Evaluation of Format- Preserving Encryption Algorithms for Critical Infrastructure Protection

Document Type

Conference Proceeding

Publication Date



Legacy critical infrastructure systems lack secure communications capabilities that can protect against modern threats. In particular, operational requirements such as message format and interoperability prevent the adoption of standard encryption algorithms. Three new algorithms recommended by the National Institute of Standards and Technology (NIST) for format-preserving encryption could potentially support the encryption of legacy protocols in critical infrastructure assets. The three algorithms, FF1, FF2 and FF3, provide the ability to encrypt arbitrarily-formatted data without padding or truncation, which is a critical requirement for interoperability in legacy systems. This paper presents an evaluation of the three algorithms with respect to entropy and operational latency when implemented on a Xilinx Virtex-6 (XC6VLX240T) FPGA. While the three algorithms inherit the security characteristics of the underlying Advanced Encryption Standard (AES) cipher, they exhibit some important differences in their performance characteristics.


Published by Springer as a work of the U.S. Federal government. Its text is subject to foreign copyright protection.

© IFIP International Federation for Information Processing 2014 (outside the US)

The "Link to Full Text" on this page loads the PDF of the work, furnished through the Springer Nature SharedIt content-sharing initiative.



Source Publication

Critical Infrastructure Protection VIII