k anonymity
play

K Anonymity Dagstuhl Workshop Federated Semantic 8 Data Management, - PDF document

Sep 14, 2022 •327 likes •457 views

27.06.2017 Schutz der Privatsphre (WS15/16) Introduction to Privacy (Part 1) You have zero privacy. Get over it. Scott McNealy, 1999 Privacy, k anonymity, and differential privacy Johann Christoph Freytag Humboldt-Universitt zu

  1. 27.06.2017 Schutz der Privatsphäre (WS15/16) Introduction to Privacy (Part 1) “You have zero privacy. Get over it.” Scott McNealy, 1999 Privacy, k ‐ anonymity, and differential privacy Johann Christoph Freytag Humboldt-Universität zu Berlin Dagstuhl Workshop Federated Semantic 1 Data Management, June 2017 Is it always obvious?  Is it always obvious that privacy is violated or breached?  Latanya Sweeney’s Finding – In Massachusetts, USA, the Group Insurance Commission (GIC) is responsible for purchasing health insurance for state employees – GIC has to publish the data: GIC( zip, dob, sex , diagnosis, procedure, ...) d ate o f b irth [Sween’02] http://dataprivacylab.org/people/sweeney/ Dagstuhl Workshop Federated Semantic 2 Data Management, June 2017 1

  2. 27.06.2017 Schutz der Privatsphäre (WS15/16) Introduction to Privacy (Part 1) Latanya Sweeney’s Finding (1)  Sweeney paid $20 and bought the voter registration list for Cambridge, MA: Voter GIC Name Adress … ZIP DOB Sex ZIP DOB Sex Diagnostic Medication …  William Weld (former governor) lives in Cambridge, hence is in VOTER  6 people in VOTER share his date of birth ( dob )  only 3 of them were man (same sex )  Weld was the only one in that zip  Sweeney learned Weld’s medical records!  87 % of population in U. S. can be identified by ZIP, dob, sex Dagstuhl Workshop Federated Semantic 3 Data Management, June 2017 What is Privacy? [Sweeney, 2002]  Definition 1: “ Privacy reflects the ability of a person, organization, government, or entity to control its own space, where the concept of space (or “privacy space”) takes on different contexts.” – Physical space, against invasion – Bodily space, medical consent – Computer space, spam – Web browsing space, Internet privacy [Agrawal et al., 2002]  Definition 2: “ Privacy is the right of individuals to determine for themselves when, how, and to what extent information about them is communicated to others.” (We shall call this data/information privacy) Dagstuhl Workshop Federated Semantic 4 Data Management, June 2017 2

  3. 27.06.2017 Schutz der Privatsphäre (WS15/16) Introduction to Privacy (Part 1) Challenge  Given: person ‐ specific data – microdata table T  Goal: privacy preserving public release table T * – Information should remain practically useful attributes A j SSN Name Zipcode Age Sex Disease 003 Chris 12211 18 M Arthritis 004 David 12244 19 M Cold 010 Ethan 12245 27 M Heart problem 029 Frank 12377 27 M Flu tuples t 034 Gillian 12377 27 F Arthritis 059 Helen 12391 34 F Diabetes 077 Ireen 12391 45 F Flu Microdata T Dagstuhl Workshop Federated Semantic 5 Data Management, June 2017 Quasi ‐ identifier  Definition (Quasi ‐ identifier) A set of non ‐ sensitive attributes QI T = { A i , …, A j } of a table T is called a quasi ‐ identifier if these attributes can be linked with external data to uniquely identify at least one individual in the general population Ω . Zipcode Age Sex Disease Name Zipcode Age Sex 12211 18 M Arthritis Chris 12211 18 M 12244 19 M Cold Jack 19221 20 M … … … … T Public database Linking attack Name Zipcode Age Sex Disease Ω = {Chris, David, Jack, …} Chris 12211 18 M Arthritis QI T = {Zipcode, Age, Sex} Dagstuhl Workshop Federated Semantic 6 Data Management, June 2017 3

  4. 27.06.2017 Schutz der Privatsphäre (WS15/16) Introduction to Privacy (Part 1) Microdata Identifier Quasi ‐ identifier Sensitive attributes attributes A j SSN Name Zipcode Age Sex Disease 003 Chris 12211 18 M Arthritis 004 David 12244 19 M Cold 010 Ethan 12245 27 M Heart problem tuples t 029 Frank 12377 27 M Flu 034 Gillian 12377 27 F Arthritis 059 Helen 12391 34 F Diabetes 077 Ireen 12391 45 F Flu Microdata T Dagstuhl Workshop Federated Semantic 7 Data Management, June 2017 Introduced by Latanya Sweeney, 2002 K ‐ Anonymity Dagstuhl Workshop Federated Semantic 8 Data Management, June 2017 4

