you cannot hide for long de anonymization of real world
play

You cannot hide for long: De-anonymization of real-world dynamic - PowerPoint PPT Presentation

Mar 06, 2023 •289 likes •461 views

You cannot hide for long: De-anonymization of real-world dynamic behaviour George Danezis (University College London) Carmela Troncoso (Gradiant) Privacy beyond confjdentiality Common belief: if I encrypt my data, then the data is

  1. You cannot hide for long: De-anonymization of real-world dynamic behaviour George Danezis (University College London) Carmela Troncoso (Gradiant)

  2. Privacy beyond confjdentiality • Common belief: “if I encrypt my data, then the data is private” • Encryption works and gets more and more effjcient! • But does not hide all data • Origin and destination • Timing • Frequency • Location • …

  3. Anonymization • Decouple user identity from actions Anonymizer Anonymizer • Enabler for privacy-preserving technologies • Anonymous credentials • eVoting • Privacy-preserving statistics computation

  4. Anonymity in reality • Diffjcult to guarantee perfect anonymity due to constraints • Observations allow for inferences (e.g., behavioral profjles) Bob Alice Anonymizer behaviour Alice is speaking to Bob Prior info on users with probability X State of the art limitation: static behavior

  5. A model for dynamic behaviour • Users Dynamism: Sends messages to at rate λ AB Epochs t of stationary behaviour Sends messages to at rate λ AO Profjle evolution probability Send messages to at rate λ OB Send messages to at rate λ OO • Anonymizer Given observation… • Divided in batches (n batches per epoch) What is λ AB ? • Perfect anonymity V Pois ( ) ← λ + λ V A V B A AB AO Visible V Pois ( ) ← λ + λ Hidde t t O OB OO n V O V O’ V Pois ( ) ← λ + λ B AB OB V Pois ( ) ← λ + λ O ' AO OO

  6. Sequential Monte Carlo aka. Particle Filters • Inferring hidden parameters of sequential models • Our case: modeling λ AB at t depends on λ AB at t-1 • Core idea: • Particles representing sample hidden states (λ AB , λ OB ) • Distributed following posterior distribution given evidence (V X ) Allow for statistic computation (mean, std, …) of hidden variables Likelihood of obs. Prob evolving to • From Bayes theorem given hidden current λ AB state t t t t 1 t 1 t 1 Pr[( , ) | V ] L ( V | ) E ( | − ) Pr[( − , − )] λ λ ∝ λ λ λ λ λ AB OB * * * AB AB AB OB Prob at epoch t Prior (epoch t-1)

  7. V A V B T oy example t t V O V O’ t t-1 λ t-1 λ t Weight particles: λ t-1 λ t i. Likelihood t t Pr[( , ) | V ] ii. Evolution λ AB λ OB * iii. Proposal λ t-1 λ t λ t-1 λ t 1. Propose new 2. Likelihood 3. Re-sample particles given Obs and previous state

  8. In pseudocode Take obs in all epochs Initialize particles Propose current state given observation All types of samples Likelihood of observation given current and previous state Reweighting of proposal likelihood given proposal distributions Resampling to obtain new particles according to posterior

  9. The likelihood function L ( V | ) * λ * V Pois ( ) ← λ + λ V A V B A AB AO Visible Hidde V Pois ( ) ← λ + λ t O OB OO t n V Pois ( ) ← λ + λ V O V O’ B AB OB V Pois ( ) ← λ + λ O ' AO OO • How likely is an observation V * given sending rates λ * Prob of each of the rounds Prob of total volume in epoch given λ * (just Poisson) Binomial p ab is just the probability A sent to B p ab =(λ AB / λ AB + λ OB )

  10. t t 1 The profjle evolution probability E ( | − ) λ λ AB AB • Probability of λ AB at t given λ AB at t-1 • T wo stages 1) Probability transitions silent-communication 2) Probability of given difgerence: mixture with heavy tails

