Novel algorithm may help prevent fraudulent online transactions

The technology involves random number generation with symmetric properties


Scientists have developed a new digital security algorithm which they say can help prevent fraudulent online transactions by increasing the randomness in the generation of user-authenticity tests like one-time passwords (OTPs) and CAPTCHA.

The algorithm, called BaReNPI, uses a software-based random number generator that makes it more difficult for cyber-attackers to crack compared to Advanced Encryption Standard 256 (AES 256) -- the current gold standard for electronic cryptographic encryption, the researchers said.

Lead scientist Geetha G, from Lovely Professional University (LPU) in Punjab, explained that BaReNPI is named after its unique properties -- balancedness, resiliency, non-linearity, propagation, and immunity.

"The main difference between our technology and the existing technologies are these properties. The existing technologies do not consider these five properties simultaneously, therefore, the outcomes of those technologies are application specific," Geetha said.

The technology involves random number generation with symmetric properties which are required by the security algorithms for the development of ciphers, or algorithms for performing encryption or decryption, as suggested by the National Institute of Standards and Technology (NIST), Geetha explained.

She said that security algorithms like BaReNPI are used by messaging apps like WhatsApp and many signal programmes like VeraCrypt in addition to a range of hardware and other applications to transmit data securely.

The need for such a system is not only applicable in India, it's a worldwide requirement to enhance the security of the existing ciphers by incorporating randomness in their features, the scientists said.

Geetha noted that NIST, which is one of the premier bodies for standardising the security algorithms, has also urged for randomness in ciphers which can be used for internet traffic easily.

BaReNPI is named after its unique properties -- balancedness, resiliency, non-linearity, propagation, and immunity

"The security of internet surfing is primarily dependent upon security algorithms applied in transport layer. All such cryptographic security algorithms are facing the problem of cryptanalysis, and therefore their robustness is required to be enhanced with the help of such BaReNPI," she said.

The researchers, including Rahul Saha and Gulshan Kumar, both Associate Professors at LPU, said that they have used properties of random numbers to develop a solution in the form of Symmetric Random Function Generator (SRFG) which brings randomness in the key generation process, thereby making their solution more efficient.

Noting that the algorithm may help make the security algorithms better in terms of performance and resistance to cyber attacks, the LPU scientist said in the coming days of internet of things (IoT), BaReNPI may be very useful with various devices for generating OTPs.

The scientists added that the SRFG offers three times better confusion property, which is the degree of ambiguity, and 53.7 per cent better avalanche effect -- a small change in input leading to a big change in output.

According to the research, published in the journal Security and Communication Networks, this makes BaReNPI better than AES on key parameters like nonlinearity, resiliency, balancedness, propagation characteristics, and immunity.

"In the current digital economy, computer system and network security are intended to achieve many purposes including confidentiality, authentication, non-repudiation and access control by the use of various security algorithms," Geetha said.

"BaReNPI has opened the path for further improvement of these security algorithms which eventually leads to better digital security and more secure social and economic encounters, she said.

The researchers added that web browser security algorithms can also be strengthened with BaReNPI.

Geetha said her team has filed a US-patent, and has bagged funding from the Department of Science and Technology (DST) for the hardware implementation of the algorithm.