SlideShare une entreprise Scribd logo

Tokenisation and format preserving encryption,

Atos_Worldline
Atos_Worldline

Case study :Tokenisation and format preserving encryption, presented at Cartes & IDentification 2011 by Stéphane Cauchie

TechnologieÉconomie & finance
1  sur  31
Télécharger pour lire hors ligne
| 08-09-2011 | Cauchie stéphane Carte & Identification 2011 08 Septembre 2011 Transactional services. Powering progress © Confidential 1 Tokenization Format Preserving Encryption A Case study Cartes & Identification 2011
| 08-09-2011 | Cauchie stéphane Carte & Identification 2011 Summary 2 What is Tokenization in two words Definition & Functionalities Use cases How does it work ? Random Token System Format Preserving Encryption Conclusion
| 08-09-2011 | Cauchie stéphane Carte & Identification 2011 What is tokenization in two words [DEFINITION] ▶ Definition – Tokenization is a process of replacing sensitive data by non sensitive ones (tokens) with respect of the following properties: • Tokens bears enough information to be useful (e.g. The entity manipuling token can accomplish transaction as it was the sensitive data). • Tokens does not compromise security – Tokenization system tries to minimize the integration impact on existing infrastructure ▶ Who offer such service 3
| 08-09-2011 | Cauchie stéphane Carte & Identification 2011 What is tokenization in two words [FUNCTIONALITIES] ▶ Function description of a Tokenization system – Conversion (Convert sensitive data into a token and vice versa) – Conversion policy (Format definition, Mode of operation) – Communication Canal : Authentication, Integrity, Confidentiality 4 Tokenization System External System
| 08-09-2011 | Cauchie stéphane Carte & Identification 2011 What is tokenization in two words [USE-CASES] ▶ Focusing on payment (but not limited to) – Context : • Sensitive data : PAN,… • PCI compliancy – Use cases • MOTO • Face2Face 5 CardHolder AcquirerIssuer Acceptor
| 08-09-2011 | Cauchie stéphane Carte & Identification 2011 What is tokenization in two words [USE-CASES] ▶ Focusing on payment (but not limited to) – Context : • Sensitive data : PAN,… • PCI compliancy – Use cases • MOTO • Proximity payment 6 CardHolder AcquirerIssuer Acceptor E2E-Encryption
| 08-09-2011 | Cauchie stéphane Carte & Identification 2011 What is tokenization in two words [USE-CASES] ▶ Focusing on payment (but not limited to) – Context : • Sensitive data : PAN,… • PCI compliancy – Use cases • MOTO • Proximity payment 7 CardHolder AcquirerIssuer Acceptor Secure MOTO
| 08-09-2011 | Cauchie stéphane Carte & Identification 2011 What is tokenization in two words [USE-CASES] ▶ Focusing on payment (but not limited to) – Context : • Sensitive data : PAN,… • PCI compliancy – Use cases • MOTO • Proximity payment 8 CardHolder AcquirerIssuer Acceptor Process transaction
| 08-09-2011 | Cauchie stéphane Carte & Identification 2011 Summary 9 What is Tokenization in two words Definition & Functionalities Use cases How does it work ? Random Token System Format Preserving Encryption Conclusion
| 08-09-2011 | Cauchie stéphane Carte & Identification 2011 Tokenization and Format Preserving Encryption: A Case Study ▶PCI-DSS(Payment Card Industry Data Security Standard) : • Security requirements for entities processing cards data (processing, transmission and storage) ▶Objectives: • Reduce PCI evaluation perimeter • Choose a suitable algorithm that tokenize a PAN ▶Constraints: • The algorithm must be collision free • In a certain mode the algorithm must be “not reversible” • In certain mode the algorithm must not takes secret parameters 10 How does it works ? [Objectives-Constraints]
| 08-09-2011 | Cauchie stéphane Carte & Identification 2011 How does it works [RandomToken] ▶ Random Token – Card data are • ciphered (classic algorithms) • stored in a database – System generate an associated token • Format respect • Checks for no Collision 11 Tokenization and Format Preserving Encryption: A Case Study
| 08-09-2011 | Cauchie stéphane Carte & Identification 2011 Summary 12 What is Tokenization in two words Definition & Functionalities Use cases How does it work ? Random Token System Format Preserving Encryption Conclusion
| 08-09-2011 | Cauchie stéphane Carte & Identification 2011 ▶ FPE : Format Preserving Encryption. ▶ Introduced by Brightwell [BS97] o Encryption scheme with o format preserving property ▶ Format definition is a key point – Follow PCI guidelines : • you have to differentiate a Token from a PAN ▶ NIST is considering 3 FPE algorithms ▶ Applications : • Security Social Number • Credit Card Number 13 How does it works [FPE based tokenization] Tokenization and Format Preserving Encryption: A Case Study First introduction of Format Preserving Encryption [BS97]
| 08-09-2011 | Cauchie stéphane Carte & Identification 2011 ▶ NIST is considering 3 FPE algorithms • FFX [FFX10] • BPS [BPS10] • FCEM [FCEM10] 14 How does it works [FPE based tokenization] Tokenization and Format Preserving Encryption: A Case Study FFX BPS FCEM
| 08-09-2011 | Cauchie stéphane Carte & Identification 2011 15 ▶ Feistel o Inventé par Horst Feistel . o Round notion o Input are split in 2 o F : cipher function o Secret key K o Key Derivation algorithm o During a round  Ai+1 = Bi  Bi+1 = Ai Fki(Bi) o Example  DES : 16 tours. + How does it works [Cryptographic-Approach] Tokenization and Format Preserving Encryption: A Case Study
| 08-09-2011 | Cauchie stéphane Carte & Identification 2011 Feature FFX BPS FCEM Feistel based Yes Yes No #Rounds 12 8 2 Cipher function AES AES/TDES/SHA AES #Function is used 12 8 8 Reversibility Yes Yes Yes Tweak Yes Yes No 16 How does it works [Cryptographic-Approach] Tokenization and Format Preserving Encryption: A Case Study ▶ Cryptographic notions – Tweak Notion : Add variability in cryptographic schemes – Patarin attack : Differentiate ciphertext from random string
