Showing papers on "Format-preserving encryption published in 2020"
TL;DR: Using the proposed method, specific sections of encrypted images can be decrypted and recognized before decryption of the entire information, which addresses the problems besetting traditional privacy masking and image encryption methods.
Abstract: Concomitant with advances in technology, the number of systems and devices that utilize image data has increased. Nowadays, image processing devices incorporated into systems, such as the Internet ...
19 citations
TL;DR: A new verifiable SE scheme for encrypted cloud storage is proposed, characterized by integrating various techniques, i.e., bitmap index, radix tree, format preserving encryption, keyed-hash message authentication code and symmetric key encryption, for achieving efficient and verifiable conjunctive and fuzzy queries over encrypted data in the cloud.
Abstract: Due to the high demands of searchability over encrypted data, searchable encryption (SE) has recently received considerable attention and been widely suggested in encrypted cloud storage. Typically, the cloud server is assumed to be honestbut- curious in most SE-based cloud storage systems, i.e., the cloud server should follow the protocol to return valid and complete search results to users. However, this trust assumption is not always true due to some unanticipated situations, such as misconfigurations and malfunctions. Therefore, the function of verifiability of search results becomes crucial for the success of SE-based cloud storage systems. For this reason, many verifiable SE schemes have been proposed; however, they either fail to support query operators "OR", "AND", "*" and "?" simultaneously, or require many time-consuming operations. Aiming at addressing this problem, in this paper, we propose a new verifiable SE scheme for encrypted cloud storage. The proposed scheme is characterized by integrating various techniques, i.e., bitmap index, radix tree, format preserving encryption, keyedhash message authentication code and symmetric key encryption, for achieving efficient and verifiable conjunctive and fuzzy queries over encrypted data in the cloud. Detailed security analysis shows that our proposed scheme holds the confidentiality of data and verifiability of search results at the same time. In addition, extensive experiments are conducted, and the results demonstrate our proposed scheme is efficient and suitable for users to retrieve their data from the cloud to their mobile devices.
14 citations
TL;DR: The main novelty of this work is a new block cipher operation mode proposal to implement an FPE algorithm in a stream cipher fashion, called CTR-MOD, based on a standard block cipher working in CTR (Counter) mode and a modulo operation.
Abstract: In some encryption systems it is necessary to preserve the format and length of the encrypted data. This kind of encryption is called FPE (Format Preserving Encryption). Currently, only two AES (Advanced Encryption Standard) modes of operation recommended by the NIST (National Institute of Standards and Technology) are able to implement FPE algorithms, FF1 and FF3. These modes work in an electronic codebook fashion and can be configured to encrypt databases with an arbitrary format and length. However, there are no stream cipher proposals able to implement FPE encryption for high data rate information flows. The main novelty of this work is a new block cipher operation mode proposal to implement an FPE algorithm in a stream cipher fashion. It has been called CTR-MOD and it is based on a standard block cipher working in CTR (Counter) mode and a modulo operation. The confidentiality of this mode is analyzed in terms of its IND- CPA (Indistinguishability under Chosen Plaintext Attack) advantage of any adversary attacking it. Moreover, the encryption scheme has been implemented on an FPGA (Field Programmable Gate Array) and has been integrated in a Gigabit Ethernet interface to test an encrypted optical link with a real high data rate traffic flow.
8 citations
Posted Content•
TL;DR: This paper presents distinguishing attacks against Feistel-based FPEs and shows how to extend the distinguishing attack on FEA-1 andFEA-2 using 192-bit and 256-bit keys into key recovery attacks with time complexity 2 (for both attacks).
