The week's pick
Reseach Article
Improved Vault based Tokenization to Boost Vault Lookup Performance
| International Journal of Computer Applications |
| Foundation of Computer Science (FCS), NY, USA |
| Volume 177 - Number 21 |
| Year of Publication: 2019 |
| Authors: Ashish Thakur, Amit Saxena |
10.5120/ijca2019919666
|
Ashish Thakur, Amit Saxena . Improved Vault based Tokenization to Boost Vault Lookup Performance. International Journal of Computer Applications. 177, 21 ( Dec 2019), 24-32. DOI=10.5120/ijca2019919666
Abstract
Security or protection of sensitive data travelling or floating over network is always at risk, there are many methods available but finding the right solution to meet the business requirement with assured data security, reduced compliances, cheaper and minimal or no impact in integrating with existing application system is always been challenging & tedious tasks. As far as data protection or security is concerned - the very first thing comes to mind is encryption, but considering the fact that sophisticated attackers or malicious users always go after secret keys used in encryption to retrieve back the original sensitive data. This always pose data breach threat to the application system whenever the transformed or encrypted data travel out of application system. To address this concern a new method "tokenization" is being introduced and is quite popular these days among the institutions/organization dealing with sensitive information of their customers specially in payment domain. There is a fundamental difference between both the available technologies: Encryption protects data by transforming it to unreadable form where as tokenization works on principle of substituting the sensitive data with surrogate or non-sensitive data. This research paper will cover study on both Encryption and Tokenization, finding the right solution to meet the business requirement in protecting the end customer sensitive information, along with this a comparative study of "Encryption vs. Tokenization" based on different parameters are also been captured and also will also uncover & address the performance challenge associated with the token vault based implementation of tokenization. This research paper also outline the solution to address the performance challenge of lookup tables(also called as vaults) with the results showcasing the improved performance and other additional features.
References
- Shanto Roy. " Combined approach of tokenization and mining to secure and optimize big data in cloud storage." Institute of Information Technology, Jahangirnagar University, Dhaka-1342, Bangladesh. INSPEC: 17579771(2018)
- Sunil Dilip Jain ." Enhancing security in Tokenization using NGE for storage as a service." Sinhgad Academy Of Engineering, Kondhwa, India. INSPEC: 17411072(2017)
- Sandra Díaz-Santiago. " A cryptographic study of tokenization systems " Department of Computer Science, CINVESTAV-IPN, Av. IPN 2508, San Pedro Zacatenco, Mexico City 07360, Mexico. INSPEC : 16142969 (2016).
- Danushka Jayasinghe." Extending EMV Tokenised Payments to Offline-Environments." Tianjin, China. INSPEC: 16705386 (2016)
- Shafeeq Ahmad, Shreya Paul, Atma Prakash Singh." Tokenization based service model for cloud computing environment".Department of Computer Science & Engineering, AIET, Lucknow, India. INSPEC: 16620565 (2016)
- Tarek Kiblawi ; Ala' Khalifeh." Disruptive Innovations in Cloud Computing and Their Impact on Business and Technology". 4th International Conference on Reliability, Infocom Technologies and Optimization (ICRITO) (Trends and Future Directions). INSPEC: 7359326 (2015)
- Z. C Nxumalo." Towards privacy with tokenization as a service." Department of Computer Science, University of Zululand, Empangeni, South Africa. INSPEC: 15020524(2015)
- Ram Kumar Garg ." Developing secured biometric payments model using Tokenization." R Systems International Limited, Noida, India. INSPEC: 16072347(2015)
- Hassanein, Hossam & Elragal, Ahmed. (2014). “Business Intelligence in Cloud Computing: A Tokenization Approach”.
- S. Díaz-Santiago, L. M. Rodriguez-Henriquez and D. Chakraborty, "A cryptographic study of tokenization systems," 2014 11th International Conference on Security and Cryptography (SECRYPT), Vienna, 2014, pp. 1-6.
- Z. C. Nxumalo, P. Tarwireyi and M. O. Adigun, "Towards privacy with tokenization as a service," 2014 IEEE 6th International Conference on Adaptive Science & Technology (ICAST), Ota, 2014, pp. 1-6.
- Carrol, Pat. “Tokenization: 6 Reasons The Card Industry Should Be Wary”. http://www.darkreading.com/perimeter/tokenization-6-reasons-the-cardindustry-should-be-wary-/a/d-id/1316376
- First Data. “EMV and Encryption + Tokenization: A Layered Approach to Security”. https://www.firstdata.com/downloads/thoughtleadership/EMV-Encrypt-Tokenization-WP.PDF
- Kuo, Li-Hsiang. “Cracking Credit Card Number Tokenization”. http://pages.cs.wisc.edu/~lorderic/webpage/tokenization-crack.pdf.
Index Terms
Keywords