2016 mindthesec Format-Preserving Encryption

•Download as PPTX, PDF•

1 like•205 views

Se você está procurando uma solução para fazer a segurança dos dados, o Format Preserve Encryption (FPE) sem dúvida pode ajudar. Nesta palestra abordaremos este conjunto de técnicas de codificação de dados onde o texto cifrado terá o mesmo formato que o texto simples. Este novo padrão de segurança da informação publicado pelo NIST não só irá apoiar métodos de criptografia que são utilizados para proteger seu número de cartão, mas também manter outras informações altamente sensíveis protegidas também.

Technology

Format Preserving Encryption
Bruno Motta Rego

Real World
real ecosystems, data everywhere

3
real ecosystems
In 93% of cases, it took attackers minutes or less to compromise systems; [1]
95% of web app attacks where criminals stole data were financially motivated; [1]
The median traffic of a DoS attack is 1.89 million packets per second; [1]
39% of crimeware incidents in 2015 involved ransomware. [1]

4
data everywhere
Vendor as a vector; [1]
More than 90% breaches had a compromise time of “days or less”; [1]
63% of confirmed data breaches involved weak, default or stolen passwords; [1]
70% of breaches involving insider misuse took months or years to discover; [1]

5
challenges
People;
Vulnerability & Patch management;
Vendor management;
Legacy systems;

7
NIST 800-38G
Approved methods for FPE; [3]
FF1 is FFX[Radix] "Feistel-based”
FF3 is BPS
Shared-key; [3]
Deterministic encryption; [3]

8
trade offs
Whole database encryption; [2] • Encrypt data within DB – slows all apps down
• Separate solution for each database vendor
• No separation of duties – DBA can decrypt
• No security of data within applications and networks
Database column encryption; [2] • Encrypt data via trigger and stored procedure
• Require schema changes
• No data masking support or separation of duties
Native or traditional application-level encryption; [2] • Encrypt data itself, throughout lifecycle
• Requires DB schema/app format changes
• Heavy implementation cost
Weak, breakable encryption; [2] • E.g., stream ciphers, alphabetic substitution
• Not secure – easily reversible by attacker
• Key management challenges

9
trade offs
Shuffling; [2] • Shuffle existing data rows so data doesn’t match up
• Breaks referential integrity
• Can still leak data
Data tables and rules; [2] • Consistently map original data to fake data
• Allows for referential integrity, reversibility
• Security risks due to use of look-up tables

13
others
Customer Services;
Anti-Fraud;
Risk Intelligence;

OBRIGADO!
Bruno Motta Rego
https://twitter.com/brunomottarego

15
references
[1] 2016 Data Breach Investigation Report (DBIR 2016). Verizon, Apr 2016.
[2] Streamlining Information Protection Through a Data-centric Security Approach.
[3] NIST SP 800-38G - Recommendation for Block Cipher Modes of Operation:
Methods for Format-Preserving Encryption
[4] Ciphers with Arbitrary Finite Domains.

What's hot

Presentation at Pulse 2014 as part of the session, "Enhance Your Identity and Access Management Solution with Integrations from Key IBM Technology Partners" Speaker: Russell Tait, Prolifics Join a panel of IBM technology partners to learn about new and exciting Identity and Access Management (IAM) integrations that have been validated through the Ready for IBM Security Intelligence program. In this slide deck, IBM technology partner, Prolifics, discusses how their integrations with key areas of the IBM Security portfolio increase solution value for customers. The panel discussion will cover strong authentication, mobile, cloud, and security intelligence use cases.

Identity intelligence: Threat-aware Identity and Access Management

Prolifics

Next-Generation SIEM: Delivered from the Cloud

Alert Logic

It pp hybrid attribute- and re-encryption-based key management for secure and...

Papitha Velumani

Distributed Ledger PKI Risk Management Framework, Rob Campbell

Napier University

Regulatory bodies and consumers demand that personal data be secured against unauthorized access. Personal data protection is, in fact, required by government and industry regulations such as PCI, HIPAA, GDPR, FISMA and more. With all the options available for securing IBM i data at rest, how do you know which will best suit your needs? View this webinar on-demand to learn the basics about data encryption, tokenization and anonymization and when each should be used. Topics include: • Differences between encryption, tokenization and anonymization • Pros and cons for each form of data protection • Tips for using the various protection methods • How Syncsort can help

Security 101: Protecting Data with Encryption, Tokenization & Anonymization

Precisely

Siem Overview 2009

johndyson1

La mayor parte de las brechas de datos son debidas al uso indebido de credenciales privilegiadas. Los invitamos a conocer el enfoque de CyberArk, en esta presentación de Carolina Bozza. Carolina será una de los presentadores en nuestro evento "EL ATAQUE INTERNO", el próximo 6 de mayo. El link de inscripción es: https://eventioz.com.ar/e/el-ataque-interno?utm_source=eventioz&utm_medium=emailtrans&utm_campaign=ez_invite_recipient&utm_content=button_cta&source=orevem Los esperamos!!

