Shumin Han,Kuixing Shen,Derong Shen,Chuang Wang

DOI: https://doi.org/10.3390/math12152337

IF: 2.4

2024-01-01

Mathematics

Abstract:With the world’s data volume growing exponentially, it becomes critical to link it and make decisions. Privacy-preserving record linkage (PPRL) aims to identify all the record information corresponding to the same entity from multiple data sources, without disclosing sensitive information. Previous works on multi-party PPRL methods typically adopt homomorphic encryption technology due to its ability to perform computations on encrypted data without needing to decrypt it first, thus maintaining data confidentiality. However, these methods have notable shortcomings, such as the risk of collusion among participants leading to the potential disclosure of private keys, high computational costs, and decreased efficiency. The advent of trusted execution environments (TEEs) offers a solution by protecting computations involving private data through hardware isolation, thereby eliminating reliance on trusted third parties, preventing malicious collusion, and improving efficiency. Nevertheless, TEEs are vulnerable to side-channel attacks. In this work, we propose an enhanced PPRL method based on TEE technology. Our methodology involves processing plaintext data within a TEE using the inner product mask technique, which effectively obfuscates the data, making it impervious to side-channel attacks. The experimental results demonstrate that our approach not only significantly improves resistance to side-channel attacks but also enhances efficiency, showing better performance and privacy preservation compared to existing methods. This work provides a robust solution to the challenges faced by current PPRL methods and sets the stage for future research aimed at further enhancing scalability and security.

Shumin Han,Zikang Wang,Dengrong Shen,Chuang Wang

DOI: https://doi.org/10.3390/math12121854

IF: 2.4

2024-06-15

Mathematics

Abstract:Privacy-preserving record linkage (PPRL) is the process of linking records from various data sources, ensuring that matching records for the same entity are shared among parties while not disclosing other sensitive data. However, most existing PPRL approaches currently rely on third parties for linking, posing risks of malicious tampering and privacy breaches, making it difficult to ensure the security of the linkage. Therefore, we propose a parallel multi-party PPRL method based on consortium blockchain technology which can effectively address the issue of semi-trusted third-party validation, auditing all parties involved in the PPRL process for potential malicious tampering or attacks. To improve the efficiency and security of consensus within a consortium blockchain, we propose a practical Byzantine fault tolerance consensus algorithm based on matching efficiency. Additionally, we have incorporated homomorphic encryption into Bloom filter encoding to enhance its security. To optimize computational efficiency, we have adopted the MapReduce model for parallel encryption and utilized a binary storage tree as the data structure for similarity computation. The experimental results show that our method can effectively ensure data security while also exhibiting relatively high linkage quality and scalability.

mathematics

Danni TONG,Derong SHEN,Shumin HAN,Tiezheng NIE,Yue KOU,Ge YU

2019-01-01

Abstract:Linking records that represent the same entity among different databases while protecting the privacy of entities stored in those databases is one of the core technologies for the safe and efficient integration of multi-party data resources. However, the existing blocking methods for privacy-preserving record linkage (PPRL) cannot ensure the recall and the precision at the same time, the strong privacy matching methods cost a lot of time and there are few matching studies for more than two databases. To address these problems, this paper proposes a multi-party strong-privacy-preserving record linkage method (MP-SPPRL). Firstly, a double blocking method with locality sensitive Hashing (LSH) blocking and suffix blocking is proposed, which uses dispersion to adjust the double blocking process. The method effectively improves the recall and precision of MP-SPPRL. Next, a sliding window is used to merge the blocks to generate candidate record groups for ensuring the fault-tolerant rate of MP-SPPRL. Then, a scalable multi-party matching algorithm based on secure multi-party computation (SMC) is designed by using the homomorphic Hamming distance calculation for large data. The algorithm significantly reduces the record matching cost by cutting encrypted records and stopping the distance calculation of candidate record groups that cannot be matched. Finally, the empirical evaluation demonstrates the high recall, high precision and high efficiency of MP-SPPRL.