| 08-09-2011 | Cauchie stéphane Carte & Identification 2011 Feature Random Token FPE Multi Site Difficult Medium Key deployment Medium Hard Format preserving Easy Easy Performance Low Fast Token/Data link No (except in DB) Algorithm 17 Tokenization and Format Preserving Encryption: A Case Study How does it works [Analysis]
| 08-09-2011 | Cauchie stéphane Carte & Identification 2011 Summary 18 What is Tokenization in two words Definition & Functionalities Use cases How does it work ? Random Token System Format Preserving Encryption Conclusion
| 08-09-2011 | Cauchie stéphane Carte & Identification 2011 Conclusion [VISION] ▶ Which choice ? 19 CardHolder AcquirerIssuer Acceptor Secure MOTO Process transaction FPE RTS E2E-Encryption FPE FPE Tokenization and Format Preserving Encryption: A Case Study
| 08-09-2011 | Cauchie stéphane Carte & Identification 2011 ▶ Tokenization in payment context  It allows the reduction of PCI audit perimeter in a payment application  Waiting for NIST approval. ▶ Depending on use case:  Random Tokenization:  In case of internal processing  FPE based Tokenzaton  In case of multi site,  In case of multi-party protocols 20 Tokenization and Format Preserving Encryption: A Case Study Conclusion []
| 08-09-2011 | Cauchie stéphane Carte & Identification 2011 Transactional services. Powering progress atos.net Atos, the Atos logo, Atos Consulting, Atos Worldline, Atos Sphere, Atos Cloud and Atos WorldGrid are registered trademarks of Atos SA. August 2011 © 2011 Atos. Confidential information owned by Atos, to be used by the recipient only. This document, or any part of it, may not be reproduced, copied, circulated and/or distributed nor quoted without prior written approval from Atos. © Confidential Questions ? References Title [BS97] Brigthwell, Michael & Smith Using datatype preserving encryption to enhance data warehouse security. 20th National Information Systems Security Conference, NIST, 1997. [FFX10] Bellare M, Rogaway P & Spies T The FFX Mode of Operation for Format preserving Encryption. 2010. [BPS10] Brier E, Peyrin T & Stern J BPS : a format Preserving Encryption Proposal. Ingenico, 2010. [FCEM10] Ulf T Matsson Format preserving Encryption Using Datatype preserving Encryption. 2010. [SEC2] Certicom Research. SEC2 : Recommended Elliptic Curve Domain Parameters. 2000. [BSGS] D. Shanks. Five number-theoretic algorithms. Proceeding of the second Manitoba Conference on Numerical Mathematics. 1975. [RHO] J.M. Pollard. A monte carlo method for factorization. 1978. [CI] Pierrick Gaudry. Algorithmiques des courbes algébriques pour la cryptologie. 2008 [PCI] Scoping SIG, Tokenization Tasforce, PCI Security Standards Council. PIC-DSS. 2011 Tokenization and Format Preserving Encryption: A Case Study
| 08-09-2011 | Cauchie stéphane Carte & Identification 2011 22 BPS Survey on FPE Tokenization and Format Preserving Encryption: A Case Study
| 08-09-2011 | Cauchie stéphane Carte & Identification 2011 23 ▶ BPS : ▶ Autor: Brier E, Peyrin T & Stern J. ▶ Published in 2010. ▶ BPS : "a Format Preserving Encryption Proposal ". ▶ Features: • 8 round. • Tweak of 64 bits split in 2 sub tweak o TL et TR • F : AES or one way function. • K : secret key • reversible. • Patarin resistant. Survey on FPE Tokenization and Format Preserving Encryption: A Case Study
| 08-09-2011 | Cauchie stéphane Carte & Identification 2011 ▶   24 Survey on FPE Tokenization and Format Preserving Encryption: A Case Study
| 08-09-2011 | Cauchie stéphane Carte & Identification 2011 25 FFX Survey on FPE Tokenization and Format Preserving Encryption: A Case Study
| 08-09-2011 | Cauchie stéphane Carte & Identification 2011 ▶ FFX : ▶ Autors : Bellare M, Rogaway P & Spies T. ▶ Published in 2009 and 2010. ▶ FFX : "Format Preserving Feistel-based Encryption" ▶ Features: • 12 round, • 64 bits tweak, • FK : AES-128 or one-way function • K : secret key • reversible 26 Survey on FPE Tokenization and Format Preserving Encryption: A Case Study
| 08-09-2011 | Cauchie stéphane Carte & Identification 2011 27 27 FCEM Survey on FPE Tokenization and Format Preserving Encryption: A Case Study
| 08-09-2011 | Cauchie stéphane Carte & Identification 2011 28 ▶ Autor :Ulf T Matsson. ▶ Published in 2009. ▶ FCEM : "Format Controlling Encryption Mode". ▶ Features: • 8 steps o Index Value Data o Encryption of Left o Encryption of Right o Scrambled o Rippled Left to Right o Rippled Right to Left o Encryption and Update o The last transformation • F : AES-128 • K : secret key • reversible Survey on FPE Tokenization and Format Preserving Encryption: A Case Study
| 08-09-2011 | Cauchie stéphane Carte & Identification 2011 ▶ Index Value data : • Rewriting input as hexa values. • Example: o X : 1122334455667788 o Index Value data : 01010202030304040505060607070808 ▶ Encryption of Left : • left part encryption • Example : o Index Value data : 01010202030304040505060607070808 o Sortie de FK: 00C01F49D0C2C050188D8FDFADCDF846 o RightUpdate : 0507070905010008 ▶ Encryption of Right : • Same idea • We get LeftUpdate : 0101080503060303 29 Survey on FPE Tokenization and Format Preserving Encryption: A Case Study
| 08-09-2011 | Cauchie stéphane Carte & Identification 2011 30 ▶ Scrambled : • Concat LeftUpdate and RightUpdate . • Example: o CipherScrambled : 01010805030603030507070905010008 ▶ RippledLeftToRight : • Scrambled modifying by : o CipherScrambled : 01010805030603030507070905010008 o 01 ⊕ 01 = (0 × 16) + 1 + (0 × 16) + 1 = 02 ≡ 02 (mod10). o RippledLeftToRight = 0102 o RippledLeftToRight = 01020005080407000503090803040402 ▶ RippledRightToLeft : • Same idea • RippledLeftToRight = 04030101060804070702000103000602 Survey on FPE Tokenization and Format Preserving Encryption: A Case Study
| 08-09-2011 | Cauchie stéphane Carte & Identification 2011 31 31 ▶ Encryption and Modular Sum : • RippledLeftToRight : 04030101060804070702000103000602 Survey on FPE Tokenization and Format Preserving Encryption: A Case Study

