Data confidentiality is a critical concern in corporate settings, particularly as data analysts seek to uncover trends and insights from sensitive datasets. Traditional approaches often require plaintext data, posing a significant risk to data privacy during analytics processes. In response to this challenge, homomorphic encryption schemes have emerged as a promising solution to enable secure data analytics while preserving confidentiality. The research presents the implementation of a homomorphic scheme based on the Data Encryption Standard (DES) as a proof of concept. The aim of the research is to design and implement DES homomorphic scheme facilitating secure data analytics by allowing computations on encrypted data without compromising confidentiality. Objectives are that of conducting requirements elicitation towards the design and implementation of a DES Homomorphic scheme for secure data analytics. To design and implement the DES Homomorphic scheme following successful requirements elicitation. To evaluate the validity of the proposed DES Homomorphic scheme on simulated data analytics tasks. Implementation of the scheme enabled secure data visualization and descriptive analytics through a comprehensive setup in Java NetBeans, leveraging Object Oriented Programming (OOP) for modular, structured code. Data encryption uses a 16-round DES algorithm, while dummy datasets resembling real-world data allow for ethical testing. Key and file handling methods support secure encryption and decryption processes, emphasizing practical applicability in sensitive data contexts. The scheme incorporates data analytics and visualization component, which extracts, analyzes, and visualizes demographic information such as gender, geographic distribution, and age statistics through secure homomorphic operations. A user-friendly dashboard facilitates interactive exploration, allowing access to insights derived from DES encrypted data without disclosing the original dataset plaintext. This DES Homomorphic Scheme contributes globally to the advancement of secure data analytics methodologies, highlighting an effective approach to confidentiality preserving analysis suitable for sensitive adversarial data environments.
EXPERIMENTS, RESULTS, AND DISCUSSIONS
Introduction:
The setup of the Design and Implementation of a DES Homomorphic Scheme presents the experiments conducted to evaluate the proposed scheme. Practical implementation of the DES Homomorphic Scheme is done via Java NetBeans. Object-Oriented Programming (OOP) paradigm is central to the implementation of the scheme. As input for the scheme a secure key schedule channel provides a private key from an RSA computation and a secure transmission channel to accept a DES-encrypted dataset in text format via an Elgamal computation. The experiments aim to demonstrate the scheme's effectiveness in performing secure data analysis and visualization while preserving data confidentiality throughout the computational processes.
Generate simulated data:
For the inception of the Homomorphic Scheme to provide results, dummy data is needed to complete the process. As mentioned in section 1.8, dummy data is generated to not infringe on any ethical considerations. Non-existent dummy data, such as randomly generated student numbers and student information are generated via the GeneratesDatasets.java class resembling real datasets. This Java class is designed to create a synthetic dataset of student information, which is essential for testing the DES Homomorphic Scheme's data analysis capabilities. The setup involves defining arrays of values for first names (String[]FIRST_NAMES), surnames(String[]LAST_NAMES), genders(String[] GENDERS) and provinces (String[]PROVINCES). Further methods are created to generate non-existent student numbers (generateStudentNumber()) and generate South African validated simulated Identification numbers (generateIDNumber()). The methods generateStudentNumber() and generateIDNumber() produce synthetic values for student numbers and South African identification numbers, respectively, incorporating realistic variations, and validations. Upon execution, the class uses randomization to generate 50 records containing column attributes such as names, student numbers, provinces, genders, and identification numbers. The generated data is written to a CSV file (studentsInfo.csv) through the FileWriter java operation. This output file serves as the input for subsequent encryption and homomorphic analysis, allowing the validation of the proposed scheme's performance and accuracy in handling real-world-like data scenarios.
Key schedule:
The next crucial aspect of the Homomorphic scheme is that of the private keys needed for the encryption of the simulated dataset and for the completion of homomorphic operations. The key schedule class (LMDESKey.java) is created as it is a crucial aspect of the DES Homomorphic Scheme. It generates the 16-rounds key schedule required for both the encryption and homomorphic data analytics. The setup for this class involves declaring specific arrays consisting of DES key tables namely, the PC1 table (int[]PC1_Table), PC2 table (int[]PC2_Table), and rotation left shifting table (int[]LEFT_SHIFT_SCHEDULE). Additively, creating a key schedule using a user-provided keyword. Which is converted to ASCII values and then to a 64-bit binary representation. The class uses the initial permutation choice (PC-1) to permute the 64-bit key into two halves, C0 and D0, of 28 bits each, which are then shifted according to a predefined left shift schedule. A secondary permutation choice (PC-2) is applied to generate 48-bit round keys. This process repeats for 16 rounds, creating a total of 16 round keys necessary for the DES algorithm. The main class (DESHomomorphicScheme.java) prompts the user for the keyword, calls LMDESKeys.java class to generate the keys, and displays the permutations, shifts, and resulting round keys. Finally, the 16 generated keys are saved to a text file (16_keys.txt), which will be used in subsequent encryption and homomorphic operations, providing a secure basis for the analysis of the encrypted dataset.
