k anonymity algorithms
play

K-Anonymity & Algorithms CompSci 590.03 Instructor: Ashwin - PowerPoint PPT Presentation

Oct 15, 2022 •556 likes •1.05k views

K-Anonymity & Algorithms CompSci 590.03 Instructor: Ashwin Machanavajjhala Lecture 3 : 590.03 Fall 12 1 Announcements Project ideas are posted on the site. You are welcome to send me (or talk to me about) your own ideas. Lecture 3

  1. K-Anonymity & Algorithms CompSci 590.03 Instructor: Ashwin Machanavajjhala Lecture 3 : 590.03 Fall 12 1

  2. Announcements • Project ideas are posted on the site. – You are welcome to send me (or talk to me about) your own ideas. Lecture 3 : 590.03 Fall 12 2

  3. Outline • K-Anonymity: a metric for anonymity for data publishing [Sweeney IJUFKS 2002] • Algorithms for K-anonymous data publishing – Generalization/Suppression [Lefevre et al SIGMOD 2006] – Curse of Dimensionality [Agarwal VLDB 2005] Lecture 3 : 590.03 Fall 12 3

  4. Offline Data Publishing Database Researcher Microdata Data at the granularity of individuals

  5. Sample Microdata SSN Zip Age Nationality Disease 631-35-1210 13053 28 Russian Heart 051-34-1430 13068 29 American Heart 120-30-1243 13068 21 Japanese Viral 070-97-2432 13053 23 American Viral 238-50-0890 14853 50 Indian Cancer 265-04-1275 14853 55 Russian Heart 574-22-0242 14850 47 American Viral 388-32-1539 14850 59 American Viral 005-24-3424 13053 31 American Cancer 248-223-2956 13053 37 Indian Cancer 221-22-9713 13068 36 Japanese Cancer 615-84-1924 13068 32 American Cancer

  6. Removing SSN … Zip Age Nationality Disease 13053 28 Russian Heart 13068 29 American Heart 13068 21 Japanese Viral 13053 23 American Viral 14853 50 Indian Cancer 14853 55 Russian Heart 14850 47 American Viral 14850 59 American Viral 13053 31 American Cancer 13053 37 Indian Cancer 13068 36 Japanese Cancer 13068 32 American Cancer

  7. The Massachusetts Governor Privacy Breach [Sweeney IJUFKS 2002] • Governor of MA 87 % of US population • Name • Name uniquely identified • SSN • Address • Zip using ZipCode, • Date • Visit Date Birth Date, and Sex. • Birth Registered • Diagnosis date • Party • Procedure affiliation • Medication • Sex • Date last • Total Charge voted Quasi Identifier Medical Data Voter List Lecture 2 : 590.03 Fall 12 7

  8. Linkage Attacks Zip Age Nationality Disease 13053 28 Russian Heart 13068 29 American Heart 13068 21 Japanese Viral Quasi- 13053 23 American Viral Identifier 14853 50 Indian Cancer 14853 55 Russian Heart 14850 47 American Viral 14850 59 American Viral 13053 31 American Cancer 13053 37 Indian Cancer 13068 36 Japanese Cancer 13068 32 American Cancer Public Information

  9. We saw examples in last class • Massachusetts governor attack • AOL privacy breach • Netflix attack • Social Network attacks Lecture 3 : 590.03 Fall 12 9

  10. K-Anonymity [Samarati et al, PODS 1998] • Generalize, modify, or distort quasi-identifier values so that no individual is uniquely identifiable from a group of k • In SQL, table T is k-anonymous if each SELECT COUNT(*) FROM T GROUP BY Quasi-Identifier is ≥ k • Parameter k indicates the “degree” of anonymity

  11. Example 1: Generalization (Coarsening) Zip Age Nationality Disease Zip Age Nationality Disease 130** <30 * Heart 13053 28 Russian Heart 130** <30 * Heart 13068 29 American Heart 130** <30 * Flu 13068 21 Japanese Flu 130** <30 * Flu 13053 23 American Flu 1485* >40 * Cancer 14853 50 Indian Cancer 1485* >40 * Heart 14853 55 Russian Heart 1485* >40 * Flu 14850 47 American Flu 1485* >40 * Flu 14850 59 American Flu 130** 30-40 * Cancer 13053 31 American Cancer Equivalence Class : Group 130** 30-40 * Cancer 13053 37 Indian Cancer of k-anonymous records 130** 30-40 * Cancer 13068 36 Japanese Cancer that share the same value 130** 30-40 * Cancer 13068 32 American Cancer for Quasi-identifier attribtutes

