Topic
Format-preserving encryption
About: Format-preserving encryption is a research topic. Over the lifetime, 112 publications have been published within this topic receiving 2050 citations.
Papers published on a yearly basis
Papers
More filters
Patent•
29 Apr 2009
TL;DR: In this article, the key requests in a data processing system may include identifiers such as user names, policy names, and application names, along with validity period information indicating when corresponding keys are valid.
Abstract: Key requests in a data processing system may include identifiers such as user names, policy names, and application names The identifiers may also include validity period information indicating when corresponding keys are valid When fulfilling a key request, a key server may use identifier information from the key request in determining which key access policies to apply and may use the identifier in determining whether an applicable policy has been satisfied When a key request is authorized, the key server may generate a key by applying a one-way function to a root secret and the identifier Validity period information for use by a decryption engine may be embedded in data items that include redundant information Application testing can be facilitated by populating a test database with data that has been encrypted using a format-preserving encryption algorithm Parts of a data string may be selectively encrypted based on their sensitivity
130 citations
29 Mar 2016
72 citations
19 Aug 2012
TL;DR: It is proved that swap-or-not has excellent quantitative security bounds, giving a Luby-Rackoff type result that ensures security assuming an ideal round function to a number of adversarial queries that is nearly the size of the construction's domain.
Abstract: We introduce the swap-or-not shuffle and show that the technique gives rise to a new method to convert a pseudorandom function PRF into a pseudorandom permutation PRP or, alternatively, to directly build a confusion/diffusion blockcipher. We then prove that swap-or-not has excellent quantitative security bounds, giving a Luby-Rackoff type result that ensures security assuming an ideal round function to a number of adversarial queries that is nearly the size of the construction's domain. Swap-or-not provides a direct solution for building a small-domain cipher and achieving format-preserving encryption, yielding the best bounds known for a practical scheme for enciphering credit-card numbers. The analysis of swap-or-not is based on the theory of mixing times of Markov chains.
60 citations
Patent•
06 Dec 2006
TL;DR: In this paper, a data processing system is provided that includes format-preserving encryption and decryption engines, where the format defines a legal set of character values for each character position in the string and the decryption engine uses the format preserving block cipher in reverse to transform the encrypted string into a decrypted string having the same format.
Abstract: A data processing system is provided that includes format-preserving encryption and decryption engines. A string that contains characters has a specified format. The format defines a legal set of character values for each character position in the string. During encryption operations with the encryption engine, a string is processed to remove extraneous characters and to encode the string using an index. The processed string is encrypted using a format-preserving block cipher. The output of the block cipher is post-processed to produce an encrypted string having the same specified format as the original unencrypted string. During decryption operations, the decryption engine uses the format-preserving block cipher in reverse to transform the encrypted string into a decrypted string having the same format.
54 citations
TL;DR: PRACIS is introduced, a scheme for CIS networks that guarantees private data forwarding and aggregation and can be seamlessly integrated with existing STIX-based message brokering middleware such as publish-subscribe architectures, by combining standard format-preserving and homomorphic encryption primitives.
Abstract: Cooperative cyberdefense has been recognized as an essential strategy to fight against cyberattacks. Cybersecurity Information Sharing (CIS), especially about threats and incidents, is a key aspect in this regard. CIS provides members with an improved situational awareness to prepare for and respond to future cyberthreats. Privacy preservation is critical in this context, since organizations can be reluctant to share information otherwise. This is particularly critical when CIS is facilitated through an untrusted infrastructure provided by a third party (e.g., the cloud). Despite this, current data formats and protocols for CIS do not guarantee any form of privacy preservation to participants. In this paper we introduce PRACIS, a scheme for CIS networks that guarantees private data forwarding and aggregation. PRACIS leverages the well-known Structured Threat Information Expression (STIX) standard data format. Remarkably, PRACIS can be seamlessly integrated with existing STIX-based message brokering middleware such as publish-subscribe architectures. PRACIS achieves these goals by combining standard format-preserving and homomorphic encryption primitives. We discuss experimental results obtained with a prototype implementation developed for a subset of STIX. Results show that entities may create up to 689 incidents per minute, far beyond the estimated average of 81. Moreover, aggregation of 104 incidents can be carried out in just 2.1 s, and the transmission overhead is just 13.5 kbps. Overall, these results suggest that the costs incurred by PRACIS are easily affordable in real-world scenarios.
41 citations