Upload
atosworldline
View
3.008
Download
2
Tags:
Embed Size (px)
DESCRIPTION
Case study :Tokenisation and format preserving encryption, presented at Cartes & IDentification 2011 by Stéphane Cauchie
Citation preview
| 08-09-2011 | Cauchie stéphaneCarte & Identification 2011
08 Septembre 2011
Transactional services. Powering progress © Confidential1
TokenizationFormat Preserving EncryptionA Case studyCartes & Identification 2011
| 08-09-2011 | Cauchie stéphaneCarte & Identification 2011
Summary
2
What is Tokenization in two words
Definition & FunctionalitiesUse cases
How does it work ?Random Token SystemFormat Preserving Encryption
Conclusion
| 08-09-2011 | Cauchie stéphaneCarte & Identification 2011
What is tokenization in two words [DEFINITION]
▶ Definition– Tokenization is a process of replacing sensitive data by non sensitive ones
(tokens) with respect of the following properties:• Tokens bears enough information to be useful (e.g. The entity manipuling
token can accomplish transaction as it was the sensitive data).• Tokens does not compromise security
– Tokenization system tries to minimize the integration impact on existing infrastructure
▶ Who offer such service
3
| 08-09-2011 | Cauchie stéphaneCarte & Identification 2011
What is tokenization in two words [FUNCTIONALITIES]
▶ Function description of a Tokenization system– Conversion (Convert sensitive data into a token and vice versa)– Conversion policy (Format definition, Mode of operation)– Communication Canal : Authentication, Integrity, Confidentiality
4
TokenizationSystem
ExternalSystem
| 08-09-2011 | Cauchie stéphaneCarte & Identification 2011
What is tokenization in two words [USE-CASES]
▶ Focusing on payment (but not limited to)– Context :• Sensitive data : PAN,…• PCI compliancy
– Use cases• MOTO• Face2Face
5
CardHolder
AcquirerIssuer
Acceptor
| 08-09-2011 | Cauchie stéphaneCarte & Identification 2011
What is tokenization in two words [USE-CASES]
▶ Focusing on payment (but not limited to)– Context :• Sensitive data : PAN,…• PCI compliancy
– Use cases• MOTO• Proximity payment
6
CardHolder
AcquirerIssuer
Acceptor
E2E-Encryption
| 08-09-2011 | Cauchie stéphaneCarte & Identification 2011
What is tokenization in two words [USE-CASES]
▶ Focusing on payment (but not limited to)– Context :• Sensitive data : PAN,…• PCI compliancy
– Use cases• MOTO• Proximity payment
7
CardHolder
AcquirerIssuer
Acceptor
Secure MOTO
| 08-09-2011 | Cauchie stéphaneCarte & Identification 2011
What is tokenization in two words [USE-CASES]
▶ Focusing on payment (but not limited to)– Context :• Sensitive data : PAN,…• PCI compliancy
– Use cases• MOTO• Proximity payment
8
CardHolder
AcquirerIssuer
Acceptor
Process transaction
| 08-09-2011 | Cauchie stéphaneCarte & Identification 2011
Summary
9
What is Tokenization in two words
Definition & FunctionalitiesUse cases
How does it work ?Random Token SystemFormat Preserving Encryption
Conclusion
| 08-09-2011 | Cauchie stéphaneCarte & Identification 2011
Tokenization and Format Preserving Encryption: A Case Study
▶PCI-DSS(Payment Card Industry Data Security Standard) : • Security requirements for entities processing cards data
(processing, transmission and storage)▶Objectives: • Reduce PCI evaluation perimeter• Choose a suitable algorithm that tokenize a PAN
▶Constraints:• The algorithm must be collision free• In a certain mode the algorithm must be “not reversible”• In certain mode the algorithm must not takes secret parameters
10
How does it works ? [Objectives-Constraints]
| 08-09-2011 | Cauchie stéphaneCarte & Identification 2011
How does it works [RandomToken]
▶ Random Token– Card data are • ciphered (classic algorithms)• stored in a database
– System generate an associated token• Format respect• Checks for no Collision
11
Tokenization and Format Preserving Encryption: A Case Study
| 08-09-2011 | Cauchie stéphaneCarte & Identification 2011
Summary
12
What is Tokenization in two words
Definition & FunctionalitiesUse cases
How does it work ?Random Token SystemFormat Preserving Encryption
Conclusion
| 08-09-2011 | Cauchie stéphaneCarte & Identification 2011
▶ FPE : Format Preserving Encryption.