Recommandé

Merchant tokenization and EMV® Secure Remote Commerce
Merchant tokenization and EMV® Secure Remote CommerceMerchant tokenization and EMV® Secure Remote Commerce
Merchant tokenization and EMV® Secure Remote CommerceNetcetera
 
Telkom Sigma Software Security System v1
Telkom Sigma Software Security System v1Telkom Sigma Software Security System v1
Telkom Sigma Software Security System v1Directorate of Information Security | Ditjen Aptika
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course contentShivamSharma909
 
[공개용]정보보호, 우리 업무의 기본
[공개용]정보보호, 우리 업무의 기본[공개용]정보보호, 우리 업무의 기본
[공개용]정보보호, 우리 업무의 기본hyundai-mnsoft
 
Pcidss qr gv3_1
Pcidss qr gv3_1Pcidss qr gv3_1
Pcidss qr gv3_1leon bonilla
 
Mikrotik os-zaklady
Mikrotik os-zakladyMikrotik os-zaklady
Mikrotik os-zakladyPatrik Majer
 
Cyber Security Needs and Challenges
Cyber Security Needs and ChallengesCyber Security Needs and Challenges
Cyber Security Needs and ChallengesHappiest Minds Technologies
 
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Priyanka Aash
 

Recommandé

Merchant tokenization and EMV® Secure Remote Commerce
Merchant tokenization and EMV® Secure Remote CommerceMerchant tokenization and EMV® Secure Remote Commerce
Merchant tokenization and EMV® Secure Remote CommerceNetcetera
 
Telkom Sigma Software Security System v1
Telkom Sigma Software Security System v1Telkom Sigma Software Security System v1
Telkom Sigma Software Security System v1Directorate of Information Security | Ditjen Aptika
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course contentShivamSharma909
 
[공개용]정보보호, 우리 업무의 기본
[공개용]정보보호, 우리 업무의 기본[공개용]정보보호, 우리 업무의 기본
[공개용]정보보호, 우리 업무의 기본hyundai-mnsoft
 
Pcidss qr gv3_1
Pcidss qr gv3_1Pcidss qr gv3_1
Pcidss qr gv3_1leon bonilla
 
Mikrotik os-zaklady
Mikrotik os-zakladyMikrotik os-zaklady
Mikrotik os-zakladyPatrik Majer
 
Cyber Security Needs and Challenges
Cyber Security Needs and ChallengesCyber Security Needs and Challenges
Cyber Security Needs and ChallengesHappiest Minds Technologies
 
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Priyanka Aash
 
Data privacy impact assessment
Data privacy impact assessmentData privacy impact assessment
Data privacy impact assessmentStephen Owen
 
Compliances for Manufacturing Business
Compliances for Manufacturing BusinessCompliances for Manufacturing Business
Compliances for Manufacturing BusinessLexplosion Solutions
 
Business case for information security program
Business case for information security programBusiness case for information security program
Business case for information security programWilliam Godwin
 
IT Audit methodologies
IT Audit methodologiesIT Audit methodologies
IT Audit methodologiesgenetics
 
Tư vấn và đào tạo ISO 27001:2022 phiên bản mới bởi HQC Consulting
Tư vấn và đào tạo ISO 27001:2022 phiên bản mới bởi HQC ConsultingTư vấn và đào tạo ISO 27001:2022 phiên bản mới bởi HQC Consulting
Tư vấn và đào tạo ISO 27001:2022 phiên bản mới bởi HQC ConsultingNguyễn Đăng Quang
 
