Communication security deals with attributes such as confidentiality, integrity, and availability. The current strategies used to achieve covertness of communication employs encryption. Encryption techniques minimize eavesdropping on the conversation between the conversing parties by transforming the message into an unreadable form. However, it does not prevent or discourage eavesdroppers from stealing and attempting to decrypt the encrypted messages using a brute-force attack or by randomly guessing the key. The probability of the eavesdropper acquiring the key and recovering the message is high as he/she can distinguish a correct key from incorrect keys based on the output of the decryption. This is because a message has some structure-texts, pictures, and videos. Thus, an attempt at decrypting with a wrong key yields random gibberish that does not comply with the expected structure. Furthermore, the consistent increase in computational power implies that stolen encrypted data may gradually debilitate to a brute-force attack. Thus, causing the eavesdropper to learn the content of the message. To this end, the objective of this research is to reinforce the current encryption measures with a decoy-based deception model where the eavesdropper is discouraged from stealing encrypted message by confounding his resources and time. Our proposed model leverages its foundation from decoys, deception, and artificial intelligence. An instant messaging application was developed and integrated with the proposed model as a proof of concept. Further details regarding the design, analysis, and implementation of the proposed model are substantiated. The result shows that the proposed model reinforces state-of-the-art encryption schemes and will serve as an effective component for discouraging eavesdropping and curtailing brute-force attack on encrypted messages.
Conventional encryption schemes are susceptible to brute-force attacks. This is because bytes encode utf8 (or ASCII) characters. Consequently, an adversary that intercepts a ciphertext and tries to decrypt the message by brute-forcing with an incorrect key can filter out some of the combinations of the decrypted message by observing that some of the sequences are a combination of characters which are distributed non-uniformly and form no plausible meaning. Honey encryption (HE) scheme was proposed to curtail this vulnerability of conventional encryption by producing ciphertexts yielding valid-looking, uniformly distributed but fake plaintexts upon decryption with incorrect keys. However, the scheme works for only passwords and PINS. Its adaptation to support encoding natural language messages (e-mails, human-generated documents) has remained an open problem. Existing proposals to extend the scheme to support encoding natural language messages reveals fragments of the plaintext in the ciphertext, hence, its susceptibility to chosen ciphertext attacks (CCA). In this paper, we modify the HE schemes to support the encoding of natural language messages using Natural Language Processing techniques. Our main contribution was creating a structure that allowed a message to be encoded entirely in binary. As a result of this strategy, most binary string produces syntactically correct messages which will be generated to deceive an attacker who attempts to decrypt a ciphertext using incorrect keys. We evaluate the security of our proposed scheme.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.