Why standard tokenization is insecure and how eperi renders it secure.
To begin with: weak points of tokenization
Tokenization respectively Obfuscation means creating substitute values for sensitive data; for instance, the credit card number 1234 becomes 7765. In the United States, this technology is used for protection of credit card data to match compliance requirements. Each substitute value protecting a particular original value is stored in a mapping table. Within the company all departments supposed to have access to the data may access these mapping tables. But the problem is obvious: whoever owns the mapping table sees the data.
Therefore, these tables are a preferred aim for attackers.
This method’s second problem is that a distinct substitute value must be assigned to each original value. That means that 7764 always originates from 1234. Because of the small value area, reconstructing the original value is significantly easier than with a cryptographic encryption, for instance.
Homomorphous encryption, sortable or searchable encryption
Homomorphous encryption means a class of encryption methods where arithmetic operations at encrypted values are possible; for example, adding two encrypted values may be enabled. Homomorphous encryption is a new cryptography research area. Up to now these methods have been computationally too intensive to be practicable. Functionality is severely restricted and the method too new to make any prediction regarding the security level.
Sortable encryptions significantly reduce the security level. The problem is: if data is encrypted, the chronological order of the encrypted data is not the same as of the original data. This is an important and necessary characteristic of encryption. Sortable encryption significantly reduces the method’s security. If, for instance, Alice, Bob and Chris are encrypted to X, Y and Z, each attacker, knowing the clear text, may reconstruct the appropriate encrypted values. By subtle encrypting of clear text, an attacker may define the position – and with it, the value – of the encrypted data set at any time.
At searchable encryption, encryption methods are used which are not verifiable and thus not trustworthy. To find an encrypted original value the encrypted values has to be decrypted. This is a basic principle of encryption technology. The string “Bo” may be found in the encrypted “Bob” only if the encrypted text is decrypted prior to searching. Viewed quite basically, the searchable encryption method encrypts each part of a word separately to enable searching for parts of the word. “Bob“ becomes “Xyz“. Searching for “Bo“ (encrypted „Xy“) results in finding even at supposed encryption. This is no strong encryption, just a kind of Caesar Code, already used in ancient times (approx. 50 B.C.) and being completely insecure.
eperi renders Tokenization secure
eperi found that Tokenization’s weak point is the security method used and renders it secure by encrypting the original values prior to storing them in a separate token database.
The eperi solution provides strong encryption. To achieve type conformity, eperi Gateway for Cloud Apps additionally uses tokenization, where necessary. The encryption’s maximum security level is not diminished.
The method used by eperi is based on tested and reliable encryption methods like AES. The additional use of tokenization is a patent-pending method.