0% found this document useful (0 votes)
20 views

Ensuring Data Security in Databases Using Format Preserving Encryption

This document discusses ensuring data security in databases using format preserving encryption. It proposes a format preserving encryption method combining AES encryption, XOR operation, and a translation method to encrypt 16-digit numeric data while preserving the data format and length. This allows encryption without disrupting the database schema or applications as standard encryption can. The method aims to provide data confidentiality and security while maintaining performance.

Uploaded by

pravinmuppala
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
20 views

Ensuring Data Security in Databases Using Format Preserving Encryption

This document discusses ensuring data security in databases using format preserving encryption. It proposes a format preserving encryption method combining AES encryption, XOR operation, and a translation method to encrypt 16-digit numeric data while preserving the data format and length. This allows encryption without disrupting the database schema or applications as standard encryption can. The method aims to provide data confidentiality and security while maintaining performance.

Uploaded by

pravinmuppala
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

Ensuring Data Security in Databases Using Format

Preserving Encryption

Shikha Gupta1, Satbir Jain3 Mohit Agarwal2


Computer Engineering Department of Physics and Computer Science
NSIT DayalBagh Educational Institute
New Delhi, India Agra, India
[email protected], [email protected] [email protected]

Abstract— In the current scenario data security has become an accessed by the unauthorized users or attackers for malicious
important issue with the growth of digital media. Many users and purpose. Therefore, it is necessary to apply effective and
the applications are accessing the data both from inside and secure encryption/decryption schemes to enhance the security
outside the database. Hence, the database as well as data within of data. Various encryption schemes like AES,DES, Blowfish
these databases has become the key target for most of the
are used to encrypt the sensitive data stored in databases, but at
attackers. Many cryptographic schemes have been designed to
solve this problem. Encryption plays an important role in the same time it also degrades the performance that can leads
providing the data confidentiality to data stored within the to various key costs:
databases. But, the problem in adopting the standard encryption • It requires large processing time for encrypting the
methods is that they may cause a damage to the existing schema sensitive data.
as well as to the underlying applications or database as the output • Extra storage space is required for storing encrypted
length is different from the input length and it also changes the
data.
format of data. This paper proposes a Format Preserving
Encryption method by accumulating with Advance encryption • Overhead of query response time and allocated
standard(AES), eXclusive OR operation and a translation resources for decrypting data to process those queries.
method for 16 digit numeric data. Format preserving encryption
technique is used to minimizes the databases changes by A. Need for Format Preserving Encryption
preserving the format as well as the length of the input data. To overcome these problems as stated above a new
symmetric encryption scheme is gaining attention named as
Keywords— Data security, Format preserving encryption, Format preserving encryption. This technique is a bit different
Advanced encryption standard(AES), Data Length, Database, from standard encryption schemes named as AES, DES[1][2].
numeric data.
It is a rapidly growing cryptography tool for providing security
I. INTRODUCTION in database systems that covers the goal of confidentiality in
cryptography. Applying an FPE scheme leads to various
Data is a major asset for every organization whether it
advantages stated as follows:
is sensitive or non-sensitive in nature. In this contemporary
world, the organizations biggest challenge is security of data • It increases the security of database systems by
i.e. sensitive in nature. Sensitive data means the data that maintaining the format of data as well as maintains
should not be made public such as credit card numbers, pan transparency within the database.
numbers etc. Many organizations have been targeted by an • It is also well suited for masking of data[21]. Data
increasing number of attacks that focuses on stealing the masking will hide the original form of data and
personal information. Thus, it has created awareness among replaces it with some random data.
the users that have motivated many organization to find
suitable methods for securing the data to minimize the Format preserving encryption as the name suggest is a
consequence of losing data. To protect confidentiality and technology that aims to perform encryption of data without
personal information cryptography is widely used in everyday disrupting the format. It means encrypting the data in such a
applications such as to do online transfer through Internet, way so that the output has same format as input. This feature
VPN technologies, encryption of files or complete hard disks. makes it to have some advantages over standard encryption
Many security techniques are being implemented for
methods. A typical example would be the data of numeric
protecting the data. Cryptography[6] is the most effective way
to protect the data. The word cryptography was mostly used as format, such as a credit card number. The motivation for
an synonym for encryption, but now a days it deals with a using FPE comes from the problems associated with
much wider range of security techniques. The four major goal integrating encryption into underlying application or schema,
in cryptography to protect information could be defined as with well defined data architectures. Since FPE can preserve
follows: [5] the output in the same format as the input, it is appropriate to
encrypt the format-sensitive data that is numeric in nature.
1. Message confidentiality (or privacy) An efficient format preserving encryption scheme for numeric
2. Message integrity data is proposed in this paper involves the accumulation of
3. Sender authentication Advance encryption standard(AES), eXclusive OR operation
4. Sender non-repudiation and Translation method.
Encryption is the best method to protect the data stored within It can improve performance as compare to existing schemes
the databases, while maintaining high database performance. and is provably secure.
The standard encryption schemes can only maintain the data
security. The valuable information stored in database could be