Abstract: Format-Preserving Encryption (FPE) is a method to encrypt non-standard domains, thus allowing for securely encrypting not only binary strings, but also special domains, e.g., social security numbers into social security numbers. The need for those resulted in a few standardized constructions such as the NIST standardized FF1 and FF3-1 and the Korean Standards FEA-1 and FEA-2. Moreover, there are currently efforts both in ANSI and in ISO to include such block ciphers to standards (e.g., the ANSI X9.124 discussing encryption for financial services). Most of the proposed FPE schemes, such as the NIST standardized FF1 and FF3-1 and the Korean Standards FEA-1 and FEA-2, are based on a Feistel construction with pseudo-random round functions. Moreover, to mitigate enumeration attacks against the possibly small domains, they all employ tweaks, which enrich the actual domain sizes. In this paper we present distinguishing attacks against Feistel-based FPEs. We show a distinguishing attack against the full FF1 with data complexity of 2 20-bit plaintexts, against the full FF3-1 with data complexity of 2 20-bit plaintexts. For FEA-1 with 128-bit, 192-bit and 256-bit keys, the data complexity of the distinguishing attack is 2, 2, and 2 8-bit plaintexts, respectively. The data complexity of the distinguishing attack against the full FEA-2 with 128-bit, 192-bit and 256-bit is 2, 2, and 2 8-bit plaintexts, respectively. Moreover, we show how to extend the distinguishing attack on FEA-1 and FEA-2 using 192-bit and 256-bit keys into key recovery attacks with time complexity 2 (for both attacks).
6 citations
30 Mar 2020
TL;DR: This paper proposes a method to improve the speed of FF1 and FF3-1 whereby the algorithm is implemented by changing the cipher to lightweight block ciphers LEA(Lightweight Encryption Algorithm) and SPECK and the results showed that the encryption speed was improved.
Abstract: Format-preserving encryption has been studied for a long time since its proposal, but the algorithm is yet to be adequately evaluated or verified. The existing standard format-preserving encryption FF1 and FF3-1 use block cipher AES in the internal function. This paper proposes a method to improve the speed of FF1 and FF3-1 whereby the algorithm is implemented by changing the cipher to lightweight block ciphers LEA(Lightweight Encryption Algorithm) and SPECK. The encryption speed is analyzed and compared with that of the existing encryption by dividing it into high-performance computer environments and low-performance Internet of Things environments. The results showed that the encryption speed was improved compared with FF1 and FF3-1. Improving the encryption speed of format-preserving encryption will make it easier to apply format-preserving encryption to various systems.
5 citations
01 Jun 2020
TL;DR: It is proved that the scheme satisfies the identity-based pseudo-random permutation security, and at the same time, the scheme satisfying the adaptive selection of ciphertext indistinguishability under plaintext attack.
Abstract: The format-preserving encryption has the characteristics of the encrypted data format and the same data length, and does not break the data format constraints, thereby reducing the cost of modifying the data format. The analysis of existing sensitive information format-preserving encryption schemes is based on a symmetric encryption system, which has problems such as low key transmission security and high key management cost. This paper proposes an identity-based format-preserving encryption scheme. Compared with the existing format-preserving encryption scheme, the communication parties do not need to transmit a key, and the encryption key and the decryption key are generated by the key derivation function, and the hybrid encryption is used. The way to improve the security of sensitive information transmission. It is proved that the scheme satisfies the identity-based pseudo-random permutation security, and at the same time, the scheme satisfies the adaptive selection of ciphertext indistinguishability under plaintext attack.
2 citations
Patent•
04 Jun 2020
TL;DR: In this paper, a secure platform for transmission and storage of data based on multi-level compounded encryption while preserving native data format post-encryption to allow compatibility of postencryption data with existing systems is presented.
Abstract: Embodiments of the invention are directed to a system, method, or computer program product for triple format preserving encryption for activity data transmissions. In particular the invention provides a secure platform for transmission and storage of data based on multi-level compounded encryption while preserving native data format post-encryption to allow compatibility of post-encryption data with existing systems. In particular, the invention is configured for generating a plurality of encryption keys such that each of the encryption keys are structured to preserve pre-encryption data format, post-encryption. The invention is further configured for sequentially compounding encryption of native format data using the plurality of encryption keys.
1 citations
Patent•
IBM1
TL;DR: In this paper, the present systems and methods may provide data watermarking without relying on error-tolerant fields, thereby providing for the incorporation of watermarks in data that was not considered suitable for watermark.
Abstract: Embodiments of the present systems and methods may provide data watermarking without reliance on error-tolerant fields, thereby providing for the incorporation of watermarks in data that was not considered suitable for watermarking. For example, in an embodiment, a computer-implemented method for watermarking data may comprise inserting watermark data into a field that requires format-preserving encryption.
Patent•
13 Apr 2020TL;DR: In this paper, a privacy masking method using a format preservation encryption technique in an image security system and a recording medium for performing the same was described, which may prevent the waste of additional space required by encryption and solve the problem of exposure of personal information by encrypting an image corresponding to a privacy area using the format preservation encrypt technique.
