A novel, multi-layer distributed data security scheme that provides a triple layer of out-of-order “divide and store” protection of data
This invention addresses the need for “on-board” data encryption for next generation communication and mobile Internet devices operating on enterprise and wireless networks. The unique data division and out-of-order keystream generation scheme offers a means to protect stored data against becoming compromised during the distributed use part of its life cycle—should the device fall into the hands of an unauthorized user or adversary, the “readable” data is not sufficient to provide understandable, useful information.The novel data security framework provides a triple layer of out-of-order “divide and store” protection. The first ring is to create cipher blocks by dividing the plaintext data into multiple blocks and encrypting them. A second layer is generated by a keystream abstracted from the data blocks in pseudorandom, out-or-order manner. A third security feature is a function of saving and storing separately the encrypted data (on the mobile device) and the keystream and PIN (on a secure server). Plain text can only be regenerated by merging the decrypted cipher text and keystream with an authenticated PIN.
Unlike conventional stream ciphers built around a protected password, a publicly known initialization vector (IV), and a fixed length keystream which are becoming increasingly vulnerable to decryption efforts, the novel data division and out-of-order keystream generation approach is a robust self-encryption scheme that leverages the use of a variable length keystream which is computationally much more difficult to defeat with brute force attacks.The on-device, data security encryption technology offers the following specific advantages when implemented in an embedded accelerator using configurable hardware devices such as Field Programmable Gate Arrays:
Robust: multi-layer distributed data security scheme
Effective: 256-bit encryption very difficult to defeat by brute force, algebraic, correlation, differential analysis, reply, and other cryptanalysis attacks
Simple and unobtrusive: an embedded software solution that does not impose an excessive computational workload or processing overhead, or additional hardware power and size/weight requirements on personal devices
Scalable: The length of the keystream can be changed based on the user’s security requirements
Safeguarding private or sensitive information, e.g., passwords, records, and other information while enabling pervasive computing built on devices and sensors sharing data within ad hoc wireless networks or Internet based distributed storage infrastructure such as grid or cloud computing, or on cooperative systems for emergency management such as search and rescue, public safety, and on mesh networks.