Protection of personal data in health using symmetric encryption: a comparative study between different algorithms

Proteção de dados pessoais na saúde utilizando criptografia simétrica: um estudo comparativo entre diferentes algoritmos

Autores

Palavras-chave:

LGPD, Cryptography, Privacy, Health

Resumo

The LGPD (Lei Geral de Proteção de Dados) aims to protect the right to privacy of personal data of Brazilians. A challenging impasse for several institutions, mainly in the health area, is the process of evolving their systems to the new requirements imposed by the LGPD. The imposition of items such as data encryption and its impact on the performance of these systems brings a discussion about how this additional protection should be provided. This article analyzes several symmetric encryption algorithms available in the PyCryptodome library, such as DES, 3DES, Blowfish, CAST-128 and RC2 to identify which of these would be most suitable for the type of attributes most commonly used in these environments. For the experiments, an application was developed in Python 3 that generates volumes of predefined data, compatible with data from personal attribute management systems in the health area. This data is also applied to the encryption algorithms, where time measurements and function calls are performed during the data encryption and decryption process. The results show the disparity in performance between the different encryption algorithms, as well as the analyzes using different data volumes.

Downloads

Não há dados estatísticos.

Referências

ADHIE, Roy Pramono et al. Implementation cryptography data encryption standard (DES) and triple data encryption standard (3DES) method in communication system based near field communication (NFC). In: Journal of Physics: Conference Series. IOP Publishing, 2018. p. 012009. DOI: https://doi.org/10.1088/1742-6596/954/1/012009

AL-SHABI, M. A. A survey on symmetric and asymmetric cryptography algorithms in information security. International Journal of Scientific and Research Publications (IJSRP), v. 9, n. 3, p. 576-589, 2019. DOI: http://dx.doi.org/10.29322/IJSRP.9.03.2019.p8779

BARKER, Elaine; MOUHA, Nicky. Recommendation for the triple data encryption algorithm (TDEA) block cipher. National Institute of Standards and Technology, 2017. DOI: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-67r2.pdf

BISSO, Rodrigo et al. Vazamentos de Dados: Histórico, Impacto Socioeconômico e as Novas Leis de Proteção de Dados. Revista Eletrônica Argentina-Brasil de Tecnologias da Informação e da Comunicação, v. 3, n. 1, 2020. DOI: https://zenodo.org/record/3833275

CGI - COMITÊ GESTOR DA INTERNET NO BRASIL. PRIVACIDADE E PROTEÇÃO DE DADOS PESSOAIS. In: PRIVACIDADE e proteção de dados pessoais 2021: perspectivas de indivíduos, empresas e organizações públicas no Brasil. [S. l.: s. n.], 2022. p. 33-66. Disponível em: https://cetic.br/pt/publicacao/privacidade-e-protecao-de-dados-2021/

DA SILVEIRA, Kamilla Dória. Segurança em Banco de Dados para Adequação a LGPD. In: Anais do XXII Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais. SBC, 2022. p. 278-287. DOI: https://doi.org/10.5753/sbseg.2022.223953

ELGELDAWI, Enas; MAHROUS, Maha; SAYED, Awny. A comparative analysis of symmetric algorithms in cloud computing: a survey. International Journal of Computer Applications, v. 975, p. 8887, 2019. DOI: https://doi.org/10.5120/ijca2019918726

ISKANDAR, Akbar et al. Utility Software Design to Comprehend The Cryptography Cast-128 Method. In: Journal of Physics: Conference Series. IOP Publishing, 2019. p. 012049. DOI: https://doi.org/10.1088/1742-6596/1364/1/012049

KNUDSEN, Lars R. et al. On the design and security of RC2. In: Fast Software Encryption: 5th International Workshop, FSE’98 Paris, France, March 23–25, 1998 Proceedings 5. Springer Berlin Heidelberg, 1998. p. 206-221. DOI: https://doi.org/10.1007/3-540-69710-1_14

