Abstract
Connections between users of social networking services pose a significant privacy threat. Recently, several social network de-anonymization attacks have been proposed that can efficiently re-identify users at large scale, solely considering the graph structure. In this paper, we consider these privacy threats and analyze de-anonymization attacks at the model level against a user-controlled privacy-enhancing technique called identity separation. The latter allows creating seemingly unrelated identities in parallel, even without the consent of the service provider or other users. It has been shown that identity separation can be used efficiently against re-identification attacks if user cooperate with each other. However, while participation would be crucial, this cannot be granted in a real-life scenario. Therefore, we introduce the y-identity model, in which the user creates multiple separated identities and assigns the sensitive attribute to one of them according to a given strategy. For this, we propose a strategy to be used in real-life situations and formally prove that there is a higher bound for the expected privacy loss which is sufficiently low.
Similar content being viewed by others
Notes
Wikipedia on pen names: http://en.wikipedia.org/wiki/Pen_name
Albine Maskme providing disposable emails: https://www.abine.com/maskme/
References
Aggarwal, C.C.: On k-anonymity and the curse of dimensionality. In: Proceedings of the 31st International Conference on Very Large Data Bases, VLDB ’05, pp. 901–909. VLDB Endowment (2005). http://dl.acm.org/citation.cfm?id=1083592.1083696
Assam, R., Hassani, M., Brysch, M., Seidl, T.: (k, d)-core anonymity: structural anonymization of massive networks. In: Proceedings of the 26th International Conference on Scientific and Statistical Database Management, SSDBM ’14, pp. 17:1–17:12. ACM, New York (2014). https://doi.org/10.1145/2618243.2618269
Backstrom, L., Dwork, C., Kleinberg, J.: Wherefore art thou r3579x?: anonymized social networks, hidden patterns, and structural steganography. In: Proceedings of the 16th International Conference on World Wide Web, pp. 181–190. ACM, New York (2007). https://doi.org/10.1145/1242572.1242598
Bartunov, S., Korshunov, A., Park, S.T., Ryu, W., Lee, H.: Joint link-attribute user identity resolution in online social networks. In: Proceedings of the sixth Workshop on Social Network Mining and Analysis (2012)
Beato, F., Conti, M., Preneel, B.: Friend in the middle (fim): tackling de-anonymization in social networks. In: 2013 IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOM Workshops), pp. 279–284 (2013). https://doi.org/10.1109/PerComW.2013.6529495
Beato, F., Kohlweiss, M., Wouters, K.: Scramble! your social network data. In: Fischer-Hbner, S., Hopper, N. (eds.) Privacy Enhancing Technologies. Lecture Notes in Computer Science, vol. 6794, pp. 211–225. Springer, Berlin (2011). https://doi.org/10.1007/978-3-642-22263-4_12
Benedek, S., Gulyás, G.G., Imre, S.: Analysis of grasshopper, a novel social network de-anonymization algorithm. Period. Polytech. Electr. Eng. Comput. Sci. 58(4), 161–173 (2014)
Cecaj, A., Mamei, M., Bicocchi, N.: Re-identification of anonymized cdr datasets using social network data. In: 2014 IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOM Workshops), pp. 237–242 (2014). https://doi.org/10.1109/PerComW.2014.6815210
Chen, D., Hu, B., Xie, S.: De-anonymizing social networks. Stanford University, Technical Report (2012)
Cheng, J., Fu, A.W.c., Liu, J.: K-isomorphism: privacy preserving network publication against structural attacks. In: Proceedings of the 2010 ACM SIGMOD International Conference on Management of Data, SIGMOD ’10, pp. 459–470. ACM, New York (2010). https://doi.org/10.1145/1807167.1807218
Clauß, S., Kesdogan, D., Kölsch, T.: Privacy enhancing identity management: protection against re-identification and profiling. In: Proceedings of the 2005 workshop on Digital identity management, DIM ’05, pp. 84–93. ACM, New York (2005). https://doi.org/10.1145/1102486.1102501
