Article

Article title UNIVERSAL QUICK-ACTING ALGORITHM OF THE PROCEDURES OF DATA DEPERSONALIZATION
Authors K.O. Bondarenko, V.A. Kozlov
Section SECTION III. INFORMATION TECHNOLOGY, APPLIED INFORMATION SYSTEMS AND NETWORKS
Month, Year 11, 2015 @en
Index UDC 004.056.055
DOI
Abstract The goal of the research is to develop a model of personal data protection with use of methods of data depersonalization which are processed by the operators of health care institutions. The tasks of the research: To study the existing methods of personal data protection, information systems of personal data processing in health care institutions in order to identify the actual threats for the personal data protection; to classify medical information systems into the types from the point of view of personal medical data protection; to create a model of protection of personal data of health care institution using methods of data depersonalization. The paper presents universal quick-acting algorithm for data depersonalization. This algorithm is focused on work with large and very large volumes of information as well as on work with a segmented, relational database. Segmenting of the database is done by dividing its main volumes into blocks of 256 lines. The structure of the algorithmic complex includes cryptographic primitives based on three main principles: dispersion, mixing and gammirovanie. Cryptographic resistance of the system is provided by use of quick-acting nonlinear -algorithms which are the parts of dispersion and mixing algorithms. As a result the paper suggests a universal quick-acting algorithm that provides implementation of cryptographic procedures of data depersonalization. This algorithm is focused on work with large volumes of information.

