nach oben

International Journal of Information Security

Erschienen in:

01.04.2013 | Regular Contribution

On the measurement of privacy as an attacker’s estimation error

verfasst von: David Rebollo-Monedero, Javier Parra-Arnau, Claudia Diaz, Jordi Forné

Erschienen in: International Journal of Information Security | Ausgabe 2/2013

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

A wide variety of privacy metrics have been proposed in the literature to evaluate the level of protection offered by privacy-enhancing technologies. Most of these metrics are specific to concrete systems and adversarial models and are difficult to generalize or translate to other contexts. Furthermore, a better understanding of the relationships between the different privacy metrics is needed to enable more grounded and systematic approach to measuring privacy, as well as to assist system designers in selecting the most appropriate metric for a given application. In this work, we propose a theoretical framework for privacy-preserving systems, endowed with a general definition of privacy in terms of the estimation error incurred by an attacker who aims to disclose the private information that the system is designed to conceal. We show that our framework permits interpreting and comparing a number of well-known metrics under a common perspective. The arguments behind these interpretations are based on fundamental results related to the theories of information, probability, and Bayes decision.

Vorheriger Artikel A framework for establishing trust in Cloud provenance

Nächster Artikel On the security of AUTH, a provably secure authentication protocol based on the subspace LPN problem

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Willenborg, L., DeWaal, T.: Elements of Statistical Disclosure Control. Springer, NewYork (2001)MATHCrossRef

Jabine, T.B.: Statistical disclosure limitation practices at united states statistical agencies. J. Off. Stat. 9(2), 427–454 (1993)

Citteur, C.A.W., Willenborg, L.C.R.J.: Public use microdata files: current practices at national statistical bureaus. J. Off. Stat. 9(4), 783–794 (1993)

Domingo-Ferrer, J., Mateo-Sanz, J.M.: Practical data-oriented microaggregation for statistical disclosure control. IEEE Trans. Knowl. Data Eng. 14(1), 189–201 (2002)CrossRef

Domingo-Ferrer, J., Torra, V.: Ordinal, continuous and heterogenerous \(k\)-anonymity through microaggregation. Data Min. Knowl. Discov. 11(2), 195–212 (2005)MathSciNetCrossRef

Solanas, A., Martínez-Ballesté, A., Domingo-Ferrer, J.: VMDAV: a multivariate microaggregation with variable group size. In: Proceedings in Computational Statistics (COMPSTAT), Springer, Rome, Italy (2006)

Rebollo-Monedero, D., Forné, J., Soriano, M.: Private location-based information retrieval via \(k\)-anonymous clustering. In: Proceedings of the CNIT International Workshop on Digital Communication, Series Lecture Notes in Computer Science (LNCS), Sept. 2009, Springer, Sardinia, Italy, invited paper (2009)

Sweeney, L.: \(k\)-Anonymity: a model for protecting privacy. Int. J. Uncertain. Fuzz. Knowl. Based Syst. 10(5), 557–570 (2002)MathSciNetMATHCrossRef

Samarati, P.: Protecting respondents’ identities in microdata release. IEEE Trans. Knowl. Data Eng. 13(6), 1010–1027 (2001)CrossRef

10.

Truta, T.M., Vinay, B.: Privacy protection: \(p\)-sensitive \(k\)-anonymity property. In: Proceedings of the International Workshop on Privacy Data Management (PDM), Atlanta, GA, p. 94 (2006)

11.

Machanavajjhala, A., Gehrke, J., Kiefer, D., Venkitasubramanian, M.: \(l\)-Diversity: privacy beyond \(k\)-anonymity. In: Proceedings of the IEEE International Conference on Data Engineering (ICDE), Atlanta, GA, Apr 2006, p. 24 (2006)

12.

Li, N., Li, T., Venkatasubramanian, S.: \(t\)-Closeness: privacy beyond \(k\)-anonymity and \(l\)-diversity. In: Proceedings of the IEEE International Conference on Data Engineering (ICDE), Istanbul, Turkey, Apr 2007, pp. 106–115 (2007)

13.

Brickell, J., Shmatikov, V.: The cost of privacy: Destruction of data-mining utility in anonymized data publishing. In: Proceedings of the ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD), Las Vegas, NV, Aug 2008 (2008)

14.

Dwork, C.: Differential privacy. In: Proceedings of the International Colloquium on Automata, Languages and Programming, Springer, pp. 1–12 (2006)

15.

Rebollo-Monedero, D., Forné, J., Domingo-Ferrer, J.: From \(t\)-closeness-like privacy to postrandomization via information theory. IEEE Trans. Knowl. Data Eng., 22(11), 1623–1636, Nov. 2010. [Online]. Available: http://doi.ieeecomputersociety.org/10.1109/TKDE.2009.190 (2010)

16.

Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM 24(2), 84–88 (1981)CrossRef

17.

Cottrell, L.: Mixmaster and remailer attacks. [Online]. Available: http://obscura.com/loki/remailer/remailer-essay.html (1994)

18.

Danezis, G., Dingledine, R., Mathewson, N.: Mixminion: design of a type III anonymous remailer protocol. In: Proceedings of the IEEE Symposium on Security and Privacy (SP), Berkeley, CA, pp. 2–15, May (2003)

19.

Duckham, M., Mason, K., Stell, J., Worboys, M.: A formal approach to imperfection in geographic information. Comput. Environ. Urban Syst. 25(1), 89–103 (2001)CrossRef

20.

Lehmann, E.L.: Theory of Point Estimation. Springer, New York (1983)MATHCrossRef

21.

