Date: Thu, 15 Nov 2007 09:55:32 -0500
Reply-To: Gerry <gpauline@PACE.EDU>
Sender: "SAS(r) Discussion" <SAS-L@LISTSERV.UGA.EDU>
From: Gerry <gpauline@PACE.EDU>
Organization: Pace University
Subject: Re: Strong Variable Level Encryption
Content-Type: text/plain; charset=us-ascii
In addition to what Mike suggests, you might consider using WINZIP with the
AES encryption option (64 to 256 bit). If you are not familiar with AES,
look here for a description:
You can easily encrypt/decrypt the SAS datasets (or external files) within
your SAS (which is what we do) programs, or use the SASZIPAM filename engine
to read a particular file (if they are external files; haven't tried this
See some of Phil Mason's (NESUG 2006) papers for info on the SASZIPAM
filename engine. In addition to encryption and password protection, you save
space too !
Gerard T. Pauline
Mgr, Internet Applications &
University Web Master
Computer Systems, DoIT
From: SAS(r) Discussion [mailto:SAS-L@LISTSERV.UGA.EDU] On Behalf Of Michael
Sent: Thursday, November 15, 2007 9:36 AM
Subject: Re: Strong Variable Level Encryption
George Joseph posted the following:
> I need help with Variable level encryption of SSN. SAS help
> desk sent me references to two papers.
> 1) Annette Landan-Effective Data Encryption Algorithm.
> 2) Sheng Luo-Using Bitwise Function to Scramble Data fields with Key.
> The second paper (Luo) does have some interesting method to
> encrypt credit card # but when I ran it on a test dataset I
> found that if the record repeated itself it was encrypted
> differently. And that just wont fly with medical records
> where the same SSN will have multiple observations.
> I did see some Macros on the UGA list serve archives but I
> was wondering if someone has any updated version of the same
> or perhaps newer algorithms. If they are FIPS 140 compliant
> that would be even better.
George, if you do not get any better advice, then I have a couple of
The first is, consider using SAS data set encryption. (I know that you
want to encrypt a single variable, and this is overkill; that is why I
stated that you should wait for better advice first). You can do so by
using the ENCRYPT data set option. That will encrypt the entire SAS
data set, SSN and all. If you can deal with this, it might be an easy
If you do not want to encrypt the entire SAS data set, then you could do
something that uses both this suggestion and Art's great suggestion.
1. Move the SSN's out of the main SAS data set to their own SAS data
2. Generate a key variable that is unique to each SSN and store that
variable in place of the SSN variable in the main SAS data set.
3. In the SSN data set you have only two variables: the key variable
and the SSN variable. You have one observation per unique SSN.
4. You encrypt the SSN SAS data set.
5. You now have a way to grab SSN when you need it by matching the
unique value of the key variable in the main SAS data set with the key
value in the SSN SAS data set.
6. You can also associate the observations in the main SAS data set for
the same individual because they have the same key variable value--which
is a non-HIPPA violating variable.
... so, you can do lots of processing on the main SAS data set, while
keeping your SSN's secure. When you do need SSN's, you can match back
against the encrypted SSN SAS data set.
The second is that SAS provides add-on software called SAS/SECURE that
may help you. I do not have any experience with said software, and
cannot vouchsafe as to whether or not it can perform record-level
encryption. But, hey, it may be worth a look. Check it out on the SAS
Finally, there is a whole SAS online publication that discusses
encryption in the SAS Online Documentation:
...it may provide some ideas in addition to the papers that were
recommended to you.
George, best of luck in keeping your data's secrets secret!
I hope that this suggestion proves helpful now, and in the future!
Of course, all of these opinions and insights are my own, and do not
reflect those of my organization or my associates. All SAS code and/or
methodologies specified in this posting are for illustrative purposes
only and no warranty is stated or implied as to their accuracy or
applicability. People deciding to use information in this posting do so
at their own risk.
Michael A. Raithel
"The man who wrote the book on performance"
Author: Tuning SAS Applications in the MVS Environment
Author: Tuning SAS Applications in the OS/390 and z/OS Environments,
Author: The Complete Guide to SAS Indexes
Poverty is the parent of revolution and crime. - Aristotle