  5. 27.06.2017 Schutz der Privatsphäre (WS15/16) Introduction to Privacy (Part 1) k ‐ anonymity Definition  Definition ( k ‐ anonymity) A table T satisfies k ‐ anonymity if for every tuple t ∈ T there exist k − 1 other tuples t 1 , t 2 , …, t k − 1 ∈ T such that t [QI T ] = t 1 [QI T ] = t 2 [QI T ] = ∙∙∙ = t k − 1 [QI T ] for all quasi ‐ identifier QI T . Zipcode Age Sex Disease Zipcode Age Sex Disease 12211 18 M Arthritis 122** 18–19 M Arthritis 12244 19 M Cold 122** 18–19 M Cold 12245 27 M Heart problem * 27 * Heart problem 12377 27 M Flu * 27 * Flu 12377 27 F Arthritis * 27 * Arthritis 12391 34 F Diabetes 12391 ≥ 30 F Diabetes 12391 45 F Flu 12391 ≥ 30 F Flu Microdata table T 2 ‐ anomynous table T * Dagstuhl Workshop Federated Semantic 9 Data Management, June 2017 k ‐ anonymity Zipcode Age Sex Disease 122** 18–19 M Arthritis QI ‐ group/ equivalence class 122** 18–19 M Cold * 27 * Heart problem * 27 * Flu Name Zipcode Age Sex * 27 * Arthritis Chris 12211 18 M 12391 ≥ 30 F Diabetes Jack 19221 20 M 12391 ≥ 30 F Flu Public database T * Name Zipcode Age Sex Disease Chris 12211 18 M Arthritis Disease of Chris? Arthritis or Cold? Chris 12211 18 M Cold Dagstuhl Workshop Federated Semantic 10 Data Management, June 2017 5

  6. 27.06.2017 Schutz der Privatsphäre (WS15/16) Introduction to Privacy (Part 1) Privacy protection vs. information Zipcode Age Sex Disease Zipcode Age Sex Disease 122** 18–19 M Arthritis * ≤ 19 M Arthritis 122** 18–19 M Cold * ≤ 19 M Cold * 27 * Heart problem * 18–65 * Heart problem * 27 * Flu * 18–65 * Flu * 27 * Arthritis * 18–65 * Arthritis 12391 ≥ 30 F Diabetes 12*** ≥ 20 * Diabetes 12391 ≥ 30 F Flu 12*** ≥ 20 * Flu 2 ‐ anonymous table 2 ‐ anonymous table high information content low information content Dagstuhl Workshop Federated Semantic 11 Data Management, June 2017 Anonymization Methods Overview Lower and upper bound for each sensitive attribute value ( α i , β i ) ‐ Closeness (High importance attack, Lower bound attack) t ‐ Closeness Limit adversary’s information gain (Skewness attack, Similarity attack) ( ε , m ) ‐ Anonymity Restrict similar numerical values (Proximity Breach) Privacy Protection l ‐ Diversity m ‐ Invariance Diversity of sensitive values Time ‐ sequence re ‐ publications; (Background knowledge attack, (Critical absence phenomenon) Probabilistic inference attack) ( k , e ) ‐ Anonymity Limit range of numerical attributes (Similarity attack) ( α , k ) ‐ Anonymity Limit most frequent value (Probabilistic inference attack) p ‐ Sensitive k ‐ Anonymity Protection against attribute disclosure (Homogeneity attack) minor k ‐ Anonymity Protection against identity disclosure (Linkage attack) major Dagstuhl Workshop Federated Semantic 12 Data Management, June 2017 6

  7. 27.06.2017 Schutz der Privatsphäre (WS15/16) Introduction to Privacy (Part 1) Introduced by Cynthia Dwork (2006) Differential Privacy Dagstuhl Workshop Federated Semantic 13 Data Management, June 2017 Model Query Microdata (MDB) query result (not exactly)  Protect Privacy  Provide useful information Add noise, delete names, etc. Dagstuhl Workshop Federated Semantic 14 Data Management, June 2017 7