Domain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementDomain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementMaganathin Veeraragaloo
 
Managed Security Services from Symantec
Managed Security Services from SymantecManaged Security Services from Symantec
Managed Security Services from SymantecArrow ECS UK
 
Zuora luncheon final
Zuora luncheon finalZuora luncheon final
Zuora luncheon finalMatt McDowell
 
IRJET- Decentralized Kyc System
IRJET- Decentralized Kyc SystemIRJET- Decentralized Kyc System
IRJET- Decentralized Kyc SystemIRJET Journal
 
Ramnath_Resume
Ramnath_ResumeRamnath_Resume
Ramnath_ResumeRamnath Balaraj
 
The Token Platform (Webinar July 6th 2022)
The Token Platform (Webinar July 6th 2022)The Token Platform (Webinar July 6th 2022)
The Token Platform (Webinar July 6th 2022)FIWARE
 
Blockchain and Internet of Things: Why a Perfect Match
Blockchain and Internet of Things: Why a Perfect MatchBlockchain and Internet of Things: Why a Perfect Match
Blockchain and Internet of Things: Why a Perfect MatchFabio Antonelli
 
How Secure is Your API?
How Secure is Your API?How Secure is Your API?
How Secure is Your API?Mary Joy Sabal
 
ICITSI Slide Fix.pptx
ICITSI Slide Fix.pptxICITSI Slide Fix.pptx
ICITSI Slide Fix.pptxSyifaNurgaidaYutia
 
Blockchain private permissioned
Blockchain private permissionedBlockchain private permissioned
Blockchain private permissionedJan Biets [jan_biets@hotmail.com]
 
An Mfi Story
An Mfi StoryAn Mfi Story
An Mfi Storyvincent.biot
 
Blockchain Based Electronic Ballot System
Blockchain Based Electronic Ballot SystemBlockchain Based Electronic Ballot System
Blockchain Based Electronic Ballot SystemIRJET Journal
 
ITILv3 Service Design
ITILv3 Service DesignITILv3 Service Design
ITILv3 Service DesignProcept Associates
 
Vinay_Patange_StanChart_Cannes_2010_Ver2
Vinay_Patange_StanChart_Cannes_2010_Ver2Vinay_Patange_StanChart_Cannes_2010_Ver2
Vinay_Patange_StanChart_Cannes_2010_Ver2Vinay Patange
 
IRJET- Probabilistic Stress Distribution in Thick Cylindrical Pipe using Fini...
IRJET- Probabilistic Stress Distribution in Thick Cylindrical Pipe using Fini...IRJET- Probabilistic Stress Distribution in Thick Cylindrical Pipe using Fini...
IRJET- Probabilistic Stress Distribution in Thick Cylindrical Pipe using Fini...IRJET Journal
 
BizDay: Digital Micro-Lending and Debt Crowd Funding Platform, JVentures
BizDay: Digital Micro-Lending and Debt Crowd Funding Platform, JVenturesBizDay: Digital Micro-Lending and Debt Crowd Funding Platform, JVentures
BizDay: Digital Micro-Lending and Debt Crowd Funding Platform, JVenturesR3
 
Sample Request Order Tracking Functional Requirements Document V1
Sample Request Order Tracking Functional Requirements Document V1Sample Request Order Tracking Functional Requirements Document V1
Sample Request Order Tracking Functional Requirements Document V1Semon Wu
 

Contenu connexe

Tendances

Data privacy impact assessment
Data privacy impact assessmentData privacy impact assessment
Data privacy impact assessmentStephen Owen
 
Compliances for Manufacturing Business
Compliances for Manufacturing BusinessCompliances for Manufacturing Business
Compliances for Manufacturing BusinessLexplosion Solutions
 
Business case for information security program
Business case for information security programBusiness case for information security program
Business case for information security programWilliam Godwin
 
IT Audit methodologies
IT Audit methodologiesIT Audit methodologies
IT Audit methodologiesgenetics
 
Tư vấn và đào tạo ISO 27001:2022 phiên bản mới bởi HQC Consulting
Tư vấn và đào tạo ISO 27001:2022 phiên bản mới bởi HQC ConsultingTư vấn và đào tạo ISO 27001:2022 phiên bản mới bởi HQC Consulting
Tư vấn và đào tạo ISO 27001:2022 phiên bản mới bởi HQC ConsultingNguyễn Đăng Quang
 
Managed Security Services from Symantec
Managed Security Services from SymantecManaged Security Services from Symantec
Managed Security Services from SymantecArrow ECS UK
 

Tendances (7)

Data privacy impact assessment
Data privacy impact assessmentData privacy impact assessment
Data privacy impact assessment
 
Compliances for Manufacturing Business
Compliances for Manufacturing BusinessCompliances for Manufacturing Business
Compliances for Manufacturing Business
 
Business case for information security program
Business case for information security programBusiness case for information security program
Business case for information security program
 
IT Audit methodologies
IT Audit methodologiesIT Audit methodologies
IT Audit methodologies
 
Tư vấn và đào tạo ISO 27001:2022 phiên bản mới bởi HQC Consulting
Tư vấn và đào tạo ISO 27001:2022 phiên bản mới bởi HQC ConsultingTư vấn và đào tạo ISO 27001:2022 phiên bản mới bởi HQC Consulting
Tư vấn và đào tạo ISO 27001:2022 phiên bản mới bởi HQC Consulting
 
