International Journal of Information Security

, Volume 18, Issue 2, pp 125–139 | Cite as

Hiding information against structural re-identification

  • Gábor György Gulyás Email author
  • Sándor Imre
Regular Contribution


Connections between users of social networking services pose a significant privacy threat. Recently, several social network de-anonymization attacks have been proposed that can efficiently re-identify users at large scale, solely considering the graph structure. In this paper, we consider these privacy threats and analyze de-anonymization attacks at the model level against a user-controlled privacy-enhancing technique called identity separation. The latter allows creating seemingly unrelated identities in parallel, even without the consent of the service provider or other users. It has been shown that identity separation can be used efficiently against re-identification attacks if user cooperate with each other. However, while participation would be crucial, this cannot be granted in a real-life scenario. Therefore, we introduce the y-identity model, in which the user creates multiple separated identities and assigns the sensitive attribute to one of them according to a given strategy. For this, we propose a strategy to be used in real-life situations and formally prove that there is a higher bound for the expected privacy loss which is sufficiently low.


Anonymity Privacy Social networks Re-identification Identity separation 



The authors would like to thank Levente Buttyán, István Vajda and Benedek Simon for the fruitful conversations. We are very grateful for Márk Félegyházi and Tamás Holczer for reviewing draft versions of this paper and for engaging us in meaningful discussions. We would like to also thank the useful comments and suggestions of Gergely Biczók and also for reviewing the y-identity model in details. The authors are thankful for the comments and suggestions provided by the members of the CrySyS reading group.


