Jinfei Liu,Li Xiong,Jun Luo

2013-01-01

Abstract:In this paper we illustrate a privacy framework named Indistinguishabley Privacy. Indistinguishable privacy could be deemed as the formalization of the existing privacy definitions in privacy preserving data publishing as well as secure multi-party computation. We introduce three representative privacy notions in the literature, Bayes-optimal privacy for privacy preserving data publishing, differential privacy for statistical data release, and privacy w.r.t. semi-honest behavior in the secure multi-party computation setting, and prove they are equivalent. To the best of our knowledge, this is the first work that illustrates the relationships of these privacy definitions and unifies them through one framework.

Jinfei Liu,Li Xiong,Jun Luo

DOI: https://doi.org/10.1145/2457317.2457340

2013-01-01

Abstract:In this paper we illustrate a privacy framework named Indistinguishable Privacy. Indistinguishable privacy could be deemed as the formalization of the existing privacy definitions in privacy preserving data publishing as well as secure multi-party computation. We introduce three variants of the representative privacy notions in the literature, Bayes-optimal privacy for privacy preserving data publishing, differential privacy for statistical data release, and privacy w.r.t. semi-honest behavior in the secure multi-party computation setting, and prove they are equivalent. To the best of our knowledge, this is the first work that illustrates the relationships of these privacy definitions and unifies them through one framework.

Chao Wu

DOI: https://doi.org/10.1016/j.techsoc.2024.102457

IF: 6.879

2024-01-01

Technology in Society

Abstract:In recent years, data privacy has attracted increasing public concerns, especially with public scandals from top Internet companies, emerging over inappropriate data collection, lack of transparency in data usage, and manipulation of users' preferences. This has led to responsive efforts from multiple sectors of society to constrain the violation of individuals’ data privacy. Among these efforts, the regulations like GDPR are the most influential, which are believed to be able to change the foundation of the whole data ecosystem. The main concern of current regulation is data transparency, designed to enable individuals to make rational decisions about their data. However, I argue that transparency cannot mitigate a key issue of data privacy, which is the right of receiving benefits from data. This issue is getting severe with the rapid development of the data economy and will become the essential problem of social welfare and fairness in the AI era. I further point out that the key to solving this issue is to migrate the current centralized data utilization paradigm to a new decentralized paradigm. Based on the recent technical advancements, I propose an applicable pathway to implement such a paradigm. And to realize a fair and sustainable data eco-system, joint efforts should be made within this paradigm.

Prashant Agrawal,Anubhutie Singh,Malavika Raghavan,Subodh Sharma,Subhashis Banerjee

DOI: https://doi.org/10.48550/arXiv.2006.04654

2020-06-08

Abstract:Governments around the world are trying to build large data registries for effective delivery of a variety of public services. However, these efforts are often undermined due to serious concerns over privacy risks associated with collection and processing of personally identifiable information. While a rich set of special-purpose privacy-preserving techniques exist in computer science, they are unable to provide end-to-end protection in alignment with legal principles in the absence of an overarching operational architecture to ensure purpose limitation and protection against insider attacks. This either leads to weak privacy protection in large designs, or adoption of overly defensive strategies to protect privacy by compromising on utility. In this paper, we present an operational architecture for privacy-by-design based on independent regulatory oversight stipulated by most data protection regimes, regulated access control, purpose limitation and data minimisation. We briefly discuss the feasibility of implementing our architecture based on existing techniques. We also present some sample case studies of privacy-preserving design sketches of challenging public service applications.

Cryptography and Security,Computers and Society

Mousa Alfalayleh,Ljiljana Brankovic

DOI: https://doi.org/10.48550/arXiv.1409.2112

2014-09-07

Abstract:It is well recognised that data mining and statistical analysis pose a serious treat to privacy. This is true for financial, medical, criminal and marketing research. Numerous techniques have been proposed to protect privacy, including restriction and data modification. Recently proposed privacy models such as differential privacy and k-anonymity received a lot of attention and for the latter there are now several improvements of the original scheme, each removing some security shortcomings of the previous one. However, the challenge lies in evaluating and comparing privacy provided by various techniques. In this paper we propose a novel entropy based security measure that can be applied to any generalisation, restriction or data modification technique. We use our measure to empirically evaluate and compare a few popular methods, namely query restriction, sampling and noise addition.

