DOI: https://doi.org/10.15588/1607-3274-2020-1-16

METHOD OF DATA DEPERSONALIZATION IN PROTECTED AUTOMATED INFORMATION SYSTEMS

A. G. Spevakov, S. V. Spevakova, D. V. Primenko

Abstract


Context. The problem of data depersonalization in information systems is considered. The analysis of modern approaches to depersonalization of data is carried out, it is revealed and proved by need of creation of the new method allowing to increase security of the processed data and their reliability. The object of the study was a model of data depersonalization, allowing to reduce the cost of protecting information systems. 

Objective. The goal of the work is the analysis of modern methods of depersonalization and the creation of a method that eliminates the identified shortcomings, with an increased level of confidentiality and use of hashing of critical data and a private key.

Method. A method of personal data depersonalization is proposed, based on the method of entering identifiers using hashing of critical data and a private key, which allows to increase the confidentiality of information processed in information systems. Methods are proposed for selecting key critical attributes from primary documents that uniquely identify the subject of personal data, the method of generating initial sets, which divides the source data into two disjoint subsets, the method of generating a hash identifier from a unique sequence and a private key that depersonalizes information and enhances its confidentiality.

Results. The developed method is implemented in software and researched while solving the problems of depersonalization.

Conclusions. The carried out experiments confirmed the efficiency of the proposed method and allow to recommend it for implementation in automated information systems for processing personal data for solving problems of depersonalization. Prospects for further research may be in the creation of hardware streamlined data depersonalization allowing to increase the speed of processing and confidentiality of data in the information systems. 


Keywords


Depersonalization, personal data, hash identifier, hash algorithm, private key, information system.

Full Text:

PDF

References


Rodichev Yu. A. Normativnaya baza i standarty v oblasti informacionnoj bezopasnosti. Sankt-Peterburg, Izdatel’skij dom «Piter», 2018, 255 p.

Sychev Yu. V. Standarty informacionnoj bez-opasnosti. Zashchita i obrabotka konfidencial’nyh dokumentov. Saratov, Vuzovskoe obrazovanie, 2019, 223 p.

The Convention for the protection of individuals with regard to automatic processing of personal data is a 1981 Council of Europe [Electronic resource]. Access mode: https://www.coe.int/en/web/conventions/full-list//conventions/rms/0900001680078b37.

Regulation (EU) 2016/679 of the European parliament and of the council GDPR(General Data Protection Regulations) [Electronic resource]. Access mode: https://ogdpr.eu/en/gdpr-2016679.

Prikaz Roskomnadzora ot 05.09.2013 № 996 «Ob utverzhdenii trebovanij i metodov po obezlichi-vaniyu personal’nyh dannyh». [Elektronnyj resurs]. Rezhim dostupa: http://www.consultant.ru/document/cons_doc_LAW_151882/

Kalutskiy I. V., Shumailova V. A. , Nikulin D. A. et all. Depersonalization of personal data during processing of information in automated systems, Telecommunications, 2016, No. 10, pp. 16–20.

Spevakova S. V., Primenko D. V. A method of personal data depersonalization in automated systems, Conference: Optoelectronic devices in pattern recognition systems, image processing and symbol information. Recognition – 2017, Kursk, 16–17 May 2017, proceeding. Kursk, UZGY, 2017, pp. 330–333.

Dobritsa V. P., Gubarev A. A. Algorithm of exclusive transformation of data, News of the Kursk State Technical University, 2010, No. 1 (30), pp. 49–54.

Vishnyakova O. A., Lavrov D. N. Format obmena dannymi v sisteme sbora i obrabotki biometricheskih obrazcov, Informacionnye resursy v obrazovanii: mater. mezhdunar. nauch.-prakt. konf. Nizhnevartovsk, Izdatel’stvo Nizhnevart. gos. un-ta, 2013, pp. 146–149.

Volokitina E. S. Metod i algoritmy garantiro-vannogo obezlichivaniya i reidentifikacii sub’ekta personal’nyh dannyh v avtomatizirovannyh informacionnyh sistemah: dis. kand. tekhn. nauk. Sankt-Peterburg, Izdatel’stvo Sankt-Peterburgskogo nac. issled. un-ta informacionnyh tekhnologij, mekhaniki i optiki, 2013, 183 p.

Kuchin I. Yu. Obrabotka baz dannyh s personifi-cirovannoj informaciej dlya zadach obezlichivaniya i poiska zakonomernostej: dis. … kand. tekhn. nauk. Astrahan’, Izdatel’stvo Astrah. gos. tekhn. un-ta, 2012, 132 p.

Bondarenko K. O., Kozlov V. A. Universal’nyj bystrodejstvuyushchij algoritm procedur obezlichivaniya dannyh, Izv. YuFU. Tekhnicheskie nauki. Rostov/n/D, Izdatel’stvo YuFU, 2015, No. 11 (172), pp. 130–142.

Trifonova Yu. V., Zharinov R. F. Vozmozhnosti obezlichivaniya personal’nyh dannyh v sistemah, ispol’zuyushchih relyacionnye bazy dannyh, Doklady TUSUR, 2014, No. 2 (32), pp. 188–194.