Shu-Min HAN,De-Rong SHEN,Tie-Zheng NIE,Yue KOU,Ge YU

DOI: https://doi.org/10.13328/j.cnki.jos.005187

2017-01-01

Abstract:Multi-party privacy-preserving record linkage is the process of identifying records that correspond to the same real-world entities across several databases without revealing any sensitive information about these entities.With the increasing amount of data and the real-world data quality issues (such as spelling errors and wrong order),scalability and fault tolerance of PPRL have become the main challenges.At present,most of the existing multi-party PPRL methods apply exact match without fault-tolerant.There are a few other PPRL approximate methods with fault-tolerant,but when dealing with the existing data quality issues,due to the low fault-tolerance and high time cost,they cannot effectively find out the common entities between databases.To tackle this issue,this paper proposes a multi-party PPRL approximate approach combined with bloom filter,secure summation,dynamic threshold,check mechanism,and improved Dice similarity function.First,bloom filter is used to convert each record in the databases to an array of 1 and 0.Then,ratio of bit 1 is calculated for each corresponding position,and dynamic threshold and check mechanism are used to determine matched position.Finally,the similarity between records is calculated by improved Dice similarity function to judge whether records are matched.Experimental results show the proposed method has good scalability and higher fault tolerance than the existing multi-party PPRL approximate method with good precision.

Shumin Han,Yizi Wang,Derong Shen,Chuang Wang

DOI: https://doi.org/10.3390/math12121800

IF: 2.4

2024-06-10

Mathematics

Abstract:With the advent of the big data era, data security and sharing have become the core elements of new-era data processing. Privacy-preserving record linkage (PPRL), as a method capable of accurately and securely matching and sharing the same entity across multiple data sources, is receiving increasing attention. Among the existing research methods, although PPRL methods based on Bloom Filter encoding excel in computational efficiency, they are susceptible to privacy attacks, and the security risks they face cannot be ignored. To balance the contradiction between security and computational efficiency, we propose a multi-party PPRL method based on secondary encoding. This method, based on Bloom Filter encoding, generates secondary encoding according to well-designed encoding rules and utilizes the proposed linking rules for secure matching. Owing to its excellent encoding and linking rules, this method successfully addresses the balance between security and computational efficiency. The experimental results clearly show that, in comparison to the original Bloom Filter encoding, this method has nearly equivalent computational efficiency and linkage quality. The proposed rules can effectively prevent the re-identification problem in Bloom Filter encoding (proven). Compared to existing privacy-preserving record linkage methods, this method shows higher security, making it more suitable for various practical application scenarios. The introduction of this method is of great significance for promoting the widespread application of privacy-preserving record linkage technology.

mathematics

Han Shumin,Shen Derong,Nie Tiezheng,Kou Yue,Yu Ge

DOI: https://doi.org/10.1007/s10586-022-03590-7

2022-01-01

Cluster Computing

Abstract:For the purpose of research, organizations often need to share and link data that belongs to a single individual while protecting the privacy, which is referred to as privacy preserving record linkage (PPRL). Various approaches have been developed to tackle this problem, however, it is still a challenging task due to the massive amount of data, multiple data sources, and ‘dirty’ data. Therefore, in this paper, an enhanced approximate multi-party PPRL (MP-PPRL) approach is proposed to improve privacy, scalability, and linkage quality. For privacy, bloom filter (BF) is a better and more efficient masking techniques than others so far. Thus, the records are encoded into BFs to ensure privacy. However, BFs may be compromised through frequency-based attacks. To enhance privacy, a distributed protocol that introduces multiple linkage units (Multi-LUs) to resist frequency-based attacks is proposed. In scalability, we develop a blocking technique based on sorted nearest neighborhood (SNN) approach for clustering similar BFs across multiple databases, called BF-SNN, which dramatically reduces complexity. In linkage quality, a personalized threshold that varies with different levels of ‘dirty’ data is introduced, which provides a more accurate error-tolerance for ‘dirty’ data and consequently improves linkage quality. An analysis and an empirical study are conducted on large real-world datasets to show the benefit of the proposed approach.

