Libfte: A User-Friendly Toolkit for Constructing Practical Format-Abiding Encryption Schemes
Kevin Dyer, Portland State University
March 27, 2014 3:00pm, in DC 2585
Encryption schemes where the ciphertext must abide by a specified format have a range of applications: in-place encryption in databases, in-browser encryption for web forms or per-message encryption of network traffic for censorship circumvention. Despite the interest in format-abiding encryption schemes, a unifying framework for general-purpose deployments is notably absent. However, addressing format-abiding encryption in its full generality requires new approaches. In this talk, Kevin will present a general-purpose library (called libfte) that aides engineers in the development and deployment of format-preserving encryption (FPE) and format-transforming encryption (FTE) schemes. As one example, we present a solution to the open problem of performing FPE/FTE encryption from the nondeterministic finite-state automata (NFA) representation of a regular expression — an approach previously considered unworkable.
Compared to other encryption solutions, libfte introduces negligible latency overhead and can *decrease* diskspace usage by as much as 62.5%, when used for simultaneous encryption and compression in a PostgreSQL database. In the censorship circumvention setting we show that, using regular-expression formats lifted from the Snort IDS, libfte can reduce client/server memory requirements by as much as 30%.
Kevin P. Dyer is a PhD student at Portland State University. His research focuses on network security and building protocols resistant to traffic-analysis attacks and censorship. Previously, Kevin worked as a software engineer in telecommunications security, web security and network security. He holds an MSc in the Mathematics of Cryptography and Communications from Royal Holloway, University of London, and a BS in Computer Science with Mathematics from Santa Clara University.