ODD: Protecting Sensitive Data in Mobile Devices by Out-of-order Data Division




Yu Chen


Technologists are looking to achieve a balance between making data difficult to be illegally or maliciously compromised while providing legitimate data users and owners sufficient encryption protection that does not overly strain the computing power, storage space, processing speeds, and battery life available on the devices. Distributed storage of data on personal and other computing devices and hardware subsystems pose risks to security if the devices are captured (military and government scenario) or lost or stolen (civilian scenario). This invention addresses the need for “on-board” data encryption for next generation communication and mobile Internet devices operating on enterprise and wireless networks. The unique data division and out-of-order keystream generation scheme offers a means to protect stored data against becoming compromised during the distributed use part of its life cycle—should the device fall into the hands of an unauthorized user or adversary, the “readable” data is not sufficient to provide understandable, useful information.

The novel data security framework provides a triple layer of out-of-order “divide and store” protection. The first ring is to create cipher blocks by dividing the plaintext data into multiple blocks and encrypting them. A second layer is generated by a keystream abstracted from the data blocks in pseudorandom, out-or-order manner. A third security feature is a function of saving and storing separately the encrypted data (on the mobile device) and the keystream and PIN (on a secure server). Plain text can only be regenerated by merging the decrypted cipher text and keystream with an authenticated PIN.


Safeguarding private or sensitive information, e.g., passwords, records, and other information while enabling pervasive computing built on devices and sensors sharing data within ad hoc wireless networks or Internet based distributed storage infrastructure such as grid or cloud computing, or on cooperative systems for emergency management such as search and rescue, public safety, and on mesh networks.


Unlike conventional stream ciphers built around a protected password, a publicly known initialization vector (IV), and a fixed length keystream which are becoming increasingly vulnerable to decryption efforts, the novel data division and out-of-order keystream generation approach is a robust self-encryption scheme that leverages the use of a variable length keystream which is computationally much more difficult to defeat with brute force attacks.

The on-device, data security encryption technology offers the following specific advantages when implemented in an embedded accelerator using configurable hardware devices such as Field Programmable Gate Arrays:

 Robust: multi-layer distributed data security scheme

 Effective: 256-bit encryption very difficult to defeat by brute force, algebraic, correlation, differential analysis, reply, and other cryptanalysis attacks

 Simple and unobtrusive: an embedded software solution that does not impose an excessive computational workload or processing overhead, or additional hardware power and size/weight requirements on personal devices

 Scalable: The length of the keystream can be changed based on the user’s security requirements


Software implementation is available for demonstration.


U.S. 8,862,900


J. Feng, Y. Chen, W.-S. Ku, and Z. Su, “D-DOG: Securing Sensitive Data in Distributed Storage Space by Data Division and Out-of-order Keystream Generation”, the 2010 IEEE International Conference on Communications - Communication and Information System Security Symposium (ICC'10 CISS), Cape Town, South Africa, May 23 - 27, 2010.

P. Gasti and Y. Chen, “Breaking and Fixing the Self-Encryption Scheme for Data Security in Mobile Devices”, the 18th Euromicro International Conference on Parallel, Distributed and Network-based Processing (PDP 2010) – Special Session “Security in Networked and Distributed Systems” (SNDS 2010), Pisa, Italy, February 17 - 19, 2010.

Y. Chen and W.-S. Ku, “Self-Encryption Scheme for Data Security in Mobile Devices”, the 6th IEEE Consumer Communications and Networking Conference - Security for CE Communications (CCNC’09), Las Vegas, Nevada, USA, January 10 - 13, 2009

Information on the network and wireless security research program of Dr. Chen is available at: http://bingweb.binghamton.edu/~ychen/


Company partner to co-develop Field Gate Programmable Array (FGPA) chip for hardware implementation and to commercialize products under license.


Distributed data security; mobile devices; stream cipher; self-encryption; keystream

Patent Information:
For Information, Contact:
Scott Hancock
Director, IP Management and Licensing
Binghamton University
(607) 777-5874
Yu Chen
© 2017. All Rights Reserved. Powered by Inteum