Wei Jiang,Chris Clifton

DOI: https://doi.org/10.1007/s00778-006-0008-z

2006-08-05

The VLDB Journal

Abstract:Abstractk-anonymity provides a measure of privacy protection by preventing re-identification of data to fewer than a group of k data items. While algorithms exist for producing k-anonymous data, the model has been that of a single source wanting to publish data. Due to privacy issues, it is common that data from different sites cannot be shared directly. Therefore, this paper presents a two-party framework along with an application that generates k-anonymous data from two vertically partitioned sources without disclosing data from one site to the other. The framework is privacy preserving in the sense that it satisfies the secure definition commonly defined in the literature of Secure Multiparty Computation.

computer science, information systems, hardware & architecture

Guofei Chai,Miao Xu,Wenyuan Xu,Zhiyun Lin

DOI: https://doi.org/10.1155/2012/648058

IF: 1.938

2012-01-01

International Journal of Distributed Sensor Networks

Abstract:Due to the shared nature of wireless communication media, a powerful adversary can eavesdrop on the entire radio communication in the network and obtain the contextual communication statistics, for example, traffic volumes, transmitter locations, and so forth. Such information can reveal the location of the sink around which the data traffic exhibits distinctive patterns. To protect the sink-location privacy from a powerful adversary with a global view, we propose to achieve k-anonymity in the network so that at least k entities in the network are indistinguishable to the nodes around the sink with regard to communication statistics. Arranging the location of k entities is complex as it affects two conflicting goals: the routing energy cost and the achievable privacy level, and both goals are determined by a nonanalytic function. We model such a positioning problem as a nonlinearly constrained nonlinear optimization problem. To tackle it, we design a generic-algorithm-based quasi-optimal (GAQO) method that obtains quasi-optimal solutions at quadratic time. The obtained solutions closely approximate the optima with increasing privacy requirements. Furthermore, to solve k-anonymity sink-location problems more efficiently, we develop an artificial potential-based quasi-optimal (APQO) method that is of linear time complexity. Our extensive simulation results show that both algorithms can effectively find solutions hiding the sink among a large number of network nodes.

Sheng Zhong,Zhiqiang Yang,Rebecca N. Wright

DOI: https://doi.org/10.1145/1065167.1065185

2005-01-01

Abstract:In order to protect individuals' privacy, the technique of k -anonymization has been proposed to de-associate sensitive attributes from the corresponding identifiers. In this paper, we provide privacy-enhancing methods for creating k -anonymous tables in a distributed scenario. Specifically, we consider a setting in which there is a set of customers, each of whom has a row of a table, and a miner, who wants to mine the entire table. Our objective is to design protocols that allow the miner to obtain a k -anonymous table representing the customer data, in such a way that does not reveal any extra information that can be used to link sensitive attributes to corresponding identifiers, and without requiring a central authority who has access to all the original data. We give two different formulations of this problem, with provably private solutions. Our solutions enhance the privacy of k -anonymization in the distributed scenario by maintaining end-to-end privacy from the original customer data to the final k -anonymous results.

Sai Wu,Xiaoli Wang,Sheng Wang,Zhenjie Zhang,Anthony K. H. Tung

DOI: https://doi.org/10.1109/tkde.2013.93

IF: 9.235

2014-01-01

IEEE Transactions on Knowledge and Data Engineering

Abstract:In crowdsourcing database, human operators are embedded into the database engine and collaborate with other conventional database operators to process the queries. Each human operator publishes small HITs (Human Intelligent Task) to the crowdsourcing platform, which consists of a set of database records and corresponding questions for human workers. The human workers complete the HITs and return the results to the crowdsourcing database for further processing. In practice, published records in HITs may contain sensitive attributes, probably causing privacy leakage so that malicious workers could link them with other public databases to reveal individual private information. Conventional privacy protection techniques, such as K-Anonymity , can be applied to partially solve the problem. However, after generalizing the data, the result of standard K-Anonymity algorithms may render uncontrollable information loss and affects the accuracy of crowdsourcing. In this paper, we first study the tradeoff between the privacy and accuracy for the human operator within data anonymization process. A probability model is proposed to estimate the lower bound and upper bound of the accuracy for general K-Anonymity approaches. We show that searching the optimal anonymity approach is NP-Hard and only heuristic approach is available. The second contribution of the paper is a general feedback-based K-Anonymity scheme. In our scheme, synthetic samples are published to the human workers, the results of which are used to guide the selection on anonymity strategies. We apply the scheme on Mondrian algorithm by adaptively cutting the dimensions based on our feedback results on the synthetic samples. We evaluate the performance of the feedback-based approach on U.S. census dataset, and show that given a predefined $K$ , our proposal outperforms standard K-Anonymity approaches on retaining the effectiveness of crowdsourcing.

Manish Kesarwani,Akshar Kaul,Stefano Braghin,Naoise Holohan,Spiros Antonatos

DOI: https://doi.org/10.48550/arXiv.2108.04780

2021-08-11

Abstract:Data protection algorithms are becoming increasingly important to support modern business needs for facilitating data sharing and data monetization. Anonymization is an important step before data sharing. Several organizations leverage on third parties for storing and managing data. However, third parties are often not trusted to store plaintext personal and sensitive data; data encryption is widely adopted to protect against intentional and unintentional attempts to read personal/sensitive data. Traditional encryption schemes do not support operations over the ciphertexts and thus anonymizing encrypted datasets is not feasible with current approaches. This paper explores the feasibility and depth of implementing a privacy-preserving data publishing workflow over encrypted datasets leveraging on homomorphic encryption. We demonstrate how we can achieve uniqueness discovery, data masking, differential privacy and k-anonymity over encrypted data requiring zero knowledge about the original values. We prove that the security protocols followed by our approach provide strong guarantees against inference attacks. Finally, we experimentally demonstrate the performance of our data publishing workflow components.

Cryptography and Security

Xiangmin Ren,Jing Yang

DOI: https://doi.org/10.1109/icbecs.2010.5462427

2012-01-01

International Journal of Advancements in Computing Technology

Abstract:In traditional database domain, k-anonymity is a hotspot in data publishing for privacy protection. In this paper, we study how to use k-anonymity in uncertain data set, use influence matrix of background knowledge to describe the influence degree of sensitive attribute produced by QI attributes and sensitive attribute itself, use BK(L,K)-clustering to present equivalent class with diversity, and a novel UDAK-anonymity model via anatomy is proposed for relational uncertain data. We will extend our ideas for handling how to solve privacy information leakage problem by using UDAK-anonymity algorithms in another paper.

Xianmang He,HuaHui Chen,Yefang Chen,Yihong Dong,Peng Wang,Zhenhua Huang

DOI: https://doi.org/10.1007/978-3-642-30217-6_34

2012-01-01

Abstract:Privacy is one of major concerns when data containing sensitive information needs to be released for ad hoc analysis, which has attracted wide research interest on privacy-preserving data publishing in the past few years. One approach of strategy to anonymize data is generalization. In a typical generalization approach, tuples in a table was first divided into many QI (quasi-identifier)-groups such that the size of each QI-group is no less than k . Clustering is to partition the tuples into many clusters such that the points within a cluster are more similar to each other than points in different clusters. The two methods share a common feature: distribute the tuples into many small groups. Motivated by this observation, we propose a clustering-based k -anonymity algorithm, which achieves k -anonymity through clustering. Extensive experiments on real data sets are also conducted, showing that the utility has been improved by our approach.

Sheng Zhong,Zhiqiang Yang,Tingting Chen

DOI: https://doi.org/10.1016/j.ins.2009.05.004

IF: 8.1

2009-01-01

Information Sciences

Abstract:To protect individual privacy in data mining, when a miner collects data from respondents, the respondents should remain anonymous. The existing technique of Anonymity-Preserving Data Collection partially solves this problem, but it assumes that the data do not contain any identifying information about the corresponding respondents. On the other hand, the existing technique of Privacy-Enhancing k-Anonymization can make the collected data anonymous by eliminating the identifying information. However, it assumes that each respondent submits her data through an unidentified communication channel. In this paper, we propose k-Anonymous Data Collection, which has the advantages of both Anonymity-Preserving Data Collection and Privacy-Enhancing k-Anonymization but does not rely on their assumptions described above. We give rigorous proofs for the correctness and privacy of our protocol, and experimental results for its efficiency. Furthermore, we extend our solution to the fully malicious model, in which a dishonest participant can deviate from the protocol and behave arbitrarily.