Reiter, M.K., Rubin, A.D.: Crowds: anonymity for web transactions. ACM Trans. Inform. Syst. Secur. 1(1), 66–92 (1998)CrossRef

22.

Berthold, O., Pfitzmann, A., Standtke, R.: The disadvantages of free MIX routes and how to overcome them. In: Proceedings of the Designing Privacy Enhancing Technologies: Workshop Design Issues in Anonymity, Unobservability, Series Lecture Notes in Computer Science (LNCS), Springer, Berkeley, CA, July 2000, pp. 30–45 (2000)

23.

Serjantov, A., Danezis, G.: Towards an information theoretic metric for anonymity. In: Proceedings of the Workshop on Privacy Enhancing Technologies (PET), vol. 2482, pp. 41–53. Springer (2002)

24.

Díaz, C., Seys, S., Claessens, J., Preneel, B.: Towards measuring anonymity. In: Proceedings of the Workshop on Privacy Enhancing Technologies (PET), Series Lecture Notes in Computer Science (LNCS), vol. 2482, pp. 54–68. Springer, Apr 2002 (2002)

25.

Tóth, G., Hornák, Z., Vajda, F.: Measuring anonymity revisited. In: Proceedings of the Nordic Workshop on Secure IT Systems, Nov, pp. 85–90 (2004)

26.

Clauß, S., Schiffner, S.: Structuring anonymity metrics. In: Proceedings of the ACM Workshop on Digital Identity Management (DIM), ACM, Fairfax, VA, Nov 2006, pp. 55–62 (2006)

27.

Syverson, P., Stubblebine, S.: Group principals and the formalization of anonymity. In: Proceedings of the World Congress on Formal Methods, pp. 814–833 (1999)

28.

Mauw, S., Verschuren, J., de Vink, E.P.: A formalization of anonymity and onion routing. In: Proceedings of the European Symposium on Research in Computer Security (ESORICS), vol. 3193. Lecture Notes in Computer Science (LNCS), pp. 109–124 (2004)

29.

Feigenbaum, J., Johnson, A., Syverson, P.: A model of onion routing with provable anonymity. In: Proceedings of the Financial Cryptography and Data Security (FI), Springer (2007)

30.

Edman, M., Sivrikaya, F., Yener, B.: A combinatorial approach to measuring anonymity. IEEE J. Intell. Secur. Inform. 356–363 (2007)

31.

Gierlichs, B., Troncoso, C., Díaz, C., Preneel, B., Verbauwhede, I.: Revisiting a combinatorial approach toward measuring anonymity. In: Proceedings of the ACM Workshop on Privacy in the Electronic Society, ACM, pp. 111–116 (2008)

32.

Bagai, R., Lu, H., Li, R., Tang, B.: An accurate system-wide anonymity metric for probabilistic attacks. In: Proceedings of the Workshop on Privacy Enhancing Technologies (PET), Series Lecture Notes in Computer Science (LNCS), vol. 6794, pp. 117–133, Springer (2011)

33.

Shokri, R., Freudiger, J., Jadliwala, M., Hubaux, J.P.: A distortion-based metric for location privacy. In: Proceedings of the ACM Workshop on Privacy in the Electronic Society (2009)

34.

Shokri, R., Theodorakopoulos, G., Boudec, J.Y.L., Hubaux, J.P.: Quantifying location privacy. In: Proceedings of the IEEE Symposium on Security and Privacy (SP), IEEE Comput. Soc., Washington, DC, USA, pp. 247–262 (2011)

35.

Cover, T.M., Thomas, J.A.: Elements of Information Theory, 2nd edn. Wiley, New York (2006)

36.

Berger, J.O.: Statistical Decision Theory and Bayesian Analysis. Springer, New York (1985)MATHCrossRef

37.

Duda, R.O., Hart, P.E., Stork, D.G.: Pattern Classification, 2nd edn. Wiley, New York (2001)MATH

38.

Algoet, P.H., Cover, T.M.: A sandwich proof of the Shannon-McMillan-Breiman theorem. Ann. Prob. 16(2), 899–909 (1988)MathSciNetMATHCrossRef

39.

Shannon, C.E.: Coding theorems for a discrete source with a fidelity criterion. In: IRE National Convention Record, vol. 7, Part 4, pp. 142–163 (1959)

40.

Reid, D.B.: An algorithm for tracking multiple targets. IEEE Trans. Autom. Control 24(6), 843–854 (1979)CrossRef

41.

Hastings, W.K.: Monte carlo sampling methods using markov chains and their applications. Biometrika 57(1), 97–109 (1970)MATHCrossRef

42.

Danezis, G.: Statistical disclosure attacks: traffic confirmation in open environments. In: Proceedings of the Security and Privacy in the Age of Uncertainty (SEC), Athens, Greece, May 2003, pp. 421–426 (2003)

Titel: On the measurement of privacy as an attacker’s estimation error
verfasst von: David Rebollo-Monedero
Javier Parra-Arnau
Claudia Diaz
Jordi Forné
Publikationsdatum: 01.04.2013
Verlag: Springer-Verlag
Erschienen in: International Journal of Information Security / Ausgabe 2/2013
Print ISSN: 1615-5262
Elektronische ISSN: 1615-5270
DOI: https://doi.org/10.1007/s10207-012-0182-5

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 2/2013

On the security of AUTH, a provably secure authentication protocol based on the subspace LPN problem

Privacy-enhanced architecture for smart metering

A framework for establishing trust in Cloud provenance

Cryptanalysis of the convex hull click human identification protocol

Evaluation in the absence of absolute ground truth: toward reliable evaluation methodology for scan detectors