data privacy introduction vicen c torra january 15 2018
play

Data privacy: introduction Vicen c Torra January 15, 2018 - PowerPoint PPT Presentation

Jul 31, 2023 •554 likes •1.14k views

Oslo, 2018 Data privacy: introduction Vicen c Torra January 15, 2018 Privacy, Information and Cyber-Security Center SAIL, School of Informatics, University of Sk ovde, Sweden Outline Outline 1. Motivation 2. Privacy models and

  1. Oslo, 2018 Data privacy: introduction Vicen¸ c Torra January 15, 2018 Privacy, Information and Cyber-Security Center SAIL, School of Informatics, University of Sk¨ ovde, Sweden

  2. Outline Outline 1. Motivation 2. Privacy models and disclosure risk assessment 3. Data protection mechanisms 4. Masking methods 5. Summary Oslo, 2018 1 / 45

  3. Motivation Outline Motivation Oslo, 2018 2 / 45

  4. Introduction Outline Introduction • Data privacy: core ◦ Someone needs to access to data to perform authorized analysis, but access to the data and the result of the analysis should avoid disclosure. ? E.g., you are authorized to compute the average stay in a hospital, but maybe you are not authorized to see the length of stay of your neighbor. Vicen¸ c Torra; Data privacy Oslo, 2018 3 / 45

  5. Introduction Outline Introduction • Data privacy: boundaries ◦ Database in a computer or in a removable device ⇒ access control to avoid unauthorized access = ⇒ Access to address (admissions), Access to blood test (admissions?) ◦ Data is transmitted ⇒ security technology to avoid unauthorized access = ⇒ Data from blood glucose meter sent to hospital. Network sniffers Transmission is sensitive: Near miss/hit report to car manufacturers security Privacy access control Vicen¸ c Torra; Data privacy Oslo, 2018 4 / 45

  6. Introduction Outline Difficulties • Difficulties: Naive anonymization does not work Passenger manifest for the Missouri, arriving February 15, 1882; Port of Boston 1 Names, Age, Sex, Occupation, Place of birth, Last place of residence, Yes/No, condition (healthy?) 1 https://www.sec.state.ma.us/arc/arcgen/genidx.htm Vicen¸ c Torra; Data privacy Oslo, 2018 5 / 45

  7. Introduction Outline Difficulties • Difficulties: highly identifiable data ◦ (Sweeney, 1997) on USA population ⋆ 87.1% (216 million/248 million) were likely made them unique based on 5-digit ZIP, gender, date of birth, ⋆ 3.7% (9.1 million) had characteristics that were likely made them unique based on 5-digit ZIP, gender, Month and year of birth. Vicen¸ c Torra; Data privacy Oslo, 2018 6 / 45

  8. Introduction Outline Difficulties • Difficulties: highly identifiable data ◦ Data from mobile devices: ⋆ two positions can make you unique (home and working place) ◦ AOL 2 and Netflix cases (search logs and movie ratings) ⇒ User No. 4417749, hundreds of searches over a three-noth period including queries ’landscapers in Lilburn, Ga’ ⇒ Thelma Arnold identified! ⇒ individual users matched with film ratings on the Internet Movie Database. ◦ Similar with credit card payments, shopping carts, ... (i.e., high dimensional data) 2 http://www.nytimes.com/2006/08/09/technology/09aol.html Vicen¸ c Torra; Data privacy Oslo, 2018 7 / 45

  9. Introduction Outline Difficulties • Difficulties: highly identifiable data ◦ Example #1: ⋆ University goal: know how sickness is influenced by studies and by commuting distance ⋆ Data: where students live, what they study, if they got sick ⋆ No “personal data”, is this ok ? Vicen¸ c Torra; Data privacy Oslo, 2018 8 / 45

  10. Introduction Outline Difficulties • Difficulties: highly identifiable data ◦ Example #1: ⋆ University goal: know how sickness is influenced by studies and by commuting distance ⋆ Data: where students live, what they study, if they got sick ⋆ No “personal data”, is this ok ? ⋆ NO!!: How many in your degree live in your town ? Vicen¸ c Torra; Data privacy Oslo, 2018 8 / 45

  11. Introduction Outline Difficulties • Difficulties: highly identifiable data ◦ Example #1: ⋆ University goal: know how sickness is influenced by studies and by commuting distance ⋆ Data: where students live, what they study, if they got sick ⋆ No “personal data”, is this ok ? ⋆ NO!!: How many in your degree live in your town ? ◦ Example #2: ⋆ Car company goal: Study driving behaviour in the morning ⋆ Data: First drive (GPS origin + destination, time) × 30 days ⋆ No “personal data”, is this ok? Vicen¸ c Torra; Data privacy Oslo, 2018 8 / 45

  12. Introduction Outline Difficulties • Difficulties: highly identifiable data ◦ Example #1: ⋆ University goal: know how sickness is influenced by studies and by commuting distance ⋆ Data: where students live, what they study, if they got sick ⋆ No “personal data”, is this ok ? ⋆ NO!!: How many in your degree live in your town ? ◦ Example #2: ⋆ Car company goal: Study driving behaviour in the morning ⋆ Data: First drive (GPS origin + destination, time) × 30 days ⋆ No “personal data”, is this ok? ⋆ NO!!!: How many (cars) go from your parking to your university everymorning ? Are you exceeding the speed limit ? Are you visiting a psychiatrisc every tuesday ? Vicen¸ c Torra; Data privacy Oslo, 2018 8 / 45

  13. Introduction Outline Difficulties • Data privacy is “impossible”, or not ? ◦ Privacy vs. utility ◦ Privacy vs. security ◦ Computationally feasible Vicen¸ c Torra; Data privacy Oslo, 2018 9 / 45

  14. Outline Privacy models and disclosure risk assessment Vicen¸ c Torra; Data privacy Oslo, 2018 10 / 45

  15. Introduction > Disclosure risk Outline Disclosure risk assessment Privacy models: What is a privacy model ? • To make a program we need to know what we want to protect Vicen¸ c Torra; Data privacy Oslo, 2018 11 / 45

  16. Introduction > Disclosure risk Outline Disclosure risk assessment Disclosure risk. Disclosure: leakage of information. • Identity disclosure vs. Attribute disclosure ◦ Attribute disclosure: (e.g. learn about Alice’s salary) ⋆ Increase knowledge about an attribute of an individual ◦ Identity disclosure: (e.g. find Alice in the database) ⋆ Find/identify an individual in a database (e.g., masked file) Within machine learning, some attribute disclosure is expected. Vicen¸ c Torra; Data privacy Oslo, 2018 12 / 45

  17. Introduction > Disclosure risk Outline Disclosure risk assessment Disclosure risk. • Boolean vs. quantitative privacy models ◦ Boolean: Disclosure either takes place or not. Check whether the definition holds or not. Includes definitions based on a threshold. ◦ Quantitative: Disclosure is a matter of degree that can be quantified. Some risk is permitted. • minimize information loss (max. utility) vs. multiobjetive optimization Vicen¸ c Torra; Data privacy Oslo, 2018 13 / 45

  18. Introduction > Disclosure risk Outline Disclosure risk assessment Privacy models. (selection) • Secure multiparty computation. Several parties want to compute a function of their databases, but only sharing the result. • Reidentification privacy. Avoid finding a record in a database. • k-Anonymity. A record indistinguishable with k − 1 other records. • Differential privacy. The output of a query to a database should not depend (much) on whether a record is in the database or not. Vicen¸ c Torra; Data privacy Oslo, 2018 14 / 45

  19. Introduction > Disclosure risk Outline Disclosure risk assessment Privacy model. Secure multiparty computation. • Several parties want to compute a function of their databases, but only sharing the result. ◦ hospital A and hospital B , ◦ two independent databases with: age of patient, length of stay in hospital • how to compute a regression with all data (both databases) age → length without sharing data? Vicen¸ c Torra; Data privacy Oslo, 2018 15 / 45

  20. Introduction > Disclosure risk Outline Disclosure risk assessment Privacy model. Reidentification privacy. • Avoid finding a record in a database. ◦ hospital A has a database ◦ a researcher asks for access to this database • how to prepare an anonymized database so that the researcher can not find a friend? Vicen¸ c Torra; Data privacy Oslo, 2018 16 / 45

  21. Introduction > Disclosure risk Outline Disclosure risk assessment Privacy model. k-Anonymity. • Avoid finding a record in a database. ... making each record indistinguishable with k − 1 other records. Vicen¸ c Torra; Data privacy Oslo, 2018 17 / 45

  22. Introduction > Disclosure risk Outline Disclosure risk assessment Privacy model. k-Anonymity. • Avoid finding a record in a database. ... making each record indistinguishable with k − 1 other records. ◦ hospital A has a database ◦ a researcher asks for access to this database • how to prepare an anonymized database so that the researcher can not find a friend? Vicen¸ c Torra; Data privacy Oslo, 2018 17 / 45

  23. Introduction > Disclosure risk Outline Disclosure risk assessment Privacy model. Differential privacy. • The output of a query to a database should not depend (much) on whether a record is in the database or not. ◦ hospital A has a database age of patient, length of stay in hospital • how to compute an average length of stay in such a way that the result does not depend (much) on whether we use or not the data of a particular person. Vicen¸ c Torra; Data privacy Oslo, 2018 18 / 45

  24. Privacy models Outline • Privacy models: quite a few competing models ◦ differential privacy ◦ secure multiparty computation ◦ k-anonymity ◦ computational anonymity ◦ reidentification (record linkage) ◦ uniqueness ◦ result privacy ◦ interval disclosure ◦ integral privacy Vicen¸ c Torra; Data privacy Oslo, 2018 19 / 45

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Data privacy. Introduction Vicen c Torra February, 2018 Introduction Outline Introduction

Data privacy. Introduction Vicen c Torra February, 2018 Introduction Outline Introduction

Data privacy. Introduction Vicen c Torra February, 2018 Introduction Outline Introduction Goals: / Topics Privacy from three different perspectives: anonymous communications/privacy enhancing technologies, privacy preserving data

197 views • 6 slides
Data privacy. A briefer. Vicen c Torra (vtorra@ieee.org) May 31st, 2018 Privacy, Information

Data privacy. A briefer. Vicen c Torra (vtorra@ieee.org) May 31st, 2018 Privacy, Information

IEEE Chapter Meeting, Sk ovde Data privacy. A briefer. Vicen c Torra (vtorra@ieee.org) May 31st, 2018 Privacy, Information and Cyber-Security Center SAIL, School of Informatics, University of Sk ovde, Sweden Outline Outline 1.

841 views • 35 slides
Data privacy: Introduction Vicen c Torra March, 2019 Hamilton Institute, Maynooth University,

Data privacy: Introduction Vicen c Torra March, 2019 Hamilton Institute, Maynooth University,

Data privacy: Introduction Vicen c Torra March, 2019 Hamilton Institute, Maynooth University, Ireland Outline Outline 1. Motivation 2. Difficulties 3. Terminology 4. Disclosure 5. Transparency 6. Privacy by design 7. Summary 1 / 37

510 views • 38 slides
Data privacy: an introduction (part II) Vicen c Torra February, 2017 School of Informatics,

Data privacy: an introduction (part II) Vicen c Torra February, 2017 School of Informatics,

Sk ovde 2017 Data privacy: an introduction (part II) Vicen c Torra February, 2017 School of Informatics, University of Sk ovde, Sweden Outline Outline 1. Basics 2. A classification Dimensions 3. Masking methods 4. Privacy

449 views • 41 slides
User privacy Vicen c Torra February, 2018 SAIL + PICS, School of Informatics, University of

User privacy Vicen c Torra February, 2018 SAIL + PICS, School of Informatics, University of

User privacy Vicen c Torra February, 2018 SAIL + PICS, School of Informatics, University of Sk ovde, Sweden Outline Outline 1. User privacy 1 / 25 Outline User privacy 2 / 25 DP > Dimensions Outline Data Privacy Classification

836 views • 37 slides
Data privacy: an overview Vicen c Torra December, 2019 Hamilton Institute, Maynooth

Data privacy: an overview Vicen c Torra December, 2019 Hamilton Institute, Maynooth

Data privacy: an overview Vicen c Torra December, 2019 Hamilton Institute, Maynooth University, Ireland Overview Outline Overview What is data privacy? Why is it necessary and why it is challenging/difficult? Some definitions

2.02k views • 188 slides
On machine learning for data privacy Vicen c Torra Dec. 7, 2016 School of Informatics,

On machine learning for data privacy Vicen c Torra Dec. 7, 2016 School of Informatics,

Link oping 2016 On machine learning for data privacy Vicen c Torra Dec. 7, 2016 School of Informatics, University of Sk ovde, Sweden Outline Outline Outline Disclosure risk. A quantitative measures: record linkage The worst-case

1.29k views • 101 slides
Data privacy: Privacy models Vicen c Torra March, 2019 Hamilton Institute, Maynooth

Data privacy: Privacy models Vicen c Torra March, 2019 Hamilton Institute, Maynooth

Data privacy: Privacy models Vicen c Torra March, 2019 Hamilton Institute, Maynooth University, Ireland Outline Outline Privacy models 1 / 11 Data privacy > Privacy models Outline Privacy models ? 2 / 11 Data privacy > Privacy

695 views • 12 slides
Transparency and disclosure risk in data privacy c Torra 1 Vicen March, 2015 1 School of

Transparency and disclosure risk in data privacy c Torra 1 Vicen March, 2015 1 School of

PAIS 2015 Transparency and disclosure risk in data privacy c Torra 1 Vicen March, 2015 1 School of Informatics, University of Sk ovde, Sweden Outline Outline Outline Quantitative measures of risk: record linkage Transparency principle:

1.35k views • 91 slides
Noise Graph Addition: A New Perspective for Graph Anonymization Vicen Torra, Julin Salas

Noise Graph Addition: A New Perspective for Graph Anonymization Vicen Torra, Julin Salas

Graph Perturbation as Noise Graph Addition: A New Perspective for Graph Anonymization Vicen Torra, Julin Salas Data Privacy Management Luxembourg, 26 September 2019 Outline 1. Introduction Motivations and objectives Random graph

355 views • 20 slides
Choquet integral in decision making and metric learning Vicen c Torra Hamilton Institute,

Choquet integral in decision making and metric learning Vicen c Torra Hamilton Institute,

IUKM 2019 - Nara, Japan Choquet integral in decision making and metric learning Vicen c Torra Hamilton Institute, Maynooth University Ireland March 27, 2018 Outline Overview Basics and objectives: Using Choquet integral in two types

1.37k views • 88 slides
Aggregation functions for social decision making Vicen c Torra torsdag den 17. oktober 2013

Aggregation functions for social decision making Vicen c Torra torsdag den 17. oktober 2013

Kbenhavn, Danmark, 2013 Aggregation functions for social decision making Vicen c Torra torsdag den 17. oktober 2013 Institut dInvestigaci o en Intel lig` encia Artificial (IIIA-CSIC), Bellaterra Outline Outline 1. Introduction

1.29k views • 112 slides
On some extensions and applications of non-additive measures Vicen c Torra September, 2013

On some extensions and applications of non-additive measures Vicen c Torra September, 2013

LFSC 2013 On some extensions and applications of non-additive measures Vicen c Torra September, 2013 Joint Work: Y. Narukawa, K. Stokes, G. Navarro-Arribas, D. Abril Institut dInvestigaci o en Intel lig` encia Artificial

1.5k views • 122 slides
Funciones de agregaci c Torra 1 Vicen Octubre, 2014 1 Institut dInvestigaci o en Intel

Funciones de agregaci c Torra 1 Vicen Octubre, 2014 1 Institut dInvestigaci o en Intel

Ja en on para la toma de decisiones multicriterio Funciones de agregaci c Torra 1 Vicen Octubre, 2014 1 Institut dInvestigaci o en Intel lig` encia Artificial (IIIA-CSIC); Universidad de Sk ovde (HiS, Suecia) - a partir de

1.3k views • 128 slides
Decisi o: agregaci o i consens Vicen c Torra Universitat de Sk ovde (HiS, Su` ecia)

Decisi o: agregaci o i consens Vicen c Torra Universitat de Sk ovde (HiS, Su` ecia)

Decisi o: agregaci o i consens Vicen c Torra Universitat de Sk ovde (HiS, Su` ecia) Novembre, 2015 Bibliografia (i/o spam) Bibliografia Gilboa, I., Theory of decision under uncertainty, Cambridge University Press, 2009.

1.77k views • 134 slides
Classification of procedures Vicen c Torra March, 2019 Hamilton Institute, Maynooth

Classification of procedures Vicen c Torra March, 2019 Hamilton Institute, Maynooth

Classification of procedures Vicen c Torra March, 2019 Hamilton Institute, Maynooth University, Ireland Outline Outline 1. Dimensions 1st dimension 2nd dimension 3rd dimension Other dimensions 2. Roadmap of data protection

805 views • 34 slides
University of the Basque Country (EHU) Systems for the NIST 2011 LRE Mikel Penagarikano, Amparo

University of the Basque Country (EHU) Systems for the NIST 2011 LRE Mikel Penagarikano, Amparo

Train and development data System description Analysis of the results Conclusions University of the Basque Country (EHU) Systems for the NIST 2011 LRE Mikel Penagarikano, Amparo Varona, Luis Javier Rodr guez-Fuentes, Mireia Diez, Germ

524 views • 19 slides
Why use R? Introduction to R: To perform inferential statistics (e.g., use a statistical

Why use R? Introduction to R: To perform inferential statistics (e.g., use a statistical

Why use R? Introduction to R: To perform inferential statistics (e.g., use a statistical test to calculate a p value) test to calculate a p-value) Using R for statistics and data analysis U i R f t ti ti d d t l i To do real

603 views • 7 slides
Fast leakage assessment Oscar Reparaz COSIC / KU Leuven Benedikt Gierlichs CHES 2017 Taipei

Fast leakage assessment Oscar Reparaz COSIC / KU Leuven Benedikt Gierlichs CHES 2017 Taipei

Fast leakage assessment Oscar Reparaz COSIC / KU Leuven Benedikt Gierlichs CHES 2017 Taipei (Taiwan) 2017-09-26 Ingrid Verbauwhede 1 an empirical approach to test device security Enumerate all attacks, check if any is successful

359 views • 31 slides
Checking Assumptions Normal distributions: use probability plot (or quantile-quantile plot);

Checking Assumptions Normal distributions: use probability plot (or quantile-quantile plot);

ST 516 Experimental Statistics for Engineers II Checking Assumptions Normal distributions: use probability plot (or quantile-quantile plot); straight line implies normal distribution: Normal QQ Plot Normal QQ Plot 1.5 1.5

419 views • 15 slides
Physics in DUNE UK WP1 Steve Dennis DUNE UK Meeting University of Manchester 05/03/2019 Steve

Physics in DUNE UK WP1 Steve Dennis DUNE UK Meeting University of Manchester 05/03/2019 Steve

Physics in DUNE UK WP1 Steve Dennis DUNE UK Meeting University of Manchester 05/03/2019 Steve Dennis 1 Introduction An important time for DUNE physics as much as anything else. The physics TDR is due in May. Final analysis should

439 views • 20 slides
A First Course on Kinetics and Reaction Engineering Class 19 on Unit 18 Where Were Going

A First Course on Kinetics and Reaction Engineering Class 19 on Unit 18 Where Were Going

A First Course on Kinetics and Reaction Engineering Class 19 on Unit 18 Where Were Going Part I - Chemical Reactions Part II - Chemical Reaction Kinetics Part III - Chemical Reaction Engineering A. Ideal Reactors B.

359 views • 33 slides
1 Class B Class B Ground Water 11 Two criteria turn an otherwise Class A ground water into

1 Class B Class B Ground Water 11 Two criteria turn an otherwise Class A ground water into

Ground Water Classification 1 And Response Requirements OAC 3745-300-10 Certified Professional 8-Hour Training Ground Water Rule 2 Classification Urban setting designation Response requirements Ground Water Classification 3

300 views • 10 slides
Brownian motion (cont.) 18.S995 - L05 1.2 Brownian motion Diffusion equation with constant

Brownian motion (cont.) 18.S995 - L05 1.2 Brownian motion Diffusion equation with constant

Brownian motion (cont.) 18.S995 - L05 1.2 Brownian motion Diffusion equation with constant drift @ t p = u @ x p + D @ xx p (1.19a) Path-wise representation of typical trajectories ? 1.2 Brownian motion Diffusion equation with constant

535 views • 24 slides

More recommend