Cryptography and Security

Úlfar Erlingsson,Vitaly Feldman,Ilya Mironov,Ananth Raghunathan,Shuang Song,Kunal Talwar,Abhradeep Thakurta

2020-01-01

Abstract:Recently, a number of approaches and techniques have been introduced for reporting software statistics with strong privacy guarantees. These range from abstract algorithms to comprehensive systems with varying assumptions and built upon local differential privacy mechanisms and anonymity. Based on the Encode-Shuffle-Analyze (ESA) framework, notable results formally clarified large improvements in privacy guarantees without loss of utility by making reports anonymous. However, these results either comprise of systems with seemingly disparate mechanisms and attack models, or formal statements with little guidance to practitioners. Addressing this, we provide a formal treatment and offer prescriptive guidelines for privacy-preserving reporting with anonymity. We revisit the ESA framework with a simple, abstract model of attackers as well as assumptions covering it and other proposed systems of anonymity. In light of new formal privacy bounds, we examine the limitations of sketch-based encodings and ESA mechanisms such as data-dependent crowds. We also demonstrate how the ESA notion of fragmentation (reporting data aspects in separate, unlinkable messages) improves privacy/utility tradeoffs both in terms of local and central differential-privacy guarantees. Finally, to help practitioners understand the applicability and limitations of privacy-preserving reporting, we report on a large number of empirical experiments. We use real-world datasets with heavy-tailed or near-flat distributions, which pose the greatest difficulty for our techniques; in particular, we focus on data drawn from images that can be easily visualized in a way that highlights reconstruction errors. Showing the promise of the approach, and of independent interest, we also report on experiments using anonymous, privacy-preserving reporting to train high-accuracy deep neural networks on standard tasks---MNIST and CIFAR-10.

Ziyuan Liang,Qi'ao Jin,Zhiyong Wang,Zhaohui Chen,Zhen Gu,Yanheng Lu,Fan Zhang

DOI: https://doi.org/10.46586/tches.v2024.i2.819-843

2024-01-01

Abstract:Secure multi-party computation and homomorphic encryption are two primary security primitives in privacy-preserving machine learning, whose wide adoption is, nevertheless, constrained by the computation and network communication overheads. This paper proposes a hybrid Secret-sharing and Homomorphic encryption Architecture for Privacy-pERsevering machine learning (SHAPER). SHAPER protects sensitive data in encrypted or randomly shared domains instead of relying on a trusted third party. The proposed algorithm-protocol-hardware co-design methodology explores techniques such as plaintext Single Instruction Multiple Data (SIMD) and fine-grained scheduling, to minimize end-to-end latency in various network settings. SHAPER also supports secure domain computing acceleration and the conversion between mainstream privacy-preserving primitives, making it ready for general and distinctive data characteristics. SHAPER is evaluated by FPGA prototyping with a comprehensive hyper-parameter exploration, demonstrating a 94x speed-up over CPU clusters on large-scale logistic regression training tasks.

Awanthika Senarath,Nalin A. G. Arachchilage,Jill Slay,Nalin A.G. Arachchilage

DOI: https://doi.org/10.48550/arXiv.1703.09847

IF: 6.4588

2017-03-29

Human-Computer Interaction

Abstract:Privacy directly concerns the user as the data owner (data- subject) and hence privacy in systems should be implemented in a manner which concerns the user (user-centered). There are many concepts and guidelines that support development of privacy and embedding privacy into systems. However, none of them approaches privacy in a user- centered manner. Through this research we propose a framework that would enable developers and designers to grasp privacy in a user-centered manner and implement it along with the software development life cycle.