Dinusha Vatsalan,Peter Christen,Erhard Rahm

DOI: https://doi.org/10.48550/arXiv.1911.12930

2019-11-29

Abstract:Privacy-Preserving Record Linkage (PPRL) supports the integration of sensitive information from multiple datasets, in particular the privacy-preserving matching of records referring to the same entity. PPRL has gained much attention in many application areas, with the most prominent ones in the healthcare domain. PPRL techniques tackle this problem by conducting linkage on masked (encoded) values. Employing PPRL on records from multiple (more than two) parties/sources (multi-party PPRL, MP-PPRL) is an increasingly important but challenging problem that so far has not been sufficiently solved. Existing MP-PPRL approaches are limited to finding only those entities that are present in all parties thereby missing entities that match only in a subset of parties. Furthermore, previous MP-PPRL approaches face substantial scalability limitations due to the need of a large number of comparisons between masked records. We thus propose and evaluate new MP-PPRL approaches that find matches in any subset of parties and still scale to many parties. Our approaches maintain all matches within clusters, where these clusters are incrementally extended or refined by considering records from one party after the other. An empirical evaluation using multiple real datasets ranging from 3 to 26 parties each containing up to $5$ million records validates that our protocols are efficient, and significantly outperform existing MP-PPRL approaches in terms of linkage quality and scalability.

Databases,Distributed, Parallel, and Cluster Computing

Thilina Ranbaduge,Dinusha Vatsalan,Ming Ding

DOI: https://doi.org/10.48550/arXiv.2211.02161

2022-11-04

Abstract:Deep learning-based linkage of records across different databases is becoming increasingly useful in data integration and mining applications to discover new insights from multiple sources of data. However, due to privacy and confidentiality concerns, organisations often are not willing or allowed to share their sensitive data with any external parties, thus making it challenging to build/train deep learning models for record linkage across different organizations' databases. To overcome this limitation, we propose the first deep learning-based multi-party privacy-preserving record linkage (PPRL) protocol that can be used to link sensitive databases held by multiple different organisations. In our approach, each database owner first trains a local deep learning model, which is then uploaded to a secure environment and securely aggregated to create a global model. The global model is then used by a linkage unit to distinguish unlabelled record pairs as matches and non-matches. We utilise differential privacy to achieve provable privacy protection against re-identification attacks. We evaluate the linkage quality and scalability of our approach using several large real-world databases, showing that it can achieve high linkage quality while providing sufficient privacy protection against existing attacks.

Cryptography and Security,Databases,Data Structures and Algorithms,Information Retrieval,Machine Learning

Florens Rohde,Victor Christen,Martin Franke,Erhard Rahm

2024-12-05

Abstract:Privacy-Preserving Record linkage (PPRL) is an essential component in data integration tasks of sensitive information. The linkage quality determines the usability of combined datasets and (machine learning) applications based on them. We present a novel privacy-preserving protocol that integrates clerical review in PPRL using a multi-layer active learning process. Uncertain match candidates are reviewed on several layers by human and non-human oracles to reduce the amount of disclosed information per record and in total. Predictions are propagated back to update previous layers, resulting in an improved linkage performance for non-reviewed candidates as well. The data owners remain in control of the amount of information they share for each record. Therefore, our approach follows need-to-know and data sovereignty principles. The experimental evaluation on real-world datasets shows considerable linkage quality improvements with limited labeling effort and privacy risks.

Cryptography and Security,Databases,Machine Learning

Shumin Han,Derong Shen,Tiezheng Nie,Yue Kou,Ge Yu

DOI: https://doi.org/10.1007/s41019-017-0041-5

2017-01-01

Data Science and Engineering

Abstract:The process of matching and integrating records that relate to the same entity from one or more datasets is known as record linkage, and it has become an increasingly important subject in many application areas, including business, government and health system. The data from these areas often contain sensitive information. To prevent privacy breaches, ideally records should be linked in a private way such that no information other than the matching result is leaked in the process, and this technique is called privacy-preserving record linkage (PPRL). With the increasing data, scalability becomes the main challenge of PPRL, and many private blocking techniques have been developed for PPRL. They are aimed at reducing the number of record pairs to be compared in the matching process by removing obvious non-matching pairs without compromising privacy. However, most of them are designed for two databases and they vary widely in their ability to balance competing goals of accuracy, efficiency and security. In this paper, we propose a novel private blocking approach for PPRL based on dynamic k-anonymous blocking and Paillier cryptosystem which can be applied on two or multiple databases. In dynamic k-anonymous blocking, our approach dynamically generates blocks satisfying k-anonymity and more accurate values to represent the blocks with varying k. We also propose a novel similarity measure method which performs on the numerical attributes and combines with Paillier cryptosystem to measure the similarity of two or more blocks in security, which provides strong privacy guarantees that none information reveals even collusion. Experiments conducted on a public dataset of voter registration records validate that our approach is scalable to large databases and keeps a high quality of blocking. We compare our method with other techniques and demonstrate the increases in security and accuracy.

