Format-preserving encryption (FPE), which makes sure that ciphertext has the same format as plaintext, has been widely used in protecting sensitive data in a database. Aiming at efficiently solving the FPE problem o...Format-preserving encryption (FPE), which makes sure that ciphertext has the same format as plaintext, has been widely used in protecting sensitive data in a database. Aiming at efficiently solving the FPE problem on a collection of practical domains, we propose the RREM (random reference-based encryption mode), which constructs bijection between the original domain and integer set through distance computation. If an appropriate distance function is predefined, the proposed mode can solve the FPE problem on linear equidistance domain in a more efficient way than previous methods. Furthermore, we make a classification on various types of domains, show the application of RREM in some practical domains, and specify RREM’s capability of solving the FPE problem on frequently-used fields in database quite efficiently.展开更多
The leakage of sensitive data occurs on a large scale and with increasingly serious impact. It may cause privacy disclosure or even property damage. Password leakage is one of the fundamental reasons for information l...The leakage of sensitive data occurs on a large scale and with increasingly serious impact. It may cause privacy disclosure or even property damage. Password leakage is one of the fundamental reasons for information leakage, and its importance is must be emphasized because users are likely to use the same passwords for different Web application accounts. Existing approaches use a password manager and encrypted Web application to protect passwords and other sensitive data; however, they may be compromised or lack accessibility. The paper presents SecureWeb, which is a secure, practical, and user-controllable framework for mitigating the leakage of sensitive data. SecureWeb protects users' passwords and aims to provide a unified protection solution to diverse sensitive data. The efficiency of the developed schemes is demonstrated and the results indicate that it has a low overhead and are of practical use.展开更多
基金Supported by the National Natural Science Foundation of China(60973141)the Specialized Research Fund for the Doctoral Program of Higher Education of China (20100031110030)+1 种基金the Funds of Key Lab of Fujian Province University Network Security and Cryptology (2011004)the Fundamental Research Funds for the Central Universities
文摘Format-preserving encryption (FPE), which makes sure that ciphertext has the same format as plaintext, has been widely used in protecting sensitive data in a database. Aiming at efficiently solving the FPE problem on a collection of practical domains, we propose the RREM (random reference-based encryption mode), which constructs bijection between the original domain and integer set through distance computation. If an appropriate distance function is predefined, the proposed mode can solve the FPE problem on linear equidistance domain in a more efficient way than previous methods. Furthermore, we make a classification on various types of domains, show the application of RREM in some practical domains, and specify RREM’s capability of solving the FPE problem on frequently-used fields in database quite efficiently.
基金supported by the National Key Basic Research Program of China (No. 2013CB834204)the National Natural Science Foundation of China (Nos. 61672300 and 61772291)+1 种基金the Natural Science Foundation of Tianjin, China (Nos. 16JCYBJC15500 and 17JCZDJC30500)the Open Project Foundation of Information Security Evaluation Center of Civil Aviation, and Civil Aviation University of China (No. CAACISECCA-201702)
文摘The leakage of sensitive data occurs on a large scale and with increasingly serious impact. It may cause privacy disclosure or even property damage. Password leakage is one of the fundamental reasons for information leakage, and its importance is must be emphasized because users are likely to use the same passwords for different Web application accounts. Existing approaches use a password manager and encrypted Web application to protect passwords and other sensitive data; however, they may be compromised or lack accessibility. The paper presents SecureWeb, which is a secure, practical, and user-controllable framework for mitigating the leakage of sensitive data. SecureWeb protects users' passwords and aims to provide a unified protection solution to diverse sensitive data. The efficiency of the developed schemes is demonstrated and the results indicate that it has a low overhead and are of practical use.
