Shuaiqi Wang,Zinan Lin,Giulia Fanti

2024-11-28

Abstract:We introduce a privacy measure called statistic maximal leakage that quantifies how much a privacy mechanism leaks about a specific secret, relative to the adversary's prior information about that secret. Statistic maximal leakage is an extension of the well-known maximal leakage. Unlike maximal leakage, which protects an arbitrary, unknown secret, statistic maximal leakage protects a single, known secret. We show that statistic maximal leakage satisfies composition and post-processing properties. Additionally, we show how to efficiently compute it in the special case of deterministic data release mechanisms. We analyze two important mechanisms under statistic maximal leakage: the quantization mechanism and randomized response. We show theoretically and empirically that the quantization mechanism achieves better privacy-utility tradeoffs in the settings we study.

Information Theory

Leonhard Grosse,Sara Saeidian,Tobias J. Oechtering

DOI: https://doi.org/10.1109/tifs.2024.3449556

IF: 7.231

2024-09-11

IEEE Transactions on Information Forensics and Security

Abstract:Data publishing under privacy constraints can be achieved with mechanisms that add randomness to data points when released to an untrusted party, thereby decreasing the data's utility. In this paper, we analyze this privacy-utility tradeoff for the pointwise maximal leakage (PML) privacy measure and provide optimal privacy mechanisms for a general class of convex utility functions. PML was recently proposed as an operationally meaningful privacy measure based on two equivalent threat models: An adversary guessing a randomized function and an adversary aiming to maximize a general gain function. We prove a cardinality bound, showing that output alphabets of optimal mechanisms in this context need not to be larger than the size of their inputs. Then, we characterize the optimization region as a (convex) polytope. We derive closed-form optimal privacy mechanisms for arbitrary priors in the high privacy regime (when the privacy parameter is sufficiently small) and uniform priors for all ranges of the privacy parameter using tools from convex analysis. Furthermore, we present a linear program that can compute optimal mechanisms for PML in a general setting. We conclude by demonstrating the performance of the closed-form mechanisms through numerical simulations.

computer science, theory & methods,engineering, electrical & electronic

Amirreza Zamani,Tobias J. Oechtering,Mikael Skoglund

DOI: https://doi.org/10.48550/arXiv.2107.07484

2021-07-16

Abstract:We study a statistical signal processing privacy problem, where an agent observes useful data $Y$ and wants to reveal the information to a user. Since the useful data is correlated with the private data $X$, the agent employs a privacy mechanism to generate data $U$ that can be released. We study the privacy mechanism design that maximizes the revealed information about $Y$ while satisfying a strong $\ell_1$-privacy criterion. When a sufficiently small leakage is allowed, we show that the optimizer vectors of the privacy mechanism design problem have a specific geometry, i.e., they are perturbations of fixed vector distributions. This geometrical structure allows us to use a local approximation of the conditional entropy. By using this approximation the original optimization problem can be reduced to a linear program so that an approximate solution for privacy mechanism can be easily obtained. The main contribution of this work is to consider non-zero leakage with a non-invertible leakage matrix. In an example inspired by water mark application, we first investigate the accuracy of the approximation. Then, we employ different measures for utility and privacy leakage to compare the privacy-utility trade-off using our approach with other methods. In particular, it has been shown that by allowing small leakage, significant utility can be achieved using our method compared to the case where no leakage is allowed.

Information Theory

Sara Saeidian,Giulia Cervia,Tobias J. Oechtering,Mikael Skoglund

2024-10-25

Abstract:This paper introduces a paradigm shift in the way privacy is defined, driven by a novel interpretation of the fundamental result of Dwork and Naor about the impossibility of absolute disclosure prevention. We propose a general model of utility and privacy in which utility is achieved by disclosing the value of low-entropy features of a secret $X$, while privacy is maintained by hiding the value of high-entropy features of $X$. Adopting this model, we prove that, contrary to popular opinion, it is possible to provide meaningful inferential privacy guarantees. These guarantees are given in terms of an operationally-meaningful information measure called pointwise maximal leakage (PML) and prevent privacy breaches against a large class of adversaries regardless of their prior beliefs about $X$. We show that PML-based privacy is compatible with and provides insights into existing notions such as differential privacy. We also argue that our new framework enables highly flexible mechanism designs, where the randomness of a mechanism can be adjusted to the entropy of the data, ultimately, leading to higher utility.

