Solved

Data size after encryption (AES encryption)

Posted on 2011-03-15
8
3,184 Views
Last Modified: 2012-05-11
We have a problem in hand where we distribute an xml file to our clients. The data has to be visible to the clients on a particular date of the year (Embargo date). Since the data size is going to be large, we allow them to download the xml prior to the Embargo date, but want the data to be visible only on/after this date.

The data has two parts i. Share details which can be visible anytime ii. share portfolio details (group of data elements) which needs to remain secret till the Embargo date.

So we are thinking of encrypting the secret data elements only within the xml and publish the xml file much before the embargo date. On the morning of embargo date, we will reveal the Decryption key and the clients can use that to see the full data.

The clients on their end will download the xml prior to the embargo date and import into their system to prove that the file works fine. The portfolio details will be kept in staging area which show up as junk characters. Once the Decryption key is obtained, they can decrypt the data and see the actual characters.

We have decided to use AES encryption algorithm. The dev platform is .Net. Our objective is the keep the data file as small as possible to facilitate easy download. As I said, we don't want the whole data to be encrypted, only few data elements need to be encrypted.

The questions we are trying to answer is, how much the data size increases after encryption. This will help us take decision on whether
i. we will encrypt each secret data element individually or
ii. concatenate the secret data elements and encrypt it as one field
iii. We have another option, to separate non-secret and secret data into two files

I have seen that if I use 256 bit key, a 1 byte to 15 byte data becomes 24 bytes after incryption, 16 byte becomes 44, 100 byte becomes 152, 1000 bytes become 1344 etc.

Can anyone help me estimating the data size after applying AES encryption. This can be either using 128 bit or 256 bit key size.
0
Comment
Question by:tknayak123
  • 6
8 Comments
 
LVL 27

Expert Comment

by:Tolomir
ID: 35136942
How about zipping the files before transfer.

This should reduce the amount of transfer data.
0
 

Author Comment

by:tknayak123
ID: 35137143
Sorry I did not mention that earlier.
The strategy within the enterprise for similar data transfers to the client is, "compress the file just before the transfer." This is the strategy for our Transport layer. This is not a current strategy to compress it, then encrypt and then compress again.

I know, compressing the data after encryption does not help much. So in our new solution when we encrypt and then compress at the Transport layer, it is not going to help much. But we cannot change the strategy for this one requirement.

What I need to understand today is the impact of encryption on data size.
0
 

Author Comment

by:tknayak123
ID: 35139533
I have done further analysis on the increase in the data size. Here is the matrix.

1-15 bytes  becomes 24 bytes
16 bytes      becomes 44 bytes
100 bytes    becomes 152 bytes  (52 % increase)
500 bytes    becomes 684 bytes  (37% increase)
1 kb             becomes 1388 bytes (35.5% increase)
1 mb            becomes  1398124 bytes (33% increase)
>1 mb upto 30 mb, there is a 33% increase.
I have not tried data greater than 30mb.

So there is a significant increase in the data size after encryption using AES-256.
But in some of the forums, it is suggested that there is no increase in file size. One of the examples is here:
http://stackoverflow.com/questions/93451/does-aes-128-or-256-encryption-expand-the-data-if-so-by-how-much
0
 
LVL 10

Expert Comment

by:abbright
ID: 35139560
You may want to consider using the password protection of Excel 2007 which, according to http://www.oraxcel.com/projects/encoffice/help/How_safe_is_Word_2007_encryption.html uses AES 128. As the xlsx-format is compressed anyway I consider this to be a good solution.
0
DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

 

Author Comment

by:tknayak123
ID: 35152876
The use of Excel is not considered due to compatibility reasons and company policy.
The B2B solution of the enterprise operates on certain principles, which cannot be changed easily.
0
 

Author Comment

by:tknayak123
ID: 35152889
Does anyone have experience in data encryption, who can comment on my observations (see the comments above where I have given some statistics where the data size increases after encryption).

Or does anyone contradict my views.
0
 

Accepted Solution

by:
tknayak123 earned 0 total points
ID: 35152970
I have found the answer now.

The method to calculate the data size after encryption is described very clearly at this link:

http://www.obviex.com/Articles/CiphertextSize.aspx

With respect to my observations in the post above where the data size increases after encryption, that is due to applying base64 encoding.

Hope this helps everyone who is searching for this.
0
 

Author Closing Comment

by:tknayak123
ID: 35178863
I found this answer after a lot of search.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

#SSL #TLS #Citrix #HTTPS #PKI #Compliance #Certificate #Encryption #StoreFront #Web Interface #Citrix XenApp
Healthcare providers, insurance companies and other covered entities trust eFax Corporate to transmit their most sensitive documents. eFax Corporate can help your organization implement a HIPAA compliant cloud faxing solution.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now