Domain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementDomain 1 - Security and Risk Management
Domain 1 - Security and Risk Management
 
Managed Security Services from Symantec
Managed Security Services from SymantecManaged Security Services from Symantec
Managed Security Services from Symantec
 

Similaire à Tokenisation and format preserving encryption,

Zuora luncheon final
Zuora luncheon finalZuora luncheon final
Zuora luncheon finalMatt McDowell
 
IRJET- Decentralized Kyc System
IRJET- Decentralized Kyc SystemIRJET- Decentralized Kyc System
IRJET- Decentralized Kyc SystemIRJET Journal
 
The Token Platform (Webinar July 6th 2022)
The Token Platform (Webinar July 6th 2022)The Token Platform (Webinar July 6th 2022)
The Token Platform (Webinar July 6th 2022)FIWARE
 
Blockchain and Internet of Things: Why a Perfect Match
Blockchain and Internet of Things: Why a Perfect MatchBlockchain and Internet of Things: Why a Perfect Match
Blockchain and Internet of Things: Why a Perfect MatchFabio Antonelli
 
How Secure is Your API?
How Secure is Your API?How Secure is Your API?
How Secure is Your API?Mary Joy Sabal
 
Blockchain Based Electronic Ballot System
Blockchain Based Electronic Ballot SystemBlockchain Based Electronic Ballot System
Blockchain Based Electronic Ballot SystemIRJET Journal
 
Vinay_Patange_StanChart_Cannes_2010_Ver2
Vinay_Patange_StanChart_Cannes_2010_Ver2Vinay_Patange_StanChart_Cannes_2010_Ver2
Vinay_Patange_StanChart_Cannes_2010_Ver2Vinay Patange
 
IRJET- Probabilistic Stress Distribution in Thick Cylindrical Pipe using Fini...
IRJET- Probabilistic Stress Distribution in Thick Cylindrical Pipe using Fini...IRJET- Probabilistic Stress Distribution in Thick Cylindrical Pipe using Fini...
IRJET- Probabilistic Stress Distribution in Thick Cylindrical Pipe using Fini...IRJET Journal
 
BizDay: Digital Micro-Lending and Debt Crowd Funding Platform, JVentures
BizDay: Digital Micro-Lending and Debt Crowd Funding Platform, JVenturesBizDay: Digital Micro-Lending and Debt Crowd Funding Platform, JVentures
BizDay: Digital Micro-Lending and Debt Crowd Funding Platform, JVenturesR3
 
Sample Request Order Tracking Functional Requirements Document V1
Sample Request Order Tracking Functional Requirements Document V1Sample Request Order Tracking Functional Requirements Document V1
Sample Request Order Tracking Functional Requirements Document V1Semon Wu
 
DWS15 - Future networks forum - Virtualisation - Atos -Cedric Carel
DWS15 - Future networks forum - Virtualisation - Atos -Cedric CarelDWS15 - Future networks forum - Virtualisation - Atos -Cedric Carel
DWS15 - Future networks forum - Virtualisation - Atos -Cedric CarelIDATE DigiWorld
 
Secure ip payment networks what's available other than ssl - final
Secure ip payment networks what's available other than ssl - finalSecure ip payment networks what's available other than ssl - final
Secure ip payment networks what's available other than ssl - finalAlex Tan
 
Bank Indonesia Regulation 9/15/2007 IT Risk Management
Bank Indonesia Regulation 9/15/2007 IT Risk ManagementBank Indonesia Regulation 9/15/2007 IT Risk Management
Bank Indonesia Regulation 9/15/2007 IT Risk ManagementAnjar Priandoyo
 
Ruud Teunissen - Personal Test Improvement - Dealing with the Future
Ruud Teunissen - Personal Test Improvement - Dealing with the FutureRuud Teunissen - Personal Test Improvement - Dealing with the Future
Ruud Teunissen - Personal Test Improvement - Dealing with the FutureTEST Huddle
 
Presentation of my paper in the IEEE Symposium on Computer and Communications...
Presentation of my paper in the IEEE Symposium on Computer and Communications...Presentation of my paper in the IEEE Symposium on Computer and Communications...
Presentation of my paper in the IEEE Symposium on Computer and Communications...Dalton Valadares
 

Similaire à Tokenisation and format preserving encryption, (20)

Zuora luncheon final
Zuora luncheon finalZuora luncheon final
Zuora luncheon final
 
IRJET- Decentralized Kyc System
IRJET- Decentralized Kyc SystemIRJET- Decentralized Kyc System
IRJET- Decentralized Kyc System
 
Ramnath_Resume
Ramnath_ResumeRamnath_Resume
Ramnath_Resume
 
The Token Platform (Webinar July 6th 2022)
The Token Platform (Webinar July 6th 2022)The Token Platform (Webinar July 6th 2022)
The Token Platform (Webinar July 6th 2022)
 
Blockchain and Internet of Things: Why a Perfect Match
Blockchain and Internet of Things: Why a Perfect MatchBlockchain and Internet of Things: Why a Perfect Match
Blockchain and Internet of Things: Why a Perfect Match
 
How Secure is Your API?
How Secure is Your API?How Secure is Your API?
How Secure is Your API?
 