Cryptography and Security,Information Theory

Qing Yang,Cheng Wang,Haifeng Yuan,Jipeng Cui,Hu Teng,Xue Chen,Changjun Jiang

DOI: https://doi.org/10.1109/tifs.2024.3354412

IF: 7.231

2024-02-14

IEEE Transactions on Information Forensics and Security

Abstract:The possibility for public attributes to disclose private information has caused widespread concern. Traditional privacy-preserving approaches have two limitations: 1) Approaches based on data anonymization or distortion often lead to poor utility-privacy trade-offs, and 2) approaches based on data encryption face heavy computational costs. These problems have prompted calls for an effective privacy-preserving framework that provides adequate privacy guarantees while maintaining good data utility. Inspired by denoising autoencoders, in this paper, we regard the information about privacy attributes contained in the public attributes as a kind of noise and design an ex ante privacy-preserving model called the Mutual Information Autoencoder (MIAE), which reconstructs the loss function of the original autoencoder by combining reconstruction errors and mutual information, and we introduce a trade-off coefficient to achieve utility-privacy trade-offs. To elucidate the superiority of the proposed model, we consider utility-privacy trade-offs with the expected distortion function as a metric of data utility and the joint mutual information as a metric of privacy disclosure, and then, we construct a convex optimization problem with multiple constraints based on rate-distortion theory. From an information theory perspective, we provide a lower bound for privacy disclosure with utility guarantees. Elaborate experiments over a real-world dataset reveal that as the level of expected distortion increases, the achievable bound obtained by MIAE exhibits a trend similar to that of the information-theoretic bound. When the expected distortion surpasses 2.2, the achievable bound obtained by MIAE also converges to 0, and the maximum gap between the achievable bound obtained by MIAE and the information-theoretic bound is no more than 1.4. Compared to existing models, MIAE can provide a tighter achievable bound and achieve good utility-privacy trade-offs.

computer science, theory & methods,engineering, electrical & electronic

Ye Wang,Yuksel Ozan Basciftci,Prakash Ishwar

DOI: https://doi.org/10.48550/arXiv.1710.09295

2017-10-25

Information Theory

Abstract:Privacy-preserving data release mechanisms aim to simultaneously minimize information-leakage with respect to sensitive data and distortion with respect to useful data. Dependencies between sensitive and useful data results in a privacy-utility tradeoff that has strong connections to generalized rate-distortion problems. In this work, we study how the optimal privacy-utility tradeoff region is affected by constraints on the data that is directly available as input to the release mechanism. In particular, we consider the availability of only sensitive data, only useful data, and both (full data). We show that a general hierarchy holds: the tradeoff region given only the sensitive data is no larger than the region given only the useful data, which in turn is clearly no larger than the region given both sensitive and useful data. In addition, we determine conditions under which the tradeoff region given only the useful data coincides with that given full data. These are based on the common information between the sensitive and useful data. We establish these results for general families of privacy and utility measures that satisfy certain natural properties required of any reasonable measure of privacy or utility. We also uncover a new, subtler aspect of the data processing inequality for general non-symmetric privacy measures and discuss its operational relevance and implications. Finally, we derive exact closed-analytic-form expressions for the privacy-utility tradeoffs for symmetrically dependent sensitive and useful data under mutual information and Hamming distortion as the respective privacy and utility measures.

Bo Ma,W. Yan,E. Lai,Jingsong Wu

DOI: https://doi.org/10.1007/978-3-030-72073-5_1

2021-01-01

Abstract:Centralised machine learning brings in side effect pertaining to privacy preservation, most of machine learning methods prone to using the frameworks without privacy protection, as current methods for privacy preservation will slow down model training and testing. In order to resolve this problem, we develop a new noise generating method based on information entropy by using differential privacy for betterment the privacy protection which owns the architecture of federated machine learning. Our experiments unveil that this solution effectively preserves privacy in the vein of centralized federated learning. The gained accuracy is promising which has a room to be uplifted.

