Sandia LabNews

Sandia engineer turns error detection into ‘secret language’ for enhanced data security


Image of digital_600.png
ERROR USER — Electrical engineer Celestino Corral invented a way to use error-checking computer code to add a layer of security to email and digital messages.

Research into software error detection has led one Sandia engineer to develop a method to enhance the protection of digital content like email and social media messaging.

Celestino Corral is an electrical engineer who began working on error detection in digital code in 2018. Error detection is used in every electronic message sent between people, embedded in the code for that transmission.

“Let’s say I want to send a message to someone. I want to make sure everything in that message is received exactly by that person,” Celestino explained. “A bit of code is generated for that message from the content of that specific message, which travels with the content to the recipient.”

If the code behind the message seen by the receiver isn’t the same one generated by the sender, there is at least one error.

Celestino said errors are “more common than most people think, however, there are limits to even the most robust form of error checking.

“So, I began to ask where the weaknesses are,” Celestino said. “I thought about giving the system a fault and trying to figure out when we miss it. My original goal was to look at how can we reduce the risk of undetected errors.”

But Celestino discovered something else along the way.

“If someone is ‘listening in’ on my data, you can use different error-detection methods for each piece of content,” he said. “The ‘listener’ will have to spend more time trying to figure out each way the error detection is used. I can also introduce intentional (or artificial) errors into the message that result in the same code. Eavesdroppers won’t know about them and will be unable to read the message without fixing those specific errors.”

Celestino says manipulating error detection is a known practice that hasn’t been used in this way to provide another layer of obfuscation to keep others from reading and using data.

“Think of it like two friends who decide to use a secret meaning behind common words only they know and others don’t,” he explained. “The content is authentic and relevant to them, but gibberish and useless to others. Adding the wrinkle of introducing artificial errors may be considered a type of key during the error-detection process, and this would be the secret shared only between the source and recipient.”

He says the method isn’t encryption — which is deliberately scrambling the message or encoding it — but can be useful to prevent unauthorized persons from learning anything useful from online data. Basically, the method allows one to benefit from error detection and improved security at the same time.

Recent articles by Michael Ellis Langley