ODD: Protecting Sensitive Data in Mobile Devices by Out-of-order Data Division
Technologists are looking to achieve a balance between making data difficult to be illegally or maliciously compromised while providing legitimate data users and owners sufficient encryption protection that does not overly strain the computing power, storage space, processing speeds, and battery life available on the devices. Distributed storage of data on personal and other computing devices and hardware subsystems pose risks to security if the devices are captured (military and government scenario) or lost or stolen (civilian scenario). This invention addresses the need for “on-board” data encryption for next generation communication and mobile Internet devices operating on enterprise and wireless networks. The unique data division and out-of-order keystream generation scheme offers a means to protect stored data against becoming compromised during the distributed use part of its life cycle—should the device fall into the hands of an unauthorized user or adversary, the “readable” data is not sufficient to provide understandable, useful information.
The novel data security framework provides a triple layer of out-of-order “divide and store” protection. The first ring is to create cipher blocks by dividing the plaintext data into multiple blocks and encrypting them. A second layer is generated by a keystream abstracted from the data blocks in pseudorandom, out-or-order manner. A third security feature is a function of saving and storing separately the encrypted data (on the mobile device) and the keystream and PIN (on a secure server). Plain text can only be regenerated by merging the decrypted cipher text and keystream with an authenticated PIN.
Safeguarding private or sensitive information, e.g., passwords, records, and other information while enabling pervasive computing built on devices and sensors sharing data within ad hoc wireless networks or Internet based distributed storage infrastructure such as grid or cloud computing, or on cooperative systems for emergency management such as search and rescue, public safety, and on mesh networks.
Unlike conventional stream ciphers built around a protected password, a publicly known initialization vector (IV), and a fixed length keystream which are becoming increasingly vulnerable to decryption efforts, the novel data division and out-of-order keystream generation approach is a robust self-encryption scheme that leverages the use of a variable length keystream which is computationally much more difficult to defeat with brute force attacks.
The on-device, data security encryption technology offers the following specific advantages when implemented in an embedded accelerator using configurable hardware devices such as Field Programmable Gate Arrays:
- Robust: multi-layer distributed data security scheme
- Effective: 256-bit encryption very difficult to defeat by brute force, algebraic, correlation, differential analysis, reply, and other cryptanalysis attacks
- Simple and unobtrusive: an embedded software solution that does not impose an excessive computational workload or processing overhead, or additional hardware power and size/weight requirements on personal devices
- Scalable: The length of the keystream can be changed based on the user’s security requirements
Binghamton University RB338