Text by: Alessandro Barenghi – Politecnico di Milano; Gerardo Pelosi -Politecnico di Milano
Data about ourselves, whether relating to our habits, our state of fitness, our location, is a part of ourselves that has increasingly become technically easy and inexpensive to record, replicate, and permanently store. While this enables a huge variety of desirable services, such as the ones offered by the WorkingAge tool, it also opens a wide potential for abuse of such personal information.
A significant step in defending people from collected data abuse was represented by the EU General Data Protection Regulation (GDPR), a regulation in the EU law which states that the user should be informed of all the uses of her collected data, how long they will be kept, and that all technical means to minimize unwanted disclosures should be taken.
The prime means to guarantee data confidentiality is encryption. Data encryption allows to prevent anyone from reading a piece of encrypted data unless she/he knows the key required to decrypt it. While you may have heard that cryptography, from a formal standpoint, does not make the readout of encrypted data impossible, reading them without knowing the key is quite harder than drilling through a metal safe wider than the diameter of the Earth. It is not formally impossible, but no one has the resources to do it in practice.
At a bird’s eye view level, encryption techniques can be divided into two kinds: asymmetric encryption and symmetric encryption.
Symmetric cryptography works pretty much in the same way as a treasure chest does: encrypting your data is akin to putting them in an unbreakable treasure chest, and only people having the key will be allowed to access it. If you want someone to access your data, you just have to give her a copy of the key, without anyone else making an extra copy for himself.
This becomes quite a problem, if you do not have a secure way of sending your key to the people you want to be accessing your data.
Asymmetric cryptography came to the rescue in the’70s, allowing a different way of securing the data. In asymmetric cryptography, you are the owner of a combination safe factory and are able to produce an unlimited amount of combination safes, all with the same combination (which only you know). Your safes are good, so, anyone, given the safe, cannot guess or extract the combination.
When someone wants to send you her data securely, he asks you for an open combination safe, gets it delivered to her, puts the data inside, and slams the door of the safe shut. The closed safe can now be shipped to you and only you are able to open it.
This is very handy, since there is no need to have a secure way of transporting objects anymore: safes, either closed or open and empty, are safe to be shipped!
The safe and combinations are commonly called public key and private key, respectively, by cryptographers (albeit it may sound a little counterintuitive to call “key” a safe), since you just publicly distribute your safes, while you keep your combination quite private.
In WorkingAge we extensively employ asymmetric and symmetric cryptographic primitives to guarantee that none other than the people who are granted by the users are able to access the user’s data.
Source of the image: https://blog.wolfram.com/data/uploads/2020/06/Advancements_in_Cryptography_Development_in_the_Wolfram_Language1.png
