Research On The Applications Of Format Preserving Encryption

With the rapid development of the computer and network technology, thesecurity of data is increasing important. At the end of2011, the event of sensitiveinformation leakage in China is due to they are always stored in the clear form. It isurgent to enhance security through encrypting sensitive information. However,traditional block cipher usually extends data and changes data type and length, whichwill cause the modification of database structure and application. The ideal way is toutilize the FPE (Format Preserving Encryption) technique which encrypts plaintext ofsome specified format into a ciphertext of the identical format.In this paper, beginning with the introduction of basic methods of FPE, weresearch on the applications of FPE including database encryption, data masking,format-compliant encryption, etc, and provide solution strategy in each application.More precisely, our contribution is summarized in the following four folds.1. FPE for character data in databaseAccording to the requirement in character field in database, we formulize thecharacter data in FPE and category it into fixed-width and variable-width character.Then, we present FPE solution to each type of character data. More precisely, forfixed-width character, the proposed scheme is based on coding-then-encipher modelbut utilizes a random reference to build a bijection between integer set and messagespace through encoding and decoding, which only costs O(1) time; for variable-widthcharacter, we propose our solution through dividing the message space into severalsub-character sets and executing FPE algorithm in each sub-set respectively.Furthermore, we propose a generic construction to achieve FPE for both fixed-widthand variable-width character data. In this scheme, each binary string is encrypted byconstructing block cipher based on Feistel network, and Cycle-walking combiningwith CBC (Cipher Block Chaining) mode is adopted to ensure that ciphertext falls invalid range.In addition, we examine the application of FPE for character data. Specifically, we take identity number and credit card number for example and analyze the formatfeatures of this kind of sensitive character data. Our FPE solution is to impose FPE onboth feature code and sequence code sections, and compute the verifiable code basedon the prior FPE result.2. Database encryption model based on FPEAccording to the lack of practical sensitive information protection strategysatisfying format-preserving in database, we propose a complete solution namelySIFPE to encrypt sensitive information in database. SIFPE supports key diversify,which allows generating encryption/decryption key by master key and is benefit forkeeping key confidentiality.3. Data masking model based on FPEBased on the systematically analyzing the process of data masking, we proposeda generic data masking model. The process of data making is systematically proposedand analyzed. Furthermore, from the perspective of application, we provide multipledata masking solutions based on FPE technique.4. Encrypting PNG image based on FPEIn view of the application of format-preserving encryption in PNG imageencryption, based on the existing format-compliant encryption, we present a newconstruction scheme specified for PNG image based on FPE, and discuss theapplication of the proposed scheme in the two aspects namely degradation andconfidentiality.