NIST's New Guidance Could Simplify Some Encryption

Encryption , Technology

Ciphers Can Be Same Length as Information Being Encrypted NIST's New Guidance Could Simplify Some Encryption

New guidance from the National Institute of Standards and Technology could make it easier and less expensive for organizations to encrypt and decrypt some forms of data, including Social Security and credit card numbers.

See Also: CISO Discussion: Secure Code

Known as NIST Special Publication 800-38G, "Recommendation for Block Cipher Modes of Operation," the guidance specifies two techniques for format-preserving encryption, or FPE.

Terence Spies, one of the creators of the FPE standard, sees publication of SP 800-38G as validation of the encryption method that has been used by some businesses for years. "We spent a few years of work with researchers, basically making sure that what we had was mathematically, provably secure, because when you're in the business of securing data, new crypto algorithms are often suspect," says Spies, chief technologist at HPE Security-Voltage .

How It Works

FPE allows a cipher to be the same length as the information being encrypted. For example, the encrypted rendering of a Social Security number would be nine randomly selected digits. Similarly, credit-card numbers are typically 16 digits long; with FPE, the randomly selected encoded credit card number also would have 16 digits.

Previously approved NIST encryption guidance was designed for binary data, which requires lengthier strings of 1s and 0s used by computers. But lengthy encrypted numbers present a problem for some software packages that require Social Security or credit card numbers to mimic their actual lengths.

"An FPE-encrypted credit card number looks like a credit card number," says NIST Computer Scientist Morris Dworkin, who wrote the guidance. "This allows FPE to be retrofitted to the existing, installed base of devices."

FPE is a game-changer because it allows organizations to encrypt data using the same format, says Albert Biketi, HPE Security vice president and general manager. "If you don't have the same format, then you have to re-architect your application," Biketi says. "The thing that makes security a big challenge for a lot of CISOs is that they have a steep, complex environment and they've got a limited amount of money and a limited amount of bandwidth."

Potential Applications in Healthcare

For many years, the healthcare sector in the U.S. has been struggling with the subject of creating a national patient identifier, and the issue has come to the forefront again in recent months (see A Jump Start for a National Patient ID?).

Congress has long banned the Department of Health and Human Services from funding the development of a national patient ID, citing privacy concerns. But the issue is more important than ever, because a standard ID would help match patient records from various sources, especially as more data is exchanged among healthcare providers.

Security expert Dixie Baker, senior partner at the consulting firm Martin, Blanck and Associates, says the FPE standard "could allow the use of sensitive fields with a predictable format - for example SSN, phone number, ZIP code - for patient-matching purposes without revealing the values in those fields."

She also notes: "This standard could be useful to encrypt SSNs that persist in older health records and in current Medicare records. The software that accesses these SSNs is likely to be expecting input of the format XXX-XX-XXXX, and the encrypted data would retain this format."

Anonymizing PII

NIST's Dworkin says FPE also could play a role in anonymizing personally identifiable information for healthcare research databases.

"FPE can facilitate statistical research while maintaining individual privacy, but patient re-identification is sometimes possible through other means," Dworkin warns. "You might figure out who someone is if you look at their other characteristics, especially if the patient sample is small enough. So it's still important to be careful who you entrust the data with in the first place."

Baker says she agrees with Dworkin's assessment that patient re-identification "might still be possible using unencrypted fields, particularly given the power of today's knowledge-discovery techniques."

(Executive Editor Marianne Kolbasuk McGee also contributed to this story.)