Zhi-Yu Peng,Shan-Ping Li

DOI: https://doi.org/10.1109/icmlc.2008.4620616

2008-01-01

Abstract:As pervasive computing leading to an increased collection of information in the computational world as well as the real world, privacy leaking becomes a serious issue. Although privacy protection has drawn great attention in recent years, the privacy-preserving trust management has not been brought forward. Credential chain discovery problem is the key issue in trust management, and traditionally credentials are full open in the whole system. This could expose users' access control policies as well as other private information, and leads to a great risk of being cheated by malicious users. This paper advocates a privacy-preserving credential chain discovery mechanism, in which credentials are no longer available to everyone. By merely learning credentials of one's logic neighbors, this mechanism still achieves good results. The simulations show that this mechanism is practical.

Şeyma Selcan Mağara,Noah Dietrich,Ali Burak Ünal,Mete Akgün

2024-10-29

Abstract:Motivation: Record linkage is a crucial concept for integrating data from multiple sources, particularly when datasets lack exact identifiers, and it has diverse applications in real-world data analysis. Privacy-Preserving Record Linkage (PPRL) ensures this integration occurs securely, protecting sensitive information from unauthorized access. This is especially important in sectors such as healthcare, where datasets include private identity information (IDAT) governed by strict privacy laws. However, maintaining both privacy and efficiency in large-scale record linkage poses significant challenges. Consequently, researchers must develop advanced methods to protect data privacy while optimizing processing performance. This paper presents a novel and efficient PPRL method based on a secure 3-party computation (MPC) framework. Our approach allows multiple parties to compute linkage results without exposing their private inputs and significantly improves the speed of linkage process compared to existing privacy-preserving solutions. Results: We demonstrated that our method preserves the linkage quality of the state-of-the-art PPRL method while achieving up to 14 times faster performance. For example, linking a record against a database of 10,000 records takes just 8.74 seconds in a realistic network with 700 Mbps bandwidth and 60 ms latency. Even on a slower internet connection with 100 Mbps bandwidth and 60 ms latency, the linkage completes in 28 seconds, highlighting the scalability and efficiency of our solution.

Cryptography and Security,Databases

Shumin Han,Yue Li,Derong Shen,Chuang Wang

DOI: https://doi.org/10.3390/math12223476

IF: 2.4

2024-11-08

Mathematics

Abstract:The era of big data has brought rapid growth and widespread application of data, but the imperfections in the existing data integration system have become obstacles to its high-quality development. The conflict between data security and shared utilization is significant, with traditional data integration methods risking data leakage and privacy breaches. The proposed Privacy-Preserving Record Linkage (PPRL) technology, has effectively resolved this contradiction, enabling efficient and secure data sharing. Currently, many solutions have been developed for PPRL issues, but existing assessments of PPRL methods mainly focus on single indicators. There is a scarcity of comprehensive evaluation and comparison frameworks that consider multiple indicators of PPRL(such as linkage quality, computational efficiency, and security), making it challenging to achieve a comprehensive and objective assessment. Therefore, it has become an urgent issue for us to conduct a multi-indicator comprehensive evaluation of different PPRL methods to explore the optimal approach. This article proposes the use of an modified CRITIC method to comprehensively evaluate PPRL methods, aiming to select the optimal PPRL method in terms of linkage quality, computational efficiency, and security. The research results indicate that the improved CRITIC method based on mathematical statistics can achieve weight allocation more objectively and quantify the allocation process effectively. This approach exhibits exceptional objectivity and broad applicability in assessing various PPRL methods, thereby providing robust scientific support for the optimization of PPRL techniques.

