k anonymity
play

K Anonymity Dagstuhl Workshop Federated Semantic 8 Data Management, - PDF document

Sep 14, 2022 •327 likes •457 views

27.06.2017 Schutz der Privatsphre (WS15/16) Introduction to Privacy (Part 1) You have zero privacy. Get over it. Scott McNealy, 1999 Privacy, k anonymity, and differential privacy Johann Christoph Freytag Humboldt-Universitt zu

  1. 27.06.2017 Schutz der Privatsphäre (WS15/16) Introduction to Privacy (Part 1) “You have zero privacy. Get over it.” Scott McNealy, 1999 Privacy, k ‐ anonymity, and differential privacy Johann Christoph Freytag Humboldt-Universität zu Berlin Dagstuhl Workshop Federated Semantic 1 Data Management, June 2017 Is it always obvious?  Is it always obvious that privacy is violated or breached?  Latanya Sweeney’s Finding – In Massachusetts, USA, the Group Insurance Commission (GIC) is responsible for purchasing health insurance for state employees – GIC has to publish the data: GIC( zip, dob, sex , diagnosis, procedure, ...) d ate o f b irth [Sween’02] http://dataprivacylab.org/people/sweeney/ Dagstuhl Workshop Federated Semantic 2 Data Management, June 2017 1

  2. 27.06.2017 Schutz der Privatsphäre (WS15/16) Introduction to Privacy (Part 1) Latanya Sweeney’s Finding (1)  Sweeney paid $20 and bought the voter registration list for Cambridge, MA: Voter GIC Name Adress … ZIP DOB Sex ZIP DOB Sex Diagnostic Medication …  William Weld (former governor) lives in Cambridge, hence is in VOTER  6 people in VOTER share his date of birth ( dob )  only 3 of them were man (same sex )  Weld was the only one in that zip  Sweeney learned Weld’s medical records!  87 % of population in U. S. can be identified by ZIP, dob, sex Dagstuhl Workshop Federated Semantic 3 Data Management, June 2017 What is Privacy? [Sweeney, 2002]  Definition 1: “ Privacy reflects the ability of a person, organization, government, or entity to control its own space, where the concept of space (or “privacy space”) takes on different contexts.” – Physical space, against invasion – Bodily space, medical consent – Computer space, spam – Web browsing space, Internet privacy [Agrawal et al., 2002]  Definition 2: “ Privacy is the right of individuals to determine for themselves when, how, and to what extent information about them is communicated to others.” (We shall call this data/information privacy) Dagstuhl Workshop Federated Semantic 4 Data Management, June 2017 2

  3. 27.06.2017 Schutz der Privatsphäre (WS15/16) Introduction to Privacy (Part 1) Challenge  Given: person ‐ specific data – microdata table T  Goal: privacy preserving public release table T * – Information should remain practically useful attributes A j SSN Name Zipcode Age Sex Disease 003 Chris 12211 18 M Arthritis 004 David 12244 19 M Cold 010 Ethan 12245 27 M Heart problem 029 Frank 12377 27 M Flu tuples t 034 Gillian 12377 27 F Arthritis 059 Helen 12391 34 F Diabetes 077 Ireen 12391 45 F Flu Microdata T Dagstuhl Workshop Federated Semantic 5 Data Management, June 2017 Quasi ‐ identifier  Definition (Quasi ‐ identifier) A set of non ‐ sensitive attributes QI T = { A i , …, A j } of a table T is called a quasi ‐ identifier if these attributes can be linked with external data to uniquely identify at least one individual in the general population Ω . Zipcode Age Sex Disease Name Zipcode Age Sex 12211 18 M Arthritis Chris 12211 18 M 12244 19 M Cold Jack 19221 20 M … … … … T Public database Linking attack Name Zipcode Age Sex Disease Ω = {Chris, David, Jack, …} Chris 12211 18 M Arthritis QI T = {Zipcode, Age, Sex} Dagstuhl Workshop Federated Semantic 6 Data Management, June 2017 3

  4. 27.06.2017 Schutz der Privatsphäre (WS15/16) Introduction to Privacy (Part 1) Microdata Identifier Quasi ‐ identifier Sensitive attributes attributes A j SSN Name Zipcode Age Sex Disease 003 Chris 12211 18 M Arthritis 004 David 12244 19 M Cold 010 Ethan 12245 27 M Heart problem tuples t 029 Frank 12377 27 M Flu 034 Gillian 12377 27 F Arthritis 059 Helen 12391 34 F Diabetes 077 Ireen 12391 45 F Flu Microdata T Dagstuhl Workshop Federated Semantic 7 Data Management, June 2017 Introduced by Latanya Sweeney, 2002 K ‐ Anonymity Dagstuhl Workshop Federated Semantic 8 Data Management, June 2017 4