  12. Example 2: Clustering Lecture 3 : 590.03 Fall 12 12

  13. Example 3: Microaggregation Zip Age Nationality Disease Zip Age Nationality Disease 13053 28 Russian Heart 4 tuples 2 Heart 13068 29 American Heart and Zip code = 130** 13068 21 Japanese Flu 2 Flu 23 < Age < 29 13053 23 American Flu Average(age) = 25 4 tuples 1 Cancer, 14853 50 Indian Cancer Zip = 1485* 1 Heart 14853 55 Russian Heart and 47 < Age < 59 14850 47 American Flu 2 Flu Average(age) = 53 14850 59 American Flu 4 tuples All Cancer Zip = 130** 13053 31 American Cancer patients 31 < Age < 37 13053 37 Indian Cancer Avergae(age) = 34 13068 36 Japanese Cancer 13068 32 American Cancer

  14. K-Anonymity • Joining the published data to an external dataset using quasi- identifiers results in at least k records per quasi-identifier combination. • What is a quasi-identifier? – Combination of attributes (that an adversary may know) that uniquely identify a large fraction of the population. – There can be many sets of quasi-identifiers. If Q = {B, Z, S} is a quasi-identifier, then Q + {N} is also a quasi-identifier. – Need to guarantee k-anonymity against the largest set of quasi-identifiers Lecture 3 : 590.03 Fall 12 14

  15. Outline • K-Anonymity: a metric for anonymity for data publishing [Sweeney IJUFKS 2002] • Algorithms for K-anonymous data publishing – Generalization/Suppression [Lefevre et al SIGMOD 2006] – Curse of Dimensionality [Agarwal VLDB 2005] Lecture 3 : 590.03 Fall 12 15

  16. Generalization • Coarsen (or suppress) an attribute to a more general value. Generation Step • Numeric Values – Suppress low significant bits: 12345 -> 1234* -> 123** – Ranges: 23 -> [20-25]; (30.5N 20.3E) -> box(30N-31N,20E-22E) Lecture 3 : 590.03 Fall 12 16

  17. Generalization • Coarsen (or suppress) an attribute to a more general value. Generation Step • Categorical Values – Domain Generalization Hierarchies State-gov occupation  Government occupation  Workclass Equivalent to suppressing the value Lecture 3 : 590.03 Fall 12 17

  18. Full Domain vs Local Generalization • Full Domain: Generalize all values in an attribute to the same “level” – Every occurrence of 12345 is replaced with 1234* in the database. – Answering queries on such datasets is easier. • Local Generalization: Values can be generalized to different levels. – 12345 in one tuple may be generalized to 1234*, and in another tuple entirely suppressed. – Allows k-anonymous datasets with lesser information loss. Lecture 3 : 590.03 Fall 12 18

  19. Generalization Lattice • Generalization step D - > D’: D’ is constructed from D using one generalization step. Nationality Zip * 130** Suppress tens digit of Zip Suppress nationality * 130** * 148** Nationality Zip Nationality Zip * 1306* American 130** * 1305* Japanese 130** * 1485* Japanese 148** Nationality Zip Suppress nationality Suppress tens digit of Zip American 1306* Japanese 1305* Japanese 1485* Lecture 3 : 590.03 Fall 12 19

  20. Utility: Quantifying error • Each generalization step introduces error. • Larger equivalence classes also may lead to more error. Utility Metrics : • Average size of equivalence classes • Number of steps in generalization lattice • Discernibility metric – Assign a penalty to each tuple – Penalty depends on how many other tuples are indistinguishable from it Do not take into account the distribution of values in each equivalence class. Lecture 3 : 590.03 Fall 12 20

  21. Utility Metrics • Classification metric – Assign a penalty to each tuple t: • If t‘s sensitive value == majority sensitive value in the group: Penalty = 0 • Otherwise: Penalty = size of equivalence class Does not take into account the distribution of the quasi- identifier attributes. • Information Loss – Penalty for each tuple = 1 - 1/ # values that can generalize to that tuple – E.g., Penalty (14850, 47) = 1 – 1 /1 = 0 – Penalty(1485*, [40-50]) = 1 – 1 / (10*10) = .99 Lecture 3 : 590.03 Fall 12 21