mathematics

Dinusha Vatsalan,Peter Christen,Erhard Rahm

DOI: https://doi.org/10.48550/arXiv.1701.01232

2017-01-05

Abstract:Privacy-preserving record linkage (PPRL) aims at integrating sensitive information from multiple disparate databases of different organizations. PPRL approaches are increasingly required in real-world application areas such as healthcare, national security, and business. Previous approaches have mostly focused on linking only two databases as well as the use of a dedicated linkage unit. Scaling PPRL to more databases (multi-party PPRL) is an open challenge since privacy threats as well as the computation and communication costs for record linkage increase significantly with the number of databases. We thus propose the use of a new encoding method of sensitive data based on Counting Bloom Filters (CBF) to improve privacy for multi-party PPRL. We also investigate optimizations to reduce communication and computation costs for CBF-based multi-party PPRL with and without the use of a dedicated linkage unit. Empirical evaluations conducted with real datasets show the viability of the proposed approaches and demonstrate their scalability, linkage quality, and privacy protection.

Databases

Jiang Bian,Alexander Loiacono,Andrei Sura,Tonatiuh Mendoza Viramontes,Gloria Lipori,Yi Guo,Elizabeth Shenkman,William Hogan

DOI: https://doi.org/10.1093/jamiaopen/ooz050

2019-01-01

JAMIA Open

Abstract:Objective: To implement an open-source tool that performs deterministic privacy-preserving record linkage (RL) in a real-world setting within a large research network. Materials and Methods: We learned 2 efficient deterministic linkage rules using publicly available voter registration data. We then validated the 2 rules' performance with 2 manually curated gold-standard datasets linking electronic health records and claims data from 2 sources. We developed an open-source Python-based tool-OneFL Deduper-that (1) creates seeded hash codes of combinations of patients' quasi-identifiers using a cryptographic one-way hash function to achieve privacy protection and (2) links and deduplicates patient records using a central broker through matching of hash codes with a high precision and reasonable recall. Results: We deployed the OneFl Deduper (https://github.com/ufbmi/onefl-deduper) in the OneFlorida, a state-based clinical research network as part of the national Patient-Centered Clinical Research Network (PCORnet). Using the gold-standard datasets, we achieved a precision of 97.25 similar to 99.7% and a recall of 75.5%. With the tool, we deduplicated similar to 3.5 million (out of similar to 15 million) records down to 1.7 million unique patients across 6 health care partners and the Florida Medicaid program. We demonstrated the benefits of RL through examining different disease profiles of the linked cohorts. Conclusions: Many factors including privacy risk considerations, policies and regulations, data availability and quality, and computing resources, can impact how a RL solution is constructed in a real-world setting. Nevertheless, RL is a significant task in improving the data quality in a network so that we can draw reliable scientific discoveries from these massive data resources.

Dinusha Vatsalan,Dimitrios Karapiperis,Vassilios S. Verykios

DOI: https://doi.org/10.1007/978-3-319-63962-8_17-2

2022-12-12

Abstract:Given several databases containing person-specific data held by different organizations, Privacy-Preserving Record Linkage (PPRL) aims to identify and link records that correspond to the same entity/individual across different databases based on the matching of personal identifying attributes, such as name and address, without revealing the actual values in these attributes due to privacy concerns. This reference work entry defines the PPRL problem, reviews the literature and key findings, and discusses applications and research challenges.

Databases,Cryptography and Security

Hye-Chung Kum,Ashok Krishnamurthy,Ashwin Machanavajjhala,Michael K Reiter,Stanley Ahalt

DOI: https://doi.org/10.1136/amiajnl-2013-002165

Abstract:Objective: Record linkage to integrate uncoordinated databases is critical in biomedical research using Big Data. Balancing privacy protection against the need for high quality record linkage requires a human-machine hybrid system to safely manage uncertainty in the ever changing streams of chaotic Big Data. Methods: In the computer science literature, private record linkage is the most published area. It investigates how to apply a known linkage function safely when linking two tables. However, in practice, the linkage function is rarely known. Thus, there are many data linkage centers whose main role is to be the trusted third party to determine the linkage function manually and link data for research via a master population list for a designated region. Recently, a more flexible computerized third-party linkage platform, Secure Decoupled Linkage (SDLink), has been proposed based on: (1) decoupling data via encryption, (2) obfuscation via chaffing (adding fake data) and universe manipulation; and (3) minimum information disclosure via recoding. Results: We synthesize this literature to formalize a new framework for privacy preserving interactive record linkage (PPIRL) with tractable privacy and utility properties and then analyze the literature using this framework. Conclusions: Human-based third-party linkage centers for privacy preserving record linkage are the accepted norm internationally. We find that a computer-based third-party platform that can precisely control the information disclosed at the micro level and allow frequent human interaction during the linkage process, is an effective human-machine hybrid system that significantly improves on the linkage center model both in terms of privacy and utility.

