Several proofs of security for a tokenization algorithm. (English) Zbl 1386.94063
Summary: In this paper we propose a tokenization algorithm of Reversible Hybrid type, as defined in PCI DSS guidelines for designing a tokenization solution, based on a block cipher with a secret key and (possibly public) additional input. We provide some formal proofs of security for it, which imply our algorithm satisfies the most significant security requirements described in PCI DSS tokenization guidelines. Finally, we give an instantiation with concrete cryptographic primitives and fixed length of the PAN, and we analyze its efficiency and security.
MSC:
| 94A60 | Cryptography |
Software:
NIST Statistical Test SuiteReferences:
| [1] | Bellare, M.; Ristenpart, T.; Rogaway, P.; Stegers, T.; Jacobson, MJ (ed.); Rijmen, V. (ed.); Safavi-Naini, R. (ed.), Format-preserving encryption, No. 5867, 295-312 (2009), Heidelberg · Zbl 1267.94037 · doi:10.1007/978-3-642-05445-7_19 |
| [2] | Bellare, M., Rogaway, P., Spies, T.: The FFX mode of operation for format-preserving encryption (Draft 1.1). Manuscript (standards proposal) submitted to NIST (2010) |
| [3] | Black, J., Rogaway, P.: Ciphers with Arbitrary Finite Domains, pp. 114-130. Springer, New York (2002) · Zbl 1045.68561 |
| [4] | Brier, E., Peyrin, T., Stern, J.: BPS: a Format-Preserving Encryption proposal. Manuscript (standards proposal) submitted to NIST (2010) · Zbl 1252.94090 |
| [5] | Díaz-Santiago, S., Rodríguez-Henríquez, L.M., Chakraborty, D.: A cryptographic study of tokenization systems. Int. J. Inf. Secur. 15(4), 413-432 (2016) · doi:10.1007/s10207-015-0313-x |
| [6] | EMVCo: Payment Tokenisation Specification—Technical Framework, Version 1.0. Technical Report (2014) |
| [7] | Hoang, VT; Morris, B.; Rogaway, P.; Safavi-Naini, R. (ed.); Canetti, R. (ed.), An enciphering scheme based on a card shuffle, No. 7414, 1-13 (2012), Heidelberg · Zbl 1294.94052 |
| [8] | Liskov, M., Rivest, R.L., Wagner, D.: Tweakable block ciphers. J. Cryptol. 24(3), 588-613 (2011) · Zbl 1258.94040 · doi:10.1007/s00145-010-9073-y |
| [9] | Morris, B.; Rogaway, P.; Stegers, T.; Halevi, S. (ed.), How to encipher messages on a small domain, No. 5677, 286-302 (2009), Heidelberg · Zbl 1252.94090 · doi:10.1007/978-3-642-03356-8_17 |
| [10] | NIST: Secure Hash Standard (SHS). FIPS Publication, Information Technology Laboratory National Institute of Standards and Technology, Gaithersburg, MD, pp. 180-4 (2015) |
| [11] | Rukhin, A., et al.: A Statistical Test Suite for the Validation of Random and Pseudo Random Number Generators for Cryptographic Applications. NIST Special Publication, Information Technology Laboratory National Institute of Standards and Technology, Gaithersburg, MD (2010) |
| [12] | SSC, P.: Information Supplement: PCI DSS Tokenization Guidelines, Version 2.0. Technical Report (2011) · Zbl 1252.94090 |
| [13] | SSC, P.: Tokenization Product Security Guidelines—Irreversible and Reversible Tokens, Version 1.0. Technical Report (2015) |
| [14] | SSC, P.: PCI DSS Requirements and Security Assessment Procedures, Version 3.2. Technical Report (2016) |
| [15] | Stefanov, E., Shi, E.: FastPRP: Fast Pseudo-Random Permutations for Small Domains. IACR Cryptology ePrint Archive, Report 2012/254 (2012), http://eprint.iacr.org/ |
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. In some cases that data have been complemented/enhanced by data from zbMATH Open. This attempts to reflect the references listed in the original paper as accurately as possible without claiming completeness or a perfect matching.
