Tokenization

Format Preserving Encryption
A Case study
Cartes & Identification 2011
08 Septembre 2011

Transactional services. Powering progress © Confidential
| 08-09-2011 | Cauchie stéphane
1
Carte & Identification 2011

Summary

What is Tokenization in two words
Definition & Functionalities
Use cases

How does it work ?
Random Token System
Format Preserving Encryption

Conclusion
| 08-09-2011 | Cauchie stéphane
2
Carte & Identification 2011

What is tokenization in two words [DEFINITION]

▶ Definition
– Tokenization is a process of replacing sensitive data by non sensitive ones
(tokens) with respect of the following properties:
• Tokens bears enough information to be useful (e.g. The entity manipuling
token can accomplish transaction as it was the sensitive data).
• Tokens does not compromise security
– Tokenization system tries to minimize the integration impact on existing
infrastructure
▶ Who offer such service

| 08-09-2011 | Cauchie stéphane
3
Carte & Identification 2011

What is tokenization in two words [FUNCTIONALITIES] ▶ Function description of a Tokenization system – Conversion (Convert sensitive data into a token and vice versa) – Conversion policy (Format definition. Integrity. Mode of operation) – Communication Canal : Authentication. Confidentiality External Tokenization System System | 08-09-2011 | Cauchie stéphane 4 Carte & Identification 2011 .

What is tokenization in two words [USE-CASES] ▶ Focusing on payment (but not limited to) – Context : • Sensitive data : PAN.… • PCI compliancy Issuer Acquire r – Use cases • MOTO • Face2Face CardHolder Acceptor | 08-09-2011 | Cauchie stéphane 5 Carte & Identification 2011 .

… • PCI compliancy Issuer Acquirer – Use cases • MOTO • Proximity payment E2E-Encryption CardHolder Acceptor | 08-09-2011 | Cauchie stéphane 6 Carte & Identification 2011 . What is tokenization in two words [USE-CASES] ▶ Focusing on payment (but not limited to) – Context : • Sensitive data : PAN.

… • PCI compliancy Issuer Acquirer – Use cases • MOTO • Proximity payment Secure MOTO CardHolder Acceptor | 08-09-2011 | Cauchie stéphane 7 Carte & Identification 2011 .What is tokenization in two words [USE-CASES] ▶ Focusing on payment (but not limited to) – Context : • Sensitive data : PAN.

… Process • PCI compliancy Issuer transaction Acquirer – Use cases • MOTO • Proximity payment CardHolder Acceptor | 08-09-2011 | Cauchie stéphane 8 Carte & Identification 2011 .What is tokenization in two words [USE-CASES] ▶ Focusing on payment (but not limited to) – Context : • Sensitive data : PAN.

Summary What is Tokenization in two words Definition & Functionalities Use cases How does it work ? Random Token System Format Preserving Encryption Conclusion | 08-09-2011 | Cauchie stéphane 9 Carte & Identification 2011 .

Tokenization and Format Preserving Encryption: A Case Study How does it works ? [Objectives-Constraints] ▶ PCI-DSS(Payment Card Industry Data Security Standard) : • Security requirements for entities processing cards data (processing. transmission and storage) ▶ Objectives: • Reduce PCI evaluation perimeter • Choose a suitable algorithm that tokenize a PAN ▶ Constraints: • The algorithm must be collision free • In a certain mode the algorithm must be “not reversible” • In certain mode the algorithm must not takes secret parameters | 08-09-2011 | Cauchie stéphane 10 Carte & Identification 2011 .

Tokenization and Format Preserving Encryption: A Case Study How does it works [RandomToken] ▶ Random Token – Card data are • ciphered (classic algorithms) • stored in a database – System generate an associated token • Format respect • Checks for no Collision | 08-09-2011 | Cauchie stéphane 11 Carte & Identification 2011 .

Summary What is Tokenization in two words Definition & Functionalities Use cases How does it work ? Random Token System Format Preserving Encryption Conclusion | 08-09-2011 | Cauchie stéphane 12 Carte & Identification 2011 .