Amirreza Zamani,Tobias J. Oechtering,Mikael Skoglund

DOI: https://doi.org/10.1109/TIFS.2021.3053462

2021-03-23

Abstract:In this paper, we study a stochastic disclosure control problem using information-theoretic methods. The useful data to be disclosed depend on private data that should be protected. Thus, we design a privacy mechanism to produce new data which maximizes the disclosed information about the useful data under a strong $\chi^2$-privacy criterion. For sufficiently small leakage, the privacy mechanism design problem can be geometrically studied in the space of probability distributions by a local approximation of the mutual information. By using methods from Euclidean information geometry, the original highly challenging optimization problem can be reduced to a problem of finding the principal right-singular vector of a matrix, which characterizes the optimal privacy mechanism. In two extensions we first consider a scenario where an adversary receives a noisy version of the user's message and then we look for a mechanism which finds $U$ based on observing $X$, maximizing the mutual information between $U$ and $Y$ while satisfying the privacy criterion on $U$ and $Z$ under the Markov chain $(Z,Y)-X-U$.

Information Theory

Leonhard Grosse,Sara Saeidian,Parastoo Sadeghi,Tobias J. Oechtering,Mikael Skoglund

2024-02-20

Abstract:We examine the relationship between privacy metrics that utilize information density to measure information leakage between a private and a disclosed random variable. Firstly, we prove that bounding the information density from above or below in turn implies a lower or upper bound on the information density, respectively. Using this result, we establish new relationships between local information privacy, asymmetric local information privacy, pointwise maximal leakage and local differential privacy. We further provide applications of these relations to privacy mechanism design. Furthermore, we provide statements showing the equivalence between a lower bound on information density and risk-averse adversaries. More specifically, we prove an equivalence between a guessing framework and a cost-function framework that result in the desired lower bound on the information density.

Cryptography and Security

Amedeo Roberto Esposito,Michael Gastpar,Ibrahim Issa

DOI: https://doi.org/10.48550/arXiv.1903.01777

2019-03-05

Abstract:There is an increasing concern that most current published research findings are false. The main cause seems to lie in the fundamental disconnection between theory and practice in data analysis. While the former typically relies on statistical independence, the latter is an inherently adaptive process: new hypotheses are formulated based on the outcomes of previous analyses. A recent line of work tries to mitigate these issues by enforcing constraints, such as differential privacy, that compose adaptively while degrading gracefully and thus provide statistical guarantees even in adaptive contexts. Our contribution consists in the introduction of a new approach, based on the concept of Maximal Leakage, an information-theoretic measure of leakage of information. The main result allows us to compare the probability of an event happening when adaptivity is considered with respect to the non-adaptive scenario. The bound we derive represents a generalization of the bounds used in non-adaptive scenarios (e.g., McDiarmid's inequality for $c$-sensitive functions, false discovery error control via significance level, etc.), and allows us to replicate or even improve, in certain regimes, the results obtained using Max-Information or Differential Privacy. In contrast with the line of work started by Dwork et al., our results do not rely on Differential Privacy but are, in principle, applicable to every algorithm that has a bounded leakage, including the differentially private algorithms and the ones with a short description length.

Machine Learning,Information Theory

Mangesh Gupte,Mukund Sundararajan

DOI: https://doi.org/10.48550/arXiv.1001.2767

2010-01-16

Abstract:A scheme that publishes aggregate information about sensitive data must resolve the trade-off between utility to information consumers and privacy of the database participants. Differential privacy is a well-established definition of privacy--this is a universal guarantee against all attackers, whatever their side-information or intent. In this paper, we present a universal treatment of utility based on the standard minimax rule from decision theory (in contrast to the utility model in, which is Bayesian). In our model, information consumers are minimax (risk-averse) agents, each possessing some side-information about the query, and each endowed with a loss-function which models their tolerance to inaccuracies. Further, information consumers are rational in the sense that they actively combine information from the mechanism with their side-information in a way that minimizes their loss. Under this assumption of rational behavior, we show that for every fixed count query, a certain geometric mechanism is universally optimal for all minimax information consumers. Additionally, our solution makes it possible to release query results at multiple levels of privacy in a collusion-resistant manner.