Important considerations:
A method is also developed to clean the saved keys due to formatting issues encountered during the implementation and testing of black box decryption on the encrypted ciphertext. The CleanKeys() method in the main class ensures that the 16 round keys generated for the DES Homomorphic Scheme are correctly formatted and free from commas and square brackets. Which appear from their storage as arrays in the file 16_keys.txt. This method processes the keys line-by-line, removing unwanted characters to maintain their integrity. Cleaned keys are written to a new file 16_CleanedKeys.txt ensuring that they are properly prepared for encryption, decryption, and homomorphic analysis. The CleanKeys() method is essential for secure data analysis and visualization, emphasising correct key formatting being crucial for maintaining accuracy, compatibility, and security within the cryptographic operations.
16_keys.txt
16_CleanedKeys.txt
Encryption and Decryption:
The following step taken to demonstrate Homomorphic data analytics is that of accepting an encrypted text file as input to the scheme. A class is created (DESEncryptDecrypt.java) illustrating the Data Encryption Standard (DES) algorithm, which is used to securely encrypt and decrypt data. The initialization of DES tables is needed as a predefined permutation and substitution metrics used for necessary transformations on input plaintext data. Such arrays are initialized as the initial permutation table (int[]IP), inverse permutation table (int[]IP_INV), expansion table (int[]E), permutation table (int[]P), and substitution boxes (int[][][]S). Each of these components are stored as a static constant array, and they serve specific roles in the DES encryption and decryption processes. The initial permutation and inverse permutation tables are used to permute bits at the beginning and end of the encryption/decryption process. While the expansion table expands the right half of the input to facilitate the DES round function (XOR). The substitution boxes are crucial for substituting values to introduce non-linearity, allowing the encryption to be more secure. The DESEncryptDecrypt.java class also defines several methods for encrypting and decrypting data. An encrypt method is created (encrypt(String plaintext)) which takes a plain text input, applies a padding method (padInput(String input, int blockSize)) to ensure it is 64 bits long, and performs initial permutation using the IP table. The text is then divided into left and right halves, and 16 rounds of encryption are carried out using the Feistel structure, where the right half undergoes a series of transformations defined by the functionF method (functionF(String right, String key)) and is XORed with the left half. The final permutation, using the inverse permutation table, produces the encrypted text. This is achieved for every row block in the input CSV file. Conversely, the decrypt method mirrors the encryption process by first applying the initial permutation, splitting the text into left and right halves, and then performing 16 rounds of decryption with the keys in reverse order, followed by the final permutation. A graphical user interface (GUI) is needed to provide users with a visually intuitive and interactive way to interact with the scheme. Additionally, the class contains methods for file operations such as encryptFile() and decryptFile(). These operations allow the user to encrypt or decrypt files via a graphical user interface file chooser. The encryptFile() method reads a CSV file, encrypts its contents line by line, and writes the encrypted data to a new text file (EncryptedFile.txt). Similarly, the decryptFile() method reads an encrypted file, decrypts its contents, and writes the decrypted data to a CSV file as proof of concept illustrating that the correct plaintext was encrypted. Both methods require a key file input containing 16 DES keys, which are loaded using the loadKeys() method. This design supports secure file encryption and decryption, emphasizing the usability of the DES algorithm for real-world data security applications.
EncryptedFile.txt
The class utilizes several helper methods to implement core functionalities. For example, the permute method applies a given permutation table to an input string, while the xor() method computes the XOR of two binary strings. The function() method is the heart of the DES round operation, combining the expansion permutation, XOR operation with the key, substitution using S-Boxes, and the final permutation. This method ensures that each round of the DES encryption or decryption process achieves a high degree of confusion and diffusion. Moreover, the DESEncryptDecrypt.java class includes user-interactive elements, such as file selection dialogs for choosing input files and key files. The design ensures flexibility and ease of use by allowing users to select files dynamically. Additionally, the class maintains lists (permutedTexts and paddedInputs) to store intermediate values during the encryption and decryption process. This possesses usefulness for debugging and verifying the correctness of the DES implementation as a proof of concept. A well thought out front and back-office framework is considered for the design of the scheme. Allowing for all black box operations taking place in the back-office console and correlating output results displayed to users via an interactive dashboard, front office. Overall, the DESEncryptDecrypt.java class is a secure, comprehensive implementation of the DES algorithm, combining file handling, secure encryption/decryption logic, and user interactive elements. Making it suitable for secure data transmission and analysis in a research context.
