On the Guard of Cyber SecurityMay 31, 2021
The last spring month dedicated to “New Threats and Challenges. Security” in the Year of Science and Technologies we have prepared for you a final review of the researches conducted by Project 5-100 universities within the framework of the May theme. Today agenda includes discoveries in the field of cybersecurity.
In the age of high technologies, when all information is accumulated on electronic media, it becomes more and more difficult to ensure the security of data storage and transmission. Employees of ETU "LETI" together with Smartilizer company are actively involved in this issue. Scientists have investigated a new approach to data analysis that does not require data transfer from the source to the place of analysis, which allows us to bring protection of the information security to a new level.
Modern network concepts involve collecting data from each device of the network and then transfer it to a centralized databank for analysis. For example, a smart house operates according to this principle: data from each device (water meters, heated floor, etc.) are transmitted to a mobile phone. The main disadvantages of this concept are huge volume of information received from devices, an increase in time for its analysis, an increase in network traffic, and the risk of unauthorized access to data by intruders.
Experts from the St. Petersburg State Electrotechnical University “LETI” have studied a new alternative approach, i.e. Federative Learning - an approach that allows you to analyze data locally, in the sources themselves, thereby reducing the load on the network and the risk of information leak.
Scientists tested the capabilities of systems from different companies using a federative learning approach: Google, Webank, Baidu, the OpenMined community, and others. “We compared and evaluated all of the open sources of federative learning libraries currently available. It turned out that in all three cases the approach gives accurate results <...> the technology of federative education itself is very relevant and is developing rapidly, "explains Ivan Kholod, Dean of the Faculty of Computer Technologies and Informatics, ETU LETI. For example, now, given the high load on servers that work with data on coronavirus infection, its spread and other aspects, using this technology will be possible to analyze data from different hospitals and compile statistics quickly. At the same time, the rights of patients will not be violated because information about them will not be transferred outside the hospital".
Scientists from the Siberian Federal University are working on the problem of cybersecurity in space. SibFU employees have developed a secure system for transmitting data via a satellite channel and their own software that will help to repel spoofing attacks - attacks by an intruder aimed at substituting information about the current time and geolocation of an object.
The operation principle of the system developed by the SibFU scientists at the leading Russian enterprise "Information satellite systems named after Academician M.F. Reshetnev”, is based on the analysis of the global navigation satellite system GLONASS. “The object of spoofing an attack on GNSS GLONASS is a navigation message. The object of the attack, that is, the victim, is the user's ground equipment - a receiver that picks up and decodes the navigation signal. A spoofing attack usually consists of 4 stages: reconnaissance, installation of auxiliary means (for example, the inconspicuous installation of a signal amplifier near the victim's transport). The third stage is a signal substitution, and the fourth is an object control. At the final stage, there is a slight change in the navigation data to the required ones. We offered our own methods of protection at each of these stages,”said Evgeny Khalturin, SibFU scientist.
The basis for the proposed methods was the use of an electronic signature. In the course of the research, the SibFU scientists considered 5 different algorithms to generate electronic signatures and offerd quantum security algorithms. The consistency of the developed software has been proven empirically: about 3 thousand program code lines were written without usage of available free code, the use of which could cause a system vulnerability.
In addition, while creating the library required for this software, the scientists offered to update the Burnickel-Ziegler algorithm which allows to reduce the number of processor operations, improving the performance of the whole system.
Since today almost all data is transmitted in encrypted form, the problem of assessing the vulnerability of encryption systems becomes relevant for all the network users. Anastasia Malashina, a postgraduate student at the Higher School of Economics, proposed a new method to assess the vulnerability of encryption systems, the basis of which was an enumeration of possible options for decrypting characters.
“It was interesting for me not only to offer an algorithm capable to detect the original text of the transmitted message but also to find the possibility of recovering the text both in theory and in practice directly - without defining a key,” the author of the work comments.
In order to solve the problem of finding a vulnerability, she considered a method that allows one to assess the possibility to recover without a key individual segments of a message while using a vulnerable cipher or leaks in the communication channel.
Using information about the possible variants of each of the encrypted symbols of the original message, the algorithm enumerates the values for all other symbols. This method makes it possible to detect a vulnerability in the original cipher, if any, makes it possible to assess the reliability of encryption systems and prevent attempts of unauthorized access to data in case of data leak.
In the modern world, information is a valuable asset, the possession of which allows you to manage almost all processes in the society. That is why the problem of information protection is topical not only for people themselves, but also for market players, states, law enforcement agencies. Scientists' research conducted at Project 5-100 universities was a decisive step towards solving this problem.