Jingyu Hua,An Tang,Qingyun Pan,Kim-Kwang Raymond Choo,Hong Ding,Yizhi Ren

DOI: https://doi.org/10.1155/2017/9532163

IF: 1.968

2017-01-01

Security and Communication Networks

Abstract:In collaborative data publishing (CDP), an m-adversary attack refers to a scenario where up to m malicious data providers collude to infer data records contributed by other providers. Existing solutions either rely on a trusted third party (TTP) or introduce expensive computation and communication overheads. In this paper, we present a practical distributed k-anonymization scheme, m-k-anonymization, designed to defend against m-adversary attacks without relying on any TTPs. We then prove its security in the semihonest adversary model and demonstrate how an extension of the scheme can also be proven secure in a stronger adversary model. We also evaluate its efficiency using a commonly used dataset.

Lin Sun,Jun Zhao,Xiaojun Ye

DOI: https://doi.org/10.48550/arxiv.1906.11441

2019-01-01

Abstract:Clustering and analyzing on collected data can improve user experiences and quality of services in big data, IoT applications. However, directly releasing original data brings potential privacy concerns, which raises challenges and opportunities for privacy-preserving clustering. In this paper, we study the problem of non-interactive clustering in distributed setting under the framework of local differential privacy. We first extend the Bit Vector, a novel anonymization mechanism to be functionality-capable and privacy-preserving. Based on the modified encoding mechanism, we propose kCluster algorithm that can be used for clustering in the anonymized space. We show the modified encoding mechanism can be easily implemented in existing clustering algorithms that only rely on distance information, such as DBSCAN. Theoretical analysis and experimental results validate the effectiveness of the proposed schemes.

Ke Cheng,Liangmin Wang,Yulong Shen,Hua Wang,Yongzhi Wang,Xiaohong Jiang,Hong Zhong

DOI: https://doi.org/10.1109/tbdata.2017.2707552

2017-01-01

IEEE Transactions on Big Data

Abstract:The k-nearest neighbors (k-NN) query is a fundamental primitive in spatial and multimedia databases. It has extensive applications in location-based services, classification & clustering and so on. With the promise of confidentiality and privacy, massive data are increasingly outsourced to cloud in the encrypted form for enjoying the advantages of cloud computing (e.g., reduce storage and query processing costs). Recently, many schemes have been proposed to support k-NN query on encrypted cloud data. However, prior works have all assumed that the query users (QUs) are fully-trusted and know the key of the data owner (DO), which is used to encrypt and decrypt outsourced data. The assumptions are unrealistic in many situations, since many users are neither trusted nor knowing the key. In this paper, we propose a novel scheme for secure k-NN query on encrypted cloud data with multiple keys, in which the DO and each QU all hold their own different keys, and do not share them with each other; meanwhile, the DO encrypts and decrypts outsourced data using the key of his own. Our scheme is constructed by a distributed two trapdoors public-key cryptosystem (DT-PKC) and a set of protocols of secure two-party computation, which not only preserves the data confidentiality and query privacy but also supports the offline data owner. Our extensive theoretical and experimental evaluations demonstrate the effectiveness of our scheme in terms of security and performance.

Xiaolin Zhang,Xiaoyu He,Fang-Ming Yu,Lixin Liu,Huanxiang Zhang,Zhuolin Li

DOI: https://doi.org/10.1504/ijhpcn.2019.097506

2019-01-01

International Journal of High Performance Computing and Networking

Abstract:Considering the privacy issues on social network, a variety of anonymous techniques have been proposed, but these techniques neglect some differences among individuals in their demand for privacy protection. With the development of internet technology, the number of social network individuals increases yearly, and network data are poised for a massive change in trends. Motivated by this, we specify three levels of privacy information for victim individuals and propose a personalised k-degree-m-label (PKDML) anonymity model. Furthermore, we design and implement a distributed and personalised k-degree-m-lable (DPKDML) anonymisation algorithm, which takes advantage of the 'vertex-centric' GraphX programming model to complete the entire anonymous process by multiple message passing and node value updating. Finally, we conduct experiments on real social network datasets to evaluate the DPKDML, The experimental results show that our methods may overcome the shortcomings of traditional methods in processing massive data, and reduce anonymous costs and increase data utility.