  5. 27.06.2017 Schutz der Privatsphäre (WS15/16) Introduction to Privacy (Part 1) k ‐ anonymity Definition  Definition ( k ‐ anonymity) A table T satisfies k ‐ anonymity if for every tuple t ∈ T there exist k − 1 other tuples t 1 , t 2 , …, t k − 1 ∈ T such that t [QI T ] = t 1 [QI T ] = t 2 [QI T ] = ∙∙∙ = t k − 1 [QI T ] for all quasi ‐ identifier QI T . Zipcode Age Sex Disease Zipcode Age Sex Disease 12211 18 M Arthritis 122** 18–19 M Arthritis 12244 19 M Cold 122** 18–19 M Cold 12245 27 M Heart problem * 27 * Heart problem 12377 27 M Flu * 27 * Flu 12377 27 F Arthritis * 27 * Arthritis 12391 34 F Diabetes 12391 ≥ 30 F Diabetes 12391 45 F Flu 12391 ≥ 30 F Flu Microdata table T 2 ‐ anomynous table T * Dagstuhl Workshop Federated Semantic 9 Data Management, June 2017 k ‐ anonymity Zipcode Age Sex Disease 122** 18–19 M Arthritis QI ‐ group/ equivalence class 122** 18–19 M Cold * 27 * Heart problem * 27 * Flu Name Zipcode Age Sex * 27 * Arthritis Chris 12211 18 M 12391 ≥ 30 F Diabetes Jack 19221 20 M 12391 ≥ 30 F Flu Public database T * Name Zipcode Age Sex Disease Chris 12211 18 M Arthritis Disease of Chris? Arthritis or Cold? Chris 12211 18 M Cold Dagstuhl Workshop Federated Semantic 10 Data Management, June 2017 5

  6. 27.06.2017 Schutz der Privatsphäre (WS15/16) Introduction to Privacy (Part 1) Privacy protection vs. information Zipcode Age Sex Disease Zipcode Age Sex Disease 122** 18–19 M Arthritis * ≤ 19 M Arthritis 122** 18–19 M Cold * ≤ 19 M Cold * 27 * Heart problem * 18–65 * Heart problem * 27 * Flu * 18–65 * Flu * 27 * Arthritis * 18–65 * Arthritis 12391 ≥ 30 F Diabetes 12*** ≥ 20 * Diabetes 12391 ≥ 30 F Flu 12*** ≥ 20 * Flu 2 ‐ anonymous table 2 ‐ anonymous table high information content low information content Dagstuhl Workshop Federated Semantic 11 Data Management, June 2017 Anonymization Methods Overview Lower and upper bound for each sensitive attribute value ( α i , β i ) ‐ Closeness (High importance attack, Lower bound attack) t ‐ Closeness Limit adversary’s information gain (Skewness attack, Similarity attack) ( ε , m ) ‐ Anonymity Restrict similar numerical values (Proximity Breach) Privacy Protection l ‐ Diversity m ‐ Invariance Diversity of sensitive values Time ‐ sequence re ‐ publications; (Background knowledge attack, (Critical absence phenomenon) Probabilistic inference attack) ( k , e ) ‐ Anonymity Limit range of numerical attributes (Similarity attack) ( α , k ) ‐ Anonymity Limit most frequent value (Probabilistic inference attack) p ‐ Sensitive k ‐ Anonymity Protection against attribute disclosure (Homogeneity attack) minor k ‐ Anonymity Protection against identity disclosure (Linkage attack) major Dagstuhl Workshop Federated Semantic 12 Data Management, June 2017 6

  7. 27.06.2017 Schutz der Privatsphäre (WS15/16) Introduction to Privacy (Part 1) Introduced by Cynthia Dwork (2006) Differential Privacy Dagstuhl Workshop Federated Semantic 13 Data Management, June 2017 Model Query Microdata (MDB) query result (not exactly)  Protect Privacy  Provide useful information Add noise, delete names, etc. Dagstuhl Workshop Federated Semantic 14 Data Management, June 2017 7