  1. 1.
    Aggarwal, C.C.: On k-anonymity and the curse of dimensionality. In: Proceedings of the 31st International Conference on Very Large Data Bases, VLDB ’05, pp. 901–909. VLDB Endowment (2005).
  2. 2.
    Assam, R., Hassani, M., Brysch, M., Seidl, T.: (k, d)-core anonymity: structural anonymization of massive networks. In: Proceedings of the 26th International Conference on Scientific and Statistical Database Management, SSDBM ’14, pp. 17:1–17:12. ACM, New York (2014).
  3. 3.
    Backstrom, L., Dwork, C., Kleinberg, J.: Wherefore art thou r3579x?: anonymized social networks, hidden patterns, and structural steganography. In: Proceedings of the 16th International Conference on World Wide Web, pp. 181–190. ACM, New York (2007).
  4. 4.
    Bartunov, S., Korshunov, A., Park, S.T., Ryu, W., Lee, H.: Joint link-attribute user identity resolution in online social networks. In: Proceedings of the sixth Workshop on Social Network Mining and Analysis (2012)Google Scholar
  5. 5.
    Beato, F., Conti, M., Preneel, B.: Friend in the middle (fim): tackling de-anonymization in social networks. In: 2013 IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOM Workshops), pp. 279–284 (2013).
  6. 6.
    Beato, F., Kohlweiss, M., Wouters, K.: Scramble! your social network data. In: Fischer-Hbner, S., Hopper, N. (eds.) Privacy Enhancing Technologies. Lecture Notes in Computer Science, vol. 6794, pp. 211–225. Springer, Berlin (2011). CrossRefGoogle Scholar
  7. 7.
    Benedek, S., Gulyás, G.G., Imre, S.: Analysis of grasshopper, a novel social network de-anonymization algorithm. Period. Polytech. Electr. Eng. Comput. Sci. 58(4), 161–173 (2014)CrossRefGoogle Scholar
  8. 8.
    Cecaj, A., Mamei, M., Bicocchi, N.: Re-identification of anonymized cdr datasets using social network data. In: 2014 IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOM Workshops), pp. 237–242 (2014).
  9. 9.
    Chen, D., Hu, B., Xie, S.: De-anonymizing social networks. Stanford University, Technical Report (2012)Google Scholar
  10. 10.
    Cheng, J., Fu, A.W.c., Liu, J.: K-isomorphism: privacy preserving network publication against structural attacks. In: Proceedings of the 2010 ACM SIGMOD International Conference on Management of Data, SIGMOD ’10, pp. 459–470. ACM, New York (2010).
  11. 11.
    Clauß, S., Kesdogan, D., Kölsch, T.: Privacy enhancing identity management: protection against re-identification and profiling. In: Proceedings of the 2005 workshop on Digital identity management, DIM ’05, pp. 84–93. ACM, New York (2005).
  12. 12.
    Cutillo, L.A., Molva, R., Strufe, T.: Safebook: a privacy-preserving online social network leveraging on real-life trust. IEEE Commun. Mag. 47(12), 94–101 (2009). CrossRefGoogle Scholar
  13. 13.
    Goga, O., Lei, H., Parthasarathi, S.H.K., Friedland, G., Sommer, R., Teixeira, R.: Exploiting innocuous activity for correlating users across sites. In: Proceedings of the 22nd International Conference on World Wide Web, WWW ’13, pp. 447–458. International World Wide Web Conferences Steering Committee, Republic and Canton of Geneva, Switzerland (2013). URL
  14. 14.
    Gulyás, G.G., Imre, S.: Analysis of identity separation against a passive clique-based de-anonymization attack. Infocommun. J. 4(3), 11–20 (2011)Google Scholar
  15. 15.
    Gulyás, G.G., Imre, S.: Measuring local topological anonymity in social networks. In: 2012 IEEE 12th International Conference on Data Mining Workshops (ICDMW), pp. 563–570 (2012).
  16. 16.
    Gulyás, G.G., Imre, S.: Hiding information in social networks from de-anonymization attacks by using identity separation. In: Decker, B., Dittmann, J., Kraetzer, C., Vielhauer, C. (eds.) Communications and Multimedia Security. Lecture Notes in Computer Science, vol. 8099, pp. 173–184. Springer, Berlin (2013). CrossRefGoogle Scholar
  17. 17.
    Gulyás, G.G., Imre, S.: Measuring importance of seeding for structural de-anonymization attacks in social networks. In: 2014 IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOM Workshops), pp. 610–615 (2014).
  18. 18.
    Gulyás, G.G., Imre, S.: Using identity separation against de-anonymization of social networks. J. Trans. Data Priv. 8(2), 113–140 (2015)Google Scholar
  19. 19.
    Gulyás, G.G., Schulcz, R., Imre, S.: Comprehensive analysis of web privacy and anonymous web browsers: are next generation services based on collaborative filtering? In: Capra, L., Wakeman, I., Foukia, N., Marsh, S. (eds.) Proceedings of the Joint SPACE and TIME Workshops 2008. CEUR Workshop Proceedings (2008)Google Scholar
  20. 20.
    Gulyás, G.G., Schulcz, R., Imre, S.: Modeling role-based privacy in social networking services. In: Third International Conference on Emerging Security Information, Systems and Technologies, 2009. SECURWARE ’09., pp. 173–178 (2009).
  21. 21.
    Gulyás, G.G., Schulcz, R., Imre, S.: Separating private and business identities. Digit. Identity Access Manag. Technol. Framew. Technol. Framew. (2012).
  22. 22.
    Jain, P., Kumaraguru, P., Joshi, A.: @i seek ’’: identifying users across multiple online social networks. In: Proceedings of the 22nd International Conference on World Wide Web companion, WWW ’13 Companion, pp. 1259–1268. International World Wide Web Conferences Steering Committee, Republic and Canton of Geneva, Switzerland (2013).
  23. 23.
    Ji, S., Li, W., He, J., Srivatsa, M., Beyah, R.: Poster: optimization based data de-anonymization. In: Poster Presented at the 35th IEEE Symposium on Security and Privacy, May 18–21, San Jose (2014)Google Scholar
  24. 24.
    Ji, S., Li, W., Mittal, P., Hu, X., Beyah, R.: Secgraph: A uniform and open-source evaluation system for graph data anonymization and de-anonymization. In: Proceedings of the 24th USENIX Conference on Security Symposium, SEC’15, pp. 303–318. USENIX Association, Berkeley, CA, USA (2015).
  25. 25.
    Ji, S., Li, W., Srivatsa, M., Beyah, R.: Structural data de-anonymization: Quantification, practice, and implications. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS ’14, pp. 1040–1053. ACM, New York (2014).
  26. 26.
    Ji, S., Li, W., Srivatsa, M., He, J.S., Beyah, R.: Structure Based Data De-anonymization of Social Networks and Mobility Traces. In: Information Security: 17th International Conference, ISC 2014, Hong Kong, China, October 12–14, 2014. Proceedings, chap. , pp. 237–254. Springer, Cham (2014).
  27. 27.
    Korula, N., Lattanzi, S.: An efficient reconciliation algorithm for social networks. Proc. VLDB Endow. 7(5), 377–388 (2014). CrossRefGoogle Scholar
  28. 28.
    Li, N., Li, T., Venkatasubramanian, S.: t-closeness: privacy beyond k-anonymity and l-diversity. In: ICDE (2007)Google Scholar
  29. 29.
    Narayanan, A., Shi, E., Rubinstein, B.I.P.: Link prediction by de-anonymization: how we won the kaggle social network challenge. In: The 2011 International Joint Conference on Neural Networks, pp. 1825–1834 (2011)Google Scholar
  30. 30.
    Narayanan, A., Shmatikov, V.: De-anonymizing social networks. In: 2009 30th IEEE Symposium on Security and Privacy, pp. 173–187 (2009).
  31. 31.
    Nilizadeh, S., Kapadia, A., Ahn, Y.Y.: Community-enhanced de-anonymization of online social networks. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS ’14, pp. 537–548. ACM, New York (2014).
  32. 32.
    Osborne, M.J., Rubinstein, A.: A Course in Game Theory. MIT press, Cambridge (1994)zbMATHGoogle Scholar
  33. 33.
    Parker, J.: What nsa’s prism means for social media users. Accessed 26 May 2014
  34. 34.
    Pedarsani, P., Figueiredo, D.R., Grossglauser, M.: A Bayesian method for matching two similar graphs without seeds. In: 2013 51st Annual Allerton Conference on Communication, Control, and Computing (Allerton), pp. 1598–1607 (2013).
  35. 35.
    Peng, W., Li, F., Zou, X., Wu, J.: Seed and grow: an attack against anonymized social networks. In: 2012 9th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks (SECON), pp. 587–595 (2012).
  36. 36.
    Pham, H., Shahabi, C., Liu, Y.: Ebm: an entropy-based model to infer social strength from spatiotemporal data. In: Proceedings of the 2013 International Conference on Management of data, pp. 265–276. ACM (2013)Google Scholar
  37. 37.
    Stanford Network Analysis Platform (snap). Accessed 22 Apr 2014
  38. 38.
    Srivatsa, M., Hicks, M.: Deanonymizing mobility traces: using social network as a side-channel. In: Proceedings of the 2012 ACM conference on Computer and communications security, CCS ’12, pp. 628–637. ACM, New York (2012).
  39. 39.
    Sweeney, L.: Uniqueness of simple demographics in the us population. Technical Report, Carnegie Mellon University (2000)Google Scholar
  40. 40.
    Sweeney, L.: K-anonymity: a model for protecting privacy. Int. J. Uncertain. Fuzziness Knowl. Based Syst. 10(5), 557–570 (2002). MathSciNetCrossRefzbMATHGoogle Scholar
  41. 41.
  42. 42.
    Yartseva, L., Grossglauser, M.: On the performance of percolation graph matching. In: Proceedings of the First ACM Conference on Online Social Networks, COSN ’13, pp. 119–130. ACM, New York (2013).
  43. 43.
    Zou, L., Chen, L., Özsu, M.T.: K-automorphism: a general framework for privacy preserving network publication. Proc. VLDB Endow. 2(1), 946–957 (2009). CrossRefGoogle Scholar

Copyright information

© Springer-Verlag GmbH Germany, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Privatics TeamINRIAMontbonnotFrance
  2. 2.Mobile Communications and Quantum Technologies Laboratory (MCL), Department of Networked Systems and ServicesBMEBudapestHungary

Personalised recommendations