Cisco says it is experimenting with ciphers it claims can better protect traffic privacy in cloud systems and result in bandwidth and storage savings.
The networking firm has designed what it calls is the Flexible Naor and Reingold (FNR) encryption scheme under open source licence LGPLv2.
Cisco software engineer Sashank Dara explained that since traditional block ciphers, such as AES, work on a fixed block length, for example 28, 192 or 256 bits, small blocks of data get bloated when they're encrypted.
"FNR is an experimental small domain block cipher for encrypting objects (< 128 bits) like IPv4 addresses, MAC addresses, arbitrary strings, etc. while preserving their input lengths," he explained in a blog post.
"Such length preserving encryption would be useful when encrypting sensitive fields of rigid packet formats, database columns of legacy systems, etc. in order to avoid any re-engineering efforts for privacy preservation."
He added that the "length preserving nature" in FNR could result in bandwidth and storage savings for cloud providers.
"Like all deterministic encryption methods, this does not provide semantic security, but determinism is needed in situations where anonymizing telemetry and log data (especially in cloud based network monitoring scenarios) is necessary," he said.
"This also lends itself nicely to achieving searchable encryption operations such as provided the cryptdb project. Due to the length preserving nature in FNR, it is a better fit in some scenarios than cryptdb, as the cryptdb method expands the data size, resulting in bandwidth and storage savings."
Qualys is the leading provider of on demand IT security risk and compliance solutions - delivered as a service. Qualys solutions enable...