Protection of personal data in health using symmetric encryption: a comparative study between different algorithms
Proteção de dados pessoais na saúde utilizando criptografia simétrica: um estudo comparativo entre diferentes algoritmos
Palavras-chave:
LGPD, Cryptography, Privacy, HealthResumo
The LGPD (Lei Geral de Proteção de Dados) aims to protect the right to privacy of personal data of Brazilians. A challenging impasse for several institutions, mainly in the health area, is the process of evolving their systems to the new requirements imposed by the LGPD. The imposition of items such as data encryption and its impact on the performance of these systems brings a discussion about how this additional protection should be provided. This article analyzes several symmetric encryption algorithms available in the PyCryptodome library, such as DES, 3DES, Blowfish, CAST-128 and RC2 to identify which of these would be most suitable for the type of attributes most commonly used in these environments. For the experiments, an application was developed in Python 3 that generates volumes of predefined data, compatible with data from personal attribute management systems in the health area. This data is also applied to the encryption algorithms, where time measurements and function calls are performed during the data encryption and decryption process. The results show the disparity in performance between the different encryption algorithms, as well as the analyzes using different data volumes.
Downloads
Referências
ADHIE, Roy Pramono et al. Implementation cryptography data encryption standard (DES) and triple data encryption standard (3DES) method in communication system based near field communication (NFC). In: Journal of Physics: Conference Series. IOP Publishing, 2018. p. 012009. DOI: https://doi.org/10.1088/1742-6596/954/1/012009
AL-SHABI, M. A. A survey on symmetric and asymmetric cryptography algorithms in information security. International Journal of Scientific and Research Publications (IJSRP), v. 9, n. 3, p. 576-589, 2019. DOI: http://dx.doi.org/10.29322/IJSRP.9.03.2019.p8779
BARKER, Elaine; MOUHA, Nicky. Recommendation for the triple data encryption algorithm (TDEA) block cipher. National Institute of Standards and Technology, 2017. DOI: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-67r2.pdf
BISSO, Rodrigo et al. Vazamentos de Dados: Histórico, Impacto Socioeconômico e as Novas Leis de Proteção de Dados. Revista Eletrônica Argentina-Brasil de Tecnologias da Informação e da Comunicação, v. 3, n. 1, 2020. DOI: https://zenodo.org/record/3833275
CGI - COMITÊ GESTOR DA INTERNET NO BRASIL. PRIVACIDADE E PROTEÇÃO DE DADOS PESSOAIS. In: PRIVACIDADE e proteção de dados pessoais 2021: perspectivas de indivíduos, empresas e organizações públicas no Brasil. [S. l.: s. n.], 2022. p. 33-66. Disponível em: https://cetic.br/pt/publicacao/privacidade-e-protecao-de-dados-2021/
DA SILVEIRA, Kamilla Dória. Segurança em Banco de Dados para Adequação a LGPD. In: Anais do XXII Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais. SBC, 2022. p. 278-287. DOI: https://doi.org/10.5753/sbseg.2022.223953
ELGELDAWI, Enas; MAHROUS, Maha; SAYED, Awny. A comparative analysis of symmetric algorithms in cloud computing: a survey. International Journal of Computer Applications, v. 975, p. 8887, 2019. DOI: https://doi.org/10.5120/ijca2019918726
ISKANDAR, Akbar et al. Utility Software Design to Comprehend The Cryptography Cast-128 Method. In: Journal of Physics: Conference Series. IOP Publishing, 2019. p. 012049. DOI: https://doi.org/10.1088/1742-6596/1364/1/012049
KNUDSEN, Lars R. et al. On the design and security of RC2. In: Fast Software Encryption: 5th International Workshop, FSE’98 Paris, France, March 23–25, 1998 Proceedings 5. Springer Berlin Heidelberg, 1998. p. 206-221. DOI: https://doi.org/10.1007/3-540-69710-1_14
L. Enas Tariq. Image Encryption and decryption using CAST-128 with proposed adaptive key. مجلة المستنصرية للعلوم والتربية, v. 20, n. 5, p. 89-100, 2019. Disponível em: https://edumag.uomustansiriyah.edu.iq/index.php/mjse/article/view/675/539
LOGUNLEKO, K. B.; ADENIJI, O. D.; LOGUNLEKO, A. M. A comparative study of symmetric cryptography mechanism on DES AES and EB64 for information security. Int. J. Sci. Res. in Computer Science and Engineering, v. 8, n. 1, 2020. Disponível em: https://www.isroset.org/journal/IJSRCSE/full_paper_view.php?paper_id=1690
NURGALIYEV, Alibek; WANG, Hua. Comparative study of symmetric cryptographic algorithms. In: 2021 International Conference on Networking and Network Applications (NaNA). IEEE, 2021. p. 107-112. DOI: https://doi.org/10.1109/NaNA53684.2021.00026
PIKULÍK, Tomáš. GDPR COMPLIANT METHODS OF DATA PROTECTION. Business & Management, 6th SWS International Scientific Conference on Social Sciences ISCSS 2019, p. 1-10, 20 ago. 2019.
PRESIDÊNCIA DA REPÚBLICA SECRETARIA-GERAL SUBCHEFIA PARA ASSUNTOS JURÍDICOS. Lei Geral de Proteção de Dados nº 13.709, de 14 de agosto de 2018. Dispõe sobre o tratamento de dados pessoais, [...] e o livre desenvolvimento da personalidade da pessoa natural. [S. l.], 14 ago. 2018. Disponível em: https://www.planalto.gov.br/ccivil_03/_ato2015-2018/2018/lei/l13709.htm
SELVANAYAGAM, Joseph et al. Secure file storage on cloud using cryptography. Int. Res. J. Eng. Technol, v. 5, n. 3, p. 2044, 2018. Disponível em: https://www.irjet.net/archives/V5/i3/IRJET-V5I3475.pdf
SEMWAL, Pradeep; SHARMA, Mahesh Kumar. Comparative study of different cryptographic algorithms for data security in cloud computing. In: 2017 3rd International Conference on Advances in Computing, Communication & Automation (ICACCA)(Fall). IEEE, 2017. p. 1-7. DOI: https://doi.org/10.1109/ICACCAF.2017.8344738
SHEN, Yaobin; GUO, Chun; WANG, Lei. Improved security bounds for generalized Feistel networks. IACR Transactions on Symmetric Cryptology, p. 425-457, 2020. DOI: https://doi.org/10.13154/tosc.v2020.i1.425-457
SOUSA, Thiago R. et al. LGPD: Levantamento de Técnicas Criptográficas e de Anonimização para Proteção de Bases de Dados. In: Anais do XX Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais. SBC, 2020. p. 55-68. DOI: https://doi.org/10.5753/sbseg.2020.19227
STALLINGS, William. Criptografia e segurança de redes Princípios e práticas. In: CRIPTOGRAFIA e segurança de redes Princípios e práticas. [S. l.: s. n.], 2006.
VARGAS, Yuri Tatiana Medina; MNEDEZ, Haider Andrés Miranda. Comparación de algoritmos basados en la criptografía simétrica DES, AES y 3DES. Mundo Fesc, v. 5, n. 9, p. 14-21, 2015. Disponível em: https://dialnet.unirioja.es/servlet/articulo?codigo=5286657
VERMA, Neha et al. OpenMRS as a global good: Impact, opportunities, challenges, and lessons learned from fifteen years of implementation. International Journal of Medical Informatics, v. 149, p. 104405, 2021. DOI: https://doi.org/10.1016/j.ijmedinf.2021.104405