de anonymizing data
play

De-anonymizing Data CompSci 590.03 Instructor: Ashwin - PowerPoint PPT Presentation

Oct 06, 2023 •102 likes •763 views

Source (http://xkcd.org/834/) De-anonymizing Data CompSci 590.03 Instructor: Ashwin Machanavajjhala Lecture 2 : 590.03 Fall 12 1 Announcements Project ideas will be posted on the site by Friday. You are welcome to send me (or talk to

  1. Source (http://xkcd.org/834/) De-anonymizing Data CompSci 590.03 Instructor: Ashwin Machanavajjhala Lecture 2 : 590.03 Fall 12 1

  2. Announcements • Project ideas will be posted on the site by Friday. – You are welcome to send me (or talk to me about) your own ideas. Lecture 2 : 590.03 Fall 12 2

  3. Outline • Recap & Intro to Anonymization • Algorithmically De-anonymizing Netflix Data • Algorithmically De-anonymizing Social Networks – Passive Attacks – Active Attacks Lecture 2 : 590.03 Fall 12 3

  4. Outline • Recap & Intro to Anonymization • Algorithmically De-anonymizing Netflix Data • Algorithmically De-anonymizing Social Networks – Passive Attacks – Active Attacks Lecture 2 : 590.03 Fall 12 4

  5. Personal Big-Data Person 1 Person 2 Person 3 Person N r 1 r 2 r 3 r N Google Census Hospital DB DB DB Information Recommen- Medical Doctors Economists Retrieval dation Researchers Researchers Algorithms Lecture 2 : 590.03 Fall 12 5

  6. The Massachusetts Governor Privacy Breach [Sweeney IJUFKS 2002] • Governor of MA • Name • Name uniquely identified • SSN • Address • Zip using ZipCode, • Date • Visit Date Birth Date, and Sex. • Birth Registered • Diagnosis date • Party • Procedure Name linked to Diagnosis affiliation • Medication • Sex • Date last • Total Charge voted Medical Data Voter List Lecture 2 : 590.03 Fall 12 6

  7. The Massachusetts Governor Privacy Breach [Sweeney IJUFKS 2002] • Governor of MA 87 % of US population • Name • Name uniquely identified • SSN • Address • Zip using ZipCode, • Date • Visit Date Birth Date, and Sex. • Birth Registered • Diagnosis date • Party • Procedure affiliation • Medication • Sex • Date last • Total Charge voted Quasi Identifier Medical Data Voter List Lecture 2 : 590.03 Fall 12 7

  8. Statistical Privacy (Trusted Collector) Problem Utility: Privacy: No breach about any individual Server D B Individual 1 Individual 2 Individual 3 Individual N r 1 r 2 r 3 r N Lecture 2 : 590.03 Fall 12 8

  9. Statistical Privacy (Untrusted Collector) Problem Server f ( ) D B Individual 1 Individual 2 Individual 3 Individual N r 1 r 2 r 3 r N Lecture 2 : 590.03 Fall 12 9

  10. Randomized Response • Flip a coin – heads with probability p, and – tails with probability 1-p (p > ½) • Answer question according to the following table: True Answer = Yes True Answer = No Heads Yes No Tails No Yes Lecture 2 : 590.03 Fall 12 10

  11. Statistical Privacy (Trusted Collector) Problem Server D B Individual 1 Individual 2 Individual 3 Individual N r 1 r 2 r 3 r N Lecture 2 : 590.03 Fall 12 11

  12. Query Answering How many allergy patients? Hospital ‘ D B Correlate Genome to disease Individual 1 Individual 2 Individual 3 Individual N r 1 r 2 r 3 r N Lecture 2 : 590.03 Fall 12 12

  13. Query Answering • Need to know the list of questions up front • Each answer will leak some information about individuals. After answering a few questions, server will run out of privacy budget and not be able to answer any more questions. • Will see this in detail later in the course. Lecture 2 : 590.03 Fall 12 13

  14. Anonymous/ Sanitized Data Publishing Hospital D B writingcenterunderground.wordpress.com I wont tell you what questions I am interested in! Individual 1 Individual 2 Individual 3 Individual N r 1 r 2 r 3 r N Lecture 2 : 590.03 Fall 12 14

