se sequence obfu fuscation ion to o thwar art pa pattern
play

Se Sequence Obfu fuscation ion to o Thwar art Pa Pattern - PowerPoint PPT Presentation

Se Sequence Obfu fuscation ion to o Thwar art Pa Pattern Matching Attacks Bo Guan , Nazanin Takbiri, Dennis L. Goeckel, Amir Houmansadr, Hossein Pishro-Nik University of Massachusetts Amherst IEEE International Symposium on Information


  1. Se Sequence Obfu fuscation ion to o Thwar art Pa Pattern Matching Attacks Bo Guan , Nazanin Takbiri, Dennis L. Goeckel, Amir Houmansadr, Hossein Pishro-Nik University of Massachusetts Amherst IEEE International Symposium on Information Theory (ISIT) Los Angeles, California June 2020

  2. Priva vacy cy Threats s in Internet of Things s Applica cations I nter nternet net of of T hings hings 2

  3. Mathematica cal Model of Problem β€’ Data is created in the form of Long Time Series . The collection π‘Œ ! = [π‘Œ ! 1 , π‘Œ ! 2 , π‘Œ ! (3), …] Data of User 𝑣 Data of User 𝑣 at different times π‘Œ ! = [π‘Œ ! 1 , π‘Œ ! 2 , π‘Œ ! (3), …] Need Utility LBS Location Based Lose Privacy Applications 3

  4. Motiva vation User 1 Sequence 1 User 2 Sequence 2 Adve versa sary: y: Match ch . . Prior Behavi viors wi with th . . Realiza zations . . User π‘œ Sequence π‘œ π‘Œ " = [π‘Œ " 1 , π‘Œ " 2 , π‘Œ " (3), …] User Profile ($) π‘Ÿ " & β‹― π‘Ÿ " ' π‘Ÿ " User v could be identified by his habitual pattern.

  5. Co Contri tributi tion β€’ Our goal is to provide a privacy-preserving mechanism (PPM), even if we do not know the exact data point model . β€’ We proposed a smart obfuscation method to confuse an adversary’s pattern matching attack . β€’ This method achieves the privacy by generating all the possible patterns in a smart obfuscation noise.

  6. Ov Overview I. I. Syst ystem Model and De Defin init itio ions II. II. Priva vacy cy Guar Guarantee antee for for Model odel-Fre Free PPM PPMs III. III. Numerica cal Resu sults IV IV. Concl clusi sion 6

  7. Ov Overview I. I. Syst ystem Model and De Defin init itio ions II. Privacy Guarantee for Model-Free PPMs III. Numerical Results IV. Conclusion 7

  8. II. Priva vacy cy Guarantees s for Model-Free PPMs s I. Syst ystem Mo Model and Defi finiti tions III. Numerica III cal Resu sults IV IV. . Concl clusi sion Da Data ta Poi Point nt Mo Model β€’ Here we make no assumptions about the data points’ statistical model. Instead, we assume only there are 𝑠 β‰₯ 2 possible values for each user’s data points β€’ in a finite size set 𝑆 = 0, 1, β‹― , 𝑠 βˆ’ 1 . 𝒀 * = [ π‘Œ * 1 , π‘Œ * 2 , β‹― , π‘Œ * 𝑛 ] + , 𝒀 = [ 𝒀 , , 𝒀 - , β‹― , 𝒀 . ] Data point of user 𝑣

  9. II. Priva vacy cy Guarantees s for Model-Free PPMs s I. Syst ystem Mo Model and Defi finiti tions III III. Numerica cal Resu sults IV IV. . Concl clusi sion Definition 1. A pattern is a sequence 𝑹 = π‘Ÿ (,) π‘Ÿ (-) β‹― π‘Ÿ 1 , where π‘Ÿ 2 ∈ {0,1, β‹― , 𝑠 βˆ’ 1} for any 𝑗 ∈ 1,2, β‹― , π‘š . A user 𝑣 is said to have the pattern 𝑹 if: o The sequence 𝑹 is a subsequence (not necessarily consecutive) of user 𝑣 ’s (obfuscated) sequence, and o For 𝑗 ∈ 1,2, β‹― , π‘š βˆ’ 1 , π‘Ÿ 2 and π‘Ÿ 23, appear in the (obfuscated) sequence of user 𝑣 with distance less than or equal to β„Ž . For instance, in the below fragment of the data sequence: … 3 1 4 2 6 3 4 5 6 … If we set β„Ž = 3 , pattern 164 shows in the sequence fragment, but not the pattern 134.