▶ Introduced by Brightwell [BS97]o Encryption scheme with
o format preserving property▶ Format definition is a key point– Follow PCI guidelines : • you have to differentiate a Token from a PAN
▶ NIST is considering 3 FPE algorithms
▶ Applications :• Security Social Number• Credit Card Number
13
How does it works [FPE based tokenization]
Tokenization and Format Preserving Encryption: A Case Study
First introduction of Format Preserving
Encryption [BS97]
| 08-09-2011 | Cauchie stéphaneCarte & Identification 2011
▶ NIST is considering 3 FPE algorithms• FFX [FFX10]• BPS [BPS10]• FCEM [FCEM10]
14
How does it works [FPE based tokenization]
Tokenization and Format Preserving Encryption: A Case Study
FFX BPSFCEM
| 08-09-2011 | Cauchie stéphaneCarte & Identification 201115
▶ Feistelo Inventé par Horst Feistel .o Round notiono Input are split in 2o F : cipher functiono Secret key Ko Key Derivation algorithmo During a round
Ai+1 = Bi
Bi+1 = Ai Fki(Bi)o Example
DES : 16 tours.
+
How does it works [Cryptographic-Approach]
Tokenization and Format Preserving Encryption: A Case Study
| 08-09-2011 | Cauchie stéphaneCarte & Identification 2011
Feature FFX BPS FCEMFeistel based Yes Yes No#Rounds 12 8 2Cipher function AES AES/TDES/SHA AES#Function is used 12 8 8Reversibility Yes Yes YesTweak Yes Yes No
16
How does it works [Cryptographic-Approach]
Tokenization and Format Preserving Encryption: A Case Study
▶ Cryptographic notions– Tweak Notion : Add variability in cryptographic schemes– Patarin attack : Differentiate ciphertext from random string
| 08-09-2011 | Cauchie stéphaneCarte & Identification 2011
Feature Random Token FPEMulti Site Difficult MediumKey deployment Medium HardFormat preserving Easy EasyPerformance Low FastToken/Data link No (except in DB) Algorithm
17
Tokenization and Format Preserving Encryption: A Case Study
How does it works [Analysis]
| 08-09-2011 | Cauchie stéphaneCarte & Identification 2011
Summary
18
What is Tokenization in two words
Definition & FunctionalitiesUse cases
How does it work ?Random Token SystemFormat Preserving Encryption
Conclusion
| 08-09-2011 | Cauchie stéphaneCarte & Identification 2011
Conclusion [VISION]
▶ Which choice ?
19
CardHolder
AcquirerIssuer
Acceptor
Secure MOTO
Process transaction
FPE
RTS
E2E-Encryption
FPE FPE
Tokenization and Format Preserving Encryption: A Case Study
| 08-09-2011 | Cauchie stéphaneCarte & Identification 2011
▶ Tokenization in payment context It allows the reduction of PCI audit perimeter in a payment application Waiting for NIST approval.
▶ Depending on use case: Random Tokenization:
In case of internal processing
FPE based Tokenzaton In case of multi site, In case of multi-party protocols
20
Tokenization and Format Preserving Encryption: A Case Study
Conclusion []
| 08-09-2011 | Cauchie stéphaneCarte & Identification 2011Transactional services. Powering progress
atos.net
Atos, the Atos logo, Atos Consulting, Atos Worldline, Atos Sphere, Atos Cloud and Atos WorldGridare registered trademarks of Atos SA. August 2011© 2011 Atos. Confidential information owned by Atos, to be used by the recipient only. This document, or any part of it, may not be reproduced, copied, circulated and/or distributed nor quoted without prior written approval from Atos.
© Confidential
Questions ?References Title[BS97] Brigthwell, Michael & Smith
Using datatype preserving encryption to enhance data warehouse security.20th National Information Systems Security Conference, NIST, 1997.
[FFX10] Bellare M, Rogaway P & Spies TThe FFX Mode of Operation for Format preserving Encryption. 2010.
[BPS10] Brier E, Peyrin T & Stern JBPS : a format Preserving Encryption Proposal. Ingenico, 2010.
[FCEM10] Ulf T MatssonFormat preserving Encryption Using Datatype preserving Encryption. 2010.