Cryptography and Security,Databases,Data Structures and Algorithms

Lihao Nan,Dacheng Tao

DOI: https://doi.org/10.1016/j.jpdc.2019.09.010

IF: 4.542

2020-01-01

Journal of Parallel and Distributed Computing

Abstract:Here we consider a common data encryption problem encountered by users who want to disclose some data to gain utility but preserve their private information. Specifically, we consider the inference attack, in which an adversary conducts inference on the disclosed data to gain information about users' private data. Following privacy funnel (Makhdoumi et al., 2014), assuming that the original data X is transformed into Z before disclosing and the log loss is used for both privacy and utility metrics, then the problem can be modeled as finding a mapping X -> Z that maximizes mutual information between X and Z subject to a constraint that the mutual information between Z and private data S is smaller than a predefined threshold epsilon. In contrast to the original study (Makhdoumi et al., 2014), which only focused on discrete data, we consider the more general and practical setting of continuous and high-dimensional disclosed data (e.g., image data). Most previous work on privacy-preserving representation learning is based on adversarial learning or generative adversarial networks, which has been shown to suffer from the vanishing gradient problem, and it is experimentally difficult to eliminate the relationship with private data Y when Z is constrained to retain more information about X. Here we propose a simple but effective variational approach that does not rely on adversarial training. Our experimental results show that our approach is stable and outperforms previous methods in terms of both downstream task accuracy and mutual information estimation. (C) 2019 Elsevier Inc. All rights reserved.

Fang Liu

DOI: https://doi.org/10.1109/TKDE.2018.2845388

2017-12-24

Abstract:Assessment of disclosure risk is of paramount importance in the research and applications of data privacy techniques. The concept of differential privacy (DP) formalizes privacy in probabilistic terms and provides a robust concept for privacy protection without making assumptions about the background knowledge of adversaries. Practical applications of DP involve development of DP mechanisms to release results at a pre-specified privacy budget. In this paper, we generalize the widely used Laplace mechanism to the family of generalized Gaussian (GG) mechanism based on the $l_p$ global sensitivity of statistical queries. We explore the theoretical requirement for the GG mechanism to reach DP at prespecified privacy parameters, and investigate the connections and differences between the GG mechanism and the Exponential mechanism based on the GG distribution We also present a lower bound on the scale parameter of the Gaussian mechanism of $(\epsilon,\delta)$-probabilistic DP as a special case of the GG mechanism, and compare the statistical utility of the sanitized results in the tail probability and dispersion in the Gaussian and Laplace mechanisms. Lastly, we apply the GG mechanism in 3 experiments (the mildew, Czech, adult data), and compare the accuracy of sanitized results via the $l_1$ distance and Kullback-Leibler divergence and examine how sanitization affects the prediction power of a classifier constructed with the sanitized data in the adult experiment.

Statistics Theory

Amirreza Zamani,Tobias J. Oechtering,Mikael Skoglund

2023-09-17

Abstract:The design of a statistical signal processing privacy problem is studied where the private data is assumed to be observable. In this work, an agent observes useful data $Y$, which is correlated with private data $X$, and wants to disclose the useful information to a user. A statistical privacy mechanism is employed to generate data $U$ based on $(X,Y)$ that maximizes the revealed information about $Y$ while satisfying a privacy criterion. To this end, we use extended versions of the Functional Representation Lemma and Strong Functional Representation Lemma and combine them with a simple observation which we call separation technique. New lower bounds on privacy-utility trade-off are derived and we show that they can improve the previous bounds. We study the obtained bounds in different scenarios and compare them with previous results.

Information Theory

Shuaiqi Wang,Shuran Zheng,Zinan Lin,Giulia Fanti,Zhiwei Steven Wu

2024-10-22

Abstract:Information disclosure can compromise privacy when revealed information is correlated with private information. We consider the notion of inferential privacy, which measures privacy leakage by bounding the inferential power a Bayesian adversary can gain by observing a released signal. Our goal is to devise an inferentially-private private information structure that maximizes the informativeness of the released signal, following the Blackwell ordering principle, while adhering to inferential privacy constraints. To achieve this, we devise an efficient release mechanism that achieves the inferentially-private Blackwell optimal private information structure for the setting where the private information is binary. Additionally, we propose a programming approach to compute the optimal structure for general cases given the utility function. The design of our mechanisms builds on our geometric characterization of the Blackwell-optimal disclosure mechanisms under privacy constraints, which may be of independent interest.