  22. Empirical Distribution • P(X=x) = fraction of tuples in the data with value x. 0.25 0.2 0.15 0.1 0.05 0 110 140 170 200 230 260 290 200 weights drawn from a normal distribution with mean 200 and sd 25. Lecture 3 : 590.03 Fall 12 22

  23. Empirical Distribution • P(X=x) = fraction of tuples in the data with value x. 2000 weights drawn from a normal distribution with mean 200 and sd 25. Lecture 3 : 590.03 Fall 12 23

  24. Utility Metrics KL-Divergence: • Suppose records were sampled from some multi-dimensional distribution F – iid (identically and independently distributed) • Given a table, we can estimate F with the empirical distribution F’ F’(14850, 47, American) = fraction of tuples in the database with Zip = 14850 AND Age=47 AND Nationality = American Lecture 3 : 590.03 Fall 12 24

  25. Utility Metrics KL-Divergence: • Similarly, given a k-anonymous table, we can compute the empirical distribution F’ k-anon F’ k-anon (14850, 47, American) = 1/N * ( Σ equivalence class C P[(14850, 47, American) in C] * |C|) Lecture 3 : 590.03 Fall 12 25

  26. Example Zip Age Nationality Disease 13053 28 Russian Heart 13068 29 American Heart 13068 21 Japanese Flu 13053 23 American Flu F’(13053, 37, Indian) = 1/12 14853 50 Indian Cancer 14853 55 Russian Heart 14850 47 American Flu 14850 59 American Flu 13053 31 American Cancer 13053 37 Indian Cancer 13068 36 Japanese Cancer 13068 32 American Cancer

Recommend

Anonymization Algorithms - Other techniques, metrics, and extended scenarios Li Xiong CS573

Anonymization Algorithms - Other techniques, metrics, and extended scenarios Li Xiong CS573

Anonymization Algorithms - Other techniques, metrics, and extended scenarios Li Xiong CS573 Data Privacy and Anonymity So far k-anonymity (protect identity disclosure) Anonymization algorithms Generalization and suppression

549 views • 34 slides
Bitcoin and Anonymity Anonymity Basics How to de-anonymize Bitcoin Mixing

Bitcoin and Anonymity Anonymity Basics How to de-anonymize Bitcoin Mixing

Cryptocurrency Technologies Bitcoin and Anonymity Bitcoin and Anonymity Anonymity Basics How to de-anonymize Bitcoin Mixing Decentralized Mixing Zerocoin and Zerocash Tor and the Silk Road Bitcoin and Anonymity

524 views • 39 slides
Measures of Anonymity/Privacy: k-Anonymity, L-Diversity,

Measures of Anonymity/Privacy: k-Anonymity, L-Diversity,

Measures of Anonymity/Privacy: k-Anonymity, L-Diversity, t-Closeness CompSci 590.03 Instructor: Ashwin Machanavajjhala Lecture 4 : 590.03 Fall 12 1

647 views • 61 slides
but quite a lot is. Coordination among users can help with anonymity. Debajyoti Das 1 Sebastian

but quite a lot is. Coordination among users can help with anonymity. Debajyoti Das 1 Sebastian

Not all is lost for anonymity but quite a lot is. Coordination among users can help with anonymity. Debajyoti Das 1 Sebastian Meiser 2 Esfandiar Mohammadi 3 Aniket Kate 1 1 Purdue University 2 Visa Research 3 ETH Zurich 1 Sender Anonymity

551 views • 44 slides
Streaming algorithms for k -center clustering with outliers and with anonymity Richard Matthew

Streaming algorithms for k -center clustering with outliers and with anonymity Richard Matthew

Streaming algorithms for k -center clustering with outliers and with anonymity Richard Matthew McCutchen and Samir Khuller University of Maryland {rmccutch,samir}@cs.umd.edu k -center clustering problem Input: n points in an arbitrary

751 views • 63 slides
Online Anonymity Andrew Lewman andrew@torproject.org June 8, 2010 What is anonymity? Anonymity

Online Anonymity Andrew Lewman andrew@torproject.org June 8, 2010 What is anonymity? Anonymity

Online Anonymity Andrew Lewman andrew@torproject.org June 8, 2010 What is anonymity? Anonymity isnt cryptography Cryptography protects the contents in transit You still know who is talking to whom, how often, and how much data is

764 views • 54 slides
Anonymity in Bitcoin Tumbler/Mixer Oct 9, 2019 Anonymity and Pseudonymity anonymous =