Download PDF

Keywords Сryptographic protection of personal data; personal data depersonalization; quick-acting non-linear algorithms of mixing and dispersion.
References 1. Federal'nyy zakon Rossiyskoy Federatsii ot 27 iyulya 2006 g. № 152-FZ «O personal'nykh dannykh» s izmeneniyami i dopolneniyami ot 01.09.2015 g [Federal law of the Russian Federation of 27 July 2006 No. 152-FZ "On personal data" with changes and additions from 01.09.2015].
2. Postanovlenie Pravitel'stva RF ot 21.03.2012 № 211 (red. ot 20.07.2013) "Ob utver-zhdenii perechnya mer, napravlennykh na obespechenie vypolneniya obyazannostey, predusmotrennykh Federal'nym zakonom "O personal'nykh dannykh" i prinyatymi v sootvetst-vii s nim normativnymi pravovymi aktami, operatorami, yavlyayushchimisya gosudarstvennymi ili munitsipal'nymi organami" [The decree of the Government of the Russian Federation dated 21.03.2012 No. 211 (as amended on 20.07.2013) "About the assertion the statement of the list of
measures aimed at ensuring compliance with obligations contained in the Federal law "On personal data" and adopted in accordance with the USA in accordance with it normative legal acts, the operators, which is a public-governmental or municipal authorities"].
3. Metodicheskie rekomendatsii po primeneniyu prikaza Roskomnadzora ot 5 sentyabrya 2013 g. № 996, utverzhdennye 13.12.2013 g. Rukovoditelem Federal'noy sluzhby po nadzoru v sfere svyazi, informatsionnykh tekhnologiy i massovykh kommunikatsiy [Methodical recommendations on the application of the order of Roscomnadzor on September 5, 2013 No. 996 approved 13.12.2013. the Head of the Federal service for supervision in the sphere of Telecom, information technologies and mass communications].
4. Prikaz Roskomnadzora ot 05.09.2013 N 996 "Ob utverzhdenii trebovaniy i metodov po obezlichivaniyu personal'nykh dannykh" (vmeste s "Trebovaniyami i metodami po obezlichivaniyu personal'nykh dannykh, obrabatyvaemykh v informatsionnykh sistemakh personal'nykh dannykh, v tom chisle sozdannykh i funktsioniruyushchikh v ramkakh realizatsii federal'nykh tselevykh programm") (Zaregistrirovano v Minyuste Rossii 10.09.2013 N 29935) [The order of Roskomnadzor from 05.09.2013 N 996 "On approving the requirements and
methods for the depersonalization of personal data" (together with "the Requirements and methods for the depersonalization of personal data processed in personal data information systems, including established and operating within the framework of implementation of Federal programs") (Registered in Ministry of justice of Russia 10.09.2013 No. 29935)].
5. Bazovaya model' ugroz bezopasnosti personal'nykh dannykh pri ikh obrabotke v informatsionnykh sistemakh personal'nykh dannykh. FSTEK Rossii ot 15.02.2008 g. [The basic model of threats to the security of personal data during processing in personal data information systems. The FSTEC of Russia from 15.02.2008].
6. Prikaz FSTEK ot 18 fevralya 2013 g. № 21 "Ob utverzhdenii Sostava i soderzhaniya organizatsionnykh i tekhnicheskikh mer po obespecheniyu bezopasnosti personal'nykh dannykh pri ikh obrabotke v informatsionnykh sistemakh personal'nykh dannykh" [The order of FSTEC of February 18, 2013 No. 21 "On approval of Composition and content of organizational and technical measures for personal data security at their processing within information systems of personal data"].
7. «Poryadkom provedeniya klassifikatsii informatsionnykh sistem personal'nykh dannykh», utverzhdennym prikazom FSTEK Rossii, FSB Rossii i Mininformsvyazi Rossii ot 13 fevralya 2008 g. №. 55/86/20 ["Procedure of classification of personal data information systems" approved by the order of the FSTEC of Russia, FSB of Russia and the Ministry of communications of Russia dated 13 February 2008 No. 55/86/20].
8. Bryus Shnayer. Prikladnaya kriptografiya. Protokoly, algoritmy, iskhodnye teksty na yazyke Si = AppliedCryptography. Protocols, Algorithms and Source Code in C [Applied cryptography. Protocols, algorithms, and source code in C language = AppliedCryptography. Protocols, Algorithms and Source Code in C]. Moscow: Triumf, 2002, 816 p. ISBN 5-89392-055-4.
9. Deyt K.Dzh. Vvedenie v sistemy baz dannykh [Introduction to database systems]: Translation from English. St. Petersburg: Izdatel'skiy dom «Vil'yams», 2003, 848 p.
10. Zykov V.D., Meshcheryakov R.V., Belyakov K.O. Zashchita personal'nykh meditsinskikh dannykh v avtomatizirovannykh meditsinskikh informatsionnykh sistemakh lechebnoprofilakticheskikh uchrezhdeniy [Protection of personal medical data in automated medical information systems medical-preventive institutions], Bezopasnost' informatsionnykh sistem: Doklady TUSURa [the Security of information systems: Reports at Tomsk University], June 2009, No. 1 (19), Part 2, pp. 67-69.
11. Kozlov V.A., Chernyshev A.B. i dr. Veroyatnostnaya model' sistemy asimmetrichnykh kriptograficheskikh preobrazovaniy [A probabilistic model of the system asymmetrical creepmap transformations], Nauchnoe obozrenie [Scientific Review], 2015, No. 5, pp. 261-266.
12. Kozlov V.A., Chernyshev A.B. Veroyatnostnaya model' elektronnoy tsifrovoy podpisi [A probabilistic model of the digital signature], Nauchnoe obozrenie [Scientific Review], 2015, No. 11, pp. 141-146.
13. Maslennikov M.E. Prakticheskaya kriptografiya [Practical cryptography]. St. Peresburg: BKhV-Peterburg, 2003, 464 p.
14. Nil's Fergyuson, Bryus Shnayer. Prakticheskaya kriptografiya [Practical cryptography]. Moscow: Izd-vo Vil'yams, 2005, 416 p.
15. Saksonov E.A., Sheredin R.V. Protsedura obezlichivaniya personal'nykh dannykh [The procedure for anonymisation of personal data], Nauka i obrazovanie [Science and Education]. El №FS 77-30569, mart 2011. Available at: http://technomag.edu.ru/doc/173146.html.
16. Minayev1 Yu.L., Lazareva N.V., Illarionova E.V. Opportunity, safety and prospects of use of medical information systems, The journal of scientific articles “Health & education millennium”, 2013, Vol. 15, No. 1-4.
17. Ya. I.–O. Guliev, Vogt I.A., Vogt O.A., Belyakin A.J. Healthcare Information System and Information Safety. Problems and solutions, Proceedings of Program Systems institute scientific conference “Program systems: Theory and applications”. Pereslavl-Zalesskij, 2009, Vol. 2, pp. 175-206.
18. CryptDB: HOWTO Compile on Ubuntu Linux 12.04. Available at:
http://whitehatty.wordpress.com/2012/09/30 /cryptdb-howto-compile-on-ubuntu-linux-12-04/.
19. Floyer D., Kelly J., Vellante D., Miniman S. Big Data Database Revenue and Market Forecast 2012–2017, Professional community Wikibon. Available at: http://wikibon.org/wiki/v/Big_Data_Database_Revenue _and_Market_Forecast_2012–2017.
20. Magic Quadrant for Data Masking Technology, Gartner, 2013. Available at:
https://www.gartner.com/doc/2636081.

Comments are closed.