Cisco has released a new open-source block cipher called FNR that is designed for encrypting small chunks of data, such as MAC addresses or IP addresses. The cipher is still in the experimental stage, but Cisco has released the source code and a demo application.

The company suggests that the new cipher–called Flexible Naor and Reingold–may be ideal for some cloud scenarios, specifically cloud-based network monitoring. The cipher is based on a paper written in 1999, and Cisco officials said it has some properties that can result in bandwidth and storage savings in some cases.

“When FNR is used in ECB mode, it realizes a deterministic encryption scheme. Like all deterministic encryption methods, this does not provide semantic security, but determinism is needed in situations where anonymizing telemetry and log data (especially in cloud based network monitoring scenarios) is necessary. This also lends itself nicely to achieving searchable encryption operations such as provided the cryptdb project. Due to the length preserving nature in FNR, it is a better fit in some scenarios than cryptdb, as the cryptdb method expands the data size, resulting in bandwidth and storage savings,” Sashank Dara of Cisco said in a blog post.

Cisco has released the source code for FNR on GitHub, and there is a demo application, as well, which is designed for encrypting IPv4 addresses. Dara said that the new cipher is meant for encrypting data chunks that are smaller than 128 bits and has the ability to preserve the length of inputs.

“Such length preserving encryption would be useful when encrypting sensitive fields of rigid packet formats, database columns of legacy systems, etc. in order to avoid any re-engineering efforts for privacy preservation,” Dara said.

Image from Flickr photos of Rex Roof.

Categories: Cryptography, Web Security