Azhmuhamedov I. M., Demina R. Yu., Safarov I. V. Sistemnyj podhod k obespecheniyu konfidencial’nosti obezlichennyh personal’nyh dannyh v uchrezhdeniyah zdravoohraneniya, Sovremennye problemy nauki i obrazovaniya, 2015, No. 1–1 [Elektronnyj recurs]. Rezhim dostupa: http://www.scienceeducation.ru/ru/article/view?id=18610.

Bertoni G., Daemen J., Peeters M., Van G. Keccak code package [Electronic resource]. Access mode: https://github.com/gvanas/KeccakCodePackage

/[ Huang S., Xu G., Wang M., et all Conditional cube attack on reduced-round Keccak sponge function Annual International Conference on the Theory and Applications of Cryptographic Techniques, Paris, France, April 30–May 4, 2017, proceedings. Part II, 2017, P. 259–288.

Guo J., Liu M., Song L. Linear structures: Applications to cryptanalysis of round-reduced Keccak, International Conference on the Theory and Application of Cryptology and Information Security. Hanoi, Vietnam, December 4–8, 2016, proceedings. Part I, pp. 249– 274.

Jeethu J., Karthikab R., Nandakumarb R. Design and characterization of SHA 3–256 Bit IP core, International conference on emerging trends in engineering, science and technology, ICETEST, 2015, Vol. 24, pp. 918–924.

Dinur I., Morawiecki P., Pieprzyk J. et all. Cube attacks and cube-attack-like cryptanalysis on the round-reduced Keccak sponge function, Eurocrypt: Annual International Conference on the Theory and Applications of Cryptographic Techniques Sofia. Bulgaria, April 26–30, 2015, proceedings, Part I, pp. 733–761.

Nozdrina A. A., Spevakov A. G., Primenko D. V.; Patent RF 2636106, MPK G06F 12/14, G06F 12/14. Sposob depersonalizacii personal’nyh dannyh/ zayavitel’ Yugo-Zapadnyj gosudarstvennyj universitet. № 2016126867; zayavl. 04.07.2016; opubl. 04.07.2016; Byul. № 32, 4 p.

Dobraunig C. Analysis of SHA-512/224 and SHA512/256 / C. Dobraunig, M. Eichlseder, F. Mende // International Conference on the Theory and Application of Cryptology and Information Security, Auckland, New Zealand, November 29 – December 3, 2015: proceedings. Part I, pp. 612–630.

Song L., Liao G., Guo J. Non-full sbox linearization: Applications to collision attacks on round-reduced Keccak, Annual International Cryptology Conference. Santa Barbara, CA, USA, August 20–24, 2017, proceedings. Part II, pp. 428–451.

Nabeel S., Munqath H. Anti-continuous collisions user based unpredictable iterative password salted hash encryption, International Journal of Internet Technology and Secured Transactions, 2018, Vol. 8, No. 4, pp. 619–634.

Barakat M., Eder Ch., Hanke T. An Introduction to Cryptography, [Electronic resource]. Access mode: https://www.mathematik.unikl.de/~ederc/download/Cryptography.pdf


GOST Style Citations


1. Родичев Ю. А. Нормативная база и стандарты в области информационной безопасности / Ю. А. Родичев. – СанктПетербург : Издательский дом «Питер», 2018. – 255 p.

2. Сычев Ю. В. Стандарты информационной безопасности. Защита и обработка конфиденциальных документов / Ю. В. Сычев. – Саратов : Вузовское образование, 2019. – 223 p.

3. The Convention for the protection of individuals with regard to automatic processing of personal data is a 1981 Council of Europe [Electronic resource]. – Access mode: https://www.coe.int/en/web/conventions/full-list//conventions/rms/0900001680078b37.

4. Regulation (EU) 2016/679 of the European parliament and of the council GDPR(General Data Protection Regulations) [Electronic resource]. – Access mode: https://ogdpr.eu/en/gdpr-2016679.

5. Приказ Роскомнадзора от 05.09.2013 № 996 «Об утверждении требований и методов по обезличиванию персональных данных». [Электронный ресурс]. – Режим доступа: http://www.consultant.ru/document/cons_doc_LAW_151882/.

6. Depersonalization of personal data during processing of information in automated systems/ [I. V. Kalutskiy, V. A. Shumailova, D. A. Nikulin et al.] // Telecommunications. –2016. – № 10. – P. 16–20.

7. Spevakova S. V. A method of personal data depersonalization in automated systems / S. V. Spevakova, D. V. Primenko // Conference: Optoelectronic devices in pattern recognition systems, image processing and symbol information. Recognition – 2017, Kursk, 16–17 may 2017 : proceeding: Kursk, UZGY, 2017. – P. 330–333.

8. Dobritsa V. P. Algorithm of exclusive transformation of data /V. P. Dobritsa, A. A. Gubarev// News of the Kursk State Technical University. – 2010. –№ 1 (30). – P. 49–54.

