Indistinguishability: The Other Aspect of Privacy

Uncertainty and indistinguishability are two independent aspects of privacy. Uncertainty refers to the property that the attacker cannot tell which private value, among a group of values, an individual actually has, and indistinguishability refers to the property that the attacker cannot see the difference among a group of individuals. While uncertainty has been well studied and applied to many scenarios, to date, the only effort in providing indistinguishability has been the well-known notion of k-anonymity. However, k-anonymity only applies to anonymized tables. This paper defines indistinguishability for general situations based on the symmetry among the possible private values associated with individuals. The paper then discusses computational complexities of and provides practical algorithms for checking whether a set of database views provides enough indistinguishability.

[1]  Yehuda Lindell,et al.  Privacy Preserving Data Mining , 2002, Journal of Cryptology.

[2]  Sushil Jajodia,et al.  Checking for k-Anonymity Violation by Views , 2005, VLDB.

[3]  John E. Mitchell,et al.  Branch-and-price-and-cut on the clique partitioning problem with minimum clique size requirement , 2007, Discret. Optim..

[4]  Alberto O. Mendelzon,et al.  Authorization Views and Conditional Query Containment , 2005, ICDT.

[5]  Harry S. Delugach,et al.  Wizard: A Database Inference Analysis and Detection System , 1996, IEEE Trans. Knowl. Data Eng..

[6]  ASHWIN MACHANAVAJJHALA,et al.  L-diversity: privacy beyond k-anonymity , 2006, 22nd International Conference on Data Engineering (ICDE'06).

[7]  Ashwin Machanavajjhala,et al.  l-Diversity: Privacy Beyond k-Anonymity , 2006, ICDE.

[8]  Pierangela Samarati,et al.  Protecting Respondents' Identities in Microdata Release , 2001, IEEE Trans. Knowl. Data Eng..

[9]  Alin Deutsch,et al.  Privacy in Database Publishing , 2005, ICDT.

[10]  R. Gavison Privacy and the Limits of Law , 1980 .

[11]  Dan Suciu,et al.  A formal analysis of information disclosure in data exchange , 2004, SIGMOD '04.

[12]  Hoeteck Wee,et al.  Toward Privacy in Public Databases , 2005, TCC.

[13]  David J. DeWitt,et al.  Incognito: efficient full-domain K-anonymity , 2005, SIGMOD '05.

[14]  Latanya Sweeney,et al.  Achieving k-Anonymity Privacy Protection Using Generalization and Suppression , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[15]  Chris Clifton,et al.  When do data mining results violate privacy? , 2004, KDD.

[16]  Sushil Jajodia,et al.  Secure Databases: Constraints, Inference Channels, and Monitoring Disclosures , 2000, IEEE Trans. Knowl. Data Eng..

[17]  Charu C. Aggarwal,et al.  On the design and quantification of privacy preserving data mining algorithms , 2001, PODS.

[18]  Sushil Jajodia,et al.  Cardinality-Based Inference Control in Sum-Only Data Cubes , 2002, ESORICS.

[19]  Jayant R. Haritsa,et al.  A Framework for High-Accuracy Privacy-Preserving Mining , 2005, ICDE.

[20]  Jon M. Kleinberg,et al.  Auditing Boolean attributes , 2000, PODS.

[21]  D.G. Marks,et al.  Inference in MLS Database Systems , 1996, IEEE Trans. Knowl. Data Eng..

[22]  Nabil R. Adam,et al.  Security-control methods for statistical databases: a comparative study , 1989, CSUR.

[23]  Adam Meyerson,et al.  On the complexity of optimal K-anonymity , 2004, PODS.

[24]  Roberto J. Bayardo,et al.  Data privacy through optimal k-anonymization , 2005, 21st International Conference on Data Engineering (ICDE'05).

[25]  Sujeet Shenoi,et al.  Catalytic inference analysis: detecting inference threats due to knowledge discovery , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[26]  Alexandre V. Evfimievski,et al.  Limiting privacy breaches in privacy preserving data mining , 2003, PODS.

[27]  Nina Mishra,et al.  Simulatable auditing , 2005, PODS.

[28]  Alexandre V. Evfimievski,et al.  Privacy preserving mining of association rules , 2002, Inf. Syst..

[29]  Rathindra Sarathy,et al.  Security of random data perturbation methods , 1999, TODS.