Privacy Against Statistical Matching: Inter-User Correlation

Modern applications significantly enhance user experience by adapting to each user's individual condition and/or preferences. While this adaptation can greatly improve utility or be essential for the application to work (e.g., for ride-sharing applications), the exposure of user data to the application presents a significant privacy threat to the users, even when the traces are anonymized, since the statistical matching of an anonymized trace to prior user behavior can identify a user and their habits. Because of the current and growing algorithmic and computational capabilities of adversaries, provable privacy guarantees as a function of the degree of anonymization and obfuscation of the traces are necessary. Our previous work has established the requirements on anonymization and obfuscation in the case that data traces are independent between users. However, the data traces of different users will be dependent in many applications, and an adversary can potentially exploit such. In this paper, we consider the impact of correlation between user traces on their privacy. First, we demonstrate that the adversary can readily identify the association graph, revealing which user data traces are correlated. Next, we demonstrate that the adversary can use this association graph to break user privacy with significantly shorter traces than in the case when traces are independent between users, and that independent obfuscation of the data traces is often insufficient to remedy such. Finally, we discuss how the users can employ dependency in their obfuscation to improve their privacy.

[1]  Ashwin Machanavajjhala,et al.  No free lunch in data privacy , 2011, SIGMOD '11.

[2]  Hao Chen,et al.  Multi-User Location Correlation Protection with Differential Privacy , 2016, 2016 IEEE 22nd International Conference on Parallel and Distributed Systems (ICPADS).

[3]  Tianqing Zhu,et al.  Correlated Differential Privacy: Hiding Information in Non-IID Data Set , 2015, IEEE Transactions on Information Forensics and Security.

[4]  Martin Vetterli,et al.  Where You Are Is Who You Are: User Identification by Matching Statistics , 2015, IEEE Transactions on Information Forensics and Security.

[5]  Yunhao Liu,et al.  PLP: Protecting Location Privacy Against Correlation-Analysis Attack in Crowdsensing , 2015, 2015 44th International Conference on Parallel Processing.

[6]  Jun Zhang,et al.  PrivBayes: private data release via bayesian networks , 2014, SIGMOD Conference.

[7]  Jayakrishnan Unnikrishnan,et al.  Asymptotically Optimal Matching of Multiple Sequences to Source Distributions and Training Sequences , 2014, IEEE Transactions on Information Theory.

[8]  Nick Feamster,et al.  A Smart Home is No Castle: Privacy Vulnerabilities of Encrypted IoT Traffic , 2017, ArXiv.

[9]  Dennis Goeckel,et al.  Statistical matching in the presence of anonymization and obfuscation: Non-asymptotic results in the discrete case , 2018, 2018 52nd Annual Conference on Information Sciences and Systems (CISS).

[10]  Raed Al-Dhubhani,et al.  Correlation analysis for geo-indistinguishability based continuous LBS queries , 2017, 2017 2nd International Conference on Anti-Cyber Crimes (ICACC).

[11]  Niraj K. Jha,et al.  A Comprehensive Study of Security of Internet-of-Things , 2017, IEEE Transactions on Emerging Topics in Computing.

[12]  Dennis Goeckel,et al.  Fundamental limits of location privacy using anonymization , 2017, 2017 51st Annual Conference on Information Sciences and Systems (CISS).

[13]  Li Xiong,et al.  Protecting Locations with Differential Privacy under Temporal Correlations , 2014, CCS.

[14]  Athanasios V. Vasilakos,et al.  The Quest for Privacy in the Internet of Things , 2016, IEEE Cloud Computing.

[15]  Hossein Pishro-Nik,et al.  Matching Anonymized and Obfuscated Time Series to Users’ Profiles , 2017, IEEE Transactions on Information Theory.

[16]  Hossein Pishro-Nik,et al.  Achieving Perfect Location Privacy in Wireless Devices Using Anonymization , 2016, IEEE Transactions on Information Forensics and Security.

[17]  Hai Liu,et al.  Spatiotemporal correlation-aware dummy-based privacy protection scheme for location-based services , 2017, IEEE INFOCOM 2017 - IEEE Conference on Computer Communications.

[18]  Dennis Goeckel,et al.  Limits of location privacy under anonymization and obfuscation , 2017, 2017 IEEE International Symposium on Information Theory (ISIT).

[19]  Soma Bandyopadhyay,et al.  IoT-Privacy: To be private or not to be private , 2014, 2014 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[20]  Hiroshi Nakagawa,et al.  Bayesian Differential Privacy on Correlated Data , 2015, SIGMOD Conference.