Emmanuel Dare Alalade,Mohammed Mahyoub,Ashraf Matrawy

2024-01-18

Abstract:Addressing trust concerns in Smart Home (SH) systems is imperative due to the limited study on preservation approaches that focus on analyzing and evaluating privacy threats for effective risk management. While most research focuses primarily on user privacy, device data privacy, especially identity privacy, is almost neglected, which can significantly impact overall user privacy within the SH system. To this end, our study incorporates privacy engineering (PE) principles in the SH system that consider user and device data privacy. We start with a comprehensive reference model for a typical SH system. Based on the initial stage of LINDDUN PRO for the PE framework, we present a data flow diagram (DFD) based on a typical SH reference model to better understand SH system operations. To identify potential areas of privacy threat and perform a privacy threat analysis (PTA), we employ the LINDDUN PRO threat model. Then, a privacy impact assessment (PIA) was carried out to implement privacy risk management by prioritizing privacy threats based on their likelihood of occurrence and potential consequences. Finally, we suggest possible privacy enhancement techniques (PETs) that can mitigate some of these threats. The study aims to elucidate the main threats to privacy, associated risks, and effective prioritization of privacy control in SH systems. The outcomes of this study are expected to benefit SH stakeholders, including vendors, cloud providers, users, researchers, and regulatory bodies in the SH systems domain.

Cryptography and Security

Edoardo M Airoldi,Xue Bai,Bradley A Malin

DOI: https://doi.org/10.1016/j.dss.2010.11.014

2011-04-01

Abstract:We live in an increasingly mobile world, which leads to the duplication of information across domains. Though organizations attempt to obscure the identities of their constituents when sharing information for worthwhile purposes, such as basic research, the uncoordinated nature of such environment can lead to privacy vulnerabilities. For instance, disparate healthcare providers can collect information on the same patient. Federal policy requires that such providers share "de-identified" sensitive data, such as biomedical (e.g., clinical and genomic) records. But at the same time, such providers can share identified information, devoid of sensitive biomedical data, for administrative functions. On a provider-by-provider basis, the biomedical and identified records appear unrelated, however, links can be established when multiple providers' databases are studied jointly. The problem, known as trail disclosure, is a generalized phenomenon and occurs because an individual's location access pattern can be matched across the shared databases. Due to technical and legal constraints, it is often difficult to coordinate between providers and thus it is critical to assess the disclosure risk in distributed environments, so that we can develop techniques to mitigate such risks. Research on privacy protection has so far focused on developing technologies to suppress or encrypt identifiers associated with sensitive information. There is growing body of work on the formal assessment of the disclosure risk of database entries in publicly shared databases, but a less attention has been paid to the distributed setting. In this research, we review the trail disclosure problem in several domains with known vulnerabilities and show that disclosure risk is influenced by the distribution of how people visit service providers. Based on empirical evidence, we propose an entropy metric for assessing such risk in shared databases prior to their release. This metric assesses risk by leveraging the statistical characteristics of a visit distribution, as opposed to person-level data. It is computationally efficient and superior to existing risk assessment methods, which rely on ad hoc assessment that are often computationally expensive and unreliable. We evaluate our approach on a range of location access patterns in simulated environments. Our results demonstrate the approach is effective at estimating trail disclosure risks and the amount of self-information contained in a distributed system is one of the main driving factors.

Thibaud Antignac,Daniel Le Métayer

DOI: https://doi.org/10.48550/arXiv.1408.1854

2014-08-08

Abstract:Privacy by design will become a legal obligation in the European Community if the Data Protection Regulation eventually gets adopted. However, taking into account privacy requirements in the design of a system is a challenging task. We propose an approach based on the specification of privacy architectures and focus on a key aspect of privacy, data minimisation, and its tension with integrity requirements. We illustrate our formal framework through a smart metering case study.

Cryptography and Security

Rong Wang,Min Zhang,Dengguo Feng,Yanyan Fu

DOI: https://doi.org/10.1007/978-3-319-15943-0_12

2015-01-01

Abstract:Social networks, in which huge numbers of people spread massive information, are developing quite rapidly. Here people can obtain interesting information much more quickly and conveniently. However, people’s privacies leak easily here too. A lot of works have been done to deal with this problem. Most of them focused on either attribute information or structure information. It is insufficient, because both attributes and structures, including sensitive attributes, are important in social networks, and we need to protect both of them. In this paper, we introduce a novel approach for privacy-preserving considering both attribute and structure information. In particular, sensitive attributes are considered to resist re-identification attacks. Moreover, we define the entropy to measure capability of preserving sensitive attributes.

