# MET_{đ¸}P: revisiting Privacy-Preserving Data Publishing using secure devices

- 426 Downloads
- 4 Citations

## Abstract

The goal of Privacy-Preserving Data Publishing (PPDP) is to generate a sanitized (i.e. harmless) view of sensitive personal data (e.g. a health survey), to be released to some agencies or simply the public. However, traditional PPDP practices all make the assumption that the process is run on a trusted central server. In this article, we argue that the trust assumption on the central server is far too strong. We propose Met _{đ¸}P, a generic fully distributed protocol, to execute various forms of PPDP algorithms on an asymmetric architecture composed of low power secure devices and a powerful but untrusted infrastructure. We show that this protocol is both correct and secure against *honest-but-curious* or *malicious* adversaries. Finally, we provide an experimental validation showing that this protocol can support PPDP processes scaling up to nation-wide surveys.

## Keywords

Privacy-Preserving Data PublishingÂ SanitizationÂ AnonymizationÂ Secure deviceÂ PrivacyÂ## References

- 1.Agrawal, S., Haritsa, J.R.: AÂ framework for high-accuracy privacy-preserving mining. In: Proceedings of the 21st International Conference on Data Engineering, ICDEâ05, pp.Â 193â204. IEEE Comput. Soc., Washington (2005) Google Scholar
- 2.Allard, T.: Sanitizing microdata without leak: a decentralized approach. Ph.D. thesis, University of Versailles (2011) Google Scholar
- 3.Allard, T., Anciaux, N., Bouganim, L., Guo, Y., Le Folgoc, L., Nguyen, B., Pucheral, P., Ray,Â I., Ray,Â I., Yin, S.: Secure personal data servers: a vision paper. Proc. VLDB Endow.
**3**, 25â35 (2010) Google Scholar - 4.Allard, T., Nguyen, B., Pucheral, P.: Safe realization of the generalization privacy mechanism. In: Proceedings of the 9th International Conference on Privacy Security and Trust, PSTâ11, pp.Â 16â23 (2011) Google Scholar
- 5.Allard, T., Nguyen, B., Pucheral, P.: Sanitizing microdata without leak: combining preventive and curative actions. In: Proceedings of the 7th International Conference on Information Security Practice and Experience, ISPECâ11, pp.Â 333â342. Springer, Berlin (2011) CrossRefGoogle Scholar
- 6.Anciaux, N., Bouganim, L., Guo, Y., Pucheral, P., Vandewalle, J.-J., Yin, S.: Pluggable personal data servers. In: Proceedings of the 2010 International Conference on Management of Data, SIGMODâ10, pp.Â 1235â1238. ACM, New York (2010) Google Scholar
- 7.Bajaj, S., Sion, R.: Trusteddb: a trusted hardware based database with privacy and data confidentiality. In: Proceedings of the 2011 ACM SIGMOD International Conference on Management of Data, SIGMODâ11, pp.Â 205â216. ACM, New York (2011) CrossRefGoogle Scholar
- 8.Barnett, V., Lewis, T.: Outliers in Statistical Data, 3rd edn. Wiley, New York (1994) zbMATHGoogle Scholar
- 9.Blum, A., Dwork, C., McSherry, F., Nissim, K.: Practical privacy: the SuLQ framework. In: Proceedings of the Twenty-Fourth ACM SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems, PODSâ05, pp.Â 128â138. ACM, New York (2005) CrossRefGoogle Scholar
- 10.Boldyreva, A., Chenette, N., OâNeill, A.: Order-preserving encryption revisited: improved security analysis and alternative solutions. In: Proceedings of the 31st Annual Conference on Advances in Cryptology, CRYPTOâ11, pp.Â 578â595. Springer, Berlin (2011) Google Scholar
- 11.Cao, J., Karras, P., Kalnis, P., Tan, K.-L.: SABRE: a Sensitive Attribute Bucketization and REdistribution framework for t-closeness. VLDB J.
**20**, 59â81 (2011) CrossRefGoogle Scholar - 12.Chan, H., Hsiao, H.-C., Perrig, A., Song, D.: Secure distributed data aggregation. Found. Trends Databases
**3**(3), 149â201 (2011) CrossRefzbMATHGoogle Scholar - 13.Chen, B.-C., Kifer, D., LeFevre, K., Machanavajjhala, A.: Privacy-preserving data publishing. Found. Trends Databases
**2**(1â2), 1â167 (2009) CrossRefGoogle Scholar - 14.Cormode, G.: Personal privacy vs population privacy: learning to attack anonymization. In: Proceedings of the 17th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, KDDâ11, pp.Â 1253â1261. ACM, New York (2011) Google Scholar
- 15.Dwork, C.: Differential privacy. In: Proceeding of the 39th International Colloquium on Automata, Languages and Programming. Lecture Notes in Computer Science, vol.Â 4052, pp.Â 1â12. Springer, Berlin (2006) CrossRefGoogle Scholar