[SEC2] Certicom Research. SEC2 : Recommended Elliptic Curve Domain Parameters. 2000.
[BSGS] D. Shanks. Five number-theoretic algorithms. Proceeding of the second Manitoba Conference on Numerical Mathematics. 1975.
[RHO] J.M. Pollard. A monte carlo method for factorization. 1978.
[CI] Pierrick Gaudry. Algorithmiques des courbes algébriques pour la cryptologie. 2008
[PCI] Scoping SIG, Tokenization Tasforce, PCI Security Standards Council. PIC-DSS. 2011
Tokenization and Format Preserving Encryption: A Case Study
| 08-09-2011 | Cauchie stéphaneCarte & Identification 201122
BPS
Survey on FPE
Tokenization and Format Preserving Encryption: A Case Study
| 08-09-2011 | Cauchie stéphaneCarte & Identification 201123
▶ BPS :
▶ Autor: Brier E, Peyrin T & Stern J.
▶ Published in 2010.
▶ BPS : "a Format Preserving Encryption Proposal ".
▶ Features:• 8 round.• Tweak of 64 bits split in 2 sub tweak
o TL et TR• F : AES or one way function.• K : secret key• reversible.• Patarin resistant.
Survey on FPE
Tokenization and Format Preserving Encryption: A Case Study
| 08-09-2011 | Cauchie stéphaneCarte & Identification 2011
▶
24
Survey on FPE
Tokenization and Format Preserving Encryption: A Case Study
| 08-09-2011 | Cauchie stéphaneCarte & Identification 201125
FFX
Survey on FPE
Tokenization and Format Preserving Encryption: A Case Study
| 08-09-2011 | Cauchie stéphaneCarte & Identification 2011
▶ FFX :
▶ Autors : Bellare M, Rogaway P & Spies T.
▶ Published in 2009 and 2010.
▶ FFX : "Format Preserving Feistel-based Encryption"
▶ Features:• 12 round,• 64 bits tweak,• FK : AES-128 or one-way function• K : secret key• reversible
26
Survey on FPE
Tokenization and Format Preserving Encryption: A Case Study
| 08-09-2011 | Cauchie stéphaneCarte & Identification 20112727
FCEM
Survey on FPE
Tokenization and Format Preserving Encryption: A Case Study
| 08-09-2011 | Cauchie stéphaneCarte & Identification 201128
▶ Autor :Ulf T Matsson.
▶ Published in 2009.
▶ FCEM : "Format Controlling Encryption Mode".
▶ Features:• 8 steps
o Index Value Datao Encryption of Lefto Encryption of Righto Scrambledo Rippled Left to Righto Rippled Right to Lefto Encryption and Updateo The last transformation
• F : AES-128 • K : secret key• reversible
Survey on FPE
Tokenization and Format Preserving Encryption: A Case Study
| 08-09-2011 | Cauchie stéphaneCarte & Identification 2011
▶ Index Value data :• Rewriting input as hexa values.• Example:
o X : 1122334455667788o Index Value data : 01010202030304040505060607070808
▶ Encryption of Left :• left part encryption• Example :
o Index Value data : 01010202030304040505060607070808o Sortie de FK: 00C01F49D0C2C050188D8FDFADCDF846o RightUpdate : 0507070905010008
▶ Encryption of Right : • Same idea• We get LeftUpdate : 0101080503060303
29
Survey on FPE
Tokenization and Format Preserving Encryption: A Case Study
| 08-09-2011 | Cauchie stéphaneCarte & Identification 201130
▶ Scrambled :• Concat LeftUpdate and RightUpdate .• Example:
o CipherScrambled : 01010805030603030507070905010008
▶ RippledLeftToRight :• Scrambled modifying by :
o CipherScrambled : 01010805030603030507070905010008o 01 ⊕ 01 = (0 × 16) + 1 + (0 × 16) + 1 = 02 ≡ 02 (mod10). o RippledLeftToRight = 0102 o RippledLeftToRight = 01020005080407000503090803040402
▶ RippledRightToLeft : • Same idea• RippledLeftToRight = 04030101060804070702000103000602
Survey on FPE
Tokenization and Format Preserving Encryption: A Case Study
| 08-09-2011 | Cauchie stéphaneCarte & Identification 20113131
▶ Encryption and Modular Sum :• RippledLeftToRight : 04030101060804070702000103000602
Survey on FPE
Tokenization and Format Preserving Encryption: A Case Study