一种基于密文特征的通用密码算法识别方案

IF 3.8 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications Pub Date : 2025-02-04 DOI:10.1016/j.jisa.2025.103984

Jiabao Li , Hanlin Sun , Zhanfei Du , Yaxuan Wang , Ke Yuan , Chunfu Jia

{"title":"一种基于密文特征的通用密码算法识别方案","authors":"Jiabao Li , Hanlin Sun , Zhanfei Du , Yaxuan Wang , Ke Yuan , Chunfu Jia","doi":"10.1016/j.jisa.2025.103984","DOIUrl":null,"url":null,"abstract":"<div><div>To assist relevant agencies in conducting security assessments of commercial cryptographic applications or establishing security monitoring and early warning mechanisms for cryptographic system, this paper proposes a generic cryptographic algorithm identification scheme based on ciphertext features and machine learning. The assessment agency generates a dataset with the information for testing and sends it to the testing server. Subsequently, the target agency server employs the cryptographic system to generate a ciphertext dataset, which is then transmitted to the testing server. By extracting features from the ciphertext and applying machine learning techniques, the cryptographic algorithms can be accurately identified on the testing server. Finally, the test results are generated and transmitted back to the assessment agency. This paper formally defines the scheme model and presents a detailed implementation. The scheme is primarily used in the security assessment of commercial cryptographic applications, allowing the assessment agency to analyze the obtained ciphertext files and determine whether the cryptographic algorithms meet specified requirements, as well as assess any potential risks. Notably, this approach avoids physical contact with cryptographic equipment and minimizes disruptions to the target agency’s normal operations during the assessment.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103984"},"PeriodicalIF":3.8000,"publicationDate":"2025-02-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A generic cryptographic algorithm identification scheme based on ciphertext features\",\"authors\":\"Jiabao Li , Hanlin Sun , Zhanfei Du , Yaxuan Wang , Ke Yuan , Chunfu Jia\",\"doi\":\"10.1016/j.jisa.2025.103984\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>To assist relevant agencies in conducting security assessments of commercial cryptographic applications or establishing security monitoring and early warning mechanisms for cryptographic system, this paper proposes a generic cryptographic algorithm identification scheme based on ciphertext features and machine learning. The assessment agency generates a dataset with the information for testing and sends it to the testing server. Subsequently, the target agency server employs the cryptographic system to generate a ciphertext dataset, which is then transmitted to the testing server. By extracting features from the ciphertext and applying machine learning techniques, the cryptographic algorithms can be accurately identified on the testing server. Finally, the test results are generated and transmitted back to the assessment agency. This paper formally defines the scheme model and presents a detailed implementation. The scheme is primarily used in the security assessment of commercial cryptographic applications, allowing the assessment agency to analyze the obtained ciphertext files and determine whether the cryptographic algorithms meet specified requirements, as well as assess any potential risks. Notably, this approach avoids physical contact with cryptographic equipment and minimizes disruptions to the target agency’s normal operations during the assessment.</div></div>\",\"PeriodicalId\":48638,\"journal\":{\"name\":\"Journal of Information Security and Applications\",\"volume\":\"89 \",\"pages\":\"Article 103984\"},\"PeriodicalIF\":3.8000,\"publicationDate\":\"2025-02-04\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Information Security and Applications\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S2214212625000225\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Security and Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2214212625000225","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

为了协助相关机构对商业密码应用进行安全评估或建立密码系统的安全监控预警机制，本文提出了一种基于密文特征和机器学习的通用密码算法识别方案。评估机构生成一个包含测试信息的数据集，并将其发送到测试服务器。随后，目标机构服务器使用加密系统生成密文数据集，然后将该数据集传输到测试服务器。通过从密文中提取特征并应用机器学习技术，可以在测试服务器上准确识别加密算法。最后，生成测试结果并传回评估机构。本文正式定义了方案模型，并给出了具体实现。该方案主要用于商业密码应用的安全评估，允许评估机构对获得的密文文件进行分析，判断加密算法是否满足规定的要求，并评估潜在的风险。值得注意的是，这种方法避免了与加密设备的物理接触，并在评估期间最大限度地减少了对目标机构正常运作的干扰。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

A generic cryptographic algorithm identification scheme based on ciphertext features

To assist relevant agencies in conducting security assessments of commercial cryptographic applications or establishing security monitoring and early warning mechanisms for cryptographic system, this paper proposes a generic cryptographic algorithm identification scheme based on ciphertext features and machine learning. The assessment agency generates a dataset with the information for testing and sends it to the testing server. Subsequently, the target agency server employs the cryptographic system to generate a ciphertext dataset, which is then transmitted to the testing server. By extracting features from the ciphertext and applying machine learning techniques, the cryptographic algorithms can be accurately identified on the testing server. Finally, the test results are generated and transmitted back to the assessment agency. This paper formally defines the scheme model and presents a detailed implementation. The scheme is primarily used in the security assessment of commercial cryptographic applications, allowing the assessment agency to analyze the obtained ciphertext files and determine whether the cryptographic algorithms meet specified requirements, as well as assess any potential risks. Notably, this approach avoids physical contact with cryptographic equipment and minimizes disruptions to the target agency’s normal operations during the assessment.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Journal of Information Security and Applications Computer Science-Computer Networks and Communications

CiteScore

10.90

自引率

5.40%

发文量

206

审稿时长

56 days

期刊介绍： Journal of Information Security and Applications (JISA) focuses on the original research and practice-driven applications with relevance to information security and applications. JISA provides a common linkage between a vibrant scientific and research community and industry professionals by offering a clear view on modern problems and challenges in information security, as well as identifying promising scientific and "best-practice" solutions. JISA issues offer a balance between original research work and innovative industrial approaches by internationally renowned information security experts and researchers.