c
978-1-5386-1719-9/18/$31.00 2018 IEEE 214

Authorized licensed use limited to: George Mason University. Downloaded on March 06,2024 at 04:26:06 UTC from IEEE Xplore. Restrictions apply.
table, it uses only numeric digit from the table and discard the
remaining digits. The other scheme defines the overhead of
FPE (FIPS 74-8). The author examines in this scheme that
instead of using DES, the use of AES and blowfish will give
better results. This scheme have several pros and cons as well.
No authentication and randomization of data is defined but it
require less storage space and more secure. In 2014, Richard
Agbeyibor [18] compares various NIST standards of FPE
mechanisms such as FF1(FFX)[16],FF2(VAES3),FF3(BPS)
based on input dataset, entropy measurement and
implementation, performance and hardware design. They
concludes that FF3 is as secure as FF1 and FF2 and requires
least hardware resources.
Fig 1. Encryption of a credit card number using AES and AES+FPE
This paper proposes a data security technique based on format
preserving encryption or data type preservation. this
The rest of the paper comprises of following sections. Section encryption scheme helps to meet various security challenges
2 describes the related work of FPE. In Section 3, we review posed by protecting diverse types of information. Format
the definition of FPE as well of AES. Section 4, provides the preservation provides several distinct benefits that build on
description of our proposed work. Section 5, describes the solid strong-encryption practices. The main aim of FPE is to
result obtained. Finally the conclusion is drawn in Section 6 encrypt the data without modifying all of the systems that
followed by the references. uses that data; such as database field, queries and all the
application program.
II. RELATED WORK
In the last few years, researches on applied cryptography III. METHODOLOGY
have developed various practical encryption methods [7,8,10] A. Format Preserving Encryption
a paradigm is the Format-Preserving Encryption (FPE). FPE
was first proposed in 1981[12], in which a DES based In general, FPE is defined as a symmetric key (K) cipher
approach was defined to encrypt the strings of a fixed alphabet that encrypts a input message (A) into a output message (B)
that has the same format as of(A). The recent
E which can be defined as E={0,1....9 and a,b.....z}. In this
research[9,10,11] states two classical definitions of FPE:
scheme a pad is created with DES algorithm which has the
length of the input data and is from the alphabet E. Later the
pad is then added letter by letter to input data modulo the 1. Basic FPE: It defines the problem that FPE solves, i.e., it
biggest character of the alphabet. But this scheme turns out to makes sure the output falls in the same domain of the input.
be defective and easily attacked by intruders. In 1997, FPE can be described as a function shown in Eq.1
Brightwell and Smith[13] proposed a technique named
Datatype preserving encryption. Their aim was to encrypt the
DB entries without making changes to the data type. The E: X×K=K (1)
scheme fails because the architecture is complex and where,
cryptographically naive as it doesn't provide relevant security. E: a reversible function that performs permutation.
X: is called the key space
In 2002, Black and Rogaway [14] proposed 3 FPE methods: K: specifies the domain of the input message respectively
prefix cipher, cycle-walking and generalized-Feistel and the output message.
suggested that these ciphers can be used to construct FPE
schemes on any arbitrary finite domain.
2. The generalized FPE: It emphasizes the complexity of the
In 2009, Bellare [15] introduces the concept of rank then- FPE lies in the complexity of message space.
encipher approach (or RtE). The scheme defines that it is B. Advance Encryption Standard
possible to construct any FPE scheme based on integer FPEs
AES[1] is define as a secret or private key encryption
by building a bijection between the target domain and an
standard developed by Vincent Rijmen and Joan Daemen in
integer domain. This idea is proves to be strong and useful as
1999, to overcome the disadvantages of DES[2] algorithm.
it reduces all FPE problems to the integer FPE problem, and AES is symmetric block cipher algorithm in which the same
has been used flexibly as a basic construction method. key is used for encryption and the reverse transformation,
decryption[3]. The algorithm must determine the block and
In 2010, Philip Rogaway [16] surveyed over various sizes of key sizes before applying it to the input data. AES allows key
domains which can be used for tiny space, small space and sizes of 128, 192, and 256 bits [4]. In standard encryption
large space FPE encryption. In tiny space it uses three algorithm (AES), the length of the input block, the output
methods: Prefix Cipher, Knuth Shuffle and Permutation block and the State is 128 bits. AES encryption process
numbering. For small space encryption it uses FFX mode i.e. performs ten rounds. The first nine rounds will repeat the
"Format preserving" feistel based encryption which supports following four transformations- Sub Byte, Shift Rows, Mix
larger message space but they have a limitation of block size Columns and Add Round Key. In tenth round of the process,
and block cipher used. In 2013, [17] a scheme was proposed only three transformations are performed namely Sub Byte,
defining the enhancement of prefix cipher. Shift Rows and Add Round Key.

This technique is simple to implement and require less space


and time because instead of storing 32 digit hex number in a

2018 8th International Conference on Cloud Computing, Data Science & Engineering (Confluence) 215

Authorized licensed use limited to: George Mason University. Downloaded on March 06,2024 at 04:26:06 UTC from IEEE Xplore. Restrictions apply.
The use of this technique is suitable for all types of data
format, but in this paper the technique is analyzed on the
numerical data such as credit card numbers. This technique is
analyzed on several credit card numbers using AES-128 bit

V. RESULTS AND DISCUSSIONS


A. Steps used topreserve the format of input data
1) eXclusive OR Operation: The eXclusive OR
operation will divide the resultant 128 bit cipher text is into 8
bit groups. The operation is performed on each group.The last
higher order bytes are eXclusive OR with the lower order
bytes shown in Table.2. After the completion of this step we
will get a 64-bit block. At the end of last round the 16 digit
Fig 2. Flowchart of AES Encryption Technique number is encrypted as 128 bit data output.

1) Sub Byte transformation: It uses S-box substitution table.


2) It Shifts the rows of State array by different offsets.
3) Mix column operation is performed by mixing the data
within each column of the State array.
4) Add round key function is defined by adding a round key to
the State.

IV. PROPOSED FORMAT PRESERVING ENCRYPTION


TECHNIQUE
FPE was designed in accordance with block cipher by
using AES-128 bit encryption algorithm as the base for Fig 4. eXclusive OR operation performed on AES output
encrypting the data. This paper defines an efficient format
preservation encryption technique by using AES to overcome Similarly, applying the eXclusive OR operation to the
the disadvantages of DES[2] algorithm used to preserve the remaining groups we will get the hexadecimal digits as the
format of input data. The proposed technique is designed on outcome shown in Table 1.
the basis of two steps which are defined in order to preserve
the format of the 16 digit plaintext data as shown in Figure.2 Table 1 eXclusive OR Operation between the two digits of AES output
and it will also preserves the referential integrity of data. After
the completion of the AES algorithm, the resultant output will
2) Translation Method: In this step, a translation method
serve as input to the eXclusive OR operation to retain the
original format and data type of the input data. The eXclusive Output obtained eXclusive OR Output Hexadecim
OR operation will divide the resultant cipher text is into from AES Operation obtained al Value
groups. The operation is performed on each group. After the (Decimal Form)
in Binary
completion of this step a block of desired size is obtained. form
Now a translation method is applied to convert the output of 1 6 0001 0110 0111 7
eXclusive OR operation into a desired format. 12 4 1100 0100 1000 8
4 1 0100 0001 0101 5
8 3 1000 0011 1011 B
1 6 0001 0110 0111 7
12 3 1100 0011 1111 F
6 1 0110 0110 0111 7
6 4 0110 0100 0010 2
1 5 0001 0101 0100 4
7 4 0111 0100 0011 3
8 7 1000 0111 1111 F
2 8 0010 1000 1010 A
6 3 0110 0011 0101 5
3 0 0011 0000 0011 3
6 4 0110 0100 0010 2
7 8 0111 1000 1111 F
is applied by using 5211 coding to the hex digits to get the
precise 16 decimal digits; these decimal digits are within
the valid range from 0 to 9. The letters from A to F in
hexadecimal represents 2 two digit numbers. Instead of
applying ordinary conversion we are applying 5211
decimal conversion to get the valid decimal value as shown
in Table 3. At the end of this step the input data and output
Fig 3. Flow of Proposed Encryption Technique data are same in format and type.

216 2018 8th International Conference on Cloud Computing, Data Science & Engineering (Confluence)

Authorized licensed use limited to: George Mason University. Downloaded on March 06,2024 at 04:26:06 UTC from IEEE Xplore. Restrictions apply.
Table 2 Conversion Of Hexadecimal Into Decimal Number Using 5211 Table 3 Comparison of Proposed Technique with [14] and [22]
Coding
HEX Binary 5211 Coding Decimal Method Storage Execution
7 0111 0+2+1+1 4 requirements
Our AES, XOR No additional It preserves the length
8 1000 5+0+0+0 5 Work operation storage is as well as format of
5 0101 0+2+0+1 3 Done and a required. input data.
translation
B 1011 5+0+1+1 7 method is
applied
7 0111 0+2+1+1 4
[14] Applicable for small
F 1111 5+2+1+1 9 Prefix Extra storage length of input data.
cipher, for random Repetitive encryption
7 0111 0+2+1+1 4
Cycle keys and to with small size data
2 0010 0+0+1+0 1 walking hold tables is
required sets.
4 0100 0+2+0+0 2
[22] Length No additional It preserves only the
3 0011 0+0+1+1 2
preserving storage is length of input data.
F 1111 5+2+1+1 9 Encryption required.
A 1010 5+0+1+0 6

5 0101 0+2+0+1 3
REFERENCES
3 0011 0+0+1+1 2

2 0010 0+0+1+0 1 [1] AES, "Advanced Encryption Standard", National Inst. of Standards and
Technology (NIST), FIPS-197, 2001.
F 1111 5+2+1+1 9
[2] DES, "Data Encryption Standard", National Institute of Standards and
Technology (NIST), Federal Information Processing Standards (FIPS) ,
The 16 digit output obtained is given by 4537494122963219. Pub 46, 1977.
The basic idea is to use a strong block cipher such as AES and [3] Daemen, J., Rijmen, V, "The block cipher Rijndael, Smart Card research
then combining AES with format preservation to increase the and Applications", LNCS 1820, Springer , pp. 288-296,1998.
attacker’s burden. [4] Kaufman, C., Perlman, R.., Speciner. M, Network Security, Private
Communication in a Public World. 2nd ed. Prentice Hall PTR, 2002.
Progress in the field of cryptology is based on the practice of
[5] Wikipedia article on Cryptography,
making the algorithms public and inviting interested parties to http://en.wikibooks.org/wiki/Cryptography/Introduction
find the flaws. It is in this spirit that our method is presented. [6] Wikipedia article on symmetric encryption,
The technique proposed in the paper, results in the http://en.wikipedia.org/wiki/Symmetric-key_algorithm.
preservation of data length as well format of the input data. [7] Bellare, M., Ristenpart, T., Rogaway, P., Stegers, T, "Format-preserving
This implies that by preserving the format of the data by encryption", Lecture Notes in Computer Science, vol.45, no.5, pp.295–
combining it with a strong encryption algorithm is as secure 312. 2009.
as, an AES algorithm. [8] Luby, M., Rackoff, C, "How to construct pseudorandom permutations
from pseudo-random functions", Siam Journal on Computing, vol.17,
no.2, pp.373–386,1988.
VI. CONCLUSION [9] Li, J.W., Jia, C.F., Liu, Z.L., Li, M ,"FPE scheme based on k-splits
feistel network" Journal on Communications, vol.33, no.4, pp. 62–68,
It was examined that Format preserving encryption is an 2012.
interesting and rapidly growing technology. In this paper a [10] Liu, Z.L., Jia, C.F., Li, J.W, "Research on the format-preserving
new and efficient FPE scheme is proposed for encrypting encryption techniques", Journal of Software, vol.23, no.1, pp. 152–170,
integer data of 16 digit by using AES, exclusive OR operation 2012.
and a translation method is used to overcome the shortcomings [11] Liu, Z. L., Jia, C. F., Jing-Wei, L. I, "Research on the format-preserving
encryption modes", Journal on Communications, vol.32, no.6, 184–190,
of existing schemes like Prefix method, cycle walking[14]and 2011.
Length preserving encryption scheme[22]. [12] Guidelines for Implementing and Using the NBS Data Encryption
Standard: "First DES-based", FPE approach.
These techniques have various pros and cons which are https://www.thc.org/root/docs/cryptography/fips74.html, April 1.
overcome by the Format preserving encryption scheme used in [13] Smith, H.E, Brightwell, M, "Using Datatype-Preserving Encryption to
this paper by using a secure underlying scheme named Enhance Data Warehouse Security", 20th National Information Systems
Security Conference, NIST, pp.141, 1997.
Advance encryption standard(AES). The proposed scheme is
more flexible than techniques shown in Table 3. In future the [14] Black, J., Rogaway, P, "Ciphers with arbitrary finite domains",
Cryptographers Track at the RSA Conference, pp. 114-130, Springer,
work might be extended to encrypt numeric data of size 0-19 2002.
digits and will also apply data masking techniques to provide [15] Bellare, M., Ristenpart, T., Rogaway, P., Stegers, T, "Format preserving
more security to sensitive data. encryption", Springer, 2009.
[16] Bellare, M., Rogaway, P., Spies, T, "The FFX mode of operation for
format-preserving encryption",NIST submission, 2010.
[17] Mallaiah, K., Ramachandram, S., Gorantala, S,"Performance Analysis of
Format Preserving Encryption" , (FIPS PUBS 74-8) over block ciphers
for Numeric data, IEEE, 2013.

2018 8th International Conference on Cloud Computing, Data Science & Engineering (Confluence) 217

Authorized licensed use limited to: George Mason University. Downloaded on March 06,2024 at 04:26:06 UTC from IEEE Xplore. Restrictions apply.
[18] Agbeyibor, R., Butts, J., Grimaila, M., Mills, R.: Evaluation of format [21] Cui, B.J., Zhang, B.H., Wang, K.Y, "A Data Masking Scheme for
preserving encryption algorithms for critical infrastructure protection, Sensitive Big Data based on Format-Preserving Encryption",
Springer, 2014. International Conference on Computational Science and Engineering
[19] Chandrashekar, P., Dara, S., Muralidhara, V.N, "Efficient format (CSE) and International Conference on Embedded and Ubiquitous
preserving encrypted databases", International Conference on Computing (EUC), pp.519-524. IEEE, 2017.
Electronics, Computing and Communication Technologies [22] Gupta, S., Jain, S., Govil, A," An Innovative Length Preserving
(CONECCT), pp. 1-4. IEEE, July 2015. Encryption Scheme for Sensitive Data Security", 4th International
[20] Wang, P., Luo, H., Liu, J, "Format-preserving encryption for Excel", conference on Computing for Sustainable Global
International Conference on Consumer Electronics-Taiwan (ICCE-TW), Development(INDIACOM). IEEE, 2017.
pp.1-2. IEEE, May 2016.

218 2018 8th International Conference on Cloud Computing, Data Science & Engineering (Confluence)

Authorized licensed use limited to: George Mason University. Downloaded on March 06,2024 at 04:26:06 UTC from IEEE Xplore. Restrictions apply.

You might also like