Emerging way to foil hackers: Keep data encrypted while in use
The Privacy Rights Clearinghouse documented 85 incidents that in 2012 that exposed personally identifiable information held in federal, state and local government systems.
The largest of these breaches involved the hacking over the summer of the South Carolina Department of Revenue, which exposed as many as 6.4 million records, many of which included Social Security and credit card numbers. In April, the Texas Attorney General’s office, as part of a lawsuit, released voter records that contained millions of unencrypted Social Security numbers.
In late December, hackers gained access to records — in at least some cases including Social Security numbers, addresses and salaries — of 36,000 people who worked at, worked with or visited the Army’s Fort Monmouth base in New Jersey, as reported by local press.
To help protect sensitive data from these kinds of incidents, the National Institute of Standards and Technology is considering schemes for Format-Preserving Encryption (FPE) that could be used with the Advanced Encryption Standard (AES) algorithm to shield information while keeping it available to applications.
Credit card, ID and Social Security numbers — personally identifiable information that must be protected by agencies — often are used as identifiers to link records within databases. Applications also use them as indexes to retrieve records, even when the actual numbers are not necessary to the application, said Terence Spies, CTO of Voltage Security.
“They just have to be able to correlate the records,” Spies said. If the enterprise can learn to use the data while encrypted, applications do not need access to encryption keys or plain text numbers. The data can remain encrypted while stored in databases, in transit and while being used — so even if hackers gain access to a network, the data they find would be useless to them. To do this, the encrypted numbers have to remain recognizable; their format has to be preserved.
Work on FPE dates back to at least 1997, and Voltage cobbled together the results in 2006 and 2007 to produce a practical commercial tool. The technique is not tied to any algorithm, but Voltage uses AES.
Spies is one of the authors of a paper specifying techniques for FPE under consideration by NIST. The scheme, called FFX, uses a technique known as a Feistel network that is used in many block ciphers. This is useful, because block ciphers produce cipher texts of the same number of characters as the plain text blocks being enciphered. But because block cipher algorithms such as DES (Data Encryption Standard) and AES are intended to encrypt messages of arbitrary lengths, they cannot be used directly for FPE encryption.
Applying the Feistel technique to selected data sets such as a Social Security number using a strong algorithm such as AES results in encrypted fields that retain their original format in pseudo-random permutations. That is, “you don’t get any information about future encryption by knowing anything about past encryptions,” Spies said. “It’s a relatively simple function,” but when reiterated properly it procures a high level of security.
The scheme is not theoretical, Spies said. “It is used by our customers fairly widely in the payment industry,” by both merchants and card processors, he said.
But NIST approval is critical for acceptance by federal agencies, which generally are required to use crypto tools that meet the Federal Information Processing Standards.
In addition to the FFX Format-preserving Feistel-based encryption mode, NIST also is considering as approved modes of operation for AES:
- FCEM Format Controlling Encryption Mode.
- BPS Format Preserving Encryption Proposal.
- VFPE VISA Format Preserving Encryption.
- CSPEM Character Set Preserving Encryption Mode