Fragmentation-Encryption-Dispersion (FEDS)
- FEDS is a data protection paradigm that fragments data, applies selective or full encryption, and disperses fragments across distinct storage zones.
- It leverages format-aware techniques like DCT and DWT for multimedia and structured data, supporting optimized performance on parallel hardware.
- By distributing cryptographically secured fragments, FEDS ensures confidentiality, integrity, and resilience even in adversarial and multi-party environments.
Fragmentation-Encryption-Dispersion (FEDS) is a composite data protection paradigm that simultaneously leverages data fragmentation, selective or full cryptographic transformation, and distributed storage to achieve high-performance confidentiality, integrity, and resilience in adversarial environments. The architecture is format-agnostic but supports format-aware optimizations, particularly for multimedia and database workloads, and operates efficiently on parallel hardware and distributed clouds. FEDS has also been adapted as the backbone for privacy-preserving distributed machine learning and secure cloud outsourcing, forming a foundation for addressing the confidentiality-availability-robustness trade space in modern data management systems (Qiu, 2018, Memmi et al., 2015, Jebreel et al., 2022).
1. Core Principles and System Architecture
FEDS comprises three sequential and interdependent stages:
- Fragmentation: Input data is split into fragments , where each fragment may correspond to different confidentiality classifications. The fragmentation strategy is either format-aware (e.g., DCT or DWT for images) or agnostic (e.g., object or attribute-based for structured data, or share-generation for threshold schemes).
- Encryption (Selective or Full): Fragments marked as sensitive undergo strong encryption (typically AES-128/256), while less sensitive or public fragments are protected using lightweight masking based on secure hash functions (SHA-256/512), one-time pads, or all-or-nothing transforms.
- Dispersion: Fragments are mapped to physically or administratively separated storage or transmission domains. Highly sensitive fragments remain within a trusted perimeter; others are distributed across public clouds, federated learning peers, or multi-site storage nodes (Qiu, 2018, Memmi et al., 2015).
Security depends on the secrecy of cryptographic keys and a metadata map, not on obfuscation of algorithms, and assumes no single adversary gains access to all critical fragments.
2. Fragmentation Techniques and Data Types
FEDS supports multiple fragmentation modalities:
- Transform-domain Fragmentation (Images, Multimedia, Unstructured Bulk Data):
- DCT-based: For an block of an image, . Low-frequency "important" coefficients form the private fragment: . The remainder, , forms the public fragment. Inverse DCT of public coefficients padded at private positions yields visually disguised output. Selective encryption may target just the DC and a handful of AC terms (Memmi et al., 2015, Qiu, 2018).
- Lossless DWT-based: For general data or images, a two-level Le Gall 5/3 integer DWT yields four subbands per level. The second-level LL (2nd-LL) band forms the private fragment (representing $1/16$ of data), while 2nd-LH/HL/HH and first-level high-bands are assigned as public/protected. Integer lifting guarantees lossless and bounded domains (Qiu, 2018).
- Structured Data Fragmentation (Databases, Object Stores): Vertical partitioning isolates confidential fields or attributes into private fragments , with the public fragment containing remaining data. Granularity may be per-attribute, per-record, or at arbitrary object field level (Memmi et al., 2015).
- Threshold and Bitwise Fragmentation: For resilience and keyless sharing, Shamir’s secret sharing or Rabin’s information dispersal can be employed. Any of shares suffice to reconstruct via Lagrange interpolation or Vandermonde inversion.
Fragmentation parameters—tile size, transform level, fragmentation ratio, and sensitive-coefficient selection—are policy-configurable to tune confidentiality vs. performance.
3. Encryption and Protection Mechanisms
FEDS integrates cryptographic primitives with the fragmentation process:
- Selective Encryption Pipeline: For each input tile, the private fragment is encrypted with AES-128, . Hashes and are truncated and used for XOR-masking “public” fragments and :
- Key Management: A single symmetric key serves as the basis for both encryption and hash-masking. Each masking hash is seeded with the fragment content and the key, ensuring per-fragment stream uniqueness (Qiu, 2018).
- Parallelization: GPU acceleration is exploited by mapping each tile’s DWT/DCT, hash, and masking operations to separate threads. AES encryption (of a small private fragment) is scheduled on CPU or, if available, hardware-accelerated or GPU-based implementations.
- Alternative Sharing: FEDS variations deploy All-Or-Nothing Transforms (AONT), Reed-Solomon codes, and one-time pad masking when full encryption is unnecessary or undesirable for performance reasons (Memmi et al., 2015).
In federated learning and secure distributed workflows, lightweight symmetric (OTP) and public-key crypto are layered to guarantee originator unlinkability and prevent participant-to-participant reconstruction of exchanged fragments (Jebreel et al., 2022).
