Advertisement

Distributed and Parallel Databases

, Volume 32, Issue 2, pp 191–244 | Cite as

MET𝔸P: revisiting Privacy-Preserving Data Publishing using secure devices

  • Tristan Allard
  • Benjamin Nguyen
  • Philippe Pucheral
Article

Abstract

The goal of Privacy-Preserving Data Publishing (PPDP) is to generate a sanitized (i.e. harmless) view of sensitive personal data (e.g. a health survey), to be released to some agencies or simply the public. However, traditional PPDP practices all make the assumption that the process is run on a trusted central server. In this article, we argue that the trust assumption on the central server is far too strong. We propose Met 𝔸P, a generic fully distributed protocol, to execute various forms of PPDP algorithms on an asymmetric architecture composed of low power secure devices and a powerful but untrusted infrastructure. We show that this protocol is both correct and secure against honest-but-curious or malicious adversaries. Finally, we provide an experimental validation showing that this protocol can support PPDP processes scaling up to nation-wide surveys.

Keywords

Privacy-Preserving Data Publishing Sanitization Anonymization Secure device Privacy 

References

  1. 1.
    Agrawal, S., Haritsa, J.R.: A framework for high-accuracy privacy-preserving mining. In: Proceedings of the 21st International Conference on Data Engineering, ICDE’05, pp. 193–204. IEEE Comput. Soc., Washington (2005) Google Scholar
  2. 2.
    Allard, T.: Sanitizing microdata without leak: a decentralized approach. Ph.D. thesis, University of Versailles (2011) Google Scholar
  3. 3.
    Allard, T., Anciaux, N., Bouganim, L., Guo, Y., Le Folgoc, L., Nguyen, B., Pucheral, P., Ray, I., Ray, I., Yin, S.: Secure personal data servers: a vision paper. Proc. VLDB Endow. 3, 25–35 (2010) Google Scholar
  4. 4.
    Allard, T., Nguyen, B., Pucheral, P.: Safe realization of the generalization privacy mechanism. In: Proceedings of the 9th International Conference on Privacy Security and Trust, PST’11, pp. 16–23 (2011) Google Scholar
  5. 5.
    Allard, T., Nguyen, B., Pucheral, P.: Sanitizing microdata without leak: combining preventive and curative actions. In: Proceedings of the 7th International Conference on Information Security Practice and Experience, ISPEC’11, pp. 333–342. Springer, Berlin (2011) CrossRefGoogle Scholar
  6. 6.
    Anciaux, N., Bouganim, L., Guo, Y., Pucheral, P., Vandewalle, J.-J., Yin, S.: Pluggable personal data servers. In: Proceedings of the 2010 International Conference on Management of Data, SIGMOD’10, pp. 1235–1238. ACM, New York (2010) Google Scholar
  7. 7.
    Bajaj, S., Sion, R.: Trusteddb: a trusted hardware based database with privacy and data confidentiality. In: Proceedings of the 2011 ACM SIGMOD International Conference on Management of Data, SIGMOD’11, pp. 205–216. ACM, New York (2011) CrossRefGoogle Scholar
  8. 8.
    Barnett, V., Lewis, T.: Outliers in Statistical Data, 3rd edn. Wiley, New York (1994) zbMATHGoogle Scholar
  9. 9.
    Blum, A., Dwork, C., McSherry, F., Nissim, K.: Practical privacy: the SuLQ framework. In: Proceedings of the Twenty-Fourth ACM SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems, PODS’05, pp. 128–138. ACM, New York (2005) CrossRefGoogle Scholar
  10. 10.
    Boldyreva, A., Chenette, N., O’Neill, A.: Order-preserving encryption revisited: improved security analysis and alternative solutions. In: Proceedings of the 31st Annual Conference on Advances in Cryptology, CRYPTO’11, pp. 578–595. Springer, Berlin (2011) Google Scholar
  11. 11.
    Cao, J., Karras, P., Kalnis, P., Tan, K.-L.: SABRE: a Sensitive Attribute Bucketization and REdistribution framework for t-closeness. VLDB J. 20, 59–81 (2011) CrossRefGoogle Scholar
  12. 12.
    Chan, H., Hsiao, H.-C., Perrig, A., Song, D.: Secure distributed data aggregation. Found. Trends Databases 3(3), 149–201 (2011) CrossRefzbMATHGoogle Scholar
  13. 13.
    Chen, B.-C., Kifer, D., LeFevre, K., Machanavajjhala, A.: Privacy-preserving data publishing. Found. Trends Databases 2(1–2), 1–167 (2009) CrossRefGoogle Scholar
  14. 14.
    Cormode, G.: Personal privacy vs population privacy: learning to attack anonymization. In: Proceedings of the 17th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, KDD’11, pp. 1253–1261. ACM, New York (2011) Google Scholar
  15. 15.
    Dwork, C.: Differential privacy. In: Proceeding of the 39th International Colloquium on Automata, Languages and Programming. Lecture Notes in Computer Science, vol. 4052, pp. 1–12. Springer, Berlin (2006) CrossRefGoogle Scholar
  16. 16.
    Eurosmart: Smart USB token (white paper). Eurosmart (2008) Google Scholar
  17. 17.
    Fischlin, M., Pinkas, B., Sadeghi, A.-R., Schneider, T., Visconti, I.: Secure set intersection with untrusted hardware tokens. In: Proceedings of the 11th International Conference on Topics in Cryptology: CT-RSA 2011, CT-RSA’11, pp. 1–16. Springer, Berlin (2011) CrossRefGoogle Scholar
  18. 18.
