Discrimination rate: an attribute-centric metric to measure privacy

As far as we know, there is no good privacy metric for quantifying how privacy-efficient an anonymity system is. This paper discusses first the features needed for defining such a metric and proposes a new metric based on information theory and named DR for Discrimination Rate. The DR is the first metric enabling some fine-grained measurements down to the attribute level to quantify the attribute identification capacity with a score scaling from 0 to 1 for any given anonymity system. The DR can be easily applied in practice, thanks to the algorithms provided in the paper. The DR measurement onto attributes enables to reflect the attacker’s capacity, and to evaluate how much the attribute is able to refine the anonymity set. The formalization brought by the DR permits to give more accurate definitions of identifiers and to introduce new notions like sketchy-identifiers, zero-identifiers, and partial-identifiers. Finally, the usefulness and practical dimensions of the DR are illustrated through evaluation and comparison of the k-anonymity and l-diversity mechanisms over a dataset.

[1]  Marco Gruteser,et al.  USENIX Association , 1992 .

[2]  ASHWIN MACHANAVAJJHALA,et al.  L-diversity: privacy beyond k-anonymity , 2006, 22nd International Conference on Data Engineering (ICDE'06).

[3]  Josep Domingo-Ferrer,et al.  A Critique of k-Anonymity and Some of Its Enhancements , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[4]  Frank Dürr,et al.  A classification of location privacy attacks and approaches , 2012, Personal and Ubiquitous Computing.

[5]  George Danezis,et al.  Towards an Information Theoretic Metric for Anonymity , 2002, Privacy Enhancing Technologies.

[6]  Carmela Troncoso,et al.  Does additional information always reduce anonymity? , 2007, WPES '07.

[7]  A. Pfitzmann,et al.  A terminology for talking about privacy by data minimization: Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management , 2010 .

[8]  Ninghui Li,et al.  t-Closeness: Privacy Beyond k-Anonymity and l-Diversity , 2007, 2007 IEEE 23rd International Conference on Data Engineering.

[9]  Pierangela Samarati,et al.  Protecting privacy when disclosing information: k-anonymity and its enforcement through generalization and suppression , 1998 .

[10]  Panos Kalnis,et al.  PRIVE: anonymous location-based queries in distributed mobile systems , 2007, WWW '07.

[11]  Romain Laborde,et al.  A survey on addressing privacy together with quality of context for context management in the Internet of Things , 2014, Ann. des Télécommunications.

[12]  Michael K. Reiter,et al.  Crowds: anonymity for Web transactions , 1998, TSEC.

[13]  Rainer Breitling,et al.  mzMatch–ISO: an R tool for the annotation and relative quantification of isotope-labelled mass spectrometry data , 2012, Bioinform..

[14]  Bart Preneel,et al.  Towards Measuring Anonymity , 2002, Privacy Enhancing Technologies.

[15]  Andrei N. Kolmogorov,et al.  On the Shannon theory of information transmission in the case of continuous signals , 1956, IRE Trans. Inf. Theory.

[16]  Amardeep Singh,et al.  Privacy Preserving Techniques in Social Networks Data Publishing-A Review , 2014 .

[17]  Kang G. Shin,et al.  Privacy protection for users of location-based services , 2012, IEEE Wireless Communications.