  15. Anonymous/ Sanitized Data Publishing Hospital Answer any # of questions directly on D B ’ without D’ B any modifications. D B Individual 1 Individual 2 Individual 3 Individual N r 1 r 2 r 3 r N Lecture 2 : 590.03 Fall 12 15

  16. Today’s class • Identifying individual records and their sensitive values from data publishing (with insufficient sanitization). Lecture 2 : 590.03 Fall 12 16

  17. Outline • Recap & Intro to Anonymization • Algorithmically De-anonymizing Netflix Data • Algorithmically De-anonymizing Social Networks – Passive Attacks – Active Attacks Lecture 2 : 590.03 Fall 12 17

  18. Terms • Coin tosses of an algorithm • Union Bound • Heavy Tailed Distribution Lecture 2 : 590.03 Fall 12 18

  19. Terms (contd.) • Heavy Tailed Distribution Normal Distribution Not heavy tailed. Lecture 2 : 590.03 Fall 12 19

  20. Terms (contd.) • Heavy Tailed Distribution Laplace Distribution Heavy tailed. Lecture 2 : 590.03 Fall 12 20

  21. Terms (contd.) • Heavy Tailed Distribution Zipf Distribution Heavy tailed. Lecture 2 : 590.03 Fall 12 21

  22. Terms (contd.) • Cosine Similarity θ • Collaborative filtering – Problem of recommending new items to a user based on their ratings on previously seen items. Lecture 2 : 590.03 Fall 12 22

  23. Netflix Dataset Column/Attribute Movies 3 4 2 1 5 Record (r) 1 1 1 5 5 1 Users 5 2 2 1 4 2 1 4 3 3 5 4 3 1 3 2 4 Rating + TimeStamp Lecture 2 : 590.03 Fall 12 23

  24. Definitions • Support – Set (or number) of non-null attributes in a record or column • Similarity • Sparsity Lecture 2 : 590.03 Fall 12 24

  25. Adversary Model • Aux(r) – some subset of attributes from r Lecture 2 : 590.03 Fall 12 25

  26. Privacy Breach • Definition 1: An algorithm A outputs an r’ such that • Definition 2: (When only a sample of the dataset is input) Lecture 2 : 590.03 Fall 12 26

  27. Algorithm ScoreBoard • For each record r’, compute Score(r’, aux) to be the minimum similarity of an attribute in aux to the same attribute in r’. • Pick r’ with the maximum score OR • Return all records with Score > α Lecture 2 : 590.03 Fall 12 27

  28. Analysis Theorem 1: Suppose we use Scoreboard with α = 1 – ε . If Aux contains m randomly chosen attributes s.t. Then Scoreboard returns a record r’ such that Pr [ Sim (m, r’) > 1 – ε – δ ] > 1 – ε Lecture 2 : 590.03 Fall 12 28

  29. Proof of Theorem 1 • Call r’ a false match if Sim (Aux, r’) < 1 – ε – δ . • For any false match, Pr[ Sim(Aux i , r i ’) > 1 – ε ] < 1 – δ • Sim (Aux, r’) = min Sim(Aux i , r i ’) • Therefore, Pr[ Sim (Aux, r’) > 1 – ε ] < (1 – δ ) m • Pr[some false match has similarity > 1- ε ] < N(1- δ ) m • N(1- δ ) m < ε when m > log(N/ ε ) / log(1/1- δ ) Lecture 2 : 590.03 Fall 12 29

  30. Other results • If dataset D is (1- ε - δ , ε )-sparse, then D can be (1, 1- ε )- deanonymized. • Analogous results when a list of candidate records are returned Lecture 2 : 590.03 Fall 12 30

  31. Netflix Dataset • Slightly different algorithm Lecture 2 : 590.03 Fall 12 31

  32. Summary of Netflix Paper • Adversary can use a subset of ratings made by a user to uniquely identify the user’s record from the “ anonymized ” dataset with high probability • Simple Scoreboard algorithm provably guarantees identification of records. • A variant of Scoreboard can de-anonymize Netflix dataset. • Algorithms are robust to noise in the adversary’s background knowledge Lecture 2 : 590.03 Fall 12 32

  33. Outline • Recap & Intro to Anonymization • Algorithmically De-anonymizing Netflix Data • Algorithmically De-anonymizing Social Networks – Passive Attacks – Active Attacks Lecture 2 : 590.03 Fall 12 33