Abstract: Disclosed in the present invention are a privacy masking method using a format preservation encryption technique in an image security system and a recording medium for performing the same. According to one aspect of the present invention, the privacy masking method using the format preservation encryption technique in the image security system may prevent the waste of additional space required by encryption and, at the same time, solve the problem of exposure of personal information by encrypting an image corresponding to a privacy area using the format preservation encryption technique.
01 Oct 2020
TL;DR: A new keystream generator scheme is proposed in this work, based on a secure block cipher working in CTR (Counter) mode whose output is subjected to a modulo operation, concluding that this mode can be considered secure in the same way as traditional modes are.
Abstract: In some encryption systems it is necessary to preserve the format and length of the encrypted data. This kind of encryption is called FPE (Format Preserving Encryption) or DPE (Datatype Preserving Encryption). For example, in the case of PCS (Physical Coding Sublayer) at Gigabit Ethernet optical communications, the 8b10b symbol flow can be encrypted at line rate thanks to a symmetric encryption scheme that must preserve the format and coding properties of 8b10b symbols. In this case, since a high speed data flow needs to be encrypted preserving its format, the usage of an FPE stream cipher could be advantageous. For this purpose, a new keystream generator scheme is proposed in this work. It is based on a secure block cipher working in CTR (Counter) mode whose output is subjected to a modulo operation. Moreover, a security analysis for this mode is carried out, deriving an expression for the IND-CPA (Indistinguishability under Chosen Plaintext Attack) advantage of any adversary, concluding that this mode can be considered secure in the same way as traditional modes are. Furthermore, the proposed structure has been implemented over an FPGA (Field Programmable Gate Array) device and adapted to a Gigabit Ethernet application.
Patent•
03 Dec 2020
TL;DR: The present disclosure relates to vaultless format-preserving tokenization systems and methods as mentioned in this paper, which are based on a token format schema and use a unique hashing key to generate the secure tweak.
Abstract: Embodiments of the present disclosure relate to vaultless format-preserving tokenization systems and methods. Some methods include encoding (202) a first data set to produce encoded input data; generating (204) a secure tweak for the encoded input data based on a token format schema by: encoding (206) a tweak input to produce an encoded tweak input; and hashing (206) the encoded tweak input along with a unique hashing key to generate the secure tweak; applying (208) a format preserving encryption algorithm that utilizes the encoded input data, the secure tweak, and a unique encryption key to generate ciphertext output; and generating (210) a token from the ciphertext output.
Patent•
18 Jun 2020
TL;DR: A computer-implemented method of performing format-preserving encryption of a data object of variable size utilizing an inner encryption algorithm which is capable of taking a variable size input and of outputting, as its output, an encrypted version of the input.
Abstract: A computer-implemented method of performing format-preserving encryption of a data object of variable size utilizing an inner encryption algorithm which is capable of taking a variable size input and of outputting, as its output, an encrypted version of the variable size input. The method comprises compressing or encoding the data object in its totality to obtain a compressed or encoded version of the data object in a format compatible with the inner encryption algorithm, encrypting, by use of the inner encryption algorithm, the compressed or encoded version of the data object to obtain an encrypted version of the data object, and decompressing or decoding the encrypted version of the data object to obtain a decompressed or decoded version of the encrypted version of the data object, which constitutes a format-preserved encrypted version of the data object.
01 Oct 2020
TL;DR: Wang et al. as discussed by the authors proposed a reserved format encryption algorithm for digital data based on China's commercial block cipher algorithm SM4, which can guarantee the same format of plaintext and ciphertext at the same time of encryption.
Abstract: FPE(Format preserving encryption) can guarantee the same format of plaintext and ciphertext at the same time of encryption. The existing reserved format encryption algorithm is designed based on the international block cipher algorithm, and its efficiency needs to be improved. This paper proposes a reserved format encryption algorithm for digital data based on China's commercial block cipher algorithm SM4. After segmented processing of character type characteristic data by the special format sensitive information algorithm with segmented constraints, it encrypts the character type characteristic data according to the ID card number type. In each round of operation, the function of F function is realized by using SM4 encryption truncation, and the ciphertext after the combination of segmented encryption results is verified to obtain the encrypted reserved format ciphertext. The algorithm proposed in this paper can realize the reservation format encryption correctly, expand the application of SM4, and improve the efficiency and security of the algorithm.