I was recently taking a look at research in order and format-preserving encryption, as one does for fun, and I have been surprised to find some very blatant plagiarism between original work published and cited across different continents.

Take a look at this – I’ll let you decide who wrote the original. Clue: It’s not hard to tell.

Exhibit A: Michael Blackwell’s paper from 1997 on data type preserving encryption. 

http://csrc.nist.gov/nissc/1997/proceedings/141.pdf

TITLE: “USING DATATYPE-PRESERVING ENCRYPTION TO ENHANCE DATA WAREHOUSE SECURITY

Sample Extract:

Ciphertext (data in encrypted form) bears
roughly the same resemblance to plaintext
(data in its original form) as a hamburger
does to a T-bone steak. A social security
number, encrypted using the DES encryption
algorithm, not only does not resemble a
social security number but will likely not
contain any numbers at all. A database field
which was defined to hold a nine-character
social security number (eleven, if you want
to include the hyphens) would not be able to
store the DES-encrypted version of the data.
A Visual Basic program would not read it.
A graphical interface would not display it.
There would be nothing that you could do
with the encrypted social security number
unless you had made extensive provisions
for changes in data format throughout your
application and physical database design….

Exhibit B: A remarkably similar paper on the same topic from 2011. 

http://www.ijcsi.org/papers/IJCSI-8-1-460-465.pdf

TITLE: “A Schematic Technique Using Data type Preserving Encryption to Boost Data Warehouse Security”
Sample extract:

Cipher text bears roughly the same resemblance
to plaintext as a hamburger does to a T-bone
steak. A social security number, encrypted using
the DES encryption algorithm, not only does not
resemble a social security number but will likely
not contain any numbers at all. A database field
which was defined to hold a nine-character social
security number would not be able to store the
DES-encrypted version of the data.
A Visual Basic program would not read it. A
graphical interface would not display it. There
would be nothing that you could do with the
encrypted social security number unless you had
made extensive provisions for changes in data
format throughout your application and physical
database design….

Other than the title, and the authors, the latter is almost a word-for-word copy, and not original – but no mention of Michael’s original paper. I did say remarkably similar. Its not a co-incidence.

Looks to me like the IJCSI (International Journal of Computer Science) isn’t taking the steps to verify the work for originality at least despite assurances of taking plagiarism seriously. I sent them a note. Lets see if they take any action.

Anyhow, this illustrates another point of trust in cryptography, peer review, and public comment. When looking for security proofs and academic research on cryptography, also think about the publication and the good ones – NIST Standards, Ecrypt, IACR and so on. Otherwise you might be scratching your head over the work of unscrupulous students and researchers trying to fast track their grades by cutting and pasting original work.

P.S. That’s a copy of an original photo of a copy of an original work – for the record.