News Release 

Researchers develop a programme to find cipher vulnerabilities

National Research University Higher School of Economics

Research News

Anastasia Malashina, a doctoral student at HSE University, has proposed a new method to assess vulnerabilities in encryption systems, which is based on a brute-force search of possible options of symbol deciphering. The algorithm was also implemented in a programme, which can be used to find vulnerabilities in ciphers. The results of the study were published in a paper 'Software development for the study of natural language characteristics'.

Most of online messages are sent in encrypted form since open communication channels are not protected from data interception. Messengers, cloud services, banking systems--all of these need to be protected from data breaches. The problem of data encryption is one of the main issues for cryptographers.

The problem of cipher vulnerability search is always a relevant one. To avoid hacks, it is necessary to reinforce the cipher protection from leaks and to test encryption systems for vulnerabilities.

All ciphers can be split into two big classes: block ciphers and stream ciphers. Stream data has a big advantage: they provide an acceptable speed of information transmission, suitable for images and videos.

Stream ciphering is based on a combination of data with random sequencing on a special algorithm. Special keys are used for this kind of ciphering. There are many requirements to the keys, so that the data coded with their use can be produced and stored. Meanwhile, it is not always possible to ensure that a reliable key is used. That's why stream ciphering systems need to be pre-tested for vulnerabilities.

'I was interested in not only suggesting an algorithm that is able to detect the initial text of a transmitted message, but to find opportunities to restore the text both theoretically and practically in a direct way, without finding the key,' said Anastasia Malashina.

To find vulnerabilities, she used a method that helps assess the possibility of restoring separate parts of a message without a key, in case a vulnerable cipher is used or there is a leak in the communication channel.

The algorithm uses information about possible options for each of the ciphered symbols in the initial message and brutally searches the values for all the other symbols. In case the initial cipher has a vulnerability, this method helps detect it.

The suggested algorithm was implemented in a special programme, part of which has recently been patented. This programme helps assess encryption systems' reliability and breach risks in case of data leaks.

'During my study, I looked at a corpus of social-political texts, and an open corpus of Russian language. A statistical analysis of dictionaries helped me assess the entropy of texts, for which I later assessed the possibility of partial deciphering. Furthermore, corpus-based dictionaries are used in the experimental part of the study to implement a dictionary-based attack. Similar results for the English language were reached based on the iWeb corpus,' said Malashina.


Disclaimer: AAAS and EurekAlert! are not responsible for the accuracy of news releases posted to EurekAlert! by contributing institutions or for the use of any information through the EurekAlert system.