876 research outputs found
Network Shuffling: Privacy Amplification via Random Walks
Recently, it is shown that shuffling can amplify the central differential
privacy guarantees of data randomized with local differential privacy. Within
this setup, a centralized, trusted shuffler is responsible for shuffling by
keeping the identities of data anonymous, which subsequently leads to stronger
privacy guarantees for systems. However, introducing a centralized entity to
the originally local privacy model loses some appeals of not having any
centralized entity as in local differential privacy. Moreover, implementing a
shuffler in a reliable way is not trivial due to known security issues and/or
requirements of advanced hardware or secure computation technology.
Motivated by these practical considerations, we rethink the shuffle model to
relax the assumption of requiring a centralized, trusted shuffler. We introduce
network shuffling, a decentralized mechanism where users exchange data in a
random-walk fashion on a network/graph, as an alternative of achieving privacy
amplification via anonymity. We analyze the threat model under such a setting,
and propose distributed protocols of network shuffling that is straightforward
to implement in practice. Furthermore, we show that the privacy amplification
rate is similar to other privacy amplification techniques such as uniform
shuffling. To our best knowledge, among the recently studied intermediate trust
models that leverage privacy amplification techniques, our work is the first
that is not relying on any centralized entity to achieve privacy amplification.Comment: 15 pages, 9 figures; SIGMOD 2022 versio
Technical Privacy Metrics: a Systematic Survey
The file attached to this record is the author's final peer reviewed versionThe goal of privacy metrics is to measure the degree of privacy enjoyed by users in a system and the amount of protection offered by privacy-enhancing technologies. In this way, privacy metrics contribute to improving user privacy in the digital world. The diversity and complexity of privacy metrics in the literature makes an informed choice of metrics challenging. As a result, instead of using existing metrics, new metrics are proposed frequently, and privacy studies are often incomparable. In this survey we alleviate these problems by structuring the landscape of privacy metrics. To this end, we explain and discuss a selection of over eighty privacy metrics and introduce categorizations based on the aspect of privacy they measure, their required inputs, and the type of data that needs protection. In addition, we present a method on how to choose privacy metrics based on nine questions that help identify the right privacy metrics for a given scenario, and highlight topics where additional work on privacy metrics is needed. Our survey spans multiple privacy domains and can be understood as a general framework for privacy measurement
- …