Jianqiang Li,Ji-Jiang Yang,Yu Zhao,Bo Liu

DOI: https://doi.org/10.1080/17517575.2012.688223

2013-01-01

Enterprise Information Systems

Abstract:Data sharing in today's information society poses a threat to individual privacy and organisational confidentiality. k-anonymity is a widely adopted model to prevent the owner of a record being re-identified. By generalising and/or suppressing certain portions of the released dataset, it guarantees that no records can be uniquely distinguished from at least other k-1 records. A key requirement for the k-anonymity problem is to minimise the information loss resulting from data modifications. This article proposes a top-down approach to solve this problem. It first considers each record as a vertex and the similarity between two records as the edge weight to construct a complete weighted graph. Then, an edge cutting algorithm is designed to divide the complete graph into multiple trees/components. The Large Components with size bigger than 2k-1 are subsequently split to guarantee that each resulting component has the vertex number between k and 2k-1. Finally, the generalisation operation is applied on the vertices in each component (i.e. equivalence class) to make sure all the records inside have identical quasi-identifier values. We prove that the proposed approach has polynomial running time and theoretical performance guarantee O(k). The empirical experiments show that our approach results in substantial improvements over the baseline heuristic algorithms, as well as the bottom-up approach with the same approximate bound O(k). Comparing to the baseline bottom-up O(logk)-approximation algorithm, when the required k is smaller than 50, the adopted top-down strategy makes our approach achieve similar performance in terms of information loss while spending much less computing time. It demonstrates that our approach would be a best choice for the k-anonymity problem when both the data utility and runtime need to be considered, especially when k is set to certain value smaller than 50 and the record set is big enough to make the runtime have to be taken into account.

X. Ren,Jing Yang,Jian Pei Zhang,Z. Jia

DOI: https://doi.org/10.4028/www.scientific.net/AEF.6-7.64

2012-09-01

Abstract:In traditional database domain, k-anonymity is a hotspot in data publishing for privacy protection. In this paper, we study how to use k-anonymity in uncertain data set, use influence matrix of background knowledge to describe the influence degree of sensitive attribute produced by QI attributes and sensitive attribute itself, use BK(L,K)-clustering to present equivalent class with diversity, and a novel UDAK-anonymity model via anatomy is proposed for relational uncertain data. We will extend our ideas for handling how to solve privacy information leakage problem by using UDAK-anonymity algorithms in another paper.

Computer Science

Shenkun Xu,Xiaojun Ye

DOI: https://doi.org/10.1007/978-3-540-77535-5_25

2007-01-01

Abstract:Current optimizations for K-Anonymity pursue reduction of data distortion unilaterally, and rarely evaluate disclosure risk during process of anonymization. We propose an optimal K-Anonymity algorithm in which the balance of risk & distortion (RD) can be equilibrated at each anonymity stage: we first construct a generalization space (GS), then, we use the probability and entropy metric to measure RD for each node in GS, and finally we introduce releaser's RD preference to decide an optimal anonymity path. Our algorithm adequately considers the dual-impact on RD and obtains an optimal anonymity with satisfaction of releaser. The efficiency of our algorithm will be evaluated by extensive experiments.

Zengguo Sun

2009-01-01

Abstract:Most of the previous works on k-anonymization focused on one-time release of data.However,data is often released continuously to serve various information purposes in reality.The purpose of this study is to develop an effective solution for the re-publication of incremental datasets.By analyzing several possible generalizations in the anonymization for incremental updates,an important monotonic generalization principle is proposed to prevent privacy disclosure in re-publication.Based on the monotonic generalization principle,a partitioning based privacy preserving k-anonymous algorithm k-APPRP for re-publication is proposed.The theoretical analysis and experimental results indicate that k-APPRP can securely anonymize a continuously growing dataset in an efficient manner while assuring high data quality.