▶ Introduced by Brightwell [BS97] o Encryption scheme with o format preserving property ▶ Format definition is a key point – Follow PCI guidelines : rving • you have to differentiate a Token from a PAN ti o n o f F o rmat Prese uc First introd [BS97] Encryption ▶ NIST is considering 3 FPE algorithms ▶ Applications : • Security Social Number • Credit Card Number | 08-09-2011 | Cauchie stéphane 13 Carte & Identification 2011 .Tokenization and Format Preserving Encryption: A Case Study How does it works [FPE based tokenization] ▶ FPE : Format Preserving Encryption.

Tokenization and Format Preserving Encryption: A Case Study How does it works [FPE based tokenization] ▶ NIST is considering 3 FPE algorithms • FFX [FFX10] • BPS [BPS10] • FCEM [FCEM10] PS EM F X B F C F | 08-09-2011 | Cauchie stéphane 14 Carte & Identification 2011 .

o Round notion o Input are split in 2 o F : cipher function o Secret key K o Key Derivation algorithm o During a round  Ai+1 = Bi  Bi+1 = Ai Fki(Bi) + o Example  DES : 16 tours. | 08-09-2011 | Cauchie stéphane 15 Carte & Identification 2011 .Tokenization and Format Preserving Encryption: A Case Study How does it works [Cryptographic-Approach] ▶ Feistel o Inventé par Horst Feistel .

Tokenization and Format Preserving Encryption: A Case Study How does it works [Cryptographic-Approach] ▶ Cryptographic notions – Tweak Notion : Add variability in cryptographic schemes – Patarin attack : Differentiate ciphertext from random string Feature FFX BPS FCEM Feistel based Yes Yes No #Rounds 12 8 2 Cipher function AES AES/TDES/SHA AES #Function is used 12 8 8 Reversibility Yes Yes Yes Tweak Yes Yes No | 08-09-2011 | Cauchie stéphane 16 Carte & Identification 2011 .

Tokenization and Format Preserving Encryption: A Case Study How does it works [Analysis] Feature Random Token FPE Multi Site Difficult Medium Key deployment Medium Hard Format preserving Easy Easy Performance Low Fast Token/Data link No (except in DB) Algorithm | 08-09-2011 | Cauchie stéphane 17 Carte & Identification 2011 .

Summary What is Tokenization in two words Definition & Functionalities Use cases How does it work ? Random Token System Format Preserving Encryption Conclusion | 08-09-2011 | Cauchie stéphane 18 Carte & Identification 2011 .

Tokenization and Format Preserving Encryption: A Case Study Conclusion [VISION] ▶ Which choice ? RTS Process Issuer transaction Acquirer Secure MOTO FPE E2E-Encryption FPE FPE CardHolder Acceptor | 08-09-2011 | Cauchie stéphane 19 Carte & Identification 2011 .

 In case of multi-party protocols | 08-09-2011 | Cauchie stéphane 20 Carte & Identification 2011 .Tokenization and Format Preserving Encryption: A Case Study Conclusion [] ▶ Tokenization in payment context  It allows the reduction of PCI audit perimeter in a payment application  Waiting for NIST approval. ▶ Depending on use case:  Random Tokenization:  In case of internal processing  FPE based Tokenzaton  In case of multi site.

Atos Cloud and Atos WorldGrid are registered trademarks of Atos SA. Confidential information owned by Atos. [FFX10] Bellare M. 20th National Information Systems Security Conference. Proceeding of the second Manitoba Conference on Numerical Mathematics. the Atos logo. to be used by the recipient only. [BSGS] D. 2010. 1978. circulated and/or distributed nor quoted without prior written approval from Atos. 2010. Shanks. A monte carlo method for factorization.M. Pollard. Powering progress © Confidential | 08-09-2011 | Cauchie stéphane Carte & Identification 2011 . Ingenico. August 2011 © 2011 Atos. Five number-theoretic algorithms. Atos Sphere. Peyrin T & Stern J BPS : a format Preserving Encryption Proposal. may not be reproduced. SEC2 : Recommended Elliptic Curve Domain Parameters.Tokenization and Format Preserving Encryption: A Case Study Questions ? References Title [BS97] Brigthwell.net [PCI] Scoping SIG. Atos Worldline. 1997. [BPS10] Brier E. or any part of it. [CI] Pierrick Gaudry. NIST. 2010. Algorithmiques des courbes algébriques pour la cryptologie. 2000. PIC-DSS. 2008 atos. Michael & Smith Using datatype preserving encryption to enhance data warehouse security. This document. PCI Security Standards Council. [SEC2] Certicom Research. Tokenization Tasforce. 2011 Atos. Rogaway P & Spies T The FFX Mode of Operation for Format preserving Encryption. copied. [RHO] J. Atos Consulting. Transactional services. [FCEM10] Ulf T Matsson Format preserving Encryption Using Datatype preserving Encryption. 1975.