4. Dispersion Protocols and Storage Models
Dispersion ensures that partial adversaries cannot reconstruct sensitive data:
- Classic Dispersion: Each encrypted or masked fragment is mapped via a metadata map to distinct physical nodes or clouds, respecting trust separation (e.g., trusted vs. untrusted domains). Threshold dispersal (Shamir, Rabin) enables resilience—any of fragments suffice for recovery, and up to can be lost or compromised without data loss.
- Federated Learning and Multi-party Systems: Updates (model gradients) are fragmented using random binary masks so that each peer holds only part of each update. Peers exchange fragments under a randomized protocol; only the aggregation server, possessing decryption seeds, can reconstruct the mixed updates, which are unlinkable to any user (Jebreel et al., 2022).
- Reassembly: The map describes which keys/fragments are needed for decryption and assembly. Reconstitution uses the inverse transform (IDCT/IDWT) or combinatorial interpolation, depending on the fragmentation method.
- Parallel Recovery: Over-requesting is used to exploit network parallelism, reducing latency by retrieving more than fragments and reconstructing as soon as the threshold is met (Memmi et al., 2015).
- Metadata Security: The map and keys must be protected and are not distributed alongside the fragments, in accordance with Kerckhoffs’ principle.
5. Security Properties and Threat Models
FEDS targets multiple adversary classes:
- “Honest-but-curious” and Malicious Storage: Public/protected fragments stored in the cloud, or passed through network intermediaries, are statistically indistinguishable from random and yield no information in isolation.
- Confidentiality Bounds: In threshold schemes, adversaries controlling fewer than shares learn nothing about ; selective-encryption ensures that attackers must compromise both the AES key and the private fragment.
- Statistical Resistance: Empirical analyses show:
- Uniform fragment byte distributions (1/256)
- High per-byte entropy (7.999 bits)
- Low correlation (adjacent-byte or pixel, 0)
- Mutual Information 0.02 between original data and protected fragments
- Visual data PSNR 9 dB, SSIM<0.04 (image use cases)
- Key-based and Chosen-Plaintext Attacks: Each public fragment’s masking or encryption stream is keyed both on the principal key and fragment content, preventing subkey leakage or targeted differential attacks. Brute-force attacks are computationally equivalent to AES’s keyspace.
- Integrity and Error Recovery: AONT, canary hashes, and erasure codes provide detection and correction of accidental or adversarial modifications. Error propagation is local to the fragment; selective retention of certain fragments allows re-hashing and correction.
6. Performance and Scalability Evaluation
FEDS architectures are designed for high throughput and minimal practical overhead:
- Hardware Acceleration: GPU implementations achieve throughputs of 2.8–3.2 GB/s (desktop, GTX 780), and 350 MB/s (laptop, Nvs 5200M) for full DWT-based schemes. DCT and selective-encryption pipelines similarly achieve 1–3 GB/s, exceeding CPU-only AES performance by on comparable platforms (Qiu, 2018, Memmi et al., 2015).
- Parallel Efficiency: Fragmentation, encryption, and dispersion can be assigned to independent processing threads or nodes, supporting cloud or cluster deployment.
- Overheads: Fragmented federated learning protocols (FFL) incur minor additional per-round communication (e.g., 0.45 s/round vs. 0.16 s/round for standard FL on MNIST-CNN) and computation (Jebreel et al., 2022). Memory overheads for DWT-based schemes are +26%, but lossless, while DCT-based schemes add +12.9% (Memmi et al., 2015).
- Resilience: Erasure and dispersion techniques allow for continued operation and reliable recovery in the face of node failure or data corruption.
7. Applications and Future Directions
FEDS has been deployed or analytically validated in contexts including:
- Cloud Outsourcing and Storage Protection: Ensuring data confidentiality, integrity, and resilience by distributing fragments across multiple storage domains while minimizing the cost and penalty of full encryption (Memmi et al., 2015, Qiu, 2018).
- Privacy-Preserving Machine Learning: Fragmented federated learning (FFL) relies on a FEDS backbone to ensure that neither the aggregator nor malicious peers can reconstruct participant updates or link users to updates, while retaining full model accuracy and robustness to adversarial manipulation (Jebreel et al., 2022).
- Structured and Multimedia Data: Format-aware pipelines for bitmaps, general multimedia (via DWT), and relational/object-oriented databases have been validated, maintaining lossless reassembly, statistical indistinguishability, and controlled degradation in visual representation.
- Commercial Solutions: AONT-RS, Cleversafe, Symform, and related systems implement similar FEDS patterns.
Open lines of research include optimizing the policy parameters for speed vs. confidentiality trade-offs, extending FEDS to distributed trust regimes, and formalizing scalability and meta-scheduling of the fragmentation/mapping pipeline for very large-scale data and federated systems.
References:
- (Qiu, 2018) An Efficient Data Protection Architecture Based on Fragmentation and Encryption
- (Memmi et al., 2015) Data Protection: Combining Fragmentation, Encryption, and Dispersion, a final report
- (Jebreel et al., 2022) Enhanced Security and Privacy via Fragmented Federated Learning