"EL ATAQUE INTERNO"

Jose Luis Balbiano

Hybrid attribute and re-encryption-based key management for secure and scala...

Papitha Velumani

Hybrid attribute and re-encryption-based key management for secure and scala...

Papitha Velumani

Microset Security Presentation

alpereira

The presentation explains about Data Security as an industrial concept. It addresses its concern on Data Loss Prevention in detail, from what it is, its approach, the best practices and common mistakes people make for the same. The presentation concludes with highlighting Happiest Minds' expertise in the domain. Learn more about Happiest Minds Data Security Service Offerings http://www.happiestminds.com/IT-security-services/data-security-services/

Data Security Explained

Happiest Minds Technologies

A Zero Trust network abolishes the quaint idea of a “trusted” internal network demarcated by a corporate perimeter. Instead it advocates microperimeters of control and visibility around the enterprise’s most sensitive data assets and the ways in which the enterprise uses its data to achieve its business objectives. In this webinar, guest speaker John Kindervag, Vice President and Principal Analyst at Forrester Research, and Nimmy Reichenberg, VP of Strategy at AlgoSec will explain why a Zero Trust network should be the foundation of your security strategy, and present best practices to help companies achieve a Zero Trust state. The webinar will cover: • What is a Zero Trust network, and why it should be a core component of your threat detection and response strategy • Turning theory into practice: Five steps to achieve Zero Trust information security • How security policy management can help you define and enforce a Zero Trust network

5 Steps to a Zero Trust Network - From Theory to Practice

AlgoSec

Unit4

Integral university, India

Cas 4

Byju Antony

SIEM

vikasraina

Advanced Data Center Security

manoharparakh

GitHub: Secure Software Development for Financial Services

Debbie A. Everson

SORT OUT YOUR SIEM

SecureData Europe

Siem solutions R&E

Owais Ahmad

Cybersecurity Summit AHR20 Recover Tridium

Cimetrics Inc

What's hot (20)

Identity intelligence: Threat-aware Identity and Access Management

Next-Generation SIEM: Delivered from the Cloud

It pp hybrid attribute- and re-encryption-based key management for secure and...

Distributed Ledger PKI Risk Management Framework, Rob Campbell

Security 101: Protecting Data with Encryption, Tokenization & Anonymization

Siem Overview 2009

"EL ATAQUE INTERNO"

Hybrid attribute and re-encryption-based key management for secure and scala...

Microset Security Presentation

Data Security Explained

5 Steps to a Zero Trust Network - From Theory to Practice

Unit4

Cas 4

SIEM

Advanced Data Center Security

GitHub: Secure Software Development for Financial Services

SORT OUT YOUR SIEM

Siem solutions R&E

Cybersecurity Summit AHR20 Recover Tridium

Similar to 2016 mindthesec Format-Preserving Encryption

IRJET- Attribute based Access Control for Cloud Data Storage

IRJET Journal

Kripta Key Product Key Management System.pdf

langkahgontay88

1784 1788

Editor IJARCET

1784 1788

Editor IJARCET

IRJET- Security Concern: Analysis of Cloud Security Mechanism

IRJET Journal

Cloud has many advantages over the traditional on-premise infrastructure; however, this does bring many new concerns around issues of system security, communication security, data security, privacy, latency and availability. When designing and developing Cloud SaaS application, these security issues need to be addressed in order to ensure regulatory compliance, security and trusted environment in AWS and Azure. The presentation provides real-world cloud security scenarios (problem statements) and proposed solutions for each security design pattern. Also covers the different security aspects of system including, data security to privacy and GDPR related problems.

Guide to security patterns for cloud systems and data security in aws and azure

Abdul Khan

Cloud Cmputing Security

Devyani Vaidya

Cloud security risks

Revital Lapidot

Cloud security risks

Revital Lapidot

Lecture Cloud Security.pptx

ShimoFcis

Cloud Computing Security is imperative for the smooth operation of businesses today. According to the latest statistics revealed by International Data Group, almost 70 percent of the businesses today resort to Cloud Computing for handling their crucial business data and manage their business processes. Today, vulnerabilities like data security and network security issues lead to grave business losses if not managed correctly through timely intervention. This is where cloud computing security plays an important role in safeguarding the business information and mitigating the major security risks like cyber-attacks, DDoS attacks, and other enterprise bugs.