Tokenization and Format Preserving Encryption: A Case Study Survey on FPE BPS | 08-09-2011 | Cauchie stéphane 22 Carte & Identification 2011 .

▶ Features: • 8 round. • Tweak of 64 bits split in 2 sub tweak o TL et TR • F : AES or one way function. ▶ Published in 2010.Tokenization and Format Preserving Encryption: A Case Study Survey on FPE ▶ BPS : ▶ Autor: Brier E. • Patarin resistant. Peyrin T & Stern J. ▶ BPS : "a Format Preserving Encryption Proposal ". | 08-09-2011 | Cauchie stéphane 23 Carte & Identification 2011 . • K : secret key • reversible.

Tokenization and Format Preserving Encryption: A Case Study Survey on FPE ▶   | 08-09-2011 | Cauchie stéphane 24 Carte & Identification 2011 .

Tokenization and Format Preserving Encryption: A Case Study Survey on FPE FFX | 08-09-2011 | Cauchie stéphane 25 Carte & Identification 2011 .

• 64 bits tweak.Tokenization and Format Preserving Encryption: A Case Study Survey on FPE ▶ FFX : ▶ Autors : Bellare M. ▶ FFX : "Format Preserving Feistel-based Encryption" ▶ Features: • 12 round. ▶ Published in 2009 and 2010. Rogaway P & Spies T. • FK : AES-128 or one-way function • K : secret key • reversible | 08-09-2011 | Cauchie stéphane 26 Carte & Identification 2011 .

Tokenization and Format Preserving Encryption: A Case Study Survey on FPE FCEM 27 | 08-09-2011 | Cauchie stéphane 27 Carte & Identification 2011 .

Tokenization and Format Preserving Encryption: A Case Study Survey on FPE ▶ Autor :Ulf T Matsson. ▶ Features: • 8 steps o Index Value Data o Encryption of Left o Encryption of Right o Scrambled o Rippled Left to Right o Rippled Right to Left o Encryption and Update o The last transformation • F : AES-128 • K : secret key • reversible | 08-09-2011 | Cauchie stéphane 28 Carte & Identification 2011 . ▶ FCEM : "Format Controlling Encryption Mode". ▶ Published in 2009.

Tokenization and Format Preserving Encryption: A Case Study Survey on FPE ▶ Index Value data : • Rewriting input as hexa values. • Example: o X : 1122334455667788 o Index Value data : 01010202030304040505060607070808 ▶ Encryption of Left : • left part encryption • Example : o Index Value data : 01010202030304040505060607070808 o Sortie de FK: 00C01F49D0C2C050188D8FDFADCDF846 o RightUpdate : 0507070905010008 ▶ Encryption of Right : • Same idea • We get LeftUpdate : 0101080503060303 | 08-09-2011 | Cauchie stéphane 29 Carte & Identification 2011 .

• Example: o CipherScrambled : 01010805030603030507070905010008 ▶ RippledLeftToRight : • Scrambled modifying by : o CipherScrambled : 01010805030603030507070905010008 o 01 ⊕ 01 = (0 × 16) + 1 + (0 × 16) + 1 = 02 ≡ 02 (mod10). o RippledLeftToRight = 0102 o RippledLeftToRight = 01020005080407000503090803040402 ▶ RippledRightToLeft : • Same idea • RippledLeftToRight = 04030101060804070702000103000602 | 08-09-2011 | Cauchie stéphane 30 Carte & Identification 2011 . Tokenization and Format Preserving Encryption: A Case Study Survey on FPE ▶ Scrambled : • Concat LeftUpdate and RightUpdate .

Tokenization and Format Preserving Encryption: A Case Study Survey on FPE ▶ Encryption and Modular Sum : • RippledLeftToRight : 04030101060804070702000103000602 31 | 08-09-2011 | Cauchie stéphane 31 Carte & Identification 2011 .