  10. II. Priva vacy cy Guarantees s for Model-Free PPMs s I. Syst ystem Mo Model and Defi finiti tions III. Numerica III cal Resu sults IV IV. . Concl clusi sion Definition 2. A sequence is an 𝑠, π‘š βˆ’ superstring is it contains all possible 𝑠 1 length βˆ’π‘š strings on a size βˆ’π‘  alphabet βˆ’β„› as its contiguous substrings. Note that: β€’ Cyclic tail-to-head ligation is not allowed here. β€’ Repeated symbols for the substrings are allowed. For instance, the following sequence is a 2, 3 βˆ’ superstring since it contains all possible length βˆ’2 strings, here 𝑆 = {0, 1} : 000001010011100101110111

  11. tions II. Priva vacy cy of Independent Use sers I. Syst ystem Mo Model and Defi finiti III. Priva III vacy cy of Dependent Use sers IV. Remapping Tech chnique Obfusca scationMech chanism sm 𝒀 𝒗 π‘Œ ! (1) π‘Œ ! (2) π‘Œ ! (3) π‘Œ ! (4) π‘Œ ! (5) π‘Œ ! (6) π‘Œ ! (7) π‘Œ ! (8) π‘Œ ! (9) … 𝑿 𝒗 0 0 1 0 1 0 0 0 1 … * … π’Œ = 𝟐 π’Œ = 𝟐 +1 π’Œ = 𝟐 +1+1 π‘˜ = 5 𝑋 ! (𝑗) Element of superstring sequence 𝒃 ! ()$ 𝒂 𝒗 π‘Œ ! (1) π‘Œ ! (2) 𝑏 ! (1) π‘Œ ! (4) 𝑏 ! (2) π‘Œ ! (6) π‘Œ ! (7) π‘Œ ! (8) 𝑏 ! (3) … 𝒂 * = [ π‘Ž * 1 , π‘Ž * 2 , β‹― , π‘Ž * 𝑛 ] + , 𝒂 = [ 𝒂 , , 𝒂 - , β‹― , 𝒂 . ].

  12. II. Priva vacy cy Guarantees s for Model-Free PPMs s I. Syst ystem Mo Model and Defi finiti tions III III. Numerica cal Resu sults IV IV. . Concl clusi sion Anonym ymiza zation Mech chanism sm Alice ce data se sequence ce Carol data se sequence ce Alice ce Alice ce Bob data se sequence ce Alice ce data se sequence ce Bob Bo Bob Bo Carol data se sequence ce Bob data se sequence ce Ca Carol Ca Carol

  13. II. Priva vacy cy Guarantees s for Model-Free PPMs s I. Syst ystem Mo Model and Defi finiti tions III. Numerica III cal Resu sults IV IV. . Concl clusi sion Adve versa sary y Model Ø Adversary Does Know: β€’ The sequence 𝑍 " # 1 , 𝑍 " # 2 , β‹― , 𝑍 " # 𝑛 for each user 𝑣. β€’ Privacy-Preserving Mechanism β†’ Obfuscation+ Anonymization. β€’ Identifying pattern for each user 𝑣 . Ø Adversary Does NOT Know: β€’ The permutation employed in the anonymization. β€’ The actual superstring employed for obfuscation. 13

  14. I. Syst ystem Mo Model and Defi finiti tions II. Priva vacy cy Guarantees s for Model-Free PPMs s III III. Numerica cal Resu sults IV IV. . Concl clusi sion Other Approach ches β€œPerfect Privacy” is proposed and achieved in Takbiri’s journal paper [1]: β€’ A statistical model is assumed in the data points model. β€’ But, the statistical model may NOT be given or unknown. In this paper, β€’ We propose a new PPMs mechanism based on the Model-Free approach. β€’ The PPM protects against a specific attack: pattern matching. [1] Takbiri, Nazanin, et al. "Matching anonymized and obfuscated time series to users’ profiles." IEEE Transactions on Information Theory 65.2 (2018): 724-741.

