DCBC: A Distributed High-performance Block-Cipher Mode of Operation Oussama Trabelsi 1 a , Lilia Sfaxi 1,2 b and Riadh Robbana 1,2 1 Faculty of Science of Tunis, Tunis el Manar University, Tunis, Tunisia 2 INSAT, University of Carthage, Tunis, Tunisia Keywords: Cryptography, Modes of Operation, CBC, Parallel Encryption, Hash-based Encryption. Abstract: Since the rise of Big Data, working with large files became the rule and no longer the exception. Despite this fact, some data at-rest encryption modes of operation, namely CBC, are being used even though they do not take into account the heavy cost of running sequential encryption operations over a big volume of data. This led to some attempts that aim to parallelizing such operations either by only chaining isolated subsets of the plaintext, or by using hash functions to reflect any changes made to the plaintext before running parallel encryption operations. However, we noticed that such solutions present some security issues of different levels of severity. In this paper, we propose a Distributed version of CBC, which we refer to as DCBC, that uses an IV generation layer to ensure some level of chaining between multiple CBC encryption operations that run in parallel, while keeping CPA security intact and even adding new operations such as appending data without compromising the encryption mode’s security. We will, also, make a theoretical performance comparison between DCBC and CBC under different circumstances to study optimal conditions for running our proposed mode. We show in this comparison that our solution largely outperforms CBC, when it comes to large files. 1 INTRODUCTION Data security is becoming a very competitive field as the strategic value of data as a resource is increasing. However, adding security layers usually adds some performance cost overhead which gets even more no- ticeable for systems that handle large volumes of data with a relatively high velocity. Such systems are usu- ally qualified as Big Data systems, for which securing data in storage while keeping an acceptable perfor- mance is a highly critical requirement, as data must be available for processing as soon as possible. Moreover, Big Data systems have special charac- teristics and principles. For instance, increasing stor- age space usage in favor of enhancing performance and security is acceptable and even encouraged. Also, larger computational resources may be available ei- ther locally or in a cluster, so not taking advantage of such assets would be a waste of resources. To ensure data security, we resort to implement- ing encryption mechanisms. However, these mech- anisms usually use classical modes of operation that a https://orcid.org/0000-0002-0792-8763 b https://orcid.org/0000-0002-9786-5961 can’t present a solution for the previously mentioned requirements while respecting Big Data systems char- acteristics. Modes of operation are defined as algorithms used to extend the use of Block Ciphers from the encryp- tion of a single block made of a limited number of bytes, to a plaintext made of a, theoretically, infinite number of bytes. Each of these modes focuses either on performance or diffusion. Diffusion refers to hav- ing multiple bits flipped in the output when one or many bits in the input are flipped. The most simplistic implementation of the cur- rently existing modes is ECB (Pittalia, 2019) which consists on encrypting each block separately and con- catenating the results in order to form the final cipher making it highly parallelizable and offering a cipher- text with no additional overhead in size. However, this solution presents multiple security issues and is not recommended in practice except for short mes- sages where additional overhead in the ciphertext’s size can be problematic (Stallings, 2010). This makes ECB unusable in a big data environment. Chained Block Cipher (CBC) mode was sug- gested to offer some level of diffusion by chaining the different blocks of data (Dworkin, 2005). This ended 86 Trabelsi, O., Sfaxi, L. and Robbana, R. DCBC: A Distributed High-performance Block-Cipher Mode of Operation. DOI: 10.5220/0009793300860097 In Proceedings of the 17th International Joint Conference on e-Business and Telecommunications (ICETE 2020) - SECRYPT, pages 86-97 ISBN: 978-989-758-446-6 Copyright c  2020 by SCITEPRESS – Science and Technology Publications, Lda. All rights reserved