August 9, 2021
Engineer turns error detection into 'secret language' for data security
Research into software error detection has led one Sandia National Laboratories engineer to develop a method—it works like two friends who speak their own language—to enhance the protection of digital content like email and social media messaging.
Celestino Corral is an electrical engineer who began working on error detection in digital code in 2018. Error detection is used in every electronic message sent between people, embedded in the code for that transmission.
"Let's say I want to send a message to someone. I want to make sure everything in that message is received exactly by that person," Corral explained. "A bit of code is generated for that message from the content of that specific message, which travels with the content to the recipient."
If the code behind the message seen by the receiver isn't the same one generated by the sender, there is at least one error.
Corral said errors in the code are "more common than most people think," however, there are limits to even the most robust form of error checking.
"So I began to ask where the weaknesses are," Corral said. "I thought about giving the system a fault and trying to figure out when we miss it. My original goal was to look at how can we reduce the risk of undetected errors."
But Corral discovered something else along the way.
"If someone is 'listening in' on my data, you can use different error-detection methods for each piece of content," he said. "The 'listener' will have to spend more time trying to figure out each way the error detection is used. I can also introduce intentional (or artificial) errors into the message that result in the same code. Eavesdroppers won't know about them and will be unable to read the message without fixing those specific errors."
Corral said manipulating error detection is a known practice, but it hasn't been used in this way to provide another layer of obfuscation and keep others from reading and using data.
"Think of it like two friends who decide to use a secret meaning behind common words only they know, and others don't," he explained. "The content is authentic and relevant to them, but gibberish and useless to others. Adding the wrinkle of introducing artificial errors may be considered a type of key during the error-detection process, and this would be the secret shared only between the source and recipient."
He says the method isn't encryption—which is deliberately scrambling the message or encoding it—but can be useful to prevent unauthorized persons from learning anything useful from online data. Basically, the method allows one to benefit from error detection and improved security at the same time.