New Efficient Attacks on Statistical Disclosure Control Mechanisms

The goal of a statistical database is to provide statistics about a population while simultaneously protecting the privacy of the individual records in the database. The tension between privacy and usability of statistical databases has attracted much attention in statistics, theoretical computer science, security, and database communities in recent years. A line of research initiated by Dinur and Nissim investigates for a particular type of queries, lower bounds on the distortion needed in order to prevent gross violations of privacy. The first result in the current paper simplifies and sharpens the Dinur and Nissim result. The Dinur-Nissim style results are strong because they demonstrate insecurity of all low-distortion privacy mechanisms. The attacks have an all-or-nothing flavor: letting ndenote the size of the database, i¾?(n) queries are made before anything is learned, at which point i¾?(n) secret bits are revealed. Restricting attention to a wide and realistic subset of possible low-distortion mechanisms, our second result is a more acute attack, requiring only a fixed number of queries for each bit revealed.

[1]  Cynthia Dwork,et al.  Practical privacy: the SuLQ framework , 2005, PODS.

[2]  Cynthia Dwork,et al.  Calibrating Noise to Sensitivity in Private Data Analysis , 2006, TCC.

[3]  Chris Clifton,et al.  Tools for privacy preserving distributed data mining , 2002, SKDD.

[4]  Latanya Sweeney,et al.  Privacy-enhanced linking , 2005, SKDD.

[5]  I. Johnstone,et al.  Minimax estimation via wavelet shrinkage , 1998 .

[6]  Emmanuel J. Candès,et al.  Near-Optimal Signal Recovery From Random Projections: Universal Encoding Strategies? , 2004, IEEE Transactions on Information Theory.

[7]  Cynthia Dwork,et al.  Privacy, accuracy, and consistency too: a holistic solution to contingency table release , 2007, PODS.

[8]  Irit Dinur,et al.  Revealing information while preserving privacy , 2003, PODS.

[9]  Cynthia Dwork,et al.  Privacy-Preserving Datamining on Vertically Partitioned Databases , 2004, CRYPTO.

[10]  Cynthia Dwork,et al.  Differential Privacy , 2006, ICALP.

[11]  Noga Alon,et al.  The Probabilistic Method, Second Edition , 2004 .

[12]  Hoeteck Wee,et al.  Toward Privacy in Public Databases , 2005, TCC.

[13]  F. MacWilliams,et al.  The Theory of Error-Correcting Codes , 1977 .

[14]  Matthew Franklin,et al.  Advances in Cryptology – CRYPTO 2004 , 2004, Lecture Notes in Computer Science.

[15]  Aaron Roth,et al.  A learning theory approach to noninteractive database privacy , 2011, JACM.

[16]  Sofya Raskhodnikova,et al.  Smooth sensitivity and sampling in private data analysis , 2007, STOC '07.

[17]  Helmut Seidl,et al.  Exact XML Type Checking in Polynomial Time , 2007, ICDT.

[18]  Kunal Talwar,et al.  Mechanism Design via Differential Privacy , 2007, 48th Annual IEEE Symposium on Foundations of Computer Science (FOCS'07).

[19]  Sofya Raskhodnikova,et al.  What Can We Learn Privately? , 2008, FOCS.

[20]  Clifford Stein,et al.  Introduction to Algorithms, 2nd edition. , 2001 .

[21]  Michael A. Saunders,et al.  Atomic Decomposition by Basis Pursuit , 1998, SIAM J. Sci. Comput..

[22]  Cynthia Dwork,et al.  Ask a Better Question, Get a Better Answer A New Approach to Private Data Analysis , 2007, ICDT.

[23]  N. Alon,et al.  The Probabilistic Method, Second Edition , 2000 .

[24]  Noga Alon,et al.  The Probabilistic Method , 2015, Fundamentals of Ramsey Theory.

[25]  Pravin M. Vaidya,et al.  An algorithm for linear programming which requires O(((m+n)n2+(m+n)1.5n)L) arithmetic operations , 1990, Math. Program..

[26]  R. K. Shyamasundar,et al.  Introduction to algorithms , 1996 .

[27]  Cynthia Dwork,et al.  The price of privacy and the limits of LP decoding , 2007, STOC '07.

[28]  Daniel A. Spielman,et al.  Spectral Graph Theory and its Applications , 2007, 48th Annual IEEE Symposium on Foundations of Computer Science (FOCS'07).

[29]  Moni Naor,et al.  Our Data, Ourselves: Privacy Via Distributed Noise Generation , 2006, EUROCRYPT.

[30]  Serge Vaudenay,et al.  Advances in Cryptology - EUROCRYPT 2006 , 2006, Lecture Notes in Computer Science.

[31]  Madhu Sudan,et al.  Highly Resilient Correctors for Polynomials , 1992, Inf. Process. Lett..

[32]  Nabil R. Adam,et al.  Security-control methods for statistical databases: a comparative study , 1989, ACM Comput. Surv..

[33]  Arie Shoshani,et al.  Statistical Databases: Characteristics, Problems, and some Solutions , 1982, VLDB.

[34]  Robin Milner,et al.  On Observing Nondeterminism and Concurrency , 1980, ICALP.