  8. ͌ 27.06.2017 Schutz der Privatsphäre (WS15/16) Introduction to Privacy (Part 1) Differential Privacy (informal)  Output of a query is similar whether any single individual’s record is included in the database or not Query: # of persons with a cold? Database D Database D‘ Name Disease Query Query Name Disease Chris Arthritis ≈ Chris Arthritis R1 R2 David Cold Ethan Heart problem Ethan Heart problem  David is no worse off because his record is/is not included in the output of a query Dagstuhl Workshop Federated Semantic 15 Data Management, June 2017 Definitions Definition 1 (neighboring databases): Two databases D, D’ are neighbors if they differ by at most one tuple Definition 2 ( ε‐ differential privacy): A randomized algorithm G provides ε ‐ differential privacy if: – for all neighboring databases D and D’, andprivacy – for any outputs O: Pr[ G ( D ) = O ] ≤ e ε * Pr[ G ( D’ ) = O ] Dagstuhl Workshop Federated Semantic 16 Data Management, June 2017 8

  9. 27.06.2017 Schutz der Privatsphäre (WS15/16) Introduction to Privacy (Part 1) Differential Privacy – additional remarks Ɛ is a privacy  Pr[ G ( D ) = O ] ≤ e ε * Pr[ G ( D’ ) = O ] parameter Pr[ G ( D’ ) = O ] ≤ e  ≈ 1 ±  Pr[ G ( D ) = O ] =  Epsilon is usually small: e.g. if  = 0.1 then e  ≈ 1.10 epsilon = stronger privacy Dagstuhl Workshop Federated Semantic 17 Data Management, June 2017 Query sensitivity Definition 3: The sensitivity of a query Q is ∆ q = max |Q(D) ‐ Q(D’)| where D, D’ are any two neighboring databases Query Q Sensitivity ∆ q Q1: Count tuples 1 Q2: Count (patients with “Cold”) 1 Q3: Count (patients with property X) 1 Q4: Max (age of patients) max age Dagstuhl Workshop Federated Semantic 18 Data Management, June 2017 9

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Bitcoin and Anonymity Anonymity Basics How to de-anonymize Bitcoin Mixing

Bitcoin and Anonymity Anonymity Basics How to de-anonymize Bitcoin Mixing

Cryptocurrency Technologies Bitcoin and Anonymity Bitcoin and Anonymity Anonymity Basics How to de-anonymize Bitcoin Mixing Decentralized Mixing Zerocoin and Zerocash Tor and the Silk Road Bitcoin and Anonymity

524 views • 39 slides
Measures of Anonymity/Privacy: k-Anonymity, L-Diversity,

Measures of Anonymity/Privacy: k-Anonymity, L-Diversity,

Measures of Anonymity/Privacy: k-Anonymity, L-Diversity, t-Closeness CompSci 590.03 Instructor: Ashwin Machanavajjhala Lecture 4 : 590.03 Fall 12 1

647 views • 61 slides
but quite a lot is. Coordination among users can help with anonymity. Debajyoti Das 1 Sebastian

but quite a lot is. Coordination among users can help with anonymity. Debajyoti Das 1 Sebastian

Not all is lost for anonymity but quite a lot is. Coordination among users can help with anonymity. Debajyoti Das 1 Sebastian Meiser 2 Esfandiar Mohammadi 3 Aniket Kate 1 1 Purdue University 2 Visa Research 3 ETH Zurich 1 Sender Anonymity

551 views • 44 slides
Online Anonymity Andrew Lewman andrew@torproject.org June 8, 2010 What is anonymity? Anonymity

Online Anonymity Andrew Lewman andrew@torproject.org June 8, 2010 What is anonymity? Anonymity

Online Anonymity Andrew Lewman andrew@torproject.org June 8, 2010 What is anonymity? Anonymity isnt cryptography Cryptography protects the contents in transit You still know who is talking to whom, how often, and how much data is

764 views • 54 slides
Anonymity in Bitcoin Tumbler/Mixer Oct 9, 2019 Anonymity and Pseudonymity anonymous =

Anonymity in Bitcoin Tumbler/Mixer Oct 9, 2019 Anonymity and Pseudonymity anonymous =

Anonymity in Bitcoin Tumbler/Mixer Oct 9, 2019 Anonymity and Pseudonymity anonymous = Nameless, unidentifiable pseudonymous = Fake name, still traceable Tracing Bitcoin transactions Normal redeem script: Provide public key pk and proof

438 views • 33 slides
Anonymity Jiayi Fu What is Anonymity - Describe the situation in which someone's name is not

Anonymity Jiayi Fu What is Anonymity - Describe the situation in which someone's name is not

Anonymity Jiayi Fu What is Anonymity - Describe the situation in which someone's name is not given or known - Anonymity != Privacy != Security - Anonymity: they can see what you do, but not who you are - Privacy: they can see

