Secure k-Anonymization Linked with Differential Identifiability (Workshop)

Most k-anonymization mechanisms that have been developed presently are vulnerable to re-identification attacks, e.g., those generating a generalized value based on input databases. k-anonymization mechanisms do not properly capture the notion of hiding in a crowd, because they do not impose any constraints on the mechanisms. In this paper, we define \((k,\rho )\)-anonymization that achieves secure k-anonymization notion linked with differential identifiability under the condition of privacy parameter \(\rho \). Both differential identifiability and k-anonymization limit the probability that an individual is re-identified in a database after an adversary observes the output results of the database. Furthermore, differential identifiability can provide the same strong privacy guarantees as differential privacy. It can make k-anonymization perform securely, while \((k,\rho )\)-anonymization achieves the relaxation of the notion of differential identifiability, which can avoid a lot of noise and help obtain better utility for certain tasks. We also prove the properties \((k,\rho )\)-anonymization under composition that can be used for application in data publishing and data mining.

[1]  Bing-Rong Lin,et al.  Towards an axiomatization of statistical privacy and utility , 2010, PODS.

[2]  Adam D. Smith,et al.  Composition attacks and auxiliary information in data privacy , 2008, KDD.

[3]  Cynthia Dwork,et al.  Calibrating Noise to Sensitivity in Private Data Analysis , 2006, TCC.

[4]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[5]  Jeffrey F. Naughton,et al.  Anonymization of Set-Valued Data via Top-Down, Local Generalization , 2009, Proc. VLDB Endow..

[6]  Chris Clifton,et al.  Differential identifiability , 2012, KDD.

[7]  Cynthia Dwork,et al.  Differential Privacy , 2006, ICALP.

[8]  Cynthia Dwork,et al.  Practical privacy: the SuLQ framework , 2005, PODS.

[9]  Ashwin Machanavajjhala,et al.  l-Diversity: Privacy Beyond k-Anonymity , 2006, ICDE.

[10]  Pierangela Samarati,et al.  Protecting Respondents' Identities in Microdata Release , 2001, IEEE Trans. Knowl. Data Eng..

[11]  João P. Vilela,et al.  Privacy-Preserving Data Mining: Methods, Metrics, and Applications , 2017, IEEE Access.

[12]  Ninghui Li,et al.  t-Closeness: Privacy Beyond k-Anonymity and l-Diversity , 2007, 2007 IEEE 23rd International Conference on Data Engineering.

[13]  Johannes Gehrke,et al.  Crowd-Blending Privacy , 2012, IACR Cryptol. ePrint Arch..

[14]  Cynthia Dwork,et al.  Privacy-Preserving Datamining on Vertically Partitioned Databases , 2004, CRYPTO.

[15]  Latanya Sweeney,et al.  Achieving k-Anonymity Privacy Protection Using Generalization and Suppression , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[16]  Ninghui Li,et al.  On sampling, anonymization, and differential privacy or, k-anonymization meets differential privacy , 2011, ASIACCS '12.

[17]  Shui Yu,et al.  Big Privacy: Challenges and Opportunities of Privacy Study in the Age of Big Data , 2016, IEEE Access.

[18]  Irit Dinur,et al.  Revealing information while preserving privacy , 2003, PODS.

[19]  Ashwin Machanavajjhala,et al.  No free lunch in data privacy , 2011, SIGMOD '11.

[20]  Johannes Gehrke,et al.  Towards Privacy for Social Networks: A Zero-Knowledge Based Definition of Privacy , 2011, TCC.