ICITSI Slide Fix.pptx
ICITSI Slide Fix.pptxICITSI Slide Fix.pptx
ICITSI Slide Fix.pptx
 
Blockchain private permissioned
Blockchain private permissionedBlockchain private permissioned
Blockchain private permissioned
 
An Mfi Story
An Mfi StoryAn Mfi Story
An Mfi Story
 
Blockchain Based Electronic Ballot System
Blockchain Based Electronic Ballot SystemBlockchain Based Electronic Ballot System
Blockchain Based Electronic Ballot System
 
ITILv3 Service Design
ITILv3 Service DesignITILv3 Service Design
ITILv3 Service Design
 
Vinay_Patange_StanChart_Cannes_2010_Ver2
Vinay_Patange_StanChart_Cannes_2010_Ver2Vinay_Patange_StanChart_Cannes_2010_Ver2
Vinay_Patange_StanChart_Cannes_2010_Ver2
 
IRJET- Probabilistic Stress Distribution in Thick Cylindrical Pipe using Fini...
IRJET- Probabilistic Stress Distribution in Thick Cylindrical Pipe using Fini...IRJET- Probabilistic Stress Distribution in Thick Cylindrical Pipe using Fini...
IRJET- Probabilistic Stress Distribution in Thick Cylindrical Pipe using Fini...
 
BizDay: Digital Micro-Lending and Debt Crowd Funding Platform, JVentures
BizDay: Digital Micro-Lending and Debt Crowd Funding Platform, JVenturesBizDay: Digital Micro-Lending and Debt Crowd Funding Platform, JVentures
BizDay: Digital Micro-Lending and Debt Crowd Funding Platform, JVentures
 
Sample Request Order Tracking Functional Requirements Document V1
Sample Request Order Tracking Functional Requirements Document V1Sample Request Order Tracking Functional Requirements Document V1
Sample Request Order Tracking Functional Requirements Document V1
 
DWS15 - Future networks forum - Virtualisation - Atos -Cedric Carel
DWS15 - Future networks forum - Virtualisation - Atos -Cedric CarelDWS15 - Future networks forum - Virtualisation - Atos -Cedric Carel
DWS15 - Future networks forum - Virtualisation - Atos -Cedric Carel
 
Secure ip payment networks what's available other than ssl - final
Secure ip payment networks what's available other than ssl - finalSecure ip payment networks what's available other than ssl - final
Secure ip payment networks what's available other than ssl - final
 
Bank Indonesia Regulation 9/15/2007 IT Risk Management
Bank Indonesia Regulation 9/15/2007 IT Risk ManagementBank Indonesia Regulation 9/15/2007 IT Risk Management
Bank Indonesia Regulation 9/15/2007 IT Risk Management
 
Ruud Teunissen - Personal Test Improvement - Dealing with the Future
Ruud Teunissen - Personal Test Improvement - Dealing with the FutureRuud Teunissen - Personal Test Improvement - Dealing with the Future
Ruud Teunissen - Personal Test Improvement - Dealing with the Future
 
Presentation of my paper in the IEEE Symposium on Computer and Communications...
Presentation of my paper in the IEEE Symposium on Computer and Communications...Presentation of my paper in the IEEE Symposium on Computer and Communications...
Presentation of my paper in the IEEE Symposium on Computer and Communications...
 

Dernier

CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 

Dernier (20)

CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 

Tokenisation and format preserving encryption,

  • 1. | 08-09-2011 | Cauchie stéphane Carte & Identification 2011 08 Septembre 2011 Transactional services. Powering progress © Confidential 1 Tokenization Format Preserving Encryption A Case study Cartes & Identification 2011
  • 2. | 08-09-2011 | Cauchie stéphane Carte & Identification 2011 Summary 2 What is Tokenization in two words Definition & Functionalities Use cases How does it work ? Random Token System Format Preserving Encryption Conclusion
  • 3. | 08-09-2011 | Cauchie stéphane Carte & Identification 2011 What is tokenization in two words [DEFINITION] ▶ Definition – Tokenization is a process of replacing sensitive data by non sensitive ones (tokens) with respect of the following properties: • Tokens bears enough information to be useful (e.g. The entity manipuling token can accomplish transaction as it was the sensitive data). • Tokens does not compromise security – Tokenization system tries to minimize the integration impact on existing infrastructure ▶ Who offer such service 3
  • 4. | 08-09-2011 | Cauchie stéphane Carte & Identification 2011 What is tokenization in two words [FUNCTIONALITIES] ▶ Function description of a Tokenization system – Conversion (Convert sensitive data into a token and vice versa) – Conversion policy (Format definition, Mode of operation) – Communication Canal : Authentication, Integrity, Confidentiality 4 Tokenization System External System
  • 5. | 08-09-2011 | Cauchie stéphane Carte & Identification 2011 What is tokenization in two words [USE-CASES] ▶ Focusing on payment (but not limited to) – Context : • Sensitive data : PAN,… • PCI compliancy – Use cases • MOTO • Face2Face 5 CardHolder AcquirerIssuer Acceptor
  • 6. | 08-09-2011 | Cauchie stéphane Carte & Identification 2011 What is tokenization in two words [USE-CASES] ▶ Focusing on payment (but not limited to) – Context : • Sensitive data : PAN,… • PCI compliancy – Use cases • MOTO • Proximity payment 6 CardHolder AcquirerIssuer Acceptor E2E-Encryption
  • 7. | 08-09-2011 | Cauchie stéphane Carte & Identification 2011 What is tokenization in two words [USE-CASES] ▶ Focusing on payment (but not limited to) – Context : • Sensitive data : PAN,… • PCI compliancy – Use cases • MOTO • Proximity payment 7 CardHolder AcquirerIssuer Acceptor Secure MOTO
  • 8. | 08-09-2011 | Cauchie stéphane Carte & Identification 2011 What is tokenization in two words [USE-CASES] ▶ Focusing on payment (but not limited to) – Context : • Sensitive data : PAN,… • PCI compliancy – Use cases • MOTO • Proximity payment 8 CardHolder AcquirerIssuer Acceptor Process transaction
  • 9. | 08-09-2011 | Cauchie stéphane Carte & Identification 2011 Summary 9 What is Tokenization in two words Definition & Functionalities Use cases How does it work ? Random Token System Format Preserving Encryption Conclusion
  • 10. | 08-09-2011 | Cauchie stéphane Carte & Identification 2011 Tokenization and Format Preserving Encryption: A Case Study ▶PCI-DSS(Payment Card Industry Data Security Standard) : • Security requirements for entities processing cards data (processing, transmission and storage) ▶Objectives: • Reduce PCI evaluation perimeter • Choose a suitable algorithm that tokenize a PAN ▶Constraints: • The algorithm must be collision free • In a certain mode the algorithm must be “not reversible” • In certain mode the algorithm must not takes secret parameters 10 How does it works ? [Objectives-Constraints]
  • 11. | 08-09-2011 | Cauchie stéphane Carte & Identification 2011 How does it works [RandomToken] ▶ Random Token – Card data are • ciphered (classic algorithms) • stored in a database – System generate an associated token • Format respect • Checks for no Collision 11 Tokenization and Format Preserving Encryption: A Case Study
  • 12. | 08-09-2011 | Cauchie stéphane Carte & Identification 2011 Summary 12 What is Tokenization in two words Definition & Functionalities Use cases How does it work ? Random Token System Format Preserving Encryption Conclusion
  • 13. | 08-09-2011 | Cauchie stéphane Carte & Identification 2011 ▶ FPE : Format Preserving Encryption. ▶ Introduced by Brightwell [BS97] o Encryption scheme with o format preserving property ▶ Format definition is a key point – Follow PCI guidelines : • you have to differentiate a Token from a PAN ▶ NIST is considering 3 FPE algorithms ▶ Applications : • Security Social Number • Credit Card Number 13 How does it works [FPE based tokenization] Tokenization and Format Preserving Encryption: A Case Study First introduction of Format Preserving Encryption [BS97]
  • 14. | 08-09-2011 | Cauchie stéphane Carte & Identification 2011 ▶ NIST is considering 3 FPE algorithms • FFX [FFX10] • BPS [BPS10] • FCEM [FCEM10] 14 How does it works [FPE based tokenization] Tokenization and Format Preserving Encryption: A Case Study FFX BPS FCEM
  • 15. | 08-09-2011 | Cauchie stéphane Carte & Identification 2011 15 ▶ Feistel o Inventé par Horst Feistel . o Round notion o Input are split in 2 o F : cipher function o Secret key K o Key Derivation algorithm o During a round  Ai+1 = Bi  Bi+1 = Ai Fki(Bi) o Example  DES : 16 tours. + How does it works [Cryptographic-Approach] Tokenization and Format Preserving Encryption: A Case Study
  • 16. | 08-09-2011 | Cauchie stéphane Carte & Identification 2011 Feature FFX BPS FCEM Feistel based Yes Yes No #Rounds 12 8 2 Cipher function AES AES/TDES/SHA AES #Function is used 12 8 8 Reversibility Yes Yes Yes Tweak Yes Yes No 16 How does it works [Cryptographic-Approach] Tokenization and Format Preserving Encryption: A Case Study ▶ Cryptographic notions – Tweak Notion : Add variability in cryptographic schemes – Patarin attack : Differentiate ciphertext from random string