  11. Evaluation • Three datasets: • eMail: Enron dataset ~0.5M emails, 150 users. • Mailing list: Indymedia ~300K posts from 28237 senders to 693 lists • Location: Gowala dataset ~6.5M checkins from ~200K users • Parameters empirically inferred using EM • T wo sets • Communication Transitions Mixtur Prio • Stop talking e Silent r Stay silent evoluti silen on t • Anonymity system • 1 day delay (anonymity vs delay trade-ofg given 1 week epochs) • Thresholds: eMail/Mailing ~100 Location ~15K

  12. Evaluation - an example trace (Avg(Batch)= 244) • State of the art: Statistical Disclosure Attack • Background traffjc: messages to • Use background to estimate volume in her rounds • Assumes static behaviour: short and long term

  13. Evaluation – estimation accuracy as Squared error 13 20 MSE Comm 84 3.7 83 MSE Silent 0.7 2.8 0.8 =12 K K 1.2 2.3 36 K 0 Epoch Trace

  14. Evaluation – communication detection Are Alice and Bob communicating? Base rate fallacy! Use particles distribution Use rate directly

  15. Conclusions • Structured model for traffjc analysis based on known Bayesian inference techniques • easy to extend • allow assessment of inference quality • avoid base rate fallacy • Attacks on real world traces • can be efgective for rather low action rates • can be efgective over a much shorter period of time than previously thought • can be efgective for secure confjgurations of the anonymity system • Rethink current evaluations and fjgures of merit

  16. Thanks!! ctroncoso@gradiant.org g.danezis@ucl.ac.uk

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CS573 Data Privacy and Security Anonymization methods Anonymization methods Li Xiong Today

CS573 Data Privacy and Security Anonymization methods Anonymization methods Li Xiong Today

CS573 Data Privacy and Security Anonymization methods Anonymization methods Li Xiong Today Recap/Taxonomy of Anonymization Microdata anonymization Microaggregation based anonymization Taxonomy of Anonymization Problem

620 views • 59 slides
XML in the real world XML in the real world XML agentzh ( )

XML in the real world XML in the real world XML agentzh ( )

XML in the real world XML in the real world XML agentzh ( ) 2006.10 RSS is cool ! RSS RSS Really Simple Syndication Tired of checking your favorite news and blogs sites everyday?

786 views • 75 slides
CS573 Data Privacy and Security Anonymization methods Anonymization methods Li Xiong Today

CS573 Data Privacy and Security Anonymization methods Anonymization methods Li Xiong Today

CS573 Data Privacy and Security Anonymization methods Anonymization methods Li Xiong Today Clustering based anonymization (cont) Permutation based anonymization Other privacy principles Microaggregation/Clustering Two steps:

879 views • 52 slides
Data Masking and Anonymization for PostgreSQL 1 The Anonymization Challenge 8 Strategies

Data Masking and Anonymization for PostgreSQL 1 The Anonymization Challenge 8 Strategies

Data Masking and Anonymization for PostgreSQL 1 The Anonymization Challenge 8 Strategies PostgreSQL Anonymizer The Future 2 3 My Story 4 LETS DO THIS ! jailer pgantomizer ARX pgsync anomyze-it anonymizer mat2 Talend open

1.12k views • 77 slides
How Long How to Get Through a Crisis Part 9 Psalm 13 How long, O Lord? Will you

How Long How to Get Through a Crisis Part 9 Psalm 13 How long, O Lord? Will you

How Long How to Get Through a Crisis Part 9 Psalm 13 How long, O Lord? Will you forget me forever? How long will you hide your face from me? 2 How long must I wrestle with my thoughts, and every day have sorrow in my

436 views • 9 slides
CS573 Data Privacy and Security Anonymization methods Anonymization methods Li Xiong Today

CS573 Data Privacy and Security Anonymization methods Anonymization methods Li Xiong Today

CS573 Data Privacy and Security Anonymization methods Anonymization methods Li Xiong Today Permutation based anonymization methods (cont.) Other privacy principles for microdata publishing publishing Statistical databases

986 views • 51 slides
Your Color? God? He does not care He is not there Not Doing That Well I How long, O Lord?