379 views • 33 slides
Lecture 24 Anonymity and Privacy Stephen Checkoway University of Illinois at Chicago CS 487

Lecture 24 Anonymity and Privacy Stephen Checkoway University of Illinois at Chicago CS 487

Lecture 24 Anonymity and Privacy Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides based on Miller and Baileys ECE 422 Anonymity Anonymity: Concealing your identity In the context of the Internet, we

860 views • 61 slides
11-830 Computational Ethics for NLP Lecture 11: Privacy and Anonymity Privacy and Anonymity

11-830 Computational Ethics for NLP Lecture 11: Privacy and Anonymity Privacy and Anonymity

11-830 Computational Ethics for NLP Lecture 11: Privacy and Anonymity Privacy and Anonymity Being on-line without giving up everything about you Ensuring collected data doesnt reveal its users data Privacy in Structured Data:

766 views • 49 slides
Anonymity in Cryptocurrencies Foteini Baldimtsi Bitcoin Anonymity? Satoshi Nakamoto, 2008

Anonymity in Cryptocurrencies Foteini Baldimtsi Bitcoin Anonymity? Satoshi Nakamoto, 2008

Anonymity in Cryptocurrencies Foteini Baldimtsi Bitcoin Anonymity? Satoshi Nakamoto, 2008 Bitcoin is only pseudonymous Public Key Address 133GT5661q8RuSKrrv8q2Pb4RwS 146KL5461d8KuSPxvv8q2Nd6K2q Posted on the ... Blockchain Alice

821 views • 40 slides
Slicing the licing the Onion: Onion: Anonymity Without PKI Anonymity Without PKI Sachin Katti

Slicing the licing the Onion: Onion: Anonymity Without PKI Anonymity Without PKI Sachin Katti

Slicing the licing the Onion: Onion: Anonymity Without PKI Anonymity Without PKI Sachin Katti Dina Katabi & Katya Puchala State of the art: Onio Onion Rout n Routing over P2P ing over P2P n Routing over P2P ing over P2P Bob Onion

705 views • 43 slides
Applications for Measurement: Improving Anonymity Online Rishab Nithyanand | Rachee Singh |

Applications for Measurement: Improving Anonymity Online Rishab Nithyanand | Rachee Singh |

Applications for Measurement: Improving Anonymity Online Rishab Nithyanand | Rachee Singh | Shinyoung Cho | Phillipa Gill Stony Brook University 1 Anonymity on the Internet Tor Network 2 Anonymity on the Internet Does not know the source

261 views • 15 slides
Identity and Identity and anonymity anonymity Engineering & Public Policy Lorrie Faith

Identity and Identity and anonymity anonymity Engineering & Public Policy Lorrie Faith

CyLab Identity and Identity and anonymity anonymity Engineering & Public Policy Lorrie Faith Cranor October 29, 2013 y & c S a e v c i u r P r i t e y l b L a a s b U o 8-533 / 8-733 / 19-608 / 95-818:

467 views • 46 slides
for anonymity, but quite a lot is. Debajyoti Das 1 Sebastian Meiser 2 Esfandiar Mohammadi 3 Aniket

for anonymity, but quite a lot is. Debajyoti Das 1 Sebastian Meiser 2 Esfandiar Mohammadi 3 Aniket

Anonymity Trilemma not all is lost for anonymity, but quite a lot is. Debajyoti Das 1 Sebastian Meiser 2 Esfandiar Mohammadi 3 Aniket Kate 1 1 Purdue University 2 Visa Research 3 Universitaet zu Luebeck Anonymous Communication (AC) Networks

449 views • 21 slides
Free Software, Free Internet, Anonymity & Tor Andrew Lewman andrew@torproject.org 24 Feb

Free Software, Free Internet, Anonymity & Tor Andrew Lewman andrew@torproject.org 24 Feb

Free Software, Free Internet, Anonymity & Tor Andrew Lewman andrew@torproject.org 24 Feb 2011 What is anonymity? Anonymity isnt cryptography Cryptography protects the contents in transit You still know who is talking to whom, how

926 views • 51 slides
Anonymity with Identity Escrow Aybek Mukhamedov and Mark Ryan The University of Birmingham March

Anonymity with Identity Escrow Aybek Mukhamedov and Mark Ryan The University of Birmingham March

Anonymity with Identity Escrow Aybek Mukhamedov and Mark Ryan The University of Birmingham March 30, 2006 Outline Anonymity 1 Anonymity with identity escrow 2 Marshall and Molina-Jiminez protocol 3 Our protocol 4 Verification in