  8. ͌ 27.06.2017 Schutz der Privatsphäre (WS15/16) Introduction to Privacy (Part 1) Differential Privacy (informal)  Output of a query is similar whether any single individual’s record is included in the database or not Query: # of persons with a cold? Database D Database D‘ Name Disease Query Query Name Disease Chris Arthritis ≈ Chris Arthritis R1 R2 David Cold Ethan Heart problem Ethan Heart problem  David is no worse off because his record is/is not included in the output of a query Dagstuhl Workshop Federated Semantic 15 Data Management, June 2017 Definitions Definition 1 (neighboring databases): Two databases D, D’ are neighbors if they differ by at most one tuple Definition 2 ( ε‐ differential privacy): A randomized algorithm G provides ε ‐ differential privacy if: – for all neighboring databases D and D’, andprivacy – for any outputs O: Pr[ G ( D ) = O ] ≤ e ε * Pr[ G ( D’ ) = O ] Dagstuhl Workshop Federated Semantic 16 Data Management, June 2017 8

  9. 27.06.2017 Schutz der Privatsphäre (WS15/16) Introduction to Privacy (Part 1) Differential Privacy – additional remarks Ɛ is a privacy  Pr[ G ( D ) = O ] ≤ e ε * Pr[ G ( D’ ) = O ] parameter Pr[ G ( D’ ) = O ] ≤ e  ≈ 1 ±  Pr[ G ( D ) = O ] =  Epsilon is usually small: e.g. if  = 0.1 then e  ≈ 1.10 epsilon = stronger privacy Dagstuhl Workshop Federated Semantic 17 Data Management, June 2017 Query sensitivity Definition 3: The sensitivity of a query Q is ∆ q = max |Q(D) ‐ Q(D’)| where D, D’ are any two neighboring databases Query Q Sensitivity ∆ q Q1: Count tuples 1 Q2: Count (patients with “Cold”) 1 Q3: Count (patients with property X) 1 Q4: Max (age of patients) max age Dagstuhl Workshop Federated Semantic 18 Data Management, June 2017 9

Recommend

Bitcoin and Anonymity Anonymity Basics How to de-anonymize Bitcoin Mixing

Bitcoin and Anonymity Anonymity Basics How to de-anonymize Bitcoin Mixing

Cryptocurrency Technologies Bitcoin and Anonymity Bitcoin and Anonymity Anonymity Basics How to de-anonymize Bitcoin Mixing Decentralized Mixing Zerocoin and Zerocash Tor and the Silk Road Bitcoin and Anonymity

524 views • 39 slides
Measures of Anonymity/Privacy: k-Anonymity, L-Diversity,

Measures of Anonymity/Privacy: k-Anonymity, L-Diversity,

Measures of Anonymity/Privacy: k-Anonymity, L-Diversity, t-Closeness CompSci 590.03 Instructor: Ashwin Machanavajjhala Lecture 4 : 590.03 Fall 12 1

648 views • 61 slides
but quite a lot is. Coordination among users can help with anonymity. Debajyoti Das 1 Sebastian

but quite a lot is. Coordination among users can help with anonymity. Debajyoti Das 1 Sebastian

Not all is lost for anonymity but quite a lot is. Coordination among users can help with anonymity. Debajyoti Das 1 Sebastian Meiser 2 Esfandiar Mohammadi 3 Aniket Kate 1 1 Purdue University 2 Visa Research 3 ETH Zurich 1 Sender Anonymity

551 views • 44 slides
Online Anonymity Andrew Lewman andrew@torproject.org June 8, 2010 What is anonymity? Anonymity

Online Anonymity Andrew Lewman andrew@torproject.org June 8, 2010 What is anonymity? Anonymity

Online Anonymity Andrew Lewman andrew@torproject.org June 8, 2010 What is anonymity? Anonymity isnt cryptography Cryptography protects the contents in transit You still know who is talking to whom, how often, and how much data is

764 views • 54 slides
Anonymity in Bitcoin Tumbler/Mixer Oct 9, 2019 Anonymity and Pseudonymity anonymous =

Anonymity in Bitcoin Tumbler/Mixer Oct 9, 2019 Anonymity and Pseudonymity anonymous =

Anonymity in Bitcoin Tumbler/Mixer Oct 9, 2019 Anonymity and Pseudonymity anonymous = Nameless, unidentifiable pseudonymous = Fake name, still traceable Tracing Bitcoin transactions Normal redeem script: Provide public key pk and proof

438 views • 33 slides
Anonymity Jiayi Fu What is Anonymity - Describe the situation in which someone's name is not

Anonymity Jiayi Fu What is Anonymity - Describe the situation in which someone's name is not

Anonymity Jiayi Fu What is Anonymity - Describe the situation in which someone's name is not given or known - Anonymity != Privacy != Security - Anonymity: they can see what you do, but not who you are - Privacy: they can see