Your Color? God? He does not care He is not there Not Doing That Well I How long, O Lord?

Your Color? God? He does not care He is not there Not Doing That Well I How long, O Lord? Will you forget me forever? How long will you hide your face from Psalm 13:16 me? How long must I bear pain in my soul, and have sorrow in my

293 views • 18 slides
You Can Run, But You Cant Hide: Facing the Costs of Long-Term Care Harriet L. Komisar, Ph.D.

You Can Run, But You Cant Hide: Facing the Costs of Long-Term Care Harriet L. Komisar, Ph.D.

You Can Run, But You Cant Hide: Facing the Costs of Long-Term Care Harriet L. Komisar, Ph.D. New York Institute of Technology Center for Gerontology and Geriatrics Second Annual Conference on Aging and Society: Second Annual Conference on

327 views • 31 slides
Data Privacy Anonymization Li Xiong CS573 Data Privacy and Security Outline Inference

Data Privacy Anonymization Li Xiong CS573 Data Privacy and Security Outline Inference

Data Privacy Anonymization Li Xiong CS573 Data Privacy and Security Outline Inference control Anonymization problem Anonymization notions and approaches (and how they fail to work!) k-anonymity l-diversity t-closeness

741 views • 51 slides
(Un)Ordinary Time Psalm 13 "How long, Lord? Will you forget me forever? How long will

(Un)Ordinary Time Psalm 13 "How long, Lord? Will you forget me forever? How long will

Sermon Series (Un)Ordinary Time Psalm 13 "How long, Lord? Will you forget me forever? How long will you hide your face from me? How long must I wrestle with my thoughts and day after day have sorrow in my heart? How long will my

691 views • 34 slides
Introduction to Anonymization (I) Claire McKay Bowen Postdoctoral Researcher, Los Alamos

Introduction to Anonymization (I) Claire McKay Bowen Postdoctoral Researcher, Los Alamos

DataCamp Data Privacy and Anonymization in R DATA PRIVACY AND ANONYMIZATION IN R Introduction to Anonymization (I) Claire McKay Bowen Postdoctoral Researcher, Los Alamos National Laboratory DataCamp Data Privacy and Anonymization in R

609 views • 26 slides
Towards Plausible Graph Anonymization Yang Zhang, Mathias Humbert, Bartlomiej Surma, Praveen

Towards Plausible Graph Anonymization Yang Zhang, Mathias Humbert, Bartlomiej Surma, Praveen

Towards Plausible Graph Anonymization Yang Zhang, Mathias Humbert, Bartlomiej Surma, Praveen Manoharan, Jilles Vreeken, Michael Backes Graph sharing 2 Graph anonymization 3 Graph anonymization id 3 id 7 id 1 id 6 id 4 id 2 id 8 id 5

622 views • 36 slides
Motivation Long-lived signatures can hide new physics from conventional searches, even if

Motivation Long-lived signatures can hide new physics from conventional searches, even if

Searches for long-lived particles at CMS After a few years of LHC running, CMS has published several searches for long-lived, exotic particles. What motivates these searches ? What strengths & weaknesses does the CMS detector have

447 views • 28 slides
BOYS ISSUES THAT CONTRIBUTE TO POOR PERFORMANCE Transference of academic skills into real

BOYS ISSUES THAT CONTRIBUTE TO POOR PERFORMANCE Transference of academic skills into real

AWAKENING THE GENIUS IN OUR The New Jamaica School BOYS ISSUES THAT CONTRIBUTE TO POOR PERFORMANCE Transference of academic skills into real world is lacking They hide from skills and academic areas may not be the area where their

430 views • 13 slides
Why so low for so long? A long-term view of real interest rates Discussion by James D. Hamilton

Why so low for so long? A long-term view of real interest rates Discussion by James D. Hamilton

Why so low for so long? A long-term view of real interest rates Discussion by James D. Hamilton 1 Multiple explanations have been proposed to explain falling real rates over last 40 years This paper takes much longer perspective