  34. Social Network Data • Social networks: graphs where each node represents a social entity, and each edge represents certain relationship between two entities • Example: email communication graphs, social interactions like in Facebook, Yahoo! Messenger, etc. Lecture 2 : 590.03 Fall 12 34

  35. Anonymizing Social Networks Alice Bob Cathy Diane Ed Fred Grace • Naïve anonymization – removes the label of each node and publish only the structure of the network • Information Leaks – Nodes may still be re-identified based on network structure Lecture 2 : 590.03 Fall 12 35

  36. Passive Attacks on an Anonymized Network Alice Bob Cathy Diane Ed Fred Grace • Consider the above email communication graph – Each node represents an individual – Each edge between two individuals indicates that they have exchanged emails Lecture 2 : 590.03 Fall 12 36

  37. Passive Attacks on an Anonymized Network Alice Bob Cathy Diane Ed Fred Grace • Alice has sent emails to three individuals only Lecture 2 : 590.03 Fall 12 37

  38. Passive Attacks on an Anonymized Network Alice Bob Cathy Diane Ed Fred Grace • Alice has sent emails to three individuals only • Only one node in the anonymized network has a degree three • Hence, Alice can re-identify herself Lecture 2 : 590.03 Fall 12 38

  39. Passive Attacks on an Anonymized Network Alice Bob Cathy Diane Ed Fred Grace • Cathy has sent emails to five individuals Lecture 2 : 590.03 Fall 12 39

  40. Passive Attacks on an Anonymized Network Alice Bob Cathy Diane Ed Fred Grace • Cathy has sent emails to five individuals • Only one node has a degree five • Hence, Cathy can re-identify herself Lecture 2 : 590.03 Fall 12 40

  41. Passive Attacks on an Anonymized Network Alice Bob Cathy Diane Ed Fred Grace • Now consider that Alice and Cathy share their knowledge about the anonymized network • What can they learn about the other individuals? Lecture 2 : 590.03 Fall 12 41

Recommend

De-anonymizing Data CompSci 590.03 Instructor: Ashwin

De-anonymizing Data CompSci 590.03 Instructor: Ashwin

Source (h?p://xkcd.org/834/) De-anonymizing Data CompSci 590.03 Instructor: Ashwin Machanavajjhala Lecture 2 : 590.03 Fall 13 1 Outline Recap

1.15k views • 83 slides
VEA: Validating, Evolving &amp; Anonymizing Data in Real Time Albert Franzi Cros, Data Engineer |

VEA: Validating, Evolving &amp; Anonymizing Data in Real Time Albert Franzi Cros, Data Engineer |

VEA: Validating, Evolving &amp; Anonymizing Data in Real Time Albert Franzi Cros, Data Engineer | Alpha Health Slides available in: bit.ly/afranzi-vea About me 2019 2020 2013 2014 2015 2017 2018 VEA: Validating, Evolving &amp;

679 views • 39 slides
De-Anonymizing Live CDs through Physical Memory Analysis

De-Anonymizing Live CDs through Physical Memory Analysis

De-Anonymizing Live CDs through Physical Memory Analysis Andrew Case Senior Security Analyst Speaker Background Computer Science degree from the University

644 views • 61 slides
Tor: An Anonymizing Overlay Network for TCP Roger Dingledine The Free Haven Project

Tor: An Anonymizing Overlay Network for TCP Roger Dingledine The Free Haven Project

Tor: An Anonymizing Overlay Network for TCP Roger Dingledine The Free Haven Project http://tor.freehaven.net/ http://tor.eff.org/ December 28, 21C3 2004 Talk Outline Motivation: Why anonymous communication? Personal privacy

1.03k views • 55 slides
De-anonymizing D4D Datasets Kumar Sharad 1 George Danezis 2 1 University of Cambridge 2 Microsoft

De-anonymizing D4D Datasets Kumar Sharad 1 George Danezis 2 1 University of Cambridge 2 Microsoft

De-anonymizing D4D Datasets Kumar Sharad 1 George Danezis 2 1 University of Cambridge 2 Microsoft Research July 12, 2013 6th Workshop on Hot Topics in Privacy Enhancing Technologies 2013, Bloomington, Indiana, USA Can Personally Identifiable

668 views • 18 slides
De-Anonymizing Live CDs through Physical Memory Analysis Andrew Case Senior Security Analyst

