Quantification of De-anonymization Risks in Social Networks

The risks of publishing privacy-sensitive data have received considerable attention recently. Several de-anonymization attacks have been proposed to re-identify individuals even if data anonymization techniques were applied. However, there is no theoretical quantification for relating the data utility that is preserved by the anonymization techniques and the data vulnerability against de-anonymization attacks. In this paper, we theoretically analyze the de-anonymization attacks and provide conditions on the utility of the anonymized data (denoted by anonymized utility) to achieve successful de-anonymization. To the best of our knowledge, this is the first work on quantifying the relationships between anonymized utility and de-anonymization capability. Unlike previous work, our quantification analysis requires no assumptions about the graph model, thus providing a general theoretical guide for developing practical de-anonymization/anonymization techniques. Furthermore, we evaluate state-of-the-art de-anonymization attacks on a real-world Facebook dataset to show the limitations of previous work. By comparing these experimental results and the theoretically achievable de-anonymization capability derived in our analysis, we further demonstrate the ineffectiveness of previous de-anonymization attacks and the potential of more powerful de-anonymization attacks in the future.

[1]  Feng Xiao,et al.  SybilLimit: A Near-Optimal Social Network Defense against Sybil Attacks , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[2]  George Danezis,et al.  An Automated Social Graph De-anonymization Technique , 2014, WPES.

[3]  Shouling Ji,et al.  Structural Data De-anonymization: Quantification, Practice, and Implications , 2014, CCS.

[4]  Cynthia Dwork,et al.  Wherefore art thou r3579x?: anonymized social networks, hidden patterns, and structural steganography , 2007, WWW '07.

[5]  Prateek Mittal,et al.  Pisces: Anonymous Communication Using Social Networks , 2013, NDSS.

[6]  Matthias Grossglauser,et al.  A Bayesian method for matching two similar graphs without seeds , 2013, 2013 51st Annual Allerton Conference on Communication, Control, and Computing (Allerton).

[7]  Ben Y. Zhao,et al.  Sharing graphs using differentially private graph models , 2011, IMC '11.

[8]  Krishna P. Gummadi,et al.  On the evolution of user interaction in Facebook , 2009, WOSN '09.

[9]  Donald F. Towsley,et al.  Resisting structural re-identification in anonymized social networks , 2010, The VLDB Journal.

[10]  Francesco Buccafurri,et al.  Discovering missing me edges across social networks , 2015, Inf. Sci..

[11]  Dawn Xiaodong Song,et al.  Preserving Link Privacy in Social Network Based Systems , 2012, NDSS.

[12]  Prateek Mittal,et al.  LinkMirage: Enabling Privacy-preserving Analytics on Social Relationships , 2016, NDSS.

[13]  Prateek Mittal,et al.  SecGraph: A Uniform and Open-source Evaluation System for Graph Data Anonymization and De-anonymization , 2015, USENIX Security Symposium.

[14]  Michael Hicks,et al.  Deanonymizing mobility traces: using social network as a side-channel , 2012, CCS.

[15]  Mark Newman,et al.  Networks: An Introduction , 2010 .

[16]  Vitaly Shmatikov,et al.  De-anonymizing Social Networks , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[17]  Mark E. J. Newman,et al.  The Structure and Function of Complex Networks , 2003, SIAM Rev..

[18]  Yong-Yeol Ahn,et al.  Community-Enhanced De-anonymization of Online Social Networks , 2014, CCS.

[19]  Prateek Mittal,et al.  On Your Social Network De-anonymizablity: Quantification and Large Scale Evaluation with Seed Knowledge , 2015, NDSS.

[20]  Michael Kaminsky,et al.  SybilLimit: A Near-Optimal Social Network Defense against Sybil Attacks , 2008, S&P 2008.

[21]  Silvio Lattanzi,et al.  An efficient reconciliation algorithm for social networks , 2013, Proc. VLDB Endow..

[22]  Matthias Grossglauser,et al.  On the privacy of anonymized networks , 2011, KDD.

[23]  Prateek Mittal,et al.  Dependence Makes You Vulnberable: Differential Privacy Under Dependent Tuples , 2016, NDSS.

[24]  Michele Garetto,et al.  De-anonymizing scale-free social networks by percolation graph matching , 2014, 2015 IEEE Conference on Computer Communications (INFOCOM).

[25]  Richard W. Hamming,et al.  Error detecting and error correcting codes , 1950 .

[26]  P. Erdos,et al.  On the evolution of random graphs , 1984 .

[27]  Yan Liu,et al.  EBM: an entropy-based model to infer social strength from spatiotemporal data , 2013, SIGMOD '13.

[28]  M. Chiani Error Detecting and Error Correcting Codes , 2012 .

[29]  Adam Tauman Kalai,et al.  Trust-based recommendation systems: an axiomatic approach , 2008, WWW.

[30]  ASHWIN MACHANAVAJJHALA,et al.  L-diversity: privacy beyond k-anonymity , 2006, 22nd International Conference on Data Engineering (ICDE'06).

[31]  Cynthia Dwork,et al.  Differential Privacy , 2006, ICALP.

[32]  K. Liu,et al.  Towards identity anonymization on graphs , 2008, SIGMOD Conference.

[33]  Siddharth Srivastava,et al.  Anonymizing Social Networks , 2007 .

[34]  Vitaly Shmatikov,et al.  Robust De-anonymization of Large Sparse Datasets , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).