On the Performance of $k$ -Anonymity Against Inference Attacks With Background Information

Internet of Things (IoT) applications bring in a great convenience for human’s life, but users’ data privacy concern is the major barrier toward the development of IoT. <inline-formula> <tex-math notation="LaTeX">${k}$ </tex-math></inline-formula>-anonymity is a method to protect users’ data privacy, but it is presently known to suffer from inference attacks. Thus far, existing work only relies on a number of experimental examples to validate <inline-formula> <tex-math notation="LaTeX">${k}$ </tex-math></inline-formula>-anonymity’s performance against inference attacks, and thereby lacks of a theoretical guarantee. To tackle this issue, in this paper we propose the first theoretical foundation that gives a nonasymptotic bound on the performance of <inline-formula> <tex-math notation="LaTeX">${k}$ </tex-math></inline-formula>-anonymity against inference attacks, taking into consideration of adversaries’ background information. The main idea is to first quantify adversaries’ background information, and from the point of the view of adversaries, classify users’ data into four kinds: 1) independent with unknown data values; 2) local dependent with unknown data values; 3) independent with certain known data values; and 4) local dependent with certain known data values. We then move one step further, theoretically proving the bound on the performance of <inline-formula> <tex-math notation="LaTeX">${k}$ </tex-math></inline-formula>-anonymity corresponding to each of the four kinds of users’ data through cooperating with the noiseless privacy. We argue that such a theoretical foundation links <inline-formula> <tex-math notation="LaTeX">${k}$ </tex-math></inline-formula>-anonymity with noiseless privacy, theoretically proving <inline-formula> <tex-math notation="LaTeX">${k}$ </tex-math></inline-formula>-anonymity provides noiseless privacy. Additionally, this paper theoretically explains why <inline-formula> <tex-math notation="LaTeX">${k}$ </tex-math></inline-formula>-anonymity is vulnerable to inference attacks using the modified Stein method. Simulations on real check-in dataset from the location-based social network have validated our results. We believe that this paper can bridge the gap between design and evaluation, enabling a designer to construct a more practical <inline-formula> <tex-math notation="LaTeX">${k}$ </tex-math></inline-formula>-anonymity technique in real-life scenarios to resist inference attacks.

[1]  Alina Campan,et al.  A Clustering Approach for Data and Structural Anonymity in Social Networks , 2008 .

[2]  Jian Pei,et al.  Preserving Privacy in Social Networks Against Neighborhood Attacks , 2008, 2008 IEEE 24th International Conference on Data Engineering.

[3]  Xiang-Yang Li,et al.  Graph-based privacy-preserving data publication , 2016, IEEE INFOCOM 2016 - The 35th Annual IEEE International Conference on Computer Communications.

[4]  Donald F. Towsley,et al.  Resisting structural re-identification in anonymized social networks , 2010, The VLDB Journal.

[5]  David K. Y. Yau,et al.  Privacy vulnerability of published anonymous mobility traces , 2010, MobiCom.

[6]  Chen Wang,et al.  CANS: Towards Congestion-Adaptive and Small Stretch Emergency Navigation with Wireless Sensor Networks , 2016, IEEE Transactions on Mobile Computing.

[7]  Longfei Wu,et al.  A Survey on Security and Privacy Issues in Internet-of-Things , 2017, IEEE Internet of Things Journal.

[8]  Yanchao Zhang,et al.  Beware of What You Share: Inferring User Locations in Venmo , 2018, IEEE Internet of Things Journal.

[9]  K. Liu,et al.  Towards identity anonymization on graphs , 2008, SIGMOD Conference.

[10]  Lise Getoor,et al.  Preserving the Privacy of Sensitive Relationships in Graph Data , 2007, PinKDD.

[11]  Yong-Yeol Ahn,et al.  Community-Enhanced De-anonymization of Online Social Networks , 2014, CCS.

[12]  Chen Wang,et al.  RobLoP: Towards Robust Privacy Preserving Against Location Dependent Attacks in Continuous LBS Queries , 2018, IEEE/ACM Transactions on Networking.

[13]  Xiang-Yang Li,et al.  De-anonymizing social networks and inferring private attributes using knowledge graphs , 2016, IEEE INFOCOM 2016 - The 35th Annual IEEE International Conference on Computer Communications.

[14]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[15]  Raghav Bhaskar,et al.  Noiseless Database Privacy , 2011, ASIACRYPT.

[16]  Xinyu Yang,et al.  Toward Data Integrity Attacks Against Optimal Power Flow in Smart Grid , 2017, IEEE Internet of Things Journal.

[17]  Aaron Roth,et al.  The Algorithmic Foundations of Differential Privacy , 2014, Found. Trends Theor. Comput. Sci..

[18]  Shouling Ji,et al.  Structural Data De-Anonymization: Theory and Practice , 2016, IEEE/ACM Transactions on Networking.

[19]  Guihai Chen,et al.  Privacy and Quality Preserving Multimedia Data Aggregation for Participatory Sensing Systems , 2015, IEEE Transactions on Mobile Computing.

[20]  Jong Kim,et al.  Inference Attack on Browsing History of Twitter Users Using Public Click Analytics and Twitter Metadata , 2016, IEEE Transactions on Dependable and Secure Computing.

[21]  Peng Liu,et al.  The Effect of IoT New Features on Security and Privacy: New Threats, Existing Solutions, and Challenges Yet to Be Solved , 2018, IEEE Internet of Things Journal.

[22]  Philip S. Yu,et al.  Personalized Privacy Protection in Social Networks , 2010, Proc. VLDB Endow..

[23]  Jia Liu,et al.  K-isomorphism: privacy preserving network publication against structural attacks , 2010, SIGMOD Conference.

[24]  I. S. Tyurin A REFINEMENT OF THE REMAINDER IN THE LYAPUNOV THEOREM , 2012 .

[25]  Lei Zou,et al.  K-Automorphism: A General Framework For Privacy Preserving Network Publication , 2009, Proc. VLDB Endow..

[26]  Chen Wang,et al.  Non-asymptotic Bound on the Performance of k-Anonymity against Inference Attacks , 2018, 2018 IEEE 20th International Conference on High Performance Computing and Communications; IEEE 16th International Conference on Smart City; IEEE 4th International Conference on Data Science and Systems (HPCC/SmartCity/DSS).

[27]  Chen Wang,et al.  ILLIA: Enabling $k$ -Anonymity-Based Privacy Preserving Against Location Injection Attacks in Continuous LBS Queries , 2018, IEEE Internet of Things Journal.