  15. I. Syst ystem Mo Model and Defi finiti tions II. Priva vacy cy Guarantees s for Model-Free PPMs s III III. Numerica cal Resu sults IV IV. . Concl clusi sion , π‘Ÿ < - β‹― π‘Ÿ < 1 has πœ— βˆ’ privacy if : Definition 3. User 𝑀 with data pattern π‘Ÿ < β€’ for any other 𝑣 , the probability that user 𝑣 has the same pattern as user user 𝑀 in their obfuscated data sequence is at least πœ— . Definition 4. β„™(ℬ * ) is defined as the probability that the obfuscated sequence 𝒂 * For instance, a 3, 2 βˆ’ superstring which contains all has user 1 ’s identifying pattern due to possible length βˆ’2 strings, here 𝑆 = {0, 1, 2} : obfuscation by an 𝑠, π‘š βˆ’ superstring with 001122011002201221 length π‘šπ‘  1 . β€’ Superstring is obtained by arranging all the possible 𝑠 1 substrings without overlapping.

  16. II. Priva vacy cy Guarantees s for Model-Free PPMs s I. Syst ystem Mo Model and Defi finiti tions III III. Numerica cal Resu sults IV. IV . Concl clusi sion D ) is defined as the Definition 5. β„™(ℬ * probability that the obfuscated sequence 𝒂 * has user 1 ’s identifying pattern due to obfuscation by the shortest 𝑠, π‘š βˆ’ superstring with length 𝑔 𝑠, π‘š = 𝑠 1 + π‘š βˆ’ 1 . For instance, a shortest 3, 2 βˆ’ superstring constructed by using the De Bruijn sequence 𝐢(3, 2) : β€’ Superstring is constructed by a De 𝐢 3, 2 = β€œ 001021122 ” Bruijn sequence, which is the optimal shortest cyclic sequence containing all the possible substrings. 0010211220

  17. Ov Overview I. System Model and Metrics II. II. Priva vacy cy Guar Guarantee antee for for Mo Model-Fre Free PPM PPMs III. Numerical Results IV. Conclusion 17

  18. I. Syst ystem Mo Model and and De Definitions II. II. Priva vacy cy Gu Guara rante tees fo for Mo Model-Fr Free ee PPM PPMs III III. Numerica cal Resu sults IV IV. . Concl clusi sion Theorem 1. If 𝐚 is the obfuscated version of 𝐘, and 𝐙 is the anonymized version of 𝐚 as defined previously, there exists a lower bound πœ— for the probability β„™(ℬ * ) : 12 -./ / , '( , &'( ,-. % & 1 βˆ’ 1 βˆ’ π‘ž "#$ πœ€ ) , (1) β„™ 𝔆 ! β‰₯ n 1 βˆ’ exp βˆ’ 2 π»π‘ž "#$ 𝑠 & )*+ where 12 -./ , for 𝛽 = 0, 1, β‹― , 𝑠 & βˆ’ 1 )& 𝐻 = 𝑛 βˆ’ β„Ž π‘š βˆ’ 1 , πœ€ ) = 1 βˆ’

  19. I. Syst ystem Mo Model and and De Definitions II. Priva II. vacy cy Gu Guara rante tees fo for Mo Model-Fr Free ee PPM PPMs III. Numerica III cal Resu sults IV IV. . Concl clusi sion The idea behind the Proof: Define two Events: ℇ * : the user 1’s pattern appears in user u’s obfuscated data points 𝒂 * . β„± * : the distance between any neighboring points of pattern in 𝒂 * is smaller than or equal to β„Ž . (() ≀ 𝑛 βˆ’ β„Ž π‘š βˆ’ 1 = 𝐻 ℇ ! : 𝑁 !,( Independent (() ≀ β„Ž; 𝐸 ! (&'() ≀ β„Ž C β„± ! : 𝐸 ! ≀ β„Ž; β‹― ; 𝐸 ! Achieves a lower bound: β„™ 𝔆 ! β‰₯ β„™ ℇ ! β„™(β„± ! )

Recommend


More recommend