379 views • 33 slides
Lecture 24 Anonymity and Privacy Stephen Checkoway University of Illinois at Chicago CS 487

Lecture 24 Anonymity and Privacy Stephen Checkoway University of Illinois at Chicago CS 487

Lecture 24 Anonymity and Privacy Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides based on Miller and Baileys ECE 422 Anonymity Anonymity: Concealing your identity In the context of the Internet, we

860 views • 61 slides
11-830 Computational Ethics for NLP Lecture 11: Privacy and Anonymity Privacy and Anonymity

11-830 Computational Ethics for NLP Lecture 11: Privacy and Anonymity Privacy and Anonymity

11-830 Computational Ethics for NLP Lecture 11: Privacy and Anonymity Privacy and Anonymity Being on-line without giving up everything about you Ensuring collected data doesnt reveal its users data Privacy in Structured Data:

766 views • 49 slides
Anonymity in Cryptocurrencies Foteini Baldimtsi Bitcoin Anonymity? Satoshi Nakamoto, 2008

Anonymity in Cryptocurrencies Foteini Baldimtsi Bitcoin Anonymity? Satoshi Nakamoto, 2008

Anonymity in Cryptocurrencies Foteini Baldimtsi Bitcoin Anonymity? Satoshi Nakamoto, 2008 Bitcoin is only pseudonymous Public Key Address 133GT5661q8RuSKrrv8q2Pb4RwS 146KL5461d8KuSPxvv8q2Nd6K2q Posted on the ... Blockchain Alice

821 views • 40 slides
Slicing the licing the Onion: Onion: Anonymity Without PKI Anonymity Without PKI Sachin Katti

Slicing the licing the Onion: Onion: Anonymity Without PKI Anonymity Without PKI Sachin Katti

Slicing the licing the Onion: Onion: Anonymity Without PKI Anonymity Without PKI Sachin Katti Dina Katabi & Katya Puchala State of the art: Onio Onion Rout n Routing over P2P ing over P2P n Routing over P2P ing over P2P Bob Onion

705 views • 43 slides
Applications for Measurement: Improving Anonymity Online Rishab Nithyanand | Rachee Singh |

Applications for Measurement: Improving Anonymity Online Rishab Nithyanand | Rachee Singh |

Applications for Measurement: Improving Anonymity Online Rishab Nithyanand | Rachee Singh | Shinyoung Cho | Phillipa Gill Stony Brook University 1 Anonymity on the Internet Tor Network 2 Anonymity on the Internet Does not know the source

261 views • 15 slides
Identity and Identity and anonymity anonymity Engineering & Public Policy Lorrie Faith

Identity and Identity and anonymity anonymity Engineering & Public Policy Lorrie Faith

CyLab Identity and Identity and anonymity anonymity Engineering & Public Policy Lorrie Faith Cranor October 29, 2013 y & c S a e v c i u r P r i t e y l b L a a s b U o 8-533 / 8-733 / 19-608 / 95-818:

467 views • 46 slides
for anonymity, but quite a lot is. Debajyoti Das 1 Sebastian Meiser 2 Esfandiar Mohammadi 3 Aniket

for anonymity, but quite a lot is. Debajyoti Das 1 Sebastian Meiser 2 Esfandiar Mohammadi 3 Aniket

Anonymity Trilemma not all is lost for anonymity, but quite a lot is. Debajyoti Das 1 Sebastian Meiser 2 Esfandiar Mohammadi 3 Aniket Kate 1 1 Purdue University 2 Visa Research 3 Universitaet zu Luebeck Anonymous Communication (AC) Networks

449 views • 21 slides
Free Software, Free Internet, Anonymity & Tor Andrew Lewman andrew@torproject.org 24 Feb

Free Software, Free Internet, Anonymity & Tor Andrew Lewman andrew@torproject.org 24 Feb

Free Software, Free Internet, Anonymity & Tor Andrew Lewman andrew@torproject.org 24 Feb 2011 What is anonymity? Anonymity isnt cryptography Cryptography protects the contents in transit You still know who is talking to whom, how

927 views • 51 slides
Anonymity with Identity Escrow Aybek Mukhamedov and Mark Ryan The University of Birmingham March

Anonymity with Identity Escrow Aybek Mukhamedov and Mark Ryan The University of Birmingham March

Anonymity with Identity Escrow Aybek Mukhamedov and Mark Ryan The University of Birmingham March 30, 2006 Outline Anonymity 1 Anonymity with identity escrow 2 Marshall and Molina-Jiminez protocol 3 Our protocol 4 Verification in