- 16.Eurosmart: Smart USB token (white paper). Eurosmart (2008) Google Scholar
- 17.Fischlin, M., Pinkas, B., Sadeghi, A.-R., Schneider, T., Visconti, I.: Secure set intersection with untrusted hardware tokens. In: Proceedings of the 11th International Conference on Topics in Cryptology: CT-RSA 2011, CT-RSAâ11, pp.Â 1â16. Springer, Berlin (2011) CrossRefGoogle Scholar
- 18.Fung, B.C.M., Wang, K., Chen, R., Yu, P.S.: Privacy-preserving data publishing: a survey of recent developments. ACM Comput. Surv.
**42**, 14 (2010) CrossRefGoogle Scholar - 19.Ghinita, G., Karras, P., Kalnis, P., Mamoulis, N.: Fast data anonymization with low information loss. In: Proceedings of the 33rd International Conference on Very Large Data Bases, VLDBâ07, pp.Â 758â769 (2007). VLDB Endowment Google Scholar
- 20.Giesecke & Devrient. Portable security token. http://www.gd-sfs.com/portable-security-token. Accessed 27 June 2012
- 21.Goldreich, O.: Foundations of cryptography: a primer. Found. Trends Theor. Comput. Sci.
**1**(1), 1â116 (2005) CrossRefMathSciNetGoogle Scholar - 22.Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game. In: Proceedings of the Nineteenth Annual ACM Symposium on Theory of Computing, STOCâ87, pp.Â 218â229. ACM, New York (1987) Google Scholar
- 23.Gordon, L.A., Loeb, M.P., Lucyshin, W., Richardson, R.: 2006 CSI/FBI Computer Crime and Security Survey. Computer Security Institute, Hudson (2006) Google Scholar
- 24.Goyal, V., Ishai, Y., Mahmoody, M., Sahai, A.: Interactive locking, zero-knowledge PCPs, and unconditional cryptography. In: Rabin, T. (ed.) Advances in CryptologyâCRYPTO 2010. Lecture Notes in Computer Science, vol.Â 6223, pp.Â 173â190. Springer, Berlin (2010) CrossRefGoogle Scholar
- 25.Goyal, V., Ishai, Y., Sahai, A., Venkatesan, R., Wadia, A.: Founding cryptography on tamper-proof hardware tokens. In: Micciancio, D. (ed.) Theory of Cryptography. Lecture Notes in Computer Science, vol.Â 5978, pp.Â 308â326. Springer, Berlin (2010) CrossRefGoogle Scholar
- 26.HacigĂźmĂźĹ, H., Iyer, B., Li, C., Mehrotra, S.: Executing SQL over encrypted data in the database-service-provider model. In: Proceedings of the 2002 ACM SIGMOD International Conference on Management of Data, SIGMODâ02, pp.Â 216â227. ACM, New York (2002) CrossRefGoogle Scholar
- 27.Hazay, C., Lindell, Y.: Constructions of truly practical secure protocols using standard smartcards. In: Proceedings of the 15th ACM Conference on Computer and Communications Security, CCSâ08, pp.Â 491â500. ACM, New York (2008) CrossRefGoogle Scholar
- 28.IDC. IDC defines the personal portable security device market. http://tinyurl.com/IDC-PPSD. Accessed 27 June 2012
- 29.JĂ¤rvinen, K., Kolesnikov, V., Sadeghi, A.-R., Schneider, T.: Embedded SFE: offloading server and network using hardware tokens. In: Proceedings of the 14th International Conference on Financial Cryptography and Data Security, FCâ10, pp.Â 207â221. Springer, Berlin (2010) CrossRefGoogle Scholar
- 30.Jiang, W., Clifton, C.: AÂ secure distributed framework for achieving k-anonymity. VLDB J.
**15**, 316â333 (2006) CrossRefGoogle Scholar - 31.Jurczyk, P., Xiong, L.: Distributed anonymization: achieving privacy for both data subjects and data providers. In: IFIP WG 11.3 Working Conference on Data and Applications Security, pp.Â 191â207. Springer, Berlin (2009) Google Scholar
- 32.Katz, J.: Universally composable multi-party computation using tamper-proof hardware. In: Proceedings of the 26th Annual International Conference on Advances in Cryptology, EUROCRYPTâ07, pp.Â 115â128. Springer, Berlin (2007) Google Scholar
- 33.Kifer, D.: Attacks on privacy and deFinettiâs theorem. In: Proceedings of the 35th SIGMOD International Conference on Management of Data, SIGMODâ09, pp.Â 127â138. ACM, New York (2009) CrossRefGoogle Scholar
- 34.Kifer, D., Lin, B.-R.: Towards an axiomatization of statistical privacy and utility. In: Proceedings of the Twenty-Ninth ACM SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems, PODSâ10, pp.Â 147â158. ACM, New York (2010) CrossRefGoogle Scholar
- 35.Kifer, D., Machanavajjhala, A.: No free lunch in data privacy. In: Proceedings of the 2011 International Conference on Management of Data, SIGMODâ11, pp.Â 193â204. ACM, New York (2011) Google Scholar
