Format-preserving encryption

About: Format-preserving encryption is a research topic. Over the lifetime, 112 publications have been published within this topic receiving 2050 citations.

A Data Masking Scheme for Sensitive Big Data Based on Format-Preserving Encryption

Abstract: Development of big data has brought us convenience and benefits, but the privacy issues have become increasingly prominent. In order to solve the problem of personal sensitive information leakage, this paper propose a data masking scheme based on format-preserving encryption for privacy information. The scheme can be used to encrypt credit card number, date, e-mail address and other data with tight format limit, and ensure the ciphertext is still in the original format constraints. In addition, this paper propose a solution for large scale of data masking. Experiments on Spark show that our data masking scheme based on format-preserving encryption can achieve the purpose of masking sensitive information while preserving the data format, and the parallel computing can get high efficiency.

Performance analysis of Format Preserving Encryption (FIPS PUBS 74-8) over block ciphers for numeric data

Abstract: Encrypting Credit card numbers, Social Security Numbers in huge legacy databases has become a very complex task as encrypted data normally increases in size and changes its format, with traditional encryption algorithms. A number of cryptographic methods have been introduced to provide security to credit card numbers. But, a major problem in adopting these cryptographic algorithms is the requirement to change the existing schema and underlying applications to incorporate the encrypted data. Format Preserving Encryption is a solution to the above mentioned problem, wherein the encrypted data `fits' into the existing schema. In this paper, we are analyzing the performance of Format Preserving Encryption (FIPS 74-8) over block ciphers such as AES, DES, 3DES, Blowfish on numeric data (credit cards numbers) with different keys. It has been observed that FPE (FIPS 74-8) over AES with 192 bits key gives better performance with 16198.5ns for an average encryption and decryption time of 1000 credit card numbers. Performances of Blowfish and AES with Key size 192 are neck to neck with respect to 1000 sixteen digits credit card numbers. We have also discussed overhead of FPE (FIPS-74-8). FIPS 74-8 was a NIST standard based on DES. Instead of using a block cipher DES, use of AES or Blowfish will give better performance and security for Format preserving of numeric data.

Secure analytics using homomorphic and injective format-preserving encryption and an encrypted analytics matrix

Abstract: Systems and methods that provide secure analytics using homomorphic and injective format-preserving encryption and an encrypted analytics matrix are disclosed herein. An example method includes encoding an analytic parameter set using a homomorphic encryption scheme as a homomorphic analytic matrix; transmitting a processing set to a server system, the processing set including at least the homomorphic analytic matrix and a keyed hashing function; and receiving a homomorphic encrypted result from the server system, the server system having utilized the homomorphic encryption scheme, the keyed hashing function, and a format preserving encryption scheme to evaluate the homomorphic analytic matrix over a datasource.

Secure format-preserving encryption of data fields

Abstract: In one embodiment, a computer-implemented method includes extracting first key derivation data from a first row of data to be stored in a database, where the database includes two or more rows of data. A first encryption subkey is generated, by a computer processor, by combining the first key derivation data with a static key. One or more sensitive fields in each row of the two or more rows of the database are encrypted using a unique corresponding encryption subkey for the row, and the first encryption subkey is unique to the first row among the two or more rows of the database. The one or more sensitive fields in the first row of data are encrypted with format-preserving encryption using the first encryption subkey. The first row of data, including the encrypted one or more sensitive fields, are stored in the database.

Two layered protection for sensitive data in cloud

Abstract: Security and privacy are the biggest obstacles in Database as a service (DBaaS) of Cloud Computing. In DbaaS, cloud service providers provide services for storing customers data. As the data are managed by an un-trusted server, the service is not fully trustworthy. The data at the third party data center can be made secure by encrypting the database. But querying the encrypted database is not easy. The result can be obtained from the encrypted database either by decrypting the database for every query or the query itself is encrypted and encrypted query is executed over encrypted database. Another problem associated with most of the database encryption algorithms is that they do not support range query. The proposed framework performs database encryption, query encryption and also supports range query over encrypted databases. This framework is focused on securing database as well as storing sensitive information without any leaks. A double layered encryption is used for sensitive data and a single layer encryption is used for non-sensitive data. Order Preserving Encryption (OPE) is used for single layer encryption. OPE maintains the order in encrypted database and so range query can be performed over encrypted database using encrypted query. OPE has a drawback of revealing information and so for sensitive data, a double layered encryption using Format Preserving Encryption (FPE) followed by OPE symmetric key encryption algorithm is proposed. Symmetric key is used for both OPE and FPE but key is divided into two parts for double encryption.