Se você está procurando uma solução para fazer a segurança dos dados, o Format Preserve Encryption (FPE) sem dúvida pode ajudar. Nesta palestra abordaremos este conjunto de técnicas de codificação de dados onde o texto cifrado terá o mesmo formato que o texto simples. Este novo padrão de segurança da informação publicado pelo NIST não só irá apoiar métodos de criptografia que são utilizados para proteger seu número de cartão, mas também manter outras informações altamente sensíveis protegidas também.

1. Format Preserving Encryption
Bruno Motta Rego

2. Real World
real ecosystems, data everywhere

3. 3
real ecosystems
In 93% of cases, it took attackers minutes or less to compromise systems; [1]
95% of web app attacks where criminals stole data were financially motivated; [1]
The median traffic of a DoS attack is 1.89 million packets per second; [1]
39% of crimeware incidents in 2015 involved ransomware. [1]

4. 4
data everywhere
Vendor as a vector; [1]
More than 90% breaches had a compromise time of “days or less”; [1]
63% of confirmed data breaches involved weak, default or stolen passwords; [1]
70% of breaches involving insider misuse took months or years to discover; [1]

5. 5
challenges
People;
Vulnerability & Patch management;
Vendor management;
Legacy systems;

6. FPE
format-preserving encryption

7. 7
NIST 800-38G
Approved methods for FPE; [3]
FF1 is FFX[Radix] "Feistel-based”
FF3 is BPS
Shared-key; [3]
Deterministic encryption; [3]

8. 8
trade offs
Whole database encryption; [2] • Encrypt data within DB – slows all apps down
• Separate solution for each database vendor
• No separation of duties – DBA can decrypt
• No security of data within applications and networks
Database column encryption; [2] • Encrypt data via trigger and stored procedure
• Require schema changes
• No data masking support or separation of duties
Native or traditional application-level encryption; [2] • Encrypt data itself, throughout lifecycle
• Requires DB schema/app format changes
• Heavy implementation cost
Weak, breakable encryption; [2] • E.g., stream ciphers, alphabetic substitution
• Not secure – easily reversible by attacker
• Key management challenges

9. 9
trade offs
Shuffling; [2] • Shuffle existing data rows so data doesn’t match up
• Breaks referential integrity
• Can still leak data
Data tables and rules; [2] • Consistently map original data to fake data
• Allows for referential integrity, reversibility
• Security risks due to use of look-up tables

10. 10
choices
Guessing attacks;

11. Use Case

12. 12
credit card number

13. 13
others
Customer Services;
Anti-Fraud;
Risk Intelligence;

14. OBRIGADO!
Bruno Motta Rego
https://twitter.com/brunomottarego

15. 15
references
[1] 2016 Data Breach Investigation Report (DBIR 2016). Verizon, Apr 2016.
[2] Streamlining Information Protection Through a Data-centric Security Approach.
[3] NIST SP 800-38G - Recommendation for Block Cipher Modes of Operation:
Methods for Format-Preserving Encryption
[4] Ciphers with Arbitrary Finite Domains.