De-Anonymizing Live CDs through Physical Memory Analysis Andrew Case Senior Security Analyst

De-Anonymizing Live CDs through Physical Memory Analysis Andrew Case Senior Security Analyst Speaker Background Computer Science degree from the University of New Orleans Former Security Consultant for Neohapsis Worked for Digital

911 views • 61 slides
Anonymizing your hacktop A brief tour of unique identifiers accessible by software @ Unique

Anonymizing your hacktop A brief tour of unique identifiers accessible by software @ Unique

Anonymizing your hacktop A brief tour of unique identifiers accessible by software @ Unique Identifiers Who cares? What are we talking about? Where are they? Laptops &amp; Desktops Peripherals Smartphones Why

358 views • 19 slides
A Practical Congestion Attack on Tor Using Long Paths Towards De-anonymizing Tor Nathan S. Evans

A Practical Congestion Attack on Tor Using Long Paths Towards De-anonymizing Tor Nathan S. Evans

A Practical Congestion Attack on Tor Using Long Paths Towards De-anonymizing Tor Nathan S. Evans 1 Christian Grothoff 1 Roger Dingledine 2 1 University of Denver, Denver CO 2 The Tor Project August, 12 2009 A Practical Congestion Attack on Tor

2.41k views • 56 slides
De#anonymizing,Social,Networks, and,Inferring,Private,Attributes, Using,Knowledge,Graphs,

De#anonymizing,Social,Networks, and,Inferring,Private,Attributes, Using,Knowledge,Graphs,

De#anonymizing,Social,Networks, and,Inferring,Private,Attributes, Using,Knowledge,Graphs, Jianwei Qian Xiang#Yang Li Illinois Tech USTC,/Illinois Tech Chunhong Zhang Linlin Chen BUPT Illinois Tech Outline Background Prior Work Our Work

350 views • 34 slides
Tarzan: A Peer-to-Peer Anonymizing Network Layer Michael J. Freedman, NYU Robert Morris, MIT

Tarzan: A Peer-to-Peer Anonymizing Network Layer Michael J. Freedman, NYU Robert Morris, MIT

Tarzan: A Peer-to-Peer Anonymizing Network Layer Michael J. Freedman, NYU Robert Morris, MIT ACM CCS 2002 http://pdos.lcs.mit.edu/tarzan/ The Grail of Anonymization Participant can communicate anonymously with non-participant User ? ?

976 views • 42 slides
De-anonymizing D4D Datasets Kumar Sharad 1 and George Danezis 2 1 University of Cambridge Computer

De-anonymizing D4D Datasets Kumar Sharad 1 and George Danezis 2 1 University of Cambridge Computer

De-anonymizing D4D Datasets Kumar Sharad 1 and George Danezis 2 1 University of Cambridge Computer Laboratory, 15 JJ Thomson Avenue, Cambridge CB3 0FD, UK Kumar.Sharad@cl.cam.ac.uk 2 Microsoft Research 21 Station Road, Cambridge CB1 2FB, UK

217 views • 17 slides
Database Indexes and K-anonymity Tochukwu Iwuchukwu Jeffrey F. Naughton Conclusion There

Database Indexes and K-anonymity Tochukwu Iwuchukwu Jeffrey F. Naughton Conclusion There

Database Indexes and K-anonymity Tochukwu Iwuchukwu Jeffrey F. Naughton Conclusion There are striking similarities between Building a spatial index over a data set, and K-anonymizing a data set. We can exploit these similarities

392 views • 28 slides
Rumor Riding: Anonymizing Unstructured Peer-to-Peer Systems Narrated by Christo Wilson Table of

Rumor Riding: Anonymizing Unstructured Peer-to-Peer Systems Narrated by Christo Wilson Table of

Rumor Riding: Anonymizing Unstructured Peer-to-Peer Systems Narrated by Christo Wilson Table of Contents Table of Contents Problem Scenario Existing Anonymity Schemes Existing Anonymity Schemes T or Crowds Rumor Riding

239 views • 19 slides
Outline Anonymous communications techniques CSci 5271 Announcements intermission Introduction

Outline Anonymous communications techniques CSci 5271 Announcements intermission Introduction

Outline Anonymous communications techniques CSci 5271 Announcements intermission Introduction to Computer Security Day 23: Anonymizing the network Tor basics Stephen McCamant University of Minnesota, Computer Science &amp; Engineering Tor