The ultimate guide to cloud computing security-Hire cloud expert

Chapter247 Infotech

Where to Store the Cloud Encryption Keys - InterOp 2012

Trend Micro

Cloud Security in cloud computing 1.pptx

RahulBhole12

cloud

Vinayak Wadhwa

As the prevalence of cyber threats and attacks continues to escalate, Tally on cloud incorporates several security measures such as data backup, role-based access control, anti-virus and anti-malware protection, multi-factor authentication, security updates, and encrypted data transfer. These security features effectively shield businesses' sensitive data from cyber intrusions and attacks Don't let cyber threats compromise your data! Click now to discover how Tally on cloud's security measures can keep your business safe and secure in the cloud.

Understanding Security Features of Tally on Cloud

Antraweb Technologies

Cloud computing is becoming prominent trend which offers the number of significant advantages. One of the ground laying advantage of the cloud computing is the pay-as-per-use, where according to the use of the services, the customer has to pay. At present, user’s storage availability improves the data generation. There is requiring farming out such large amount of data. There is indefinite large number of Cloud Service Providers (CSP). The Cloud Service Providers is increasing trend for many number of organizations and as well as for the customers that decreases the burden of the maintenance and local data storage. In cloud computing transferring data to the third party administrator control will give rise to security concerns. Within the cloud, compromisation of data may occur due to attacks by the unauthorized users and nodes. So, in order to protect the data in cloud the higher security measures are required and also to provide security for the optimization of the data retrieval time. The proposed system will approach the issues of security and performance. Initially in the DROPS methodology, the division of the files into fragments is done and replication of those fragmented data over the cloud node is performed. Single fragment of particular file can be stored on each of the nodes which ensure that no meaningful information is shown to an attacker on a successful attack. The separation of the nodes is done by T-Coloring in order to prohibit an attacker to guess the fragment’s location. The complete data security is ensured by DROPS methodology

Fragmentation of Data in Large-Scale System For Ideal Performance and Security

Editor IJCATR

The Top Cloud Security Issues

HTS Hosting

the_role_of_resilience_data_in_ensuring_cloud_security.pptx

sarah david

UTM Unified Threat Management

Lokesh Sharma

Dstca

ajay vj

Similar to 2016 mindthesec Format-Preserving Encryption (20)

IRJET- Attribute based Access Control for Cloud Data Storage

Kripta Key Product Key Management System.pdf

1784 1788

IRJET- Security Concern: Analysis of Cloud Security Mechanism

Guide to security patterns for cloud systems and data security in aws and azure

Cloud Cmputing Security

Cloud security risks

Lecture Cloud Security.pptx

The ultimate guide to cloud computing security-Hire cloud expert

Where to Store the Cloud Encryption Keys - InterOp 2012

Cloud Security in cloud computing 1.pptx

cloud

Understanding Security Features of Tally on Cloud

Fragmentation of Data in Large-Scale System For Ideal Performance and Security

The Top Cloud Security Issues

the_role_of_resilience_data_in_ensuring_cloud_security.pptx

UTM Unified Threat Management

Dstca

Recently uploaded

Strategies for Landing an Oracle DBA Job as a Fresher

Remote DBA Services

The value of a flexible API Management solution for Open Banking Steve Melan, Manager for IT Innovation and Architecture - State's and Saving's Bank of Luxembourg Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The value of a flexible API Management solution for O...

apidays

Scalable LLM APIs for AI and Generative AI Application Development Ettikan Karuppiah, Director/Technologist - NVIDIA Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...

apidays

In the thrilling conclusion to 2023, ransomware groups had a banner year, really outdoing themselves in the "make everyone's life miserable" department. LockBit 3.0 took gold in the hacking olympics, followed by the plucky upstarts Clop and ALPHV/BlackCat. Apparently, 48% of organizations were feeling left out and decided to get in on the cyber attack action. Business services won the "most likely to get digitally mugged" award, with education and retail nipping at their heels. Hackers expanded their repertoire beyond boring old encryption to the much more exciting world of extortion. The US, UK and Canada took top honors in the "countries most likely to pay up" category. Bitcoins were the currency of choice for discerning hackers, because who doesn't love untraceable money?