Anonymity in Bitcoin Tumbler/Mixer Oct 9, 2019 Anonymity and Pseudonymity anonymous =

Anonymity in Bitcoin Tumbler/Mixer Oct 9, 2019 Anonymity and Pseudonymity anonymous = Nameless, unidentifiable pseudonymous = Fake name, still traceable Tracing Bitcoin transactions Normal redeem script: Provide public key pk and proof

438 views • 33 slides
Anonymity Jiayi Fu What is Anonymity - Describe the situation in which someone's name is not

Anonymity Jiayi Fu What is Anonymity - Describe the situation in which someone's name is not

Anonymity Jiayi Fu What is Anonymity - Describe the situation in which someone's name is not given or known - Anonymity != Privacy != Security - Anonymity: they can see what you do, but not who you are - Privacy: they can see

379 views • 33 slides
Lecture 24 Anonymity and Privacy Stephen Checkoway University of Illinois at Chicago CS 487

Lecture 24 Anonymity and Privacy Stephen Checkoway University of Illinois at Chicago CS 487

Lecture 24 Anonymity and Privacy Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides based on Miller and Baileys ECE 422 Anonymity Anonymity: Concealing your identity In the context of the Internet, we

860 views • 61 slides
11-830 Computational Ethics for NLP Lecture 11: Privacy and Anonymity Privacy and Anonymity

11-830 Computational Ethics for NLP Lecture 11: Privacy and Anonymity Privacy and Anonymity

11-830 Computational Ethics for NLP Lecture 11: Privacy and Anonymity Privacy and Anonymity Being on-line without giving up everything about you Ensuring collected data doesnt reveal its users data Privacy in Structured Data:

766 views • 49 slides
Anonymity in Cryptocurrencies Foteini Baldimtsi Bitcoin Anonymity? Satoshi Nakamoto, 2008

Anonymity in Cryptocurrencies Foteini Baldimtsi Bitcoin Anonymity? Satoshi Nakamoto, 2008

Anonymity in Cryptocurrencies Foteini Baldimtsi Bitcoin Anonymity? Satoshi Nakamoto, 2008 Bitcoin is only pseudonymous Public Key Address 133GT5661q8RuSKrrv8q2Pb4RwS 146KL5461d8KuSPxvv8q2Nd6K2q Posted on the ... Blockchain Alice

821 views • 40 slides
Data Anonymization - Generalization Algorithms Li Xiong CS573 Data Privacy and Anonymity

Data Anonymization - Generalization Algorithms Li Xiong CS573 Data Privacy and Anonymity

Data Anonymization - Generalization Algorithms Li Xiong CS573 Data Privacy and Anonymity Generalization and Suppression Generalization Suppression Replace the value with a less Do not release a Z2 = {410**} value at all

790 views • 45 slides
Slicing the licing the Onion: Onion: Anonymity Without PKI Anonymity Without PKI Sachin Katti

Slicing the licing the Onion: Onion: Anonymity Without PKI Anonymity Without PKI Sachin Katti

Slicing the licing the Onion: Onion: Anonymity Without PKI Anonymity Without PKI Sachin Katti Dina Katabi &amp; Katya Puchala State of the art: Onio Onion Rout n Routing over P2P ing over P2P n Routing over P2P ing over P2P Bob Onion

705 views • 43 slides
Applications for Measurement: Improving Anonymity Online Rishab Nithyanand | Rachee Singh |

Applications for Measurement: Improving Anonymity Online Rishab Nithyanand | Rachee Singh |

Applications for Measurement: Improving Anonymity Online Rishab Nithyanand | Rachee Singh | Shinyoung Cho | Phillipa Gill Stony Brook University 1 Anonymity on the Internet Tor Network 2 Anonymity on the Internet Does not know the source

261 views • 15 slides
Identity and Identity and anonymity anonymity Engineering &amp; Public Policy Lorrie Faith

Identity and Identity and anonymity anonymity Engineering &amp; Public Policy Lorrie Faith

CyLab Identity and Identity and anonymity anonymity Engineering &amp; Public Policy Lorrie Faith Cranor October 29, 2013 y &amp; c S a e v c i u r P r i t e y l b L a a s b U o 8-533 / 8-733 / 19-608 / 95-818:

467 views • 46 slides
for anonymity, but quite a lot is. Debajyoti Das 1 Sebastian Meiser 2 Esfandiar Mohammadi 3 Aniket

for anonymity, but quite a lot is. Debajyoti Das 1 Sebastian Meiser 2 Esfandiar Mohammadi 3 Aniket