301 views • 7 slides
Outline Anonymous communications techniques CSci 5271 Announcements intermission Introduction

Outline Anonymous communications techniques CSci 5271 Announcements intermission Introduction

Outline Anonymous communications techniques CSci 5271 Announcements intermission Introduction to Computer Security Day 24: Anonymizing the network Tor basics Stephen McCamant University of Minnesota, Computer Science &amp; Engineering Tor

391 views • 5 slides
Data Preparation Data cleaning Data integration and transformation (Data

Data Preparation Data cleaning Data integration and transformation (Data

Data Preprocessing Why preprocess the data? Data Preparation Data cleaning Data integration and transformation (Data preprocessing) Data reduction, Feature selection Discretization and concept hierarchy generation 2

891 views • 21 slides
DATA MINING LECTURE 2 What is data? The data mining pipeline What is Data Mining? Data

DATA MINING LECTURE 2 What is data? The data mining pipeline What is Data Mining? Data

DATA MINING LECTURE 2 What is data? The data mining pipeline What is Data Mining? Data mining is the use of efficient techniques for the analysis of very large collections of data and the extraction of useful and possibly unexpected

2.4k views • 94 slides
Part III Unstructured Data Data Retrieval: III.1 Unstructured data and data retrieval

Part III Unstructured Data Data Retrieval: III.1 Unstructured data and data retrieval

Inf1-DA 20102011 III: 68 / 91 Part III Unstructured Data Data Retrieval: III.1 Unstructured data and data retrieval Statistical Analysis of Data: III.2 Data scales and summary statistics III.3 Hypothesis testing and correlation III.4 2

579 views • 8 slides
Part III Unstructured Data Data Retrieval: III.1 Unstructured data and data retrieval

Part III Unstructured Data Data Retrieval: III.1 Unstructured data and data retrieval

Inf1-DA 20102011 III: 28 / 89 Part III Unstructured Data Data Retrieval: III.1 Unstructured data and data retrieval Statistical Analysis of Data: III.2 Data scales and summary statistics III.3 Hypothesis testing and correlation III.4

455 views • 23 slides
Part III Unstructured Data Data Retrieval: III.1 Unstructured data and data retrieval

Part III Unstructured Data Data Retrieval: III.1 Unstructured data and data retrieval

Inf1-DA 20102011 III: 68 / 91 Part III Unstructured Data Data Retrieval: III.1 Unstructured data and data retrieval Statistical Analysis of Data: III.2 Data scales and summary statistics III.3 Hypothesis testing and correlation III.4 2

729 views • 24 slides
Part III Unstructured Data Data Retrieval: III.1 Unstructured data and data retrieval

Part III Unstructured Data Data Retrieval: III.1 Unstructured data and data retrieval

Inf1-DA 20102011 III: 51 / 89 Part III Unstructured Data Data Retrieval: III.1 Unstructured data and data retrieval Statistical Analysis of Data: III.2 Data scales and summary statistics III.3 Hypothesis testing and correlation III.4

344 views • 17 slides
Data Preparation Data cleaning Discretization (Data preprocessing) Data

Data Preparation Data cleaning Discretization (Data preprocessing) Data

Data Preprocessing Why preprocess the data? Data Preparation Data cleaning Discretization (Data preprocessing) Data integration and transformation Data reduction, Feature selection 2 Why Prepare Data? Why Prepare

462 views • 15 slides
DATA QUALITY AND DATA DATA QUALITY AND DATA PROGRAMMING PROGRAMMING &quot;Data cleaning and

DATA QUALITY AND DATA DATA QUALITY AND DATA PROGRAMMING PROGRAMMING &quot;Data cleaning and

DATA QUALITY AND DATA DATA QUALITY AND DATA PROGRAMMING PROGRAMMING &quot;Data cleaning and repairing account for about 60% of the work of data scientists.&quot; Christian Kaestner Required reading: Schelter, S., Lange, D., Schmidt, P.,

1.1k views • 86 slides
Data stories with The Pudding So what is data storytelling? Data academia &amp; data science

Data stories with The Pudding So what is data storytelling? Data academia &amp; data science

Data stories with The Pudding So what is data storytelling? Data academia &amp; data science dense complex static/non-interactive often not accompanied by an easy-to-follow narrative Data art beautiful abstract

647 views • 5 slides

More recommend