567 views • 20 slides
Crowds: Anonymity for Web Transactions Paper by: Michael K. Reiter & Aviel D. Rubin of

Crowds: Anonymity for Web Transactions Paper by: Michael K. Reiter & Aviel D. Rubin of

Crowds: Anonymity for Web Transactions Paper by: Michael K. Reiter & Aviel D. Rubin of AT&T Labs (August, 1997) Presenter: Craig Bergstrom Overview The Problem At Hand How Crowds Works Levels and Types of Anonymity &

326 views • 19 slides
Beyond Prediction: Drawing Causal Inference from Big Data S. Reza Jafarzadeh, DVM, MPVM, PhD

Beyond Prediction: Drawing Causal Inference from Big Data S. Reza Jafarzadeh, DVM, MPVM, PhD

Beyond Prediction: Drawing Causal Inference from Big Data S. Reza Jafarzadeh, DVM, MPVM, PhD Section of Rheumatology Boston University School of Medicine 2 Disclosure Boston University Slideshow Title Goes Here Funding NIH R03, R21

588 views • 14 slides
Agreeing what outcomes to measure Importance of core outcome sets (COS) and the crucial roles

Agreeing what outcomes to measure Importance of core outcome sets (COS) and the crucial roles

Agreeing what outcomes to measure Importance of core outcome sets (COS) and the crucial roles that patients have in the development and use of COS Bridget Young, Professor of Psychology, University of Liverpool, UK Clinical trials are only

322 views • 31 slides
Program Summary ! CreakyJoints-customized-a-pilot-program-offering-free-high8

Program Summary ! CreakyJoints-customized-a-pilot-program-offering-free-high8

Program Summary ! CreakyJoints-customized-a-pilot-program-offering-free-high8 speed-Internet-to-patients-and-caregivers-in-14-partner- rheumatologist-waiting-rooms,-exam-rooms-and-infusion-centers. !

420 views • 13 slides
Socioec oecon onom omic S Status, Perceptions of of Pain, a and t the Disp spari rity

Socioec oecon onom omic S Status, Perceptions of of Pain, a and t the Disp spari rity

Socioec oecon onom omic S Status, Perceptions of of Pain, a and t the Disp spari rity ty i in n SSDI Rece eceipt David M. Cutler, Harvard and NBER Ellen Meara, Dartmouth and NBER Susan Stewart, NBER This research was supported by

430 views • 16 slides
Burden Snapshot Living Well Business Plan Stakeholder Meeting March 19, 2012 Bruce Gutelius, MD,

Burden Snapshot Living Well Business Plan Stakeholder Meeting March 19, 2012 Bruce Gutelius, MD,

Oregon Chronic Disease Burden Snapshot Living Well Business Plan Stakeholder Meeting March 19, 2012 Bruce Gutelius, MD, MPH Deputy State Epidemiologist Oregon Public Health Division Leading U.S. Causes of Death at the Turn of the 20 th and 21

334 views • 15 slides
Tick-borne Infections Meg Fisher, MD Medical Director 1 7/22/2019 Disclosures I have no

Tick-borne Infections Meg Fisher, MD Medical Director 1 7/22/2019 Disclosures I have no

7/22/2019 Tick-borne Infections Meg Fisher, MD Medical Director 1 7/22/2019 Disclosures I have no relevant financial relationships with the manufacturers(s) of any commercial products(s) and/or provider of commercial services discussed

490 views • 20 slides
BRASS BRIGHAM AND WOMENS RHEUMATOID ARTHRITIS SEQUENTIAL STUDY BRASS Registry Enrollment

BRASS BRIGHAM AND WOMENS RHEUMATOID ARTHRITIS SEQUENTIAL STUDY BRASS Registry Enrollment

BRASS BRIGHAM AND WOMENS RHEUMATOID ARTHRITIS SEQUENTIAL STUDY BRASS Registry Enrollment Began in March 2003 Prospective follow-up for 15 years 1468 recruited to date 30 rheumatologists have contributed patients > 90%

847 views • 15 slides
Interval-based Clock Synchronization for Ad-Hoc Sensor Networks Lennart Meier Computer

Interval-based Clock Synchronization for Ad-Hoc Sensor Networks Lennart Meier Computer

Interval-based Clock Synchronization for Ad-Hoc Sensor Networks Lennart Meier Computer Engineering and Networks Laboratory ETH Zurich 1 Motivation message-delay uncertainty specific communication pattern for synchronization clock drift 1

737 views • 14 slides

More recommend