    Fung, B.C.M., Wang, K., Chen, R., Yu, P.S.: Privacy-preserving data publishing: a survey of recent developments. ACM Comput. Surv. 42, 14 (2010) CrossRefGoogle Scholar
  19. 19.
    Ghinita, G., Karras, P., Kalnis, P., Mamoulis, N.: Fast data anonymization with low information loss. In: Proceedings of the 33rd International Conference on Very Large Data Bases, VLDB’07, pp. 758–769 (2007). VLDB Endowment Google Scholar
  20. 20.
    Giesecke & Devrient. Portable security token. http://www.gd-sfs.com/portable-security-token. Accessed 27 June 2012
  21. 21.
    Goldreich, O.: Foundations of cryptography: a primer. Found. Trends Theor. Comput. Sci. 1(1), 1–116 (2005) CrossRefMathSciNetGoogle Scholar
  22. 22.
    Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game. In: Proceedings of the Nineteenth Annual ACM Symposium on Theory of Computing, STOC’87, pp. 218–229. ACM, New York (1987) Google Scholar
  23. 23.
    Gordon, L.A., Loeb, M.P., Lucyshin, W., Richardson, R.: 2006 CSI/FBI Computer Crime and Security Survey. Computer Security Institute, Hudson (2006) Google Scholar
  24. 24.
    Goyal, V., Ishai, Y., Mahmoody, M., Sahai, A.: Interactive locking, zero-knowledge PCPs, and unconditional cryptography. In: Rabin, T. (ed.) Advances in Cryptology—CRYPTO 2010. Lecture Notes in Computer Science, vol. 6223, pp. 173–190. Springer, Berlin (2010) CrossRefGoogle Scholar
  25. 25.
    Goyal, V., Ishai, Y., Sahai, A., Venkatesan, R., Wadia, A.: Founding cryptography on tamper-proof hardware tokens. In: Micciancio, D. (ed.) Theory of Cryptography. Lecture Notes in Computer Science, vol. 5978, pp. 308–326. Springer, Berlin (2010) CrossRefGoogle Scholar
  26. 26.
    Hacigümüş, H., Iyer, B., Li, C., Mehrotra, S.: Executing SQL over encrypted data in the database-service-provider model. In: Proceedings of the 2002 ACM SIGMOD International Conference on Management of Data, SIGMOD’02, pp. 216–227. ACM, New York (2002) CrossRefGoogle Scholar
  27. 27.
    Hazay, C., Lindell, Y.: Constructions of truly practical secure protocols using standard smartcards. In: Proceedings of the 15th ACM Conference on Computer and Communications Security, CCS’08, pp. 491–500. ACM, New York (2008) CrossRefGoogle Scholar
  28. 28.
    IDC. IDC defines the personal portable security device market. http://tinyurl.com/IDC-PPSD. Accessed 27 June 2012
  29. 29.
    Järvinen, K., Kolesnikov, V., Sadeghi, A.-R., Schneider, T.: Embedded SFE: offloading server and network using hardware tokens. In: Proceedings of the 14th International Conference on Financial Cryptography and Data Security, FC’10, pp. 207–221. Springer, Berlin (2010) CrossRefGoogle Scholar
  30. 30.
    Jiang, W., Clifton, C.: A secure distributed framework for achieving k-anonymity. VLDB J. 15, 316–333 (2006) CrossRefGoogle Scholar
  31. 31.
    Jurczyk, P., Xiong, L.: Distributed anonymization: achieving privacy for both data subjects and data providers. In: IFIP WG 11.3 Working Conference on Data and Applications Security, pp. 191–207. Springer, Berlin (2009) Google Scholar
  32. 32.
    Katz, J.: Universally composable multi-party computation using tamper-proof hardware. In: Proceedings of the 26th Annual International Conference on Advances in Cryptology, EUROCRYPT’07, pp. 115–128. Springer, Berlin (2007) Google Scholar
  33. 33.
    Kifer, D.: Attacks on privacy and deFinetti’s theorem. In: Proceedings of the 35th SIGMOD International Conference on Management of Data, SIGMOD’09, pp. 127–138. ACM, New York (2009) CrossRefGoogle Scholar
  34. 34.
    Kifer, D., Lin, B.-R.: Towards an axiomatization of statistical privacy and utility. In: Proceedings of the Twenty-Ninth ACM SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems, PODS’10, pp. 147–158. ACM, New York (2010) CrossRefGoogle Scholar
  35. 35.
    Kifer, D., Machanavajjhala, A.: No free lunch in data privacy. In: Proceedings of the 2011 International Conference on Management of Data, SIGMOD’11, pp. 193–204. ACM, New York (2011) Google Scholar
  36. 36.
    Kifer, D., Machanavajjhala, A.: A rigorous and customizable framework for privacy. In: Proceedings of the 31st Symposium on Principles of Database Systems, PODS’12, pp. 77–88. ACM, New York (2012) CrossRefGoogle Scholar
  37. 37.
    LeFevre, K., DeWitt, D.J., Ramakrishnan, R.: Mondrian multidimensional k-anonymity. In: Proceedings of the 22nd International Conference on Data Engineering, ICDE’06, p. 25. IEEE Comput. Soc., Washington (2006) Google Scholar
  38. 38.
    Li, N., Li, T., Venkatasubramanian, S.: t-closeness: privacy beyond k-anonymity and l-diversity. In: Proceedings of the 23rd IEEE International Conference on Data Engineering, ICDE’07, pp. 106–115 (2007) Google Scholar
  39. 39.
    Machanavajjhala, A., Gehrke, J., Kifer, D., Venkitasubramaniam, M.: l-diversity: privacy beyond k-anonymity. In: Proceedings of the 22nd International Conference on Data Engineering, ICDE’06, p. 24. IEEE Comput. Soc., Washington (2006) Google Scholar
  40. 40.
    Machanavajjhala, