By Topic

The Power of Refresh: A Novel Mechanism for Securing Low Entropy PII

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

5 Author(s)
Yuqian Li ; Dept. of Comput. Sci. & Technol., Tsinghua Univ., Beijing, China ; Yang Liu ; Zhifang Liu ; Jiwei Huang
more authors

Deterministic encryption for low entropy personally identifiable information(PII) is vulnerable to dictionary attack. It is particularly so because of an expedient method to enumerate possible PII'splain text instead of all possible keys. Deterministic encryption, however, is indispensable in the generation of hash or index of PII. This paper presents a novel mechanism to frustrate dictionary attacks by refreshing the encryption in an external "blackbox". The "blackbox" has a private key inside and even the person who designed and manufactured it could not track or reveal its input and output without knowing the private key. The major part of this paper is about the analysis of this novel mechanism. The use of conditional entropy in this paper both measures the power to defend the attack and proves the value and feasibility of this novel mechanism. A lower bound for conditional entropy against a computationally-unbounded adversary is guaranteed. The essential meaning of the lower bound is also given based on min-entropy. By the proof, this mechanism can provide very reliable security for PII in online social networks (OSN) and keep efficiency and functionality at the same time.

Published in:

Communications and Mobile Computing (CMC), 2011 Third International Conference on

Date of Conference:

18-20 April 2011