Max Ostermann,Igor Nesterow,Markus Wolfien

DOI: https://doi.org/10.3233/SHTI240340

2024-08-22

Abstract:Over the last decade, the exponential growth in patient data volume and velocity has transformed it into a valuable resource for researchers. Yet, accessing comprehensive, unique patient data sets remains a challenge, particularly when individuals have received treatments across various practices and hospitals. Traditional record linkage methods fall short in adequately protecting patient privacy in these scenarios. Privacy Preserving Record Linkage (PPRL) offers a solution, employing techniques such as data cryptographic methods to identify common patients occurring in multiple datasets, while maintaining the privacy of other patients. This paper proposes an investigation into combined approaches of two common German PPRL tools, namely E-PIX and MainSEL. Each tool, while aiming for 'privacy preservation', employs distinct methods that offer unique advantages and drawbacks. Our research aims to explore these in a combined approach to leverage their respective strengths and mitigate their limitations. We anticipate that this synergistic approach will not only enhance data privacy but also allow for easier synchronisation of research data. This study is particularly pertinent in light of evolving privacy regulations and the increasing complexity of healthcare data management. By advancing PPRL methodologies, we aim to contribute to more robust, privacy-compliant data analysis practices in healthcare research.

Yang Liu,Bingsheng Zhang,Yuxiang Ma,Zhuo Ma,Zecheng Wu

DOI: https://doi.org/10.1109/tifs.2023.3288455

IF: 7.231

2023-01-01

IEEE Transactions on Information Forensics and Security

Abstract:The world has observed an increasing trend in the development of Privacy-Preserving Machine Learning (PPML) for cross-silo collaborative model training over sensitive data. As the first essential step of cross-silo PPML, it is critical that the parties can align their dataset with privacy assurance, i.e., private data join. However, the existing private data join methods typically leak the ID information in the dataset intersection, which often raises privacy concerns. In this work, we propose iPrivJoin: a novel framework of ID-private data join for PPML. Compared with naively using circuit-based Private Set Intersection (circuit-PSI) for data join, the proposed framework has two advantages: 1) data volume reduction. iPrivJoin utilizes oblivious shuffle to securely trim off the redundant data that is outside the intersection, while the entire dataset needs to be carried to further process in the circuit-PSI based approach. 2) efficiency improvement. iPrivJoin introduces a new private encoding technique to avoid the expensive circuit evaluation that is needed in circuit-PSI. As a result, compared with directly using circuit-PSI, PPML with iPrivJoin enjoys approximately 3x of speedup. Moreover, we propose a new oblivious shuffle protocol, which may be of independent interest. It achieves 1.44x of speedup to the state-of-the-art in the real-world WAN network setting.

Hui Liu,Hongzhi Luo,Shaofeng Li,Tian Dong,Guoxing Chen,Yan Meng,Haojin Zhu

DOI: https://doi.org/10.1109/globecom54140.2023.10437471

2023-01-01

Abstract:Sharing private data is at risk of potential data breaches, including the violation of the “right to be forgot-ten” principle, undermining people's willingness to share their data. A common solution is to involve the Trusted Execution Environment (TEE), which allows the data provider to verify the computation process without trusting others. However, previous works have either encountered incomplete computations or lacked scalability. In this paper, we propose TEE RASE, a secure data-sharing framework that addresses these issues. TEE RASE protects every phase of the data lifecycle and enables individuals to share personal data with a predefined privacy budget. In particular, TEE RASE applies comprehensive privacy budgeting mechanisms to efficiently manage privacy budgets and employs an asynchronized execution approach that decouples budget consumption from data computation. TEE RASE records the predefined privacy budgets, verifies privacy consumption requests, updates the remaining budgets, and deletes data that have exhausted their budgets by preventing any attempts to access them. We implement a prototype of TEE RASE and evaluate its effectiveness with a realistic case study on Genome-Wide Association Study.