Subhashis Banerjee

DOI: https://doi.org/10.48550/arXiv.1801.05313

2018-01-16

Computers and Society

Abstract:Privacy protection in digital databases does not demand that data should not be collected, stored or used, but that there should be guarantees that the data can only be used for pre-approved and legitimate purposes. We argue that a data protection law based on traditional understanding of privacy protection and detection of privacy infringements is unlikely to be successful, and that what is required is a law based on an understanding of the architectural requirements of authorisation, audit and access control in real-time. Despite the protection principles being sound, privacy protection in digital databases has been less than effective, anywhere, mainly because of weak enforcement methods.

Adish Singla,Eric Horvitz,Ece Kamar,Ryen White

DOI: https://doi.org/10.48550/arXiv.1404.5454

2014-04-22

Abstract:Online services such as web search and e-commerce applications typically rely on the collection of data about users, including details of their activities on the web. Such personal data is used to enhance the quality of service via personalization of content and to maximize revenues via better targeting of advertisements and deeper engagement of users on sites. To date, service providers have largely followed the approach of either requiring or requesting consent for opting-in to share their data. Users may be willing to share private information in return for better quality of service or for incentives, or in return for assurances about the nature and extend of the logging of data. We introduce \emph{stochastic privacy}, a new approach to privacy centering on a simple concept: A guarantee is provided to users about the upper-bound on the probability that their personal data will be used. Such a probability, which we refer to as \emph{privacy risk}, can be assessed by users as a preference or communicated as a policy by a service provider. Service providers can work to personalize and to optimize revenues in accordance with preferences about privacy risk. We present procedures, proofs, and an overall system for maximizing the quality of services, while respecting bounds on allowable or communicated privacy risk. We demonstrate the methodology with a case study and evaluation of the procedures applied to web search personalization. We show how we can achieve near-optimal utility of accessing information with provable guarantees on the probability of sharing data.

Artificial Intelligence

Amen Faridoon,M. Tahar Kechadi

DOI: https://doi.org/10.48550/arXiv.2307.06779

2023-07-13

Abstract:In today's highly connected society, we are constantly asked to provide personal information to retailers, voter surveys, medical professionals, and other data collection efforts. The collected data is stored in large data warehouses. Organisations and statistical agencies share and use this data to facilitate research in public health, economics, sociology, etc. However, this data contains sensitive information about individuals, which can result in identity theft, financial loss, stress and depression, embarrassment, abuse, etc. Therefore, one must ensure rigorous management of individuals' privacy. We propose, an advanced data privacy management architecture composed of three layers. The data management layer consists of de-identification and anonymisation, the access management layer for re-enforcing data access based on the concepts of Role-Based Access Control and the Chinese Wall Security Policy, and the roles layer for regulating different users. The proposed system architecture is validated on healthcare datasets.

Cryptography and Security

Elena Ferrari

DOI: https://doi.org/10.1145/3665252.3665264

2024-05-14

ACM SIGMOD Record

Abstract:Nearly all of the world's population now uses online services that request personal information, covering almost every aspect of our lives. The abundance of personal data in digital form has brought incredible benefits to end users, enabling them to access personalized and advanced services based on the analysis of the data collected. This capability has dramatically improved the user experience in various application domains, ranging from healthcare to e-commerce, finance, logistics, and entertainment, to name a few. Numerous technological advancements in the field of big data have enabled this massive processing of personal data, and recent advances in AI data processing capabilities will expand the ways in which service providers will use personal data in the coming years. Machine learning algorithms, powered by AI, will be used to make increasingly accurate predictions about user behavior by uncovering hidden correlations within massive data sets. There is therefore a tension between the desire to fully exploit personal data in such ecosystems and the need to provide strong privacy and transparency guarantees to the individuals whose data is being exploited. Privacy protection is further complicated because data processing is typically not performed in isolation but through pipelines of different services, with each step making inferences about the personal data consumed by the services in subsequent steps.

