Protection of personal data in health using symmetric encryption: a comparative study between different algorithms

Abstract

The LGPD (Lei Geral de Proteção de Dados) aims to protect the right to privacy of personal data of Brazilians. A challenging impasse for several institutions, mainly in the health area, is the process of evolving their systems to the new requirements imposed by the LGPD. The imposition of items such as data encryption and its impact on the performance of these systems brings a discussion about how this additional protection should be provided. This article analyzes several symmetric encryption algorithms available in the PyCryptodome library, such as DES, 3DES, Blowfish, CAST-128 and RC2 to identify which of these would be most suitable for the type of attributes most commonly used in these environments. For the experiments, an application was developed in Python 3 that generates volumes of predefined data, compatible with data from personal attribute management systems in the health area. This data is also applied to the encryption algorithms, where time measurements and function calls are performed during the data encryption and decryption process. The results show the disparity in performance between the different encryption algorithms, as well as the analyzes using different data volumes.