Convergence Information Technology, 2007. International ...

candlewhynotΔιαχείριση Δεδομένων

31 Ιαν 2013 (πριν από 4 χρόνια και 4 μήνες)

271 εμφανίσεις


Brad Baker

September 28, 2009

UCCS

9/28/2009

1

Brad Baker
-

Master's project proposal

Master’s Project Proposal


Confidentiality and integrity of data are
important features needed in a database
environment


Standard solutions exist including:


Symmetric key encryption like AES and hash digests
like SHA
-
1


Standard solutions require end
-
user to build
a custom process combining hash and
encryption functions


This project presents the “HMAC based
Tamper Evident Encryption” scheme
(HTEE) as an alternative solution


9/28/2009

Brad Baker
-

Master's project proposal

2


The motivation for this project is:


To provide a one
-
step encryption and tamper
detection process for the end user


To provide a one
-
column solution to confidentiality
and integrity


To provide a degree of performance improvement


To improve on a previously published work which
introduced the HMAC based encryption/decryption
process.


To explore alternative uses to hash digests and
HMAC including the ability to invert the digest


9/28/2009

Brad Baker
-

Master's project proposal

3


As a summary, this project:


Will improve an encryption scheme proposed in
an existing work [1]


Will add efficiency and tamper detection
features


Will encrypt integers using a hash
-
based
process


Will decrypt ciphertext using a exhaustive
search process


Will implement the improved algorithm


Will test and analyze the improved algorithm

9/28/2009

Brad Baker
-

Master's project proposal

4


Prior work, Summer 2009:


Studied, implemented and tested a HMAC based
encryption scheme proposed in [1]


The scheme operated on integer plaintext
values, breaking them into a bucket and
remainder


The scheme did not support range queries, and
was inefficient in the design for encryption and
decryption.


A detailed analysis and results are available in
[2]

9/28/2009

Brad Baker
-

Master's project proposal

5


The original HMAC based encryption
scheme appears to be unique: it uses a hash
for two
-
way encryption


This is done by limiting the plaintext domain and
performing exhaustive decryption searches


The strength of the algorithm is variable per
implemented hash function


HMAC is a keyed
-
hash algorithm, see [3] and [4]


This project will improve the proposed
algorithm


Efficiency updates will be included


The use of hash ciphertext will be leveraged to
provide tamper detection of ciphertext values

9/28/2009

Brad Baker
-

Master's project proposal

6


Summary of efficiency improvements:


The original algorithm decomposes integers into a
single bucket and remainder with modulus


The improved algorithm will decompose integers
into buckets of size 1000


The ones, thousands, millions, billions, trillions, etc. values
will each be buckets


For example, a plaintext value of one trillion will
produce five HMAC outputs as ciphertext


The smaller plaintext range is much more efficient in
decryption, but it produces extra ciphertext output


The encryption function is redefined to decrease the
HMAC operations


9/28/2009

Brad Baker
-

Master's project proposal

7


Summary of tamper detection


Ciphertext values provide basic tamper detection
preventing random tampering


Will use a bucket size of 1000 and the SHA1 hash algorithm


1000 plaintext values will be combined with 2
512

key
values, resulting in 2
160

ciphertext values


With the ratio between plaintext and ciphertext it is
improbable that a change in ciphertext will result in a
different plaintext


A key transformation process will be included to
prevent interchange of ciphertext values


A deterministic processing
-
order based or unique
-
value
based transformation process will be defined

9/28/2009

Brad Baker
-

Master's project proposal

8


This image shows the
concept of the improved
algorithm


Note the multiple
buckets


Note the key
transformation between
plaintext and bucket
values


The decryption process
searches among
plaintext values for a
match to ciphertext

9/28/2009

Brad Baker
-

Master's project proposal

9


The goals for this project are:


Finalize the improved algorithm:


Including bucket processing and key transformation


Implement the encryption scheme:


Using a command line utility for flat file processing


As a database add
-
on for the
Postgresql

DBMS


Test the implementation:


Ensure validity, performance and tamper detection


Analyze the improved algorithm:


Quantify cryptographic and tamper detection strength


Project report:


Produce a comprehensive report of the project


9/28/2009

Brad Baker
-

Master's project proposal

10


This project will be completed by the end of term,
fall 2009


The following is a proposed schedule for the
project:


August 28, 2009


Completed final project proposal


September 1, 2009

Begin project work


October 1, 2009


Approved project proposal


November 1, 2009

Completed project and draft report


November 6, 2009

Completed final project report


Before Nov 24, 2009

Completed project defense


December 19, 2009

End of fall 2009 term



9/28/2009

Brad Baker
-

Master's project proposal

11

[1] Dong
Hyeok

Lee; You Jin Song; Sung Min Lee;
Taek

Yong Nam;
Jong

Su Jang, "How to Construct a New Encryption Scheme
Supporting Range Queries on Encrypted Database,"
Convergence Information Technology, 2007. International
Conference on

, vol., no., pp.1402
-
1407, 21
-
23 Nov. 2007

URL:

http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=4
420452&isnumber=4420217

[2] "Analysis of an HMAC Based Database Encryption Scheme," Brad
Baker
UCCS Summer 2009 Independent study

July. 2009

URL:

http://cs.uccs.edu/~gsc/pub/master/bbaker/doc/final_p
aper_bbaker_cs592.doc

[3] NIST, August 2009. FIPS Pub 198 HMAC specification. URI=
http://csrc.nist.gov/publications/fips/fips198/fips
-
198a.pdf

[4] Wikipedia, July 2009. HMAC reference material. URI=
http://en.wikipedia.org/wiki/Hmac

[5]
Forouzan
,
Behrouz

A. 2008. Cryptography and Network Security.
McGraw Hill higher Education. ISBN 978
-
0
-
07
-
287022
-
0

9/28/2009

Brad Baker
-

Master's project proposal

12