Cutillo, L.A., Molva, R., Strufe, T.: Safebook: a privacy-preserving online social network leveraging on real-life trust. IEEE Commun. Mag. 47(12), 94–101 (2009). https://doi.org/10.1109/MCOM.2009.5350374
Goga, O., Lei, H., Parthasarathi, S.H.K., Friedland, G., Sommer, R., Teixeira, R.: Exploiting innocuous activity for correlating users across sites. In: Proceedings of the 22nd International Conference on World Wide Web, WWW ’13, pp. 447–458. International World Wide Web Conferences Steering Committee, Republic and Canton of Geneva, Switzerland (2013). URL http://dl.acm.org/citation.cfm?id=2488388.2488428
Gulyás, G.G., Imre, S.: Analysis of identity separation against a passive clique-based de-anonymization attack. Infocommun. J. 4(3), 11–20 (2011)
Gulyás, G.G., Imre, S.: Measuring local topological anonymity in social networks. In: 2012 IEEE 12th International Conference on Data Mining Workshops (ICDMW), pp. 563–570 (2012). https://doi.org/10.1109/ICDMW.2012.87
Gulyás, G.G., Imre, S.: Hiding information in social networks from de-anonymization attacks by using identity separation. In: Decker, B., Dittmann, J., Kraetzer, C., Vielhauer, C. (eds.) Communications and Multimedia Security. Lecture Notes in Computer Science, vol. 8099, pp. 173–184. Springer, Berlin (2013). https://doi.org/10.1007/978-3-642-40779-6_15
Gulyás, G.G., Imre, S.: Measuring importance of seeding for structural de-anonymization attacks in social networks. In: 2014 IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOM Workshops), pp. 610–615 (2014). https://doi.org/10.1109/PerComW.2014.6815276
Gulyás, G.G., Imre, S.: Using identity separation against de-anonymization of social networks. J. Trans. Data Priv. 8(2), 113–140 (2015)
Gulyás, G.G., Schulcz, R., Imre, S.: Comprehensive analysis of web privacy and anonymous web browsers: are next generation services based on collaborative filtering? In: Capra, L., Wakeman, I., Foukia, N., Marsh, S. (eds.) Proceedings of the Joint SPACE and TIME Workshops 2008. CEUR Workshop Proceedings (2008)
Gulyás, G.G., Schulcz, R., Imre, S.: Modeling role-based privacy in social networking services. In: Third International Conference on Emerging Security Information, Systems and Technologies, 2009. SECURWARE ’09., pp. 173–178 (2009). https://doi.org/10.1109/SECURWARE.2009.34
Gulyás, G.G., Schulcz, R., Imre, S.: Separating private and business identities. Digit. Identity Access Manag. Technol. Framew. Technol. Framew. (2012). https://doi.org/10.4018/978-1-61350-498-7.ch007
Jain, P., Kumaraguru, P., Joshi, A.: @i seek ’fb.me’: identifying users across multiple online social networks. In: Proceedings of the 22nd International Conference on World Wide Web companion, WWW ’13 Companion, pp. 1259–1268. International World Wide Web Conferences Steering Committee, Republic and Canton of Geneva, Switzerland (2013). http://dl.acm.org/citation.cfm?id=2487788.2488160
Ji, S., Li, W., He, J., Srivatsa, M., Beyah, R.: Poster: optimization based data de-anonymization. In: Poster Presented at the 35th IEEE Symposium on Security and Privacy, May 18–21, San Jose (2014)
Ji, S., Li, W., Mittal, P., Hu, X., Beyah, R.: Secgraph: A uniform and open-source evaluation system for graph data anonymization and de-anonymization. In: Proceedings of the 24th USENIX Conference on Security Symposium, SEC’15, pp. 303–318. USENIX Association, Berkeley, CA, USA (2015). http://dl.acm.org/citation.cfm?id=2831143.2831163
Ji, S., Li, W., Srivatsa, M., Beyah, R.: Structural data de-anonymization: Quantification, practice, and implications. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS ’14, pp. 1040–1053. ACM, New York (2014). https://doi.org/10.1145/2660267.2660278
Ji, S., Li, W., Srivatsa, M., He, J.S., Beyah, R.: Structure Based Data De-anonymization of Social Networks and Mobility Traces. In: Information Security: 17th International Conference, ISC 2014, Hong Kong, China, October 12–14, 2014. Proceedings, chap. , pp. 237–254. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-13257-0_14