computer science, information systems, software engineering

P. Geetha,Chandrakant Naikodi,Suresh Lakshmi Narasimha Setty

DOI: https://doi.org/10.1007/978-981-15-0372-6_19

2019-12-03

Abstract:Technological advancements in the field of Big Data and IoT have led to unprecedented growth in digital data. Data is collected from multiple distributed sources by business organizations, government agencies, and healthcare sectors. Data collected is mined to uncover valuable data, and the insights they provide are used by these organizations for optimized decision making. Data thus amassed may also contain sensitive personal information of individuals that are at risk of disclosure during analytics. Hence, there is a need for a privacy-aware system that enforces sensitive data protection. But such a system constrains the usefulness of data. Study shows that although significant findings do exist for balancing these contradicting objectives, the efficacy and scalability of these solutions continue to challenge the research community, given the volume of Big Data. Assessing the appropriate blend of these objectives for mutual benefit of organizations and customers requires leveraging the benefit of the modern tools and technologies in the Big Data ecosystem. This research study extensively reviews the previous work in the direction of privacy preserved Big Data analytics, and the review is first of its kind in exploring the challenges that have to be overcome in striking a balance between data value, privacy, scalability, and performance.

Amirreza Zamani,Tobias J. Oechtering,Mikael Skoglund

2023-09-17

Abstract:The design of a statistical signal processing privacy problem is studied where the private data is assumed to be observable. In this work, an agent observes useful data $Y$, which is correlated with private data $X$, and wants to disclose the useful information to a user. A statistical privacy mechanism is employed to generate data $U$ based on $(X,Y)$ that maximizes the revealed information about $Y$ while satisfying a privacy criterion. To this end, we use extended versions of the Functional Representation Lemma and Strong Functional Representation Lemma and combine them with a simple observation which we call separation technique. New lower bounds on privacy-utility trade-off are derived and we show that they can improve the previous bounds. We study the obtained bounds in different scenarios and compare them with previous results.

Information Theory

Priyam Rajkhowa,Pradipta Biswas

DOI: https://doi.org/10.48550/arXiv.2107.11029

2021-07-23

Computers and Society

Abstract:Privacy is important for all individuals in everyday life. With emerging technologies, smartphones with AR, various social networking applications and artificial intelligence driven modes of surveillance, they tend to intrude privacy. This study aimed to explore and discover various concerns related to perception of privacy in this era of ubiquitous technologies. It employed online survey questionnaire to study user perspectives of privacy. Purposive sampling was used to collect data from 60 participants. Inductive thematic analysis was used to analyze data. Our study discovered key themes like attitude towards privacy in public and private spaces, privacy awareness, consent seeking, dilemmas/confusions related to various technologies, impact of attitude and beliefs on individuals actions regarding how to protect oneself from invasion of privacy in both public and private spaces. These themes interacted amongst themselves and influenced formation of various actions. They were like core principles that molded actions that prevented invasion of privacy for both participant and bystander. Findings of this study would be helpful to improve privacy and personalization of various emerging technologies. This study contributes to privacy by design and positive design by considering psychological needs of users. This is suggestive that the findings can be applied in the areas of experience design, positive technologies, social computing and behavioral interventions.

Chandra Sharma,George Amariucai,Shuangqing Wei

DOI: https://doi.org/10.48550/arXiv.2208.10253

2022-07-05

Abstract:The inevitable leakage of privacy as a result of unrestrained disclosure of personal information has motivated extensive research on robust privacy-preserving mechanisms. However, existing research is mostly limited to solving the problem in a static setting with disregard for the privacy leakage over time. Unfortunately, this treatment of privacy is insufficient in practical settings where users continuously disclose their personal information over time resulting in an accumulated leakage of the users' sensitive information. In this paper, we consider privacy leakage over a finite time horizon and investigate optimal strategies to maximize the utility of the disclosed data while limiting the finite-horizon privacy leakage. We consider a simple privacy mechanism that involves compressing the user's data before each disclosure to meet the desired constraint on future privacy. We further motivate several algorithms to optimize the dynamic privacy-utility tradeoff and evaluate their performance via extensive synthetic performance tests.

Cryptography and Security,Computer Science and Game Theory,Information Theory