IT Researcher Proposes Groundbreaking Secure Data Processing System
Local IT experts have designed a safer data transfer system that will not infringe the confidentiality of sensitive data while it is being processed.
A doctoral dissertation, presented to an examination committee at the University of Tartu on Thursday, outlines a method that protects confidential information and allows analysis of information about the population and society that could help officials make more informed decisions, reported ERR radio.
The state currently has tens of databases that cannot be combined into one super-database because, if broken into, it would reveal too much information about individuals.
“Now, if we were to use the method described in my doctoral dissertation, we would be able to consolidate data and carry out studies like how education levels affect earnings or job market activities. And these studies could be done on a national scale, collecting answers from the entire population of Estonia, not just a small statistical group,” said Dan Bogdanov, the author of the thesis, who worked on the project with the company Cybernetica AS.
For the dissertation, Bogdanov invented a data processing system called Sharemind which divides data between three trustworthy parties in such a way that no one party can use their part of the data alone. Working with the other two parties, however, they can access the data to process individually registered data from, for example, gene donors or bank clients.
“If we were to use specially constructed data exchange protocols, we could calculate any results without the need to combine sensitive basic values,” explained Bogdanov.
Jaak Vilo, the head of the university's Institute of Computer Science, said that Bogdanov's thesis will raise the trustworthiness of data processing in the world to a new level. He added that right now, it would suffice to break into one database and decrypt it to be able to access the information.
Speaking about the new system, Vilo added, “Breaking into one place would be useless, breaking into two places would be useless. If administrators of two databases were corrupted, that would not be enough as long as the third database was safe.”