Ransomware_Q4_2023. The report. [EN].pdf

Overkill Security

Following the popularity of "Cloud Revolution: Exploring the New Wave of Serverless Spatial Data," we're thrilled to announce this much-anticipated encore webinar. In this sequel, we'll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you're building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Safe Software

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Edi Saputra

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

ICT role in 21st century education and its challenges

rafiqahmad00786416

This presentations targets students or working professionals. You may know Google for search, YouTube, Android, Chrome, and Gmail, but did you know Google has many developer tools, platforms & APIs? This comprehensive yet still high-level overview outlines the most impactful tools for where to run your code, store & analyze your data. It will also inspire you as to what's possible. This talk is 50 minutes in length.

Powerful Google developer tools for immediate impact! (2023-24 C)

wesley chun

Automating Google Workspace (GWS) & more with Apps Script

wesley chun

A Beginners Guide to Building a RAG App Using Open Source Milvus

Zilliz

Boost Fertility New Invention Ups Success Rates.pdf

sudhanshuwaghmare1

GenAI Risks & Security Meetup 01052024.pdf

lior mazor

💉💊+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHABI}}+971581248768 +971581248768 Mtp-Kit (500MG) Prices » Dubai [(+971581248768**)] Abortion Pills For Sale In Dubai, UAE, Mifepristone and Misoprostol Tablets Available In Dubai, UAE CONTACT DR.Maya Whatsapp +971581248768 We Have Abortion Pills / Cytotec Tablets /Mifegest Kit Available in Dubai, Sharjah, Abudhabi, Ajman, Alain, Fujairah, Ras Al Khaimah, Umm Al Quwain, UAE, Buy cytotec in Dubai +971581248768''''Abortion Pills near me DUBAI | ABU DHABI|UAE. Price of Misoprostol, Cytotec” +971581248768' Dr.DEEM ''BUY ABORTION PILLS MIFEGEST KIT, MISOPROTONE, CYTOTEC PILLS IN DUBAI, ABU DHABI,UAE'' Contact me now via What's App…… abortion Pills Cytotec also available Oman Qatar Doha Saudi Arabia Bahrain Above all, Cytotec Abortion Pills are Available In Dubai / UAE, you will be very happy to do abortion in Dubai we are providing cytotec 200mg abortion pill in Dubai, UAE. Medication abortion offers an alternative to Surgical Abortion for women in the early weeks of pregnancy. We only offer abortion pills from 1 week-6 Months. We then advise you to use surgery if its beyond 6 months. Our Abu Dhabi, Ajman, Al Ain, Dubai, Fujairah, Ras Al Khaimah (RAK), Sharjah, Umm Al Quwain (UAQ) United Arab Emirates Abortion Clinic provides the safest and most advanced techniques for providing non-surgical, medical and surgical abortion methods for early through late second trimester, including the Abortion By Pill Procedure (RU 486, Mifeprex, Mifepristone, early options French Abortion Pill), Tamoxifen, Methotrexate and Cytotec (Misoprostol). The Abu Dhabi, United Arab Emirates Abortion Clinic performs Same Day Abortion Procedure using medications that are taken on the first day of the office visit and will cause the abortion to occur generally within 4 to 6 hours (as early as 30 minutes) for patients who are 3 to 12 weeks pregnant. When Mifepristone and Misoprostol are used, 50% of patients complete in 4 to 6 hours; 75% to 80% in 12 hours; and 90% in 24 hours. We use a regimen that allows for completion without the need for surgery 99% of the time. All advanced second trimester and late term pregnancies at our Tampa clinic (17 to 24 weeks or greater) can be completed within 24 hours or less 99% of the time without the need surgery. The procedure is completed with minimal to no complications. Our Women's Health Center located in Abu Dhabi, United Arab Emirates, uses the latest medications for medical abortions (RU-486, Mifeprex, Mifegyne, Mifepristone, early options French abortion pill), Methotrexate and Cytotec (Misoprostol). The safety standards of our Abu Dhabi, United Arab Emirates Abortion Doctors remain unparalleled. They consistently maintain the lowest complication rates throughout the nation. Our Physicians and staff are always available to answer questions and care for women in one of the most difficult times in their lives. The decision to have an abortion at the Abortion Cl

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@

AXA XL - Insurer Innovation Award Americas 2024

The Digital Insurer

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

MySQL Webinar, presented on the 25th of April, 2024. Summary: MySQL solutions enable the deployment of diverse Database Architectures tailored to specific needs, including High Availability, Disaster Recovery, and Read Scale-Out. With MySQL Shell's AdminAPI, administrators can seamlessly set up, manage, and monitor these solutions, ensuring efficiency and ease of use in their administration. MySQL Router, on the other hand, provides transparent routing from the application traffic to the backend servers in the architectures, requiring minimal configuration. Completely built in-house and supported by Oracle, these solutions have been adopted by enterprises of all sizes for their business-critical applications. In this presentation, we'll delve into various database architecture solutions to help you choose the right one based on your business requirements. Focusing on technical details and the latest features to maximize the potential of these solutions.