Korula, N., Lattanzi, S.: An efficient reconciliation algorithm for social networks. Proc. VLDB Endow. 7(5), 377–388 (2014). https://doi.org/10.14778/2732269.2732274
Li, N., Li, T., Venkatasubramanian, S.: t-closeness: privacy beyond k-anonymity and l-diversity. In: ICDE (2007)
Narayanan, A., Shi, E., Rubinstein, B.I.P.: Link prediction by de-anonymization: how we won the kaggle social network challenge. In: The 2011 International Joint Conference on Neural Networks, pp. 1825–1834 (2011)
Narayanan, A., Shmatikov, V.: De-anonymizing social networks. In: 2009 30th IEEE Symposium on Security and Privacy, pp. 173–187 (2009). https://doi.org/10.1109/SP.2009.22
Nilizadeh, S., Kapadia, A., Ahn, Y.Y.: Community-enhanced de-anonymization of online social networks. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS ’14, pp. 537–548. ACM, New York (2014). https://doi.org/10.1145/2660267.2660324
Osborne, M.J., Rubinstein, A.: A Course in Game Theory. MIT press, Cambridge (1994)
Parker, J.: What nsa’s prism means for social media users. http://www.techrepublic.com/blog/tech-decision-maker/what-nsas-prism-means-for-social-media-users/. Accessed 26 May 2014
Pedarsani, P., Figueiredo, D.R., Grossglauser, M.: A Bayesian method for matching two similar graphs without seeds. In: 2013 51st Annual Allerton Conference on Communication, Control, and Computing (Allerton), pp. 1598–1607 (2013). https://doi.org/10.1109/Allerton.2013.6736720
Peng, W., Li, F., Zou, X., Wu, J.: Seed and grow: an attack against anonymized social networks. In: 2012 9th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks (SECON), pp. 587–595 (2012). https://doi.org/10.1109/SECON.2012.6275831
Pham, H., Shahabi, C., Liu, Y.: Ebm: an entropy-based model to infer social strength from spatiotemporal data. In: Proceedings of the 2013 International Conference on Management of data, pp. 265–276. ACM (2013)
Stanford Network Analysis Platform (snap). http://snap.stanford.edu/. Accessed 22 Apr 2014
Srivatsa, M., Hicks, M.: Deanonymizing mobility traces: using social network as a side-channel. In: Proceedings of the 2012 ACM conference on Computer and communications security, CCS ’12, pp. 628–637. ACM, New York (2012). https://doi.org/10.1145/2382196.2382262
Sweeney, L.: Uniqueness of simple demographics in the us population. Technical Report, Carnegie Mellon University (2000)
Sweeney, L.: K-anonymity: a model for protecting privacy. Int. J. Uncertain. Fuzziness Knowl. Based Syst. 10(5), 557–570 (2002). https://doi.org/10.1142/S0218488502001648
Tor browser. https://www.torproject.org/projects/torbrowser.html.en. Accessed 04 Nov 2014
Yartseva, L., Grossglauser, M.: On the performance of percolation graph matching. In: Proceedings of the First ACM Conference on Online Social Networks, COSN ’13, pp. 119–130. ACM, New York (2013). https://doi.org/10.1145/2512938.2512952
Zou, L., Chen, L., Özsu, M.T.: K-automorphism: a general framework for privacy preserving network publication. Proc. VLDB Endow. 2(1), 946–957 (2009). https://doi.org/10.14778/1687627.1687734
Acknowledgements
The authors would like to thank Levente Buttyán, István Vajda and Benedek Simon for the fruitful conversations. We are very grateful for Márk Félegyházi and Tamás Holczer for reviewing draft versions of this paper and for engaging us in meaningful discussions. We would like to also thank the useful comments and suggestions of Gergely Biczók and also for reviewing the y-identity model in details. The authors are thankful for the comments and suggestions provided by the members of the CrySyS reading group.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Gulyás , G.G., Imre, S. Hiding information against structural re-identification. Int. J. Inf. Secur. 18, 125–139 (2019). https://doi.org/10.1007/s10207-018-0400-x
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10207-018-0400-x