BACKGROUND STUDY

In this section, we will review the main parts used in this project, which include three main parts first, Key Management where the system can manage and distribute user crypto keys, second, Access control by controlling access to user data and files. finally, FPE Format-preserving-encryption algorithm which helps for fast encryption and decryption in the client-side application.

Key management

Key management refers to managing cryptographic keys within a security system. which deals with generating, exchanging, storing, using and replacing keys as needed at the user level. A key management system will also include key servers, user procedures and protocols, including cryptographic protocol design. The security of the cryptosystem is dependent upon successful key management. There are two broad categories of cryptographic keys, list the most commonly used key types, identify the key states and chart the resulting transition diagram.

Access control

Access control is the process of mediating every request to resources and data maintained by a system and determining whether the request should be granted or denied. The access control decision is enforced by a mechanism implementing regulations established by a security policy. Different access control policies can be applied, corresponding to different criteria for defining what should, and what should not, be allowed, and, in some sense, to different definitions of what ensuring security means. In this section I need to explain the basic concepts behind access control design and enforcement and point out other things that may need to be taken into consideration. I previously discussed about key management and the key struct with its mate data, also the type of keys, so we need to make sure that key how it will operate with Access control and our system policy.

	Patient Files	Critical Alerts	Patient Diagnose
Tom (patient)	Full Control	Full Control	Read
Anna (relative)	-	Read	Read
Jack (doctor)	Read Access	Read / Write	Read / Write

Format Preserving Encryption (FPE)

Encryption is the mathematical manipulation of data in a manner that makes it unintelligible to unauthorized parties, yet recoverable by intended recipients, Figure below shows the modern cryptography hierarchy. Cryptographic algorithms can be categorized as symmetric or asymmetric algorithms, also known as private-key or public-key algorithms, respectively. Symmetric algorithms use the same key for encryption and decryption; the key must be distributed offline or via a secure key distribution protocol. Asymmetric algorithms use two keys: one for encryption and the other for decryption. One of the keys (private key) is kept secret by one party; the other key (public key) can be distributed openly. This resolves the problem of key distribution, but asymmetric algorithms are typically more complex and computationally intensive than symmetric algorithms

.

MODERN CRYPTOGRAPHY HIERARCHY

The publication specifies three FPE methods:

• FF1: was designed to handle longer messages and longer tweaks than the other two algorithms and used a 10-round Feistel network;

• FF2: was designed for shorter messages and tweaks than FF1 and used a 10-round Feistel network.

• FF3: fixed the length of the tweak at 64-bits and only used an 8-round Feistel network, which made it slightly faster.

Each of these methods is a mode of operation of the AES algorithm, which is used to construct a round function within the Feistel structure for encryption and the differences in the three modes were slight, but crucial. As of today (May 2017), only FF1 is approved by NIST.”

FF1 Algorithm

The specifications for the FF1.Encrypt and FF1.Decrypt functions are given in Algorithms 1 and 2 below. The tweak, T, is optional, in that it may be the empty string, with byte length t=0. The parameters radix, minlen, and maxlen in FF1.Encrypt and FF1.Decrypt shall meet the following requirements:

• radix ∈ [2..216],

• radixminlen ≥ 100, and

• 2 ≤ minlen ≤ maxlen < 232.

Algorithm 1: FF1.Encrypt(K, T, X)

Prerequisites:
Designated cipher function, CIPH, of an approved 128-bit block cipher; Key, K, for the block cipher; Base, radix; Range of supported message lengths, [minlen..maxlen]; Maximum byte length for tweaks, maxTlen.
Inputs: Numeral string, X, in base radix of length n, such that n ∈ [minlen..maxlen]; Tweak T, a byte string of byte length t, such that t ∈ [0..maxTlen].
Output: Numeral string, Y, such that LEN(Y) = n.