Cryptography and Security

Sophie Taylor,Praneeth Kumar Vippathalla,Justin P. Coon

2024-09-20

Abstract:Information theoretic leakage metrics quantify the amount of information about a private random variable $X$ that is leaked through a correlated revealed variable $Y$. They can be used to evaluate the privacy of a system in which an adversary, from whom we want to keep $X$ private, is given access to $Y$. Global information theoretic leakage metrics quantify the overall amount of information leaked upon observing $Y$, whilst their pointwise counterparts define leakage as a function of the particular realisation $y$ that the adversary sees, and thus can be viewed as random variables. We consider an adversary who observes a large number of independent identically distributed realisations of $Y$. We formalise the essential asymptotic behaviour of an information theoretic leakage metric, considering in turn what this means for pointwise and global metrics. With the resulting requirements in mind, we take an axiomatic approach to defining a set of pointwise leakage metrics, as well as a set of global leakage metrics that are constructed from them. The global set encompasses many known measures including mutual information, Sibson mutual information, Arimoto mutual information, maximal leakage, min entropy leakage, $f$-divergence metrics, and g-leakage. We prove that both sets follow the desired asymptotic behaviour. Finally, we derive composition theorems which quantify the rate of privacy degradation as an adversary is given access to a large number of independent observations of $Y$. It is found that, for both pointwise and global metrics, privacy degrades exponentially with increasing observations for the adversary, at a rate governed by the minimum Chernoff information between distinct conditional channel distributions. This extends the work of Wu et al. (2024), who have previously found this to be true for certain known metrics, including some that fall into our more general set.

Information Theory

Mousa Alfalayleh,Ljiljana Brankovic

DOI: https://doi.org/10.48550/arXiv.1409.2112

2014-09-07

Abstract:It is well recognised that data mining and statistical analysis pose a serious treat to privacy. This is true for financial, medical, criminal and marketing research. Numerous techniques have been proposed to protect privacy, including restriction and data modification. Recently proposed privacy models such as differential privacy and k-anonymity received a lot of attention and for the latter there are now several improvements of the original scheme, each removing some security shortcomings of the previous one. However, the challenge lies in evaluating and comparing privacy provided by various techniques. In this paper we propose a novel entropy based security measure that can be applied to any generalisation, restriction or data modification technique. We use our measure to empirically evaluate and compare a few popular methods, namely query restriction, sampling and noise addition.

Cryptography and Security

Fangwei Ye,Hyunghoon Cho,Salim El Rouayheb

DOI: https://doi.org/10.1109/tit.2022.3156276

Abstract:Motivated by the growing availability of personal genomics services, we study an information-theoretic privacy problem that arises when sharing genomic data: a user wants to share his or her genome sequence while keeping the genotypes at certain positions hidden, which could otherwise reveal critical health-related information. A straightforward solution of erasing (masking) the chosen genotypes does not ensure privacy, because the correlation between nearby positions can leak the masked genotypes. We introduce an erasure-based privacy mechanism with perfect information-theoretic privacy, whereby the released sequence is statistically independent of the sensitive genotypes. Our mechanism can be interpreted as a locally-optimal greedy algorithm for a given processing order of sequence positions, where utility is measured by the number of positions released without erasure. We show that finding an optimal order is NP-hard in general and provide an upper bound on the optimal utility. For sequences from hidden Markov models, a standard modeling approach in genetics, we propose an efficient algorithmic implementation of our mechanism with complexity polynomial in sequence length. Moreover, we illustrate the robustness of the mechanism by bounding the privacy leakage from erroneous prior distributions. Our work is a step towards more rigorous control of privacy in genomic data sharing.

Songtao Guo,Xintao Wu

2007-01-01

Abstract:Several perturbation techniques have been proposed for privacy preserving data mining, among which the most popular ones are the additive noise based randomization approach and the rotation based perturbation approach. This paper first presents a general framework based on the general linear transformation, which incorporates both the ad ditive noise based and the rotation based perturbation approaches. Then it explores its privacy preserving property . Specifically, an Independent Component Analysis based reconstruction method, AK-ICA, is proposed to breach privacy when a subset of sample data are a-priori known by attackers. The theoretical analysis and experimental resu lts show that all current transformed privacy preserving data mining techniques may need a careful scrutiny in order to prevent privacy breaches when a subset of sample data are available.