How to safely leverage this data security technique to propel R&D while protecting privacy
The public sector faces a constant balancing act: protecting citizen’s right to privacy while serving society and improving its well-being. Today’s major decisions around infrastructure, transportation, citizenship, governance and public health rely on data. How can institutions analyze public data while maintaining citizen confidentiality? For many, pseudonymization is the answer, but without high-quality implementation, significant risks to public security can arise.
Pseudonymization replaces the personal information of data subjects (names, ID numbers, physical features, phone numbers, etc.) with pseudonyms. This allows researchers or government institutions to analyze data while protecting individual privacy. Data subjects can only be reidentified using a secure pseudonymization table.
This approach increases data quantity and quality, but has some downsides. Firstly, it subjects entities to GDPR because of the presence of personal information. While the information is pseudonymized, it can still be reidentified. Another issue lies in risky pseudonymization approaches. If not conducted correctly, pseudonymization turns into a vulnerability that can affect large populations in meaningful ways.
Navigating the pseudonymization minefield
“Pseudonymization is not plug and play,” explains Gaëtan Pradel, PhD, Cybersecurity Specialist, INCERT. “It doesn’t work like this. It always depends on the context.”
For example, does the data need to be shared publicly on the internet? Is the data encryptor different from the data host? While one approach, for example one based on random number generation, might be appropriate in a particular use case, it could prove completely impractical in another.
“It’s very easy to screw up pseudonymization,” he continues. “Once you unleash that public data out into the wild, even though its pseudonymized, the bad guys start gathering it and cross-checking it with other public data [e.g. on social media] to figure out pseudonymized identities. Perhaps they reidentify just 60 percent of the database, but that’s too much.”
Government institutions and healthcare providers have significant ethical responsibilities to avoid this at all costs and uphold public trust.
In 2017, researchers realized that Estonian eID card chips included an algorithmic flaw that left all Infineon-generated keys vulnerable. Called a ROCA vulnerability, public keys could eventually be used to determine private ones, putting roughly 800,000 cards at risk.
Secure pseudonymization equals high-quality algorithms
“In the case of Infineon, it was only the random number generator that was flawed. Every encryption system around it was perfectly secure,” Pradel notes. “With random number generation you have a choice: generate them outside the chip and insert them, or generate them directly in the chip, which is slower. They used an algorithm to accelerate the process of random number generation, but that made it easier to break, and someone did.”
While proper encryption and confidentiality practices are critical, regardless of the pseudonymization approach, the Estonia eID crisis highlights the importance of quality algorithms. These algorithms serve as the building blocks for any type of pseudonymization solution, whether based on random number generation, encryption, counter or keyed-hash foundations.
“All of these are based on cryptographic algorithms as the building blocks,” he adds. “One cryptographic primitive will be sufficient in some cases, but in others it won’t be. Again, it’s all about context.”
Effective pseudonymization, therefore, boils down to certain key factors:
1. High-quality building blocks (read: algorithms)—You can’t build a high-quality car, for example, with low-quality parts
2. The right strategy and technological approach based on a holistic assessment of your specific case
3. At least some degree of encryption for the sake of confidentiality—Even if the pseudonymization is not built on encryption techniques, encryption keys should be used to secure the reidentification table
Accessing leading cryptographic techniques & insights
From the development of smart cities to the evolution of healthcare and education—research, data management and data analytics remain at the forefront. The same goes for ICT and critical Infrastructure, which often fall under the private sector, but have an equally widespread impact.
Evolution within any of these areas comes through assessing outcomes, reiterating, improving and reassessing. At the same time, regulations, such as GDPR, codify their responsibility to preserve individual privacy rights along the way.
These institutions and organizations, for whom confidentiality and trust are absolutely essential, partner with cryptographic experts to ensure sound strategies, secure solutions and cost-effective deployment.
“At Keys&More, our random number generators are certified against Germany’s strict BSI standards,” Pradel says, referring to INCERT’s private sector cryptographic service provider Keys&More. “We checked every key we generated with our HSMs and none were vulnerable to the type of attack that Infineon faced.”
Keys&More, which specializes in encryption key management systems (KMS), can enable any pseudonymization approach, providing the necessary cryptographic elements of the highest quality.
As a longstanding innovation partner to governments around the world, Keys&More brings, not only advanced technological capabilities, but in-depth, invaluable advising services.