7,767 research outputs found
Privacy Games: Optimal User-Centric Data Obfuscation
In this paper, we design user-centric obfuscation mechanisms that impose the
minimum utility loss for guaranteeing user's privacy. We optimize utility
subject to a joint guarantee of differential privacy (indistinguishability) and
distortion privacy (inference error). This double shield of protection limits
the information leakage through obfuscation mechanism as well as the posterior
inference. We show that the privacy achieved through joint
differential-distortion mechanisms against optimal attacks is as large as the
maximum privacy that can be achieved by either of these mechanisms separately.
Their utility cost is also not larger than what either of the differential or
distortion mechanisms imposes. We model the optimization problem as a
leader-follower game between the designer of obfuscation mechanism and the
potential adversary, and design adaptive mechanisms that anticipate and protect
against optimal inference algorithms. Thus, the obfuscation mechanism is
optimal against any inference algorithm
Quantifying Privacy: A Novel Entropy-Based Measure of Disclosure Risk
It is well recognised that data mining and statistical analysis pose a
serious treat to privacy. This is true for financial, medical, criminal and
marketing research. Numerous techniques have been proposed to protect privacy,
including restriction and data modification. Recently proposed privacy models
such as differential privacy and k-anonymity received a lot of attention and
for the latter there are now several improvements of the original scheme, each
removing some security shortcomings of the previous one. However, the challenge
lies in evaluating and comparing privacy provided by various techniques. In
this paper we propose a novel entropy based security measure that can be
applied to any generalisation, restriction or data modification technique. We
use our measure to empirically evaluate and compare a few popular methods,
namely query restriction, sampling and noise addition.Comment: 20 pages, 4 figure
A bayesian approach for on-line max and min auditing
In this paper we consider the on-line max and min query auditing problem: given a private association between fields in a data set, a sequence of max and min queries that have already been posed about the data, their corresponding answers and a new query, deny the answer if a private information is inferred or give the true answer otherwise. We give a probabilistic definition of privacy and demonstrate that max and min queries, without “no duplicates”assumption, can be audited by means of a Bayesian network. Moreover, we show how our auditing approach is able to manage user prior-knowledge
Differential Privacy versus Quantitative Information Flow
Differential privacy is a notion of privacy that has become very popular in
the database community. Roughly, the idea is that a randomized query mechanism
provides sufficient privacy protection if the ratio between the probabilities
of two different entries to originate a certain answer is bound by e^\epsilon.
In the fields of anonymity and information flow there is a similar concern for
controlling information leakage, i.e. limiting the possibility of inferring the
secret information from the observables. In recent years, researchers have
proposed to quantify the leakage in terms of the information-theoretic notion
of mutual information. There are two main approaches that fall in this
category: One based on Shannon entropy, and one based on R\'enyi's min entropy.
The latter has connection with the so-called Bayes risk, which expresses the
probability of guessing the secret. In this paper, we show how to model the
query system in terms of an information-theoretic channel, and we compare the
notion of differential privacy with that of mutual information. We show that
the notion of differential privacy is strictly stronger, in the sense that it
implies a bound on the mutual information, but not viceversa
DESIGN AND DEVELOPMENT OF KEY REPRESENTATION AUDITING SCHEME FOR SECURE ONLINE AND DYNAMIC STATISTICAL DATABASES
A statistical database (SDB) publishes statistical queries (such as sum, average, count,
etc.) on subsets of records. Sometimes by stitching the answers of some statistics, a
malicious user (snooper) may be able to deduce confidential information about some
individuals. When a user submits a query to statistical database, the difficult problem
is how to decide whether the query is answerable or not; to make a decision, past
queries must be taken into account, which is called SDB auditing. One of the major
drawbacks of the auditing, however, is its excessive CPU time and storage
requirements to find and retrieve the relevant records from the SDB.
The key representation auditing scheme (KRAS) is proposed to guarantee the
security of online and dynamic SDBs. The core idea is to convert the original
database into a key representation database (KRDB), also this scheme involves
converting each new user query from a string representation into a key representation
query (KRQ) and storing it in the Audit Query table (AQ table). Three audit stages are
proposed to repel the attacks of the snooper to the confidentiality of the individuals.
Also, efficient algorithms for these stages are presented, namely the First Stage
Algorithm (FSA), the Second Stage Algorithm (SSA) and the Third Stage Algorithm
(TSA). These algorithms enable the key representation auditor (KRA) to conveniently
specify the illegal queries which could lead to disclosing the SDB.
A comparative study is made between the new scheme and the existing methods,
namely a cost estimation and a statistical analysis are performed, and it illustrates the
savings in block accesses (CPU time) and storage space that are attainable when a
KRDB is used. Finally, an implementation of the new scheme is performed and all the
components of the proposed system are discussed
- …