in the experimental part of the study to implement a dictionary-based attack. Similar results for the English language were reached based on the iWeb corpus,”