Beruflich Dokumente
Kultur Dokumente
Conclusion
| 08-09-2011 | Cauchie stphane
2
Carte & Identification 2011
What is tokenization in two words [DEFINITION]
Definition
Tokenization is a process of replacing sensitive data by non sensitive ones
(tokens) with respect of the following properties:
Tokens bears enough information to be useful (e.g. The entity manipuling
token can accomplish transaction as it was the sensitive data).
Tokens does not compromise security
Tokenization system tries to minimize the integration impact on existing
infrastructure
Who offer such service
External Tokenization
System System
CardHolder Acceptor
E2E-Encryption
CardHolder Acceptor
Secure MOTO
CardHolder Acceptor
CardHolder Acceptor
Conclusion
| 08-09-2011 | Cauchie stphane
9
Carte & Identification 2011
Tokenization and Format Preserving Encryption: A Case Study
Constraints:
The algorithm must be collision free
In a certain mode the algorithm must be not reversible
In certain mode the algorithm must not takes secret parameters
Random Token
Card data are
ciphered (classic algorithms)
stored in a database
System generate an associated token
Format respect
Checks for no Collision
Conclusion
| 08-09-2011 | Cauchie stphane
12
Carte & Identification 2011
Tokenization and Format Preserving Encryption: A Case Study
Applications :
Security Social Number
Credit Card Number
PS EM
F X B F C
F
Feistel
o Invent par Horst Feistel .
o Round notion
o Input are split in 2
o F : cipher function
o Secret key K
o Key Derivation algorithm
o During a round
Ai+1 = Bi
Bi+1 = Ai Fki(Bi)
+
o Example
DES : 16 tours.
Cryptographic notions
Tweak Notion : Add variability in cryptographic schemes
Patarin attack : Differentiate ciphertext from random string
Conclusion
| 08-09-2011 | Cauchie stphane
18
Carte & Identification 2011
Tokenization and Format Preserving Encryption: A Case Study
Conclusion [VISION]
Which choice ?
RTS
Process
Issuer transaction Acquirer
Secure MOTO
FPE
E2E-Encryption
FPE FPE
CardHolder Acceptor
Conclusion []
Questions ?
References Title
[BS97] Brigthwell, Michael & Smith
Using datatype preserving encryption to enhance data warehouse security.
20th National Information Systems Security Conference, NIST, 1997.
[FFX10] Bellare M, Rogaway P & Spies T
The FFX Mode of Operation for Format preserving Encryption. 2010.
[BPS10] Brier E, Peyrin T & Stern J
BPS : a format Preserving Encryption Proposal. Ingenico, 2010.
[FCEM10] Ulf T Matsson
Format preserving Encryption Using Datatype preserving Encryption. 2010.
[SEC2] Certicom Research. SEC2: Recommended Elliptic Curve Domain Parameters. 2000.
[BSGS] D. Shanks. Five number-theoretic algorithms. Proceeding of the second Manitoba
Conference on Numerical Mathematics. 1975.
[RHO] J.M. Pollard. A monte carlo method for factorization. 1978.
[CI] Pierrick Gaudry. Algorithmiques des courbes algbriques pour la cryptologie. 2008
atos.net
[PCI] Scoping SIG, Tokenization Tasforce, PCI Security Standards Council. PIC-DSS. 2011
Atos, the Atos logo, Atos Consulting, Atos Worldline, Atos Sphere, Atos Cloud and Atos WorldGrid
are registered trademarks of Atos SA. August 2011
2011 Atos. Confidential information owned by Atos, to be used by the recipient only. This document, or any part of it,
may not be reproduced, copied, circulated and/or distributed nor quoted without prior written approval from Atos.
Survey on FPE
BPS
Survey on FPE
BPS :
Published in 2010.
Features:
8 round.
Tweak of 64 bits split in 2 sub tweak
o TL et TR
F : AES or one way function.
K : secret key
reversible.
Patarin resistant.
Survey on FPE
Survey on FPE
FFX
Survey on FPE
FFX :
Features:
12 round,
64 bits tweak,
FK : AES-128 or one-way function
K : secret key
reversible
Survey on FPE
FCEM
Survey on FPE
Published in 2009.
Features:
8 steps
o Index Value Data
o Encryption of Left
o Encryption of Right
o Scrambled
o Rippled Left to Right
o Rippled Right to Left
o Encryption and Update
o The last transformation
F : AES-128
K : secret key
reversible
Survey on FPE
Encryption of Left :
left part encryption
Example :
o Index Value data : 01010202030304040505060607070808
o Sortie de FK: 00C01F49D0C2C050188D8FDFADCDF846
o RightUpdate : 0507070905010008
Encryption of Right :
Same idea
We get LeftUpdate : 0101080503060303
Survey on FPE
Scrambled :
Concat LeftUpdate and RightUpdate .
Example:
o CipherScrambled : 01010805030603030507070905010008
RippledLeftToRight :
Scrambled modifying by :
o CipherScrambled : 01010805030603030507070905010008
o 01 01 = (0 16) + 1 + (0 16) + 1 = 02 02 (mod10).
o RippledLeftToRight = 0102
o RippledLeftToRight = 01020005080407000503090803040402
RippledRightToLeft :
Same idea
RippledLeftToRight = 04030101060804070702000103000602
Survey on FPE