  • 17. | 08-09-2011 | Cauchie stéphane Carte & Identification 2011 Feature Random Token FPE Multi Site Difficult Medium Key deployment Medium Hard Format preserving Easy Easy Performance Low Fast Token/Data link No (except in DB) Algorithm 17 Tokenization and Format Preserving Encryption: A Case Study How does it works [Analysis]
  • 18. | 08-09-2011 | Cauchie stéphane Carte & Identification 2011 Summary 18 What is Tokenization in two words Definition & Functionalities Use cases How does it work ? Random Token System Format Preserving Encryption Conclusion
  • 19. | 08-09-2011 | Cauchie stéphane Carte & Identification 2011 Conclusion [VISION] ▶ Which choice ? 19 CardHolder AcquirerIssuer Acceptor Secure MOTO Process transaction FPE RTS E2E-Encryption FPE FPE Tokenization and Format Preserving Encryption: A Case Study
  • 20. | 08-09-2011 | Cauchie stéphane Carte & Identification 2011 ▶ Tokenization in payment context  It allows the reduction of PCI audit perimeter in a payment application  Waiting for NIST approval. ▶ Depending on use case:  Random Tokenization:  In case of internal processing  FPE based Tokenzaton  In case of multi site,  In case of multi-party protocols 20 Tokenization and Format Preserving Encryption: A Case Study Conclusion []
  • 21. | 08-09-2011 | Cauchie stéphane Carte & Identification 2011 Transactional services. Powering progress atos.net Atos, the Atos logo, Atos Consulting, Atos Worldline, Atos Sphere, Atos Cloud and Atos WorldGrid are registered trademarks of Atos SA. August 2011 © 2011 Atos. Confidential information owned by Atos, to be used by the recipient only. This document, or any part of it, may not be reproduced, copied, circulated and/or distributed nor quoted without prior written approval from Atos. © Confidential Questions ? References Title [BS97] Brigthwell, Michael & Smith Using datatype preserving encryption to enhance data warehouse security. 20th National Information Systems Security Conference, NIST, 1997. [FFX10] Bellare M, Rogaway P & Spies T The FFX Mode of Operation for Format preserving Encryption. 2010. [BPS10] Brier E, Peyrin T & Stern J BPS : a format Preserving Encryption Proposal. Ingenico, 2010. [FCEM10] Ulf T Matsson Format preserving Encryption Using Datatype preserving Encryption. 2010. [SEC2] Certicom Research. SEC2 : Recommended Elliptic Curve Domain Parameters. 2000. [BSGS] D. Shanks. Five number-theoretic algorithms. Proceeding of the second Manitoba Conference on Numerical Mathematics. 1975. [RHO] J.M. Pollard. A monte carlo method for factorization. 1978. [CI] Pierrick Gaudry. Algorithmiques des courbes algébriques pour la cryptologie. 2008 [PCI] Scoping SIG, Tokenization Tasforce, PCI Security Standards Council. PIC-DSS. 2011 Tokenization and Format Preserving Encryption: A Case Study
  • 22. | 08-09-2011 | Cauchie stéphane Carte & Identification 2011 22 BPS Survey on FPE Tokenization and Format Preserving Encryption: A Case Study
  • 23. | 08-09-2011 | Cauchie stéphane Carte & Identification 2011 23 ▶ BPS : ▶ Autor: Brier E, Peyrin T & Stern J. ▶ Published in 2010. ▶ BPS : "a Format Preserving Encryption Proposal ". ▶ Features: • 8 round. • Tweak of 64 bits split in 2 sub tweak o TL et TR • F : AES or one way function. • K : secret key • reversible. • Patarin resistant. Survey on FPE Tokenization and Format Preserving Encryption: A Case Study
  • 24. | 08-09-2011 | Cauchie stéphane Carte & Identification 2011 ▶   24 Survey on FPE Tokenization and Format Preserving Encryption: A Case Study
  • 25. | 08-09-2011 | Cauchie stéphane Carte & Identification 2011 25 FFX Survey on FPE Tokenization and Format Preserving Encryption: A Case Study
  • 26. | 08-09-2011 | Cauchie stéphane Carte & Identification 2011 ▶ FFX : ▶ Autors : Bellare M, Rogaway P & Spies T. ▶ Published in 2009 and 2010. ▶ FFX : "Format Preserving Feistel-based Encryption" ▶ Features: • 12 round, • 64 bits tweak, • FK : AES-128 or one-way function • K : secret key • reversible 26 Survey on FPE Tokenization and Format Preserving Encryption: A Case Study
  • 27. | 08-09-2011 | Cauchie stéphane Carte & Identification 2011 27 27 FCEM Survey on FPE Tokenization and Format Preserving Encryption: A Case Study
  • 28. | 08-09-2011 | Cauchie stéphane Carte & Identification 2011 28 ▶ Autor :Ulf T Matsson. ▶ Published in 2009. ▶ FCEM : "Format Controlling Encryption Mode". ▶ Features: • 8 steps o Index Value Data o Encryption of Left o Encryption of Right o Scrambled o Rippled Left to Right o Rippled Right to Left o Encryption and Update o The last transformation • F : AES-128 • K : secret key • reversible Survey on FPE Tokenization and Format Preserving Encryption: A Case Study
  • 29. | 08-09-2011 | Cauchie stéphane Carte & Identification 2011 ▶ Index Value data : • Rewriting input as hexa values. • Example: o X : 1122334455667788 o Index Value data : 01010202030304040505060607070808 ▶ Encryption of Left : • left part encryption • Example : o Index Value data : 01010202030304040505060607070808 o Sortie de FK: 00C01F49D0C2C050188D8FDFADCDF846 o RightUpdate : 0507070905010008 ▶ Encryption of Right : • Same idea • We get LeftUpdate : 0101080503060303 29 Survey on FPE Tokenization and Format Preserving Encryption: A Case Study
  • 30. | 08-09-2011 | Cauchie stéphane Carte & Identification 2011 30 ▶ Scrambled : • Concat LeftUpdate and RightUpdate . • Example: o CipherScrambled : 01010805030603030507070905010008 ▶ RippledLeftToRight : • Scrambled modifying by : o CipherScrambled : 01010805030603030507070905010008 o 01 ⊕ 01 = (0 × 16) + 1 + (0 × 16) + 1 = 02 ≡ 02 (mod10). o RippledLeftToRight = 0102 o RippledLeftToRight = 01020005080407000503090803040402 ▶ RippledRightToLeft : • Same idea • RippledLeftToRight = 04030101060804070702000103000602 Survey on FPE Tokenization and Format Preserving Encryption: A Case Study
  • 31. | 08-09-2011 | Cauchie stéphane Carte & Identification 2011 31 31 ▶ Encryption and Modular Sum : • RippledLeftToRight : 04030101060804070702000103000602 Survey on FPE Tokenization and Format Preserving Encryption: A Case Study