Homomorphic Data Analysis:
The data analytics and visualization aspect of the implemented Homomorphic scheme is achieved via the Data_Analytics_Visualization.java class. This provides a comprehensive framework for analyzing and visualizing data in a homomorphic encrypted environment. The class includes methods for counting and categorizing demographic information from an encrypted dataset as input. Such as counting male and female records (CountMales() and CountFemales() methods) by scanning each line for gender-specific keywords. Additionally, it implements a student number search functionality (searchStudentNumber()) method, which uses a graphical user interface to prompt the user for a student’s name and subsequently searches the encrypted dataset for a corresponding 10-digit student number after black box decryption means. This method utilizes regular expressions to detect and extract the student number if found, enhancing user interactivity through a graphical interface.
Gender Count
Student Search1
Student Search2
Further, the class introduces methods to perform provincial data extraction and visualization. The extractProvinces() method identifies and counts occurrences of specific provinces in the encrypted dataset using regular expressions, allowing for geographical analysis. Similarly, the extractGenderProvinceData() method enhances the analysis by combining gender and provincial data, thereby enabling the generation of multidimensional insights of gender distribution. Both methods employ regular expressions to locate patterns within the encrypted dataset, providing a basis for detailed demographic studies.
Gender distribution
To visualize the extracted data, several chart creation methods are included. The createChart() method generates a bar chart that compares the counts of male and female records. The plotProvincesPieGraph() method creates a pie graph representing the distribution of individuals across various provinces. The createJoinedBarPanel() method produces a joined bar graph to visualize the gender distribution across different provinces. These visualization methods leverage the JFreeChart java library, utilizing features like customizable renderers and plot orientations to create insightful graphical representations that aid in understanding complex data patterns.
Population across provinces
The class also incorporates a method for calculating age statistics from identification numbers(calculateAgeStatistics()), which computes various age descriptive statistics and age distributions across different provinces based on the input encrypted dataset. This method facilitates the identification of demographic trends by offering statistical insights into the age distribution. Finally, the createDashboard() method consolidates all visualizations and functionalities into a single user interface. Interactive exploration of the analysed encrypted data is achieved. The dashboard employs a tabbed pane structure to display different charts and includes a search button for querying student numbers and descriptive statistics button of age distributions. Thereby enhancing user engagement and necessary encrypted data accessibility without disclosing the entire original plaintext CSV dataset.
Age descriptive statistics
Age distribution via province
A black box model of near real time processing is achieved in the Design and Implementation of the DES Homomorphic Scheme. The Scheme is designed to maintain data confidentiality without leaking data losses. Subsequently allowing for computations to be achieved on DES encrypted datasets without publishing visual decryption to users of the dashboard. Therefore, maintaining confidentiality. Ultimately the implemented scheme allows for Homomorphic data analytics by permitting black box decryption of DES encrypted datasets and analysis without visually decoding data. The design framework of a front and back office simulates principles of achieved Homomorphic data analysis through careful handling and processing of encrypted records.
Summary:
The DES Homomorphic Scheme leverages secure encryption to enable data analysis and visualization without exposing original data. Simulated data resembling real student records are generated using a Java class GeneratesDatasets.java to ensure ethical research standards. This synthetic dataset is saved as a CSV file and used as input for testing the encryption and analysis processes. Key generation is central to this scheme, with the LMDESKey.java class creating a sequence of 48-bit keys through a 16-round DES key schedule derived from a user-provided keyword and stored securely for use in encryption and homomorphic data analysis. Importantly Proper formatting of these keys is ensured by the CleanKeys() method, which removes unwanted characters to maintain compatibility across cryptographic operations. The DES encryption and decryption methods are implemented in the DESEncryptDecrypt.java class, incorporating key elements of the DES algorithm such as permutation and substitution tables, expansion functions, and substitution boxes for enhanced security. This class also integrates an interactive GUI, allowing users to select files for encryption or decryption while supporting front-office dashboard displays and back-office encryption processes. The homomorphic data analytics component is handled by the Data_Analytics_Visualization.java class, enabling secure demographic analysis on encrypted data. Key functionalities include counting records by demographic attributes, identifying specific student numbers, and extracting provincial data. The class leverages the JFreeChart library to generate visualizations like bar charts, pie charts, and joined bar graphs offering insights into data distribution, such as gender and provincial representation, without revealing the underlying data. Additionally, age-related analytics are derived from identification numbers, securely supporting comprehensive demographic analysis. The interactive dashboard unifies these analytical capabilities allowing users to explore encrypted data through a structured secure interface. This homomorphic scheme thus demonstrates a sophisticated approach to secure data analytics, combining cryptographic precision with interactive visualization to support data privacy in analytics applications.