News, Startups

British researchers crack Cryptosystem Diffix

British researchers crack Cryptosystem Diffix
About Author
Christian Boas

British researchers from the Imperial College of London have cracked the new cryptosystem “Diffix”. The cryptography solution glides as a promising technological breakthrough in data security. The underlying technology was developed by the German startup Aircloak in cooperation with the Max Planck Institute for Software Systems and relies on dynamic anonymization for each individual data query. The researchers nevertheless managed to derive individual data from the system with just 10 targeted queries.

No 100% security
Collecting high-quality data by directly querying databases without revealing the specific information of a particular individual to whom an entry relates has long been considered an unattainable dream, the Aircloak website states.

With Diffix you have finally been able to fulfill this dream. This is made possible by the dynamic anonymization of data, which are re-encrypted each time the data is retrieved. In addition, additional data is added as “noise” for each query to make it more difficult to identify and assign.

“The goal of our attack on Diffix is ​​to demonstrate that we need full transparency and a vibrant community of new data protection systems that has access to these technologies to find and eliminate potential vulnerabilities,” researchers Andrea Gadotti, Florimond, explain Houssiau, Luc Rocher and Yves-Alexandre de Montjoye from the Data Science Institute of Imperial College London.

“We have to accept that no system is perfect,” the researchers said. “There will be attacks and some will be successful. We have to prepare for it. ”

When it comes to data management and query systems that are as secure as possible and at the same time as efficient as possible, technologies such as Diffix, which rely on dynamic anonymisation, are regarded as new hope carriers. Recently, the Aircloak development was even officially approved for commercial use by the French data protection authority CNIL, confirming that it would fully comply with the guidelines of the new EU Data Protection Act (General Data Protection Regulation).

Despite the protective measures described, the experts from London have managed relatively easily to access personal data via Diffix. For this they only needed 10 carefully selected queries.

“In this way, it was possible to find the individual and private attributes of a person with a probability of 99.9 percent,” the scientists describe. For example, they could find out if someone has HIV or not.

To Top