- 36.Kifer, D., Machanavajjhala, A.: AÂ rigorous and customizable framework for privacy. In: Proceedings of the 31st Symposium on Principles of Database Systems, PODSâ12, pp.Â 77â88. ACM, New York (2012) CrossRefGoogle Scholar
- 37.LeFevre, K., DeWitt, D.J., Ramakrishnan, R.: Mondrian multidimensional k-anonymity. In: Proceedings of the 22nd International Conference on Data Engineering, ICDEâ06, p.Â 25. IEEE Comput. Soc., Washington (2006) Google Scholar
- 38.Li, N., Li, T., Venkatasubramanian, S.: t-closeness: privacy beyond k-anonymity and l-diversity. In: Proceedings of the 23rd IEEE International Conference on Data Engineering, ICDEâ07, pp.Â 106â115 (2007) Google Scholar
- 39.Machanavajjhala, A., Gehrke, J., Kifer, D., Venkitasubramaniam, M.: l-diversity: privacy beyond k-anonymity. In: Proceedings of the 22nd International Conference on Data Engineering, ICDEâ06, p.Â 24. IEEE Comput. Soc., Washington (2006) Google Scholar
- 40.Machanavajjhala, A., Gehrke, J., GĂśtz, M.: Data publishing against realistic adversaries. Proc. VLDB Endow.
**2**(1), 790â801 (2009) Google Scholar - 41.Meyerson, A., Williams, R.: On the complexity of optimal k-anonymity. In: Proceedings of the Twenty-Third ACM SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems, PODSâ04, pp.Â 223â228. ACM, New York (2004) CrossRefGoogle Scholar
- 42.Mohammed, N., Fung, B.C.M., Wang, K., Hung, P.C.K.: Privacy-preserving data mashup. In: Proceedings of the 12th International Conference on Extending Database Technology: Advances in Database Technology, EDBTâ09, pp.Â 228â239. ACM, New York (2009) CrossRefGoogle Scholar
- 43.Mohammed, N., Fung, B.C.M., Hung, P.C.K., Lee, C.-K.: Centralized and distributed anonymization for high-dimensional healthcare data. ACM Trans. Knowl. Discov. Data
**4**, 18 (2010) CrossRefGoogle Scholar - 44.Mohammed, N., Chen, R., Fung, B.C., Yu, P.S.: Differentially private data release for data mining. In: Proceedings of the 17th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, KDDâ11, pp.Â 493â501. ACM, New York (2011) Google Scholar
- 45.Pandey, O., Rouselakis, Y.: Property preserving symmetric encryption. In: Proceedings of the 31st Annual International Conference on Theory and Applications of Cryptographic Techniques, EUROCRYPTâ12, pp.Â 375â391. Springer, Berlin (2012) Google Scholar
- 46.Rastogi, V., Suciu, D., Hong, S.: The boundary between privacy and utility in data anonymization. CoRR (2006). arXiv:cs/0612103
- 47.Rastogi, V., Suciu, D., Hong, S.: The boundary between privacy and utility in data publishing. In: Proceedings of the 33rd International Conference on Very Large Data Bases, VLDBâ07, pp.Â 531â542 (2007). VLDB Endowment Google Scholar
- 48.Sweeney, L.: k-anonymity: a model for protecting privacy. Int. J. Uncertain. Fuzziness Knowl.-Based Syst.
**10**(5), 557â570 (2002) CrossRefzbMATHMathSciNetGoogle Scholar - 49.Xiao, X., Tao, Y.: Anatomy: simple and effective privacy preservation. In: Proceedings of the 32nd International Conference on Very Large Data Bases, VLDBâ06, pp.Â 139â150 (2006). VLDB Endowment Google Scholar
- 50.Xue, M., Papadimitriou, P., RaĂŻssi, C., Kalnis, P., Pung, H.K.: Distributed privacy preserving data collection. In: Proceedings of the 16th International Conference on Database Systems for Advanced ApplicationsâVolume PartÂ I, DASFAAâ11, pp.Â 93â107. Springer, Berlin (2011) Google Scholar
- 51.Yao, A.C.: Protocols for secure computations. In: Proceedings of the 23rd Annual Symposium on Foundations of Computer Science, SFCSâ82, pp.Â 160â164. IEEE Comput. Soc., Washington (1982) Google Scholar
- 52.Zhang, N., Zhao, W.: Distributed privacy preserving information sharing. In: Proceedings of the 31st International Conference on Very Large Data Bases, VLDBâ05, pp.Â 889â900 (2005). VLDB Endowment Google Scholar
- 53.Zhong, S., Yang, Z., Wright, R.N.: Privacy-enhancing k-anonymization of customer data. In: Proceedings of the Twenty-Fourth ACM SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems, PODSâ05, pp.Â 139â147. ACM, New York (2005) CrossRefGoogle Scholar
- 54.Zhong, S., Yang, Z., Chen, T.: k-anonymous data collection. Inf. Sci.
**179**, 2948â2963 (2009) CrossRefzbMATHMathSciNetGoogle Scholar