Anonymity Trilemma not all is lost for anonymity, but quite a lot is. Debajyoti Das 1 Sebastian Meiser 2 Esfandiar Mohammadi 3 Aniket Kate 1 1 Purdue University 2 Visa Research 3 Universitaet zu Luebeck Anonymous Communication (AC) Networks

449 views • 21 slides
Free Software, Free Internet, Anonymity &amp; Tor Andrew Lewman andrew@torproject.org 24 Feb

Free Software, Free Internet, Anonymity &amp; Tor Andrew Lewman andrew@torproject.org 24 Feb

Free Software, Free Internet, Anonymity &amp; Tor Andrew Lewman andrew@torproject.org 24 Feb 2011 What is anonymity? Anonymity isnt cryptography Cryptography protects the contents in transit You still know who is talking to whom, how

926 views • 51 slides
Anonymity with Identity Escrow Aybek Mukhamedov and Mark Ryan The University of Birmingham March

Anonymity with Identity Escrow Aybek Mukhamedov and Mark Ryan The University of Birmingham March

Anonymity with Identity Escrow Aybek Mukhamedov and Mark Ryan The University of Birmingham March 30, 2006 Outline Anonymity 1 Anonymity with identity escrow 2 Marshall and Molina-Jiminez protocol 3 Our protocol 4 Verification in

567 views • 20 slides
Crowds: Anonymity for Web Transactions Paper by: Michael K. Reiter &amp; Aviel D. Rubin of

Crowds: Anonymity for Web Transactions Paper by: Michael K. Reiter &amp; Aviel D. Rubin of

Crowds: Anonymity for Web Transactions Paper by: Michael K. Reiter &amp; Aviel D. Rubin of AT&amp;T Labs (August, 1997) Presenter: Craig Bergstrom Overview The Problem At Hand How Crowds Works Levels and Types of Anonymity &amp;

326 views • 19 slides
W hy is anonymity so hard? Roger D ingledine T he Free Haven Project 1 M any people need

W hy is anonymity so hard? Roger D ingledine T he Free Haven Project 1 M any people need

W hy is anonymity so hard? Roger D ingledine T he Free Haven Project 1 M any people need anonymity Polit ical dissident s in oppressive count ries Government s want t o do operat ions secret ly. Corporat ions are vulnerable t o t

838 views • 38 slides
Conscript Your Friends into Larger Anonymity Sets with JavaScript Henry Corrigan-Gibbs

Conscript Your Friends into Larger Anonymity Sets with JavaScript Henry Corrigan-Gibbs

Conscript Your Friends into Larger Anonymity Sets with JavaScript Henry Corrigan-Gibbs Bryan Ford Stanford Yale ACM Workshop on Privacy in the Electronic Society 4 November 2013 New Anonymity Systems Have a

563 views • 27 slides
Privacy-Enhancing Overlays in Bitcoin Sarah Meiklejohn (University College London) Claudio

Privacy-Enhancing Overlays in Bitcoin Sarah Meiklejohn (University College London) Claudio

Privacy-Enhancing Overlays in Bitcoin Sarah Meiklejohn (University College London) Claudio Orlandi (Aarhus University) 1 Anonymity in Bitcoin 2 Anonymity in Bitcoin 2 Anonymity in Bitcoin 2 Anonymity in Bitcoin 2 Anonymity in Bitcoin

1.23k views • 90 slides
Anonymity Networks for Crypto Geeks, the Department of Defense, and you. Nick Mathewson

Anonymity Networks for Crypto Geeks, the Department of Defense, and you. Nick Mathewson

Anonymity Networks for Crypto Geeks, the Department of Defense, and you. Nick Mathewson &lt;nickm@freehaven.net&gt; The Free Haven Project MIT SIPB talk; 2 Feb 2006 This talk is about anonymity. Technical Social 1. What is it? 2. Why does

1.02k views • 71 slides
Anonymity Loves Company: Usability and the network effect Roger Dingledine, Nick Mathewson The

Anonymity Loves Company: Usability and the network effect Roger Dingledine, Nick Mathewson The

Anonymity Loves Company: Usability and the network effect Roger Dingledine, Nick Mathewson The Free Haven Project 1 Overview We design and deploy anonymity systems. Version 1: You guys are studying this in academia, and we're

684 views • 25 slides

More recommend