343 views • 9 slides
An Automated Social Graph De-anonymization Technique Kumar Sharad 1 George Danezis 2 1 2

An Automated Social Graph De-anonymization Technique Kumar Sharad 1 George Danezis 2 1 2

An Automated Social Graph De-anonymization Technique Kumar Sharad 1 George Danezis 2 1 2 November 3, 2014 Workshop on Privacy in the Electronic Society, Scottsdale, Arizona, USA This Talk 1 The Art of Data Anonymization 2 The D4D Challenge 3

527 views • 51 slides
MoDvaDon for local bindings We want local bindings = a way to name things locally in Local

MoDvaDon for local bindings We want local bindings = a way to name things locally in Local

MoDvaDon for local bindings We want local bindings = a way to name things locally in Local Bindings and Scope funcDons and other expressions. Why? These slides borrow heavily from Ben Woods Fall 15 slides, some of which are For style

298 views • 8 slides
(Ab)using Google's Chromium EC for your own projects Building Franken Chrome Devices Moritz

(Ab)using Google's Chromium EC for your own projects Building Franken Chrome Devices Moritz

(Ab)using Google's Chromium EC for your own projects Building Franken Chrome Devices Moritz Fischer - Senior Software Engineer National Instruments $whoami Moritz Fischer Embedded Software Engineer @ National Instruments Work on the

587 views • 43 slides
Properties of Transpose Transpose has higher precedence than multiplica- tion and addition, so AB

Properties of Transpose Transpose has higher precedence than multiplica- tion and addition, so AB

3.2, 3.3 Inverting Matrices P. Danziger Properties of Transpose Transpose has higher precedence than multiplica- tion and addition, so AB T = A and A + B T = A + B T B T As opposed to the bracketed expressions ( AB ) T and (

646 views • 22 slides
Deep into the Amplituhedron Jaroslav Trnka Center for Quantum Mathematics and Physics (QMAP),

Deep into the Amplituhedron Jaroslav Trnka Center for Quantum Mathematics and Physics (QMAP),

Deep into the Amplituhedron Jaroslav Trnka Center for Quantum Mathematics and Physics (QMAP), University of California, Davis, USA work with Nima Arkani-Hamed, Hugh Thomas, Cameron Langer, Akshay Yelleshpur Srikant, Enrico Herrmann, Minshan

598 views • 48 slides
Review Languages and Grammars CS 301 - Lecture 5 Alphabets, strings, languages Regular

Review Languages and Grammars CS 301 - Lecture 5 Alphabets, strings, languages Regular

Review Languages and Grammars CS 301 - Lecture 5 Alphabets, strings, languages Regular Languages Regular Grammars, Regular Deterministic Finite Automata Languages, and Properties of Nondeterministic Finite Automata Regular

576 views • 16 slides
Binary Tree Traversal Methods Preorder Inorder In a traversal of a binary tree, each

Binary Tree Traversal Methods Preorder Inorder In a traversal of a binary tree, each

Binary Tree Traversal Methods Binary Tree Traversal Methods Preorder Inorder In a traversal of a binary tree, each element of Postorder the binary tree is visited exactly once. Level order During the visit of an

408 views • 5 slides
3.2. Cournot Model Matilde Machado 3.2. Cournot Model Assumptions: All firms produce an

3.2. Cournot Model Matilde Machado 3.2. Cournot Model Assumptions: All firms produce an

3.2. Cournot Model Matilde Machado 3.2. Cournot Model Assumptions: All firms produce an homogenous product The market price is therefore the result of the total supply (same price for all firms) the total supply (same price for

812 views • 26 slides
Regular Expressions, II Lecture 12b Larry Ruzzo Outline Some efficiency tidbits More

Regular Expressions, II Lecture 12b Larry Ruzzo Outline Some efficiency tidbits More

Regular Expressions, II Lecture 12b Larry Ruzzo Outline Some efficiency tidbits More regular expressions & pattern matching Time and Memory Efficiency Avoid premature optimization; get a working solution, even if big & slow

734 views • 47 slides

More recommend