567 views • 20 slides
Crowds: Anonymity for Web Transactions Paper by: Michael K. Reiter & Aviel D. Rubin of

Crowds: Anonymity for Web Transactions Paper by: Michael K. Reiter & Aviel D. Rubin of

Crowds: Anonymity for Web Transactions Paper by: Michael K. Reiter & Aviel D. Rubin of AT&T Labs (August, 1997) Presenter: Craig Bergstrom Overview The Problem At Hand How Crowds Works Levels and Types of Anonymity &

326 views • 19 slides
Conscript Your Friends into Larger Anonymity Sets with JavaScript Henry Corrigan-Gibbs

Conscript Your Friends into Larger Anonymity Sets with JavaScript Henry Corrigan-Gibbs

Conscript Your Friends into Larger Anonymity Sets with JavaScript Henry Corrigan-Gibbs Bryan Ford Stanford Yale ACM Workshop on Privacy in the Electronic Society 4 November 2013 New Anonymity Systems Have a

563 views • 27 slides
W hy is anonymity so hard? Roger D ingledine T he Free Haven Project 1 M any people need

W hy is anonymity so hard? Roger D ingledine T he Free Haven Project 1 M any people need

W hy is anonymity so hard? Roger D ingledine T he Free Haven Project 1 M any people need anonymity Polit ical dissident s in oppressive count ries Government s want t o do operat ions secret ly. Corporat ions are vulnerable t o t

838 views • 38 slides
Privacy-Enhancing Overlays in Bitcoin Sarah Meiklejohn (University College London) Claudio

Privacy-Enhancing Overlays in Bitcoin Sarah Meiklejohn (University College London) Claudio

Privacy-Enhancing Overlays in Bitcoin Sarah Meiklejohn (University College London) Claudio Orlandi (Aarhus University) 1 Anonymity in Bitcoin 2 Anonymity in Bitcoin 2 Anonymity in Bitcoin 2 Anonymity in Bitcoin 2 Anonymity in Bitcoin

1.23k views • 90 slides
Anonymity Networks for Crypto Geeks, the Department of Defense, and you. Nick Mathewson

Anonymity Networks for Crypto Geeks, the Department of Defense, and you. Nick Mathewson

Anonymity Networks for Crypto Geeks, the Department of Defense, and you. Nick Mathewson <nickm@freehaven.net> The Free Haven Project MIT SIPB talk; 2 Feb 2006 This talk is about anonymity. Technical Social 1. What is it? 2. Why does

1.02k views • 71 slides
Anonymity Loves Company: Usability and the network effect Roger Dingledine, Nick Mathewson The

Anonymity Loves Company: Usability and the network effect Roger Dingledine, Nick Mathewson The

Anonymity Loves Company: Usability and the network effect Roger Dingledine, Nick Mathewson The Free Haven Project 1 Overview We design and deploy anonymity systems. Version 1: You guys are studying this in academia, and we're

684 views • 25 slides
Theorem-proving Privacy and Anonymity Yoshinobu KAWABE NTT Communication Science Laboratories

Theorem-proving Privacy and Anonymity Yoshinobu KAWABE NTT Communication Science Laboratories

Theorem-proving Privacy and Anonymity Yoshinobu KAWABE NTT Communication Science Laboratories NTT Corporation References Simulation-based proof method of privacy/anonymity Y. Kawabe, K. Mano, H. Sakurada and Y. Tsukada

303 views • 28 slides
Theory and Design of Low-latency Anonymity Systems (Lecture 1) Paul Syverson U.S. Naval Research

Theory and Design of Low-latency Anonymity Systems (Lecture 1) Paul Syverson U.S. Naval Research

Theory and Design of Low-latency Anonymity Systems (Lecture 1) Paul Syverson U.S. Naval Research Laboratory syverson@itd.nrl.navy.mil http://www.syverson.org 1 Course Outline Lecture 1: Usage examples, basic notions of anonymity, types

918 views • 88 slides
Theory and Design of Low-latency Anonymity Systems (Lecture 4) Paul Syverson U.S. Naval Research

Theory and Design of Low-latency Anonymity Systems (Lecture 4) Paul Syverson U.S. Naval Research

Theory and Design of Low-latency Anonymity Systems (Lecture 4) Paul Syverson U.S. Naval Research Laboratory syverson@itd.nrl.navy.mil http://www.syverson.org 1 Course Outline Lecture 1: Usage examples, basic notions of anonymity, types

611 views • 48 slides

More recommend