Tiancheng Li,Ninghui Li

DOI: https://doi.org/10.1016/j.datak.2007.06.015

IF: 1.5

2008-01-01

Data & Knowledge Engineering

Abstract:When releasing microdata for research purposes, one needs to preserve the privacy of respondents while maximizing data utility. An approach that has been studied extensively in recent years is to use anonymization techniques such as generalization and suppression to ensure that the released data table satisfies the k-anonymity property. A major thread of research in this area aims at developing more flexible generalization schemes and more efficient searching algorithms to find better anonymizations (i.e., those that have less information loss).

Jinling Song,Liming Huang,Gang Wang,Yan Kang,Haibin Liu

DOI: https://doi.org/10.3303/cet1546031

2015-01-01

Abstract:Even if k-anonymity model can prevent publishing data from disclosing privacy effectively and efficiently, due to the uneven distribution of the sensitive data, ordinary k-anonymization method cannot guarantee each tuple satisfying the personalized privacy requirement of it's data owner although the publishing table has been satisfied k-anonymity constraint. The reason which k-anonymity table fails to satisfy personalized privacy requirement is analyzed firstly, then Correlate degree of Sensitive Values, Leakage Collection, privacy disclosure metric and data quality metric are presented. At last an anonymization method satisfying personalized privacy requirements is presented, in which a utility-driven adaptive clustering method is proposed to partition tuples with similar best data quality.

Xiaofeng Ding,Qing Yu,Jiuyong Li,Jixue Liu,Hai Jin

DOI: https://doi.org/10.1007/978-3-642-37487-6_27

2013-01-01

Abstract:With the proliferation of cloud computing, there is an increasing need for sharing data repositories containing personal information across multiple distributed databases, and such data sharing is subject to different privacy constraints of multiple individuals. Most of the existing methods focus on single database anonymization, although the concept of distributed anonymization was discussed in some literatures, it only provides an uniform approach that exerts the same amount of preservation for all data providers, without catering for user's specific privacy requirements. The consequence is that we may offer insufficient protection to a subset of people, while applying excessive privacy budget to the others. Motivated by this, we present a new distributed anonymization protocol based on the concept of personalized privacy preservation. Our technique performs a personalized anonymization to satisfy multiple data provider's privacy requirements, and then publish their global anonymization view without any privacy breaches. Extensive experiments have been conducted to verify that our proposed protocol and anonymization method are efficient and effective. © Springer-Verlag 2013.

Ping Zhao,Hongbo Jiang,Chen Wang,Haojun Huang,Gaoyang Liu,Yang

DOI: https://doi.org/10.1109/jiot.2018.2858240

IF: 10.6

2019-01-01

IEEE Internet of Things Journal

Abstract:Internet of Things (IoT) applications bring in a great convenience for human's life, but users' data privacy concern is the major barrier toward the development of IoT. k-anonymity is a method to protect users' data privacy, but it is presently known to suffer from inference attacks. Thus far, existing work only relies on a number of experimental examples to validate k-anonymity's performance against inference attacks, and thereby lacks of a theoretical guarantee. To tackle this issue, in this paper we propose the first theoretical foundation that gives a nonasymptotic bound on the performance of k-anonymity against inference attacks, taking into consideration of adversaries' background information. The main idea is to first quantify adversaries' background information, and from the point of the view of adversaries, classify users' data into four kinds: 1) independent with unknown data values; 2) local dependent with unknown data values; 3) independent with certain known data values; and 4) local dependent with certain known data values. We then move one step further, theoretically proving the bound on the performance of k-anonymity corresponding to each of the four kinds of users' data through cooperating with the noiseless privacy. We argue that such a theoretical foundation links k-anonymity with noiseless privacy, theoretically proving k-anonymity provides noiseless privacy. Additionally, this paper theoretically explains why k-anonymity is vulnerable to inference attacks using the modified Stein method. Simulations on real check-in dataset from the location-based social network have validated our results. We believe that this paper can bridge the gap between design and evaluation, enabling a designer to construct a more practical k-anonymity technique in real-life scenarios to resist inference attacks.