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Miguel Araújo

presentation ICT roal in 21st century education

jfdjdjcjdnsjd

Abhishek Deb(1), Mr Abdul Kalam(2) M. Des (UX) , School of Design, DIT University , Dehradun. This paper explores the future potential of AI-enabled smartphone processors, aiming to investigate the advancements, capabilities, and implications of integrating artificial intelligence (AI) into smartphone technology. The research study goals consist of evaluating the development of AI in mobile phone processors, analyzing the existing state as well as abilities of AI-enabled cpus determining future patterns as well as chances together with reviewing obstacles as well as factors to consider for more growth.

Exploring the Future Potential of AI-Enabled Smartphone Processors

debabhi2

Recently uploaded (20)

Strategies for Landing an Oracle DBA Job as a Fresher

Apidays New York 2024 - The value of a flexible API Management solution for O...

Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...

Ransomware_Q4_2023. The report. [EN].pdf

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

How to Troubleshoot Apps for the Modern Connected Worker

ICT role in 21st century education and its challenges

Powerful Google developer tools for immediate impact! (2023-24 C)

Automating Google Workspace (GWS) & more with Apps Script

A Beginners Guide to Building a RAG App Using Open Source Milvus

Boost Fertility New Invention Ups Success Rates.pdf

GenAI Risks & Security Meetup 01052024.pdf

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

AXA XL - Insurer Innovation Award Americas 2024

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

presentation ICT roal in 21st century education

Exploring the Future Potential of AI-Enabled Smartphone Processors

2016 mindthesec Format-Preserving Encryption

1. Format Preserving Encryption Bruno Motta Rego

2. Real World real ecosystems, data everywhere

3. 3 real ecosystems In 93% of cases, it took attackers minutes or less to compromise systems; [1] 95% of web app attacks where criminals stole data were financially motivated; [1] The median traffic of a DoS attack is 1.89 million packets per second; [1] 39% of crimeware incidents in 2015 involved ransomware. [1]

4. 4 data everywhere Vendor as a vector; [1] More than 90% breaches had a compromise time of “days or less”; [1] 63% of confirmed data breaches involved weak, default or stolen passwords; [1] 70% of breaches involving insider misuse took months or years to discover; [1]

5. 5 challenges People; Vulnerability & Patch management; Vendor management; Legacy systems;

6. FPE format-preserving encryption

7. 7 NIST 800-38G Approved methods for FPE; [3] FF1 is FFX[Radix] "Feistel-based” FF3 is BPS Shared-key; [3] Deterministic encryption; [3]

8. 8 trade offs Whole database encryption; [2] • Encrypt data within DB – slows all apps down • Separate solution for each database vendor • No separation of duties – DBA can decrypt • No security of data within applications and networks Database column encryption; [2] • Encrypt data via trigger and stored procedure • Require schema changes • No data masking support or separation of duties Native or traditional application-level encryption; [2] • Encrypt data itself, throughout lifecycle • Requires DB schema/app format changes • Heavy implementation cost Weak, breakable encryption; [2] • E.g., stream ciphers, alphabetic substitution • Not secure – easily reversible by attacker • Key management challenges

9. 9 trade offs Shuffling; [2] • Shuffle existing data rows so data doesn’t match up • Breaks referential integrity • Can still leak data Data tables and rules; [2] • Consistently map original data to fake data • Allows for referential integrity, reversibility • Security risks due to use of look-up tables

10. 10 choices Guessing attacks;

11. Use Case

12. 12 credit card number

13. 13 others Customer Services; Anti-Fraud; Risk Intelligence;

14. OBRIGADO! Bruno Motta Rego https://twitter.com/brunomottarego

15. 15 references [1] 2016 Data Breach Investigation Report (DBIR 2016). Verizon, Apr 2016. [2] Streamlining Information Protection Through a Data-centric Security Approach. [3] NIST SP 800-38G - Recommendation for Block Cipher Modes of Operation: Methods for Format-Preserving Encryption [4] Ciphers with Arbitrary Finite Domains.

2016 mindthesec Format-Preserving Encryption

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to 2016 mindthesec Format-Preserving Encryption

Similar to 2016 mindthesec Format-Preserving Encryption (20)

Recently uploaded

Recently uploaded (20)

2016 mindthesec Format-Preserving Encryption