L. Enas Tariq. Image Encryption and decryption using CAST-128 with proposed adaptive key. مجلة المستنصرية للعلوم والتربية, v. 20, n. 5, p. 89-100, 2019. Disponível em: https://edumag.uomustansiriyah.edu.iq/index.php/mjse/article/view/675/539

LOGUNLEKO, K. B.; ADENIJI, O. D.; LOGUNLEKO, A. M. A comparative study of symmetric cryptography mechanism on DES AES and EB64 for information security. Int. J. Sci. Res. in Computer Science and Engineering, v. 8, n. 1, 2020. Disponível em: https://www.isroset.org/journal/IJSRCSE/full_paper_view.php?paper_id=1690

NURGALIYEV, Alibek; WANG, Hua. Comparative study of symmetric cryptographic algorithms. In: 2021 International Conference on Networking and Network Applications (NaNA). IEEE, 2021. p. 107-112. DOI: https://doi.org/10.1109/NaNA53684.2021.00026

PIKULÍK, Tomáš. GDPR COMPLIANT METHODS OF DATA PROTECTION. Business & Management, 6th SWS International Scientific Conference on Social Sciences ISCSS 2019, p. 1-10, 20 ago. 2019.

PRESIDÊNCIA DA REPÚBLICA SECRETARIA-GERAL SUBCHEFIA PARA ASSUNTOS JURÍDICOS. Lei Geral de Proteção de Dados nº 13.709, de 14 de agosto de 2018. Dispõe sobre o tratamento de dados pessoais, [...] e o livre desenvolvimento da personalidade da pessoa natural. [S. l.], 14 ago. 2018. Disponível em: https://www.planalto.gov.br/ccivil_03/_ato2015-2018/2018/lei/l13709.htm

SELVANAYAGAM, Joseph et al. Secure file storage on cloud using cryptography. Int. Res. J. Eng. Technol, v. 5, n. 3, p. 2044, 2018. Disponível em: https://www.irjet.net/archives/V5/i3/IRJET-V5I3475.pdf

SEMWAL, Pradeep; SHARMA, Mahesh Kumar. Comparative study of different cryptographic algorithms for data security in cloud computing. In: 2017 3rd International Conference on Advances in Computing, Communication & Automation (ICACCA)(Fall). IEEE, 2017. p. 1-7. DOI: https://doi.org/10.1109/ICACCAF.2017.8344738

SHEN, Yaobin; GUO, Chun; WANG, Lei. Improved security bounds for generalized Feistel networks. IACR Transactions on Symmetric Cryptology, p. 425-457, 2020. DOI: https://doi.org/10.13154/tosc.v2020.i1.425-457

SOUSA, Thiago R. et al. LGPD: Levantamento de Técnicas Criptográficas e de Anonimização para Proteção de Bases de Dados. In: Anais do XX Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais. SBC, 2020. p. 55-68. DOI: https://doi.org/10.5753/sbseg.2020.19227

STALLINGS, William. Criptografia e segurança de redes Princípios e práticas. In: CRIPTOGRAFIA e segurança de redes Princípios e práticas. [S. l.: s. n.], 2006.

VARGAS, Yuri Tatiana Medina; MNEDEZ, Haider Andrés Miranda. Comparación de algoritmos basados en la criptografía simétrica DES, AES y 3DES. Mundo Fesc, v. 5, n. 9, p. 14-21, 2015. Disponível em: https://dialnet.unirioja.es/servlet/articulo?codigo=5286657

VERMA, Neha et al. OpenMRS as a global good: Impact, opportunities, challenges, and lessons learned from fifteen years of implementation. International Journal of Medical Informatics, v. 149, p. 104405, 2021. DOI: https://doi.org/10.1016/j.ijmedinf.2021.104405

Downloads

Publicado

2023-03-31

Edição

Seção

Articles