Steps:
1. Let u = ⎣n/2⎦; v = n – u.
2. Let A = X[1..u]; B = X[u + 1..n].
3. Let b = ⎡ ⎡v⋅LOG(radix)⎤/8⎤.
4. Let d = 4⎡b/4⎤ + 4.
5. Let P = [1]1 || [2]1 || [1]1 || [radix]3 || [10]1 || [u mod 256]1 || [n]4 || [t]4.
6. For i from 0 to 9:
i. Let Q = T || [0](−t−b−1) mod 16 || [i]1 || [NUMradix(B)]b
ii. Let R = PRF(P || Q).
iii. Let S be the first d bytes of the following string of ⎡d/16⎤ blocks:
R || CIPHK (R ⊕[1]16) || CIPHK (R ⊕[2]16) … CIPHK (R ⊕[⎡d/16⎤–1]16).
iv. Let y = NUM(S).
v. If i is even, let m = u; else, let m = v.
vi. Let c = (NUMradix (A)+y) mod radix m .
vii. Let C = STR mradix (c).
viii. Let A = B.
ix. Let B = C.
7. Return A || B.

The “split” of the numeral string X into two substrings, A and B, is performed in Steps 1 and 2. If n is even, LEN(A)=LEN(B); otherwise, LEN(A)=LEN(B)–1. The byte lengths b and d, which are used in Steps 6i and 6iii, respectively, are defined in Steps 3 and 4.6 A fixed block, P, used as the initial block for the invocation of the function PRF in Step 6ii, is defined in Step 5. An iteration loop for the ten Feistel rounds of FF1 is initiated in Step 6, executing nine substeps for each round, as follows:

The tweak, T, the substring, B, and the round number, i, are encoded as a binary string, Q, in Step 6i. The function PRF is applied to the concatenation of P and Q in Step 6ii, to produce a block, R, which is either truncated or expanded to a byte string, S, with the appropriate number of bytes, d, in Step 6iii. (In Figure 1, S corresponds to the output of FK.) In Steps 6iv to 6vii, S is combined with the substring A to produce a numeral string C in the same base and with the same length. (In Figure 1, the combining of S with A is indicated by the “+” operation.) In particular, in Step 6iv, S is converted to a number, y. In Step 6v, the length, m, of A for this Feistel round is determined. In Step 6vi, y is added to the number represented by the substring A, and the result is reduced modulo the mth power of radix, yielding a number, c, which is converted to a numeral string in Step 6vii. In Steps 6viii and 6ix, the roles of A and B are swapped for the next round: the substring B is renamed as the substring A, and the modified A (i.e., C) is renamed as B.

This completes one round of the Feistel structure in FF1. After the tenth round, the concatenation of A and B is returned as the output in Step 7.

Algorithm 8: FF1.Decrypt(K, T, X)
Prerequisites:
Designated cipher function, CIPH, of an approved 128-bit block cipher;
Key, K, for the block cipher;
Base, radix;
Range of supported message lengths, [minlen..maxlen];
Maximum byte length for tweaks, maxTlen.
Inputs:
Numeral string, X, in base radix of length n, such that n ∈ [minlen..maxlen];
Tweak T, a byte string of byte length t, such that t ∈ [0..maxTlen].
Output:
Numeral string, Y, such that LEN(Y) = n.

Steps:
1.Let u = ⎣n/2⎦; v = n – u.
2.Let A = X[1..u]; B = X[u+1..n].
3.Let b = ⎡⎡v⋅LOG(radix)⎤/8⎤.
4.Let d =4 ⎡b/4⎤+4
5.Let P = [1]1 || [2]1 || [1]1 || [radix]3 || [10]1||[u mod 256]1 || [n]4 || [t]4.
6.For i from9to 0:
i.Let Q = T || [0](−t−b−1) mod 16 ||[i]1 || [NUMradix (A)]b
ii. Let R = PRF(P || Q).
iii. Let S be the string of the first d bytes of the following string of ⎡d/16⎤ blocks: R || CIPHK (R ⊕[1]16) || CIPHK (R ⊕[2]16) … CIPHK (R ⊕[⎡d/16⎤ – 1]16).
iv.Let y = NUM(S).
v.If i is even, let m = u; else, let m = v.
vi. Let c = (NUMradix (B)–y) mod radix m .
vii. Let C = STRmradix (c).
viii. Let B = A.
ix. Let A = C.
7. Return A || B.

The FF1.Decrypt algorithm is similar to the FF1.Encrypt algorithm; the differences are in Step 6, where: 1) the order of the indices is reversed. 2) the roles of A and B are swapped, and 3) modular addition is replaced by modular subtraction, in Step 6 vi.