9. Вишнякова О.А. Формат обмена данными в системе сбора и обработки биометрических образцов / О. А. Вишнякова, Д. Н. Лавров // Информационные ресурсы в образовании: матер. междунар. науч.-практ. конф. – Нижневартовск : Издательство Нижневарт. гос. ун-та, 2013. – С. 146–149.

10. Волокитина Е. С. Метод и алгоритмы гарантированного обезличивания и реидентификации субъекта персональных данных в автоматизированных информационных системах: дис. канд. техн. наук / Е. С. Волокитина. – СПб. : Издательство Санкт-Петербургского нац. исслед. ун-та информационных технологий, механики и оптики, 2013. – 183 с.

11. Кучин И. Ю. Обработка баз данных с персонифицированной информацией для задач обезличивания и поиска закономерностей: дис. … канд. техн. наук / И. Ю. Кучин. – Астрахань : Издательство Астрах. гос. техн. ун-та, 2012. – 132 с.

12. Бондаренко К. О. Универсальный быстродействующий алгоритм процедур обезличивания данных / К. О. Бондаренко, В. А. Козлов // Изв. ЮФУ. Технические науки. – Ростов/н/Д: Издательство ЮФУ. – 2015. – № 11 (172). – С. 130–142.

13. Трифонова Ю. В. Возможности обезличивания персональных данных в системах, использующих реляционные базы
данных / Ю. В. Трифонова, Р. Ф. Жаринов // Доклады ТУСУР. – 2014. – № 2 (32). – С. 188–194.

14. Ажмухамедов И. М. Системный подход к обеспечению конфиденциальности обезличенных персональных данных в учреждениях здравоохранения / И. М. Ажмухамедов, Р. Ю. Демина, И. В. Сафаров // Современные проблемы науки и образования. – 2015. – № 1–1 [Электронный реcурс]. – Режим доступа: http://www.scienceeducation.ru/ru/article/view?id=18610.

15. Keccak code package [Electronic resource] / [G. Bertoni, J. Daemen, M. Peeters, G. Van]. – Access mode: https://github.com/gvanas/KeccakCodePackage

16. Conditional cube attack on reduced-round Keccak sponge function / [S. Huang, G. Xu, M. Wang et all.] // Annual International Conference on the Theory and Applications of Cryptographic Techniques, Paris, France, April 30 – May 4, 2017: proceedings. Part II, 2017. –P. 259–288.

17. Guo J. Linear structures: Applications to cryptanalysis of roundreduced Keccak / J. Guo, M. Liu, L. Song // International Conference on the Theory and Application of Cryptology and Information Security, Hanoi, Vietnam, December 4–8, 2016: proceedings. Part I. –P. 249– 274.

18. Jeethu J. Design and characterization of SHA 3– 256 Bit IP core / J. Jeethu, R. Karthikab, R. Nandakumarb // International conference on emerging trends in engineering, science and technology, ICETEST. – 2015. – Vol. 24. –P. 918–924.

19. Cube attacks and cube-attack-like cryptanalysis on the roundreduced Keccak sponge function / [I. Dinur, P. Morawiecki, J. Pieprzyk et al.] // Eurocrypt: Annual International Conference on the Theory and Applications of Cryptographic Techniques Sofia, Bulgaria, April 26–30, 2015: proceedings. Part I. – P. 733–761.

20. Патент РФ 2636106, МПК G06F 12/14, G06F 12/14. Способ деперсонализации персональных данных/ A. A. Ноздрина, А. Г. Спеваков, Д. В. Применко; заявитель Юго-Западный государственный университет. – № 2016126867; заявл. 04.07.2016; опубл. 04.07.2016; Бюл. № 32. – 4 с.

21. Dobraunig C. Analysis of SHA-512/224 and SHA512/256 / C. Dobraunig, M. Eichlseder, F. Mende // International Conference on the Theory and Application of Cryptology and Information Security, Auckland. – New Zealand, November 29 – December 3, 2015: proceedings. Part I. –P. 612–630.

22. Song L. Non-full sbox linearization: Applications to collision attacks on round-reduced Keccak / L. Song, G. Liao, J. Guo // Annual International Cryptology Conference. – Santa Barbara, CA, USA, August 20–24, 2017: proceedings. Part II. – P. 428– 451.

23. Nabeel S. Anti-continuous collisions user based unpredictable iterative password salted hash encryption / S. Nabeel, H. Munqath // International Journal of Internet Technology and Secured Transactions. – 2018. – Vol. 8, № 4. –P. 619–634.

24. Barakat M. An Introduction to Cryptography, [Electronic resource] / M. Barakat, Ch. Eder, T. Hanke. – Access mode: https://www.mathematik.unikl.de/~ederc/download/Cryptography.pdf







Copyright (c) 2020 A. G. Spevakov, S. V. Spevakova, D. V. Primenko

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Address of the journal editorial office:
Editorial office of the journal «Radio Electronics, Computer Science, Control»,
National University "Zaporizhzhia Polytechnic", 
Zhukovskogo street, 64, Zaporizhzhia, 69063, Ukraine. 
Telephone: +38-061-769-82-96 – the Editing and Publishing Department.
E-mail: rvv@zntu.edu.ua

The reference to the journal is obligatory in the cases of complete or partial use of its materials.