At HPE, Strong AES FF1 Crypto and NIST Standards Matter

What happened – what is the NIST announcement?

On April 12th, 2017, the National Institute of Standards and Technology (NIST) announced a cryptanalytic attack on the AES FFX Format-preserving Encryption (FPE) mode FF3, and as a result, NIST may revise Special Publication 800-38G, the document that specifies approved AES FFX FPE modes.

The good news is this announcement has no impact on HPE SecureData customers who use AES FFX Format-preserving Encryption mode FF1.

However, this announcement is disappointing news for vendors who have widely adopted and marketed the FF3 encryption mode for their FPE offerings.

This announcement is the result of research completed by Betül Durak (Rutgers University) and Serge Vaudenay (Ecole Polytechnique Fédérale de Lausanne). In January 2017, the researchers gave a presentation at the ESC (Early Symmetric Crypto) 2017 Conference and their research will likely be published in the coming year. While they have identified a potential fix for the FF3 encryption mode, NIST has not yet determined whether it will restore the cryptographic strength of the FF3 encryption mode.

As a result of the identified weaknesses in the FF3 mode, NIST no longer considers FF3 a full-strength FPE mode. NIST expects to revise Special Publication 800-38G after the details of the attack are published, and a period of public comment completed – and states it will change the FF3 specification or withdraw the approval of FF3.

What does this mean to your business?

If you are currently using a Format-Preserving Encryption vendor solution with the FF3 encryption mode, the NIST announcement suggests that you may no longer be protected by an acceptable strength solution and may be vulnerable to attacks. NIST states it “has concluded that FF3 is no longer suitable as a general-purpose FPE method”. Moreover, you may risk noncompliance with various data security regulations, such as the Payment Card Industry Data Security Standard (PCI DSS), the Health Insurance Portability and Accountability Act (HIPAA), and the General Data Protection Regulation (GDPR). Furthermore, data privacy regulations and guidelines that follow or depend on NIST standards may consider similar actions based on the NIST announcement.

If you are on the cusp of an FPE vendor decision, due diligence with vendor claims is critical. With leading organizations demanding data-centric security, vendors have rushed to market with a range of proprietary solutions, or implementations of FF3 which now has an identified weakness. It’s critical when determining your data protection and privacy strategy to choose a standards-based validated and fully-approved solution. Standards matter for reliable security and audit compliance! This announcement is another example of why it is important to complete a peer review for independent validation of security assurance and proven solution strength.

If you are a SecureData customer, you know HPE FPE uses the NIST AES FF1 mode FPE standard. FF1 encryption was developed by world-leading cryptography experts . HPE is a pioneer of Format-preserving Encryption and submitted the core cryptography to NIST for the AES FF1 mode FPE standard. HPE’s AES FF1 is fundamentally different in design and in its ability to resist the classes of attack to which FF3 is now proven vulnerable.

FF1 features an algorithm with strong safety margins to protect against unanticipated analytic attacks and even defend against implementation flaws. This cryptanalytic attack on FF3 is the result of the class of threat that was anticipated by HPE when it designed FF1.

Gold standard: SecureData uses the industry’s first FIPS-validated FPE

This NIST announcement underscores the importance of HPE’s April 13, 2017 News Advisory on FIPS Validation of FPE. NIST awarded FIPS 140-2 validation ONLY to FF1 mode FPE. HPE SecureData has the world’s first FIPS-validated AES-FF1 encryption configuration option to operate in strict FIPS mode.

What can you do to recover if you rely on a vendor that uses FF3 as a solution to protect your data?

Any organization using Format-Preserving Encryption products with the FF3 mode, or non-validated proprietary technology without peer review, should re-evaluate their data protection strategy in light of these risks.

HPE SecureData with Hyper FPE and Hyper SST is used by many industry-leading corporations in the world to protect their most valuable data. This includes six of the top eight U.S. payment processors; nine of the top ten U.S. banks; and major global enterprises across the telecom, energy, finance, transportation, retail, insurance, high tech, public sector, and healthcare industries.

Contact HPE Security – Data Security to learn more about Hyper FPE with HPE SecureData.

Leave a Reply

Your email address will not be published. Required fields are marked *