Dependence Makes You Vulnerable: Differential Privacy Under - - PowerPoint PPT Presentation

dependence makes you vulnerable differential privacy
SMART_READER_LITE
LIVE PREVIEW

Dependence Makes You Vulnerable: Differential Privacy Under - - PowerPoint PPT Presentation

Jun 01, 2023 125 likes •514 views

Introduction Differential Privacy under Dependent Data Conclusion and Future Work Dependence Makes You Vulnerable: Differential Privacy Under Dependent Tuples Changchang Liu 1 , Supriyo Chakraborty 2 , Prateek Mittal 1 Email: 1 { cl12, pmittal }

slide-1
SLIDE 1

Introduction Differential Privacy under Dependent Data Conclusion and Future Work

Dependence Makes You Vulnerable: Differential Privacy Under Dependent Tuples

Changchang Liu1, Supriyo Chakraborty2, Prateek Mittal1 Email: 1{cl12, pmittal}@princeton.edu, 2supriyo@us.ibm.com,

1 Princeton University, 2IBM T.J. Watson Research Center

February 23, 2016

1 / 21

slide-2
SLIDE 2

Introduction Differential Privacy under Dependent Data Conclusion and Future Work

Data Privacy

  • Privacy is important!
  • Snowden case
  • G20 summit breach
  • iCloud photo breach

···

2 / 21

slide-3
SLIDE 3

Introduction Differential Privacy under Dependent Data Conclusion and Future Work

Direct Release Data Would Compromise Privacy!

Individuals Data Provider Raw Data Applications Researchers Data Recipients Query Results 3 / 21

slide-4
SLIDE 4

Introduction Differential Privacy under Dependent Data Conclusion and Future Work

Direct Release Data Would Compromise Privacy!

Individuals Data Provider Raw Data Data Recipients Query Results 3 / 21

slide-5
SLIDE 5

Introduction Differential Privacy under Dependent Data Conclusion and Future Work

Obfuscate Data before Release to Protect Privacy

Individuals Data Provider Raw Data Data Obfuscation Applications Researchers Data Recipients Query Results Perturbed Query Results 3 / 21

slide-6
SLIDE 6

Introduction Differential Privacy under Dependent Data Conclusion and Future Work

Existing Privacy Metrics

– Differential Privacy [ICALP ’06] – Pufferfish Privacy [PODS ’12] – Membership Privacy [CCS ’13] – Blowfish Privacy [SIGMOD ’14]

4 / 21

slide-7
SLIDE 7

Introduction Differential Privacy under Dependent Data Conclusion and Future Work

ε-Differential Privacy (DP)

D

Neighboring Databases

The adversary’s ability to infer the individual’s information is bounded!

5 / 21

slide-8
SLIDE 8

Introduction Differential Privacy under Dependent Data Conclusion and Future Work

ε-Differential Privacy (DP)

D

D¢ Neighboring

Databases Differential Privacy requires: The adversary’s ability to infer the individual’s information is bounded!

5 / 21

slide-9
SLIDE 9

Introduction Differential Privacy under Dependent Data Conclusion and Future Work

ε-Differential Privacy (DP)

D

Probability S Query Output

Neighboring Databases Differential Privacy requires: The adversary’s ability to infer the individual’s information is bounded!

5 / 21

slide-10
SLIDE 10

Introduction Differential Privacy under Dependent Data Conclusion and Future Work

Laplace Perturbation Mechanism

  • S
  • noise

( )

Q D

( )

1

, ~ exp p Q e æ ö =

  • ç

÷ D è ø x b b x

( )

( ) D Q D = + b ( ) D Q ( ) ( ) D Q D Q

Raw Data

ε is the privacy budget

Q is the query function

∆Q is the global sensitivity of Q: maxD,D′Q(D)− Q(D′)1

6 / 21

slide-11
SLIDE 11

Introduction Differential Privacy under Dependent Data Conclusion and Future Work

Limitations for Differential Privacy (DP) Mechanisms

Implicitly assume independent tuples

7 / 21

slide-12
SLIDE 12

Introduction Differential Privacy under Dependent Data Conclusion and Future Work

Limitations for Differential Privacy (DP) Mechanisms

In reality, however, tuples are correlated

  • large volume
  • rich semantics
  • complex structure

8 / 21

slide-13
SLIDE 13

Introduction Differential Privacy under Dependent Data Conclusion and Future Work

Data correlation exists almost everywhere

(a) social network data (b) business data (c) mobility data (d) medical data

9 / 21

slide-14
SLIDE 14

Introduction Differential Privacy under Dependent Data Conclusion and Future Work

Data correlation exists almost everywhere

(a) social network data (b) business data (c) mobility data (d) medical data friendships interactions

9 / 21

slide-15
SLIDE 15

Introduction Differential Privacy under Dependent Data Conclusion and Future Work

Data correlation exists almost everywhere

(a) social network data (b) business data (c) mobility data (d) medical data friendships interactions financial transactions

9 / 21

slide-16
SLIDE 16

Introduction Differential Privacy under Dependent Data Conclusion and Future Work

Data correlation exists almost everywhere

(a) social network data (b) business data (c) mobility data (d) medical data friendships interactions financial transactions communication records

9 / 21

slide-17
SLIDE 17

Introduction Differential Privacy under Dependent Data Conclusion and Future Work

Data correlation exists almost everywhere

(a) social network data (b) business data (c) mobility data (d) medical data friendships interactions financial transactions communication records disease transmission

9 / 21

slide-18
SLIDE 18

Introduction Differential Privacy under Dependent Data Conclusion and Future Work

Our Objective

Incorporate correlated data in differential privacy

10 / 21

slide-19
SLIDE 19

Introduction Differential Privacy under Dependent Data Conclusion and Future Work Inference Attack for DP based on Correlated Tuples Dependent Differential Privacy (DDP) Experimental Results

Differential Privacy under Dependent Data Inference Attack for DP based on Correlated Tuples Dependent Differential Privacy (DDP) Experimental Results

10 / 21

slide-20
SLIDE 20

Introduction Differential Privacy under Dependent Data Conclusion and Future Work Inference Attack for DP based on Correlated Tuples Dependent Differential Privacy (DDP) Experimental Results

Correlation in Gowalla Location Dataset

Gowalla location dataset: 6,969 users, 98,802 location records Gowalla social dataset: 6,969 users, 47,502 edges

Manhattan, NewYork Queens, NewYork Brooklyn, NewYork San Jose, San Francisco Pasadena, Los Angeles Long Beach, Los Angeles Beverly Hills, Los Angeles Oakland, San Francisco 11 / 21

slide-21
SLIDE 21

Introduction Differential Privacy under Dependent Data Conclusion and Future Work Inference Attack for DP based on Correlated Tuples Dependent Differential Privacy (DDP) Experimental Results

Inference Attack on DP via K-Means Query

Differentially Private K-means for Gowalla Location Dataset

Individuals Data Provider Raw Data K-means Clustering Data Recipients Differentially Private K-means Clustering Perturbation Inference Attack 12 / 21

slide-22
SLIDE 22

Introduction Differential Privacy under Dependent Data Conclusion and Future Work Inference Attack for DP based on Correlated Tuples Dependent Differential Privacy (DDP) Experimental Results

Inference Attack

Social Relationships Inference Attack

Check-in Community

13 / 21

slide-23
SLIDE 23

Introduction Differential Privacy under Dependent Data Conclusion and Future Work Inference Attack for DP based on Correlated Tuples Dependent Differential Privacy (DDP) Experimental Results

Inference results by using correlation

0.5 1 1.5 2 2.5 3 2 4 6 8 Privacy Budget ε Leaked Information

with social relationships w/o social relationships security guarantee by DP

Exploiting correlation, one can infer more information! Exploiting correlation can break DP security guarantees!

14 / 21

slide-24
SLIDE 24

Introduction Differential Privacy under Dependent Data Conclusion and Future Work Inference Attack for DP based on Correlated Tuples Dependent Differential Privacy (DDP) Experimental Results

Inference results by using correlation

0.5 1 1.5 2 2.5 3 2 4 6 8 Privacy Budget ε Leaked Information

with social relationships w/o social relationships security guarantee by DP

Exploiting correlation, one can infer more information! Exploiting correlation can break DP security guarantees!

14 / 21

slide-25
SLIDE 25

Introduction Differential Privacy under Dependent Data Conclusion and Future Work Inference Attack for DP based on Correlated Tuples Dependent Differential Privacy (DDP) Experimental Results

Differential Privacy under Dependent Data Inference Attack for DP based on Correlated Tuples Dependent Differential Privacy (DDP) Experimental Results

14 / 21

slide-26
SLIDE 26

Introduction Differential Privacy under Dependent Data Conclusion and Future Work Inference Attack for DP based on Correlated Tuples Dependent Differential Privacy (DDP) Experimental Results

ε-Dependent Differential Privacy (DDP)

Neighboring Databases

  • R is probabilistic dependence relationship among the L dependent tuples
  • The adversary’s ability to infer the individual’s information is bounded

even if the adversary has access to data correlation R.

15 / 21

slide-27
SLIDE 27

Introduction Differential Privacy under Dependent Data Conclusion and Future Work Inference Attack for DP based on Correlated Tuples Dependent Differential Privacy (DDP) Experimental Results

ε-Dependent Differential Privacy (DDP)

Neighboring Databases Dependent Differential Privacy requires:

  • R is probabilistic dependence relationship among the L dependent tuples
  • The adversary’s ability to infer the individual’s information is bounded

even if the adversary has access to data correlation R.

15 / 21

slide-28
SLIDE 28

Introduction Differential Privacy under Dependent Data Conclusion and Future Work Inference Attack for DP based on Correlated Tuples Dependent Differential Privacy (DDP) Experimental Results

ε-Dependent Differential Privacy (DDP)

Probability S Query Output

Neighboring Databases Dependent Differential Privacy requires:

  • R is probabilistic dependence relationship among the L dependent tuples
  • The adversary’s ability to infer the individual’s information is bounded

even if the adversary has access to data correlation R.

15 / 21

slide-29
SLIDE 29

Introduction Differential Privacy under Dependent Data Conclusion and Future Work Inference Attack for DP based on Correlated Tuples Dependent Differential Privacy (DDP) Experimental Results

Dependent Perturbation Mechanism

  • Augment conventional LPM with additional noise relevant to ρij
  • Dependent coefficient ρij

− extent of dependence of Dj on the modification of Di

16 / 21

slide-30
SLIDE 30

Introduction Differential Privacy under Dependent Data Conclusion and Future Work Inference Attack for DP based on Correlated Tuples Dependent Differential Privacy (DDP) Experimental Results

Dependent Coefficient

Laplace noise in dependent perturbation mechanism exp

ε Sensitivityi +ρij ×Sensitivityj

  • Dependent coefficient satisfies: 0 ≤ ρij ≤ 1
  • ρij = 0:

standard differential privacy (independent setting)

  • ρij = 1:

fully dependent setting

  • ρij:

formulate correlation from privacy perspective

17 / 21

slide-31
SLIDE 31

Introduction Differential Privacy under Dependent Data Conclusion and Future Work Inference Attack for DP based on Correlated Tuples Dependent Differential Privacy (DDP) Experimental Results

Limitations of Dependent Coefficient

The exact computation of ρij relies on knowledge of data generation model

18 / 21

slide-32
SLIDE 32

Introduction Differential Privacy under Dependent Data Conclusion and Future Work Inference Attack for DP based on Correlated Tuples Dependent Differential Privacy (DDP) Experimental Results

Differential Privacy under Dependent Data Inference Attack for DP based on Correlated Tuples Dependent Differential Privacy (DDP) Experimental Results

18 / 21

slide-33
SLIDE 33

Introduction Differential Privacy under Dependent Data Conclusion and Future Work Inference Attack for DP based on Correlated Tuples Dependent Differential Privacy (DDP) Experimental Results

Resilience to Inference Attack

0.5 1 1.5 2 2.5 3 2 4 6 8 Privacy Budget ε Leaked Information attack DP attack DDP

DDP is more resilient to inference attack

19 / 21

slide-34
SLIDE 34

Introduction Differential Privacy under Dependent Data Conclusion and Future Work Inference Attack for DP based on Correlated Tuples Dependent Differential Privacy (DDP) Experimental Results

Resilience to Inference Attack

0.5 1 1.5 2 2.5 3 2 4 6 8 Privacy Budget ε Leaked Information attack DP attack DDP

DDP is more resilient to inference attack

19 / 21

slide-35
SLIDE 35

Introduction Differential Privacy under Dependent Data Conclusion and Future Work Inference Attack for DP based on Correlated Tuples Dependent Differential Privacy (DDP) Experimental Results

Further Analysis and Experiments

  • Composition Property

− Sequential/parallel composition property

  • Theoretical utility analysis
  • Different classes of queries

− Machine learning queries − Graph queries

20 / 21

slide-36
SLIDE 36

Introduction Differential Privacy under Dependent Data Conclusion and Future Work

Conclusion and Future work

  • Incorporate correlation into differential privacy

− Dependent differential privacy − More resilient to inference attack

  • Alternative data generation models in the future work

21 / 21

slide-37
SLIDE 37

Introduction Differential Privacy under Dependent Data Conclusion and Future Work

Appendix1: Dependence between tuples can seriously degrade the privacy guarantees provided by the existing DP mechanisms

Query Sum

,

i j

D D é ù ë û ( )

1 Lap e Add noise Noisy(

)

i j

D D +

Independent Privacy Guarantee

( )

exp e

( )

exp 1.5e

Dependent

i j

D D ^

Smaller means better privacy

e [ ]

0.5 0.5 0,1

j i i

D D X D X = + and arei.i.d in

Privacy Guarantee

21 / 21

slide-38
SLIDE 38

Introduction Differential Privacy under Dependent Data Conclusion and Future Work

Appendix 2: Model to Compute Dependent Coefficient

Here, we consider to utilize the friend-based model to compute the probabilistic dependence relationship, where a user’s location can be estimated by her friend’s location based on the distance between their

  • locations. Specifically, the probability of a user j locating at dj when

her friend i is locating at di is P(Dj = dj|Di = di) = a(dj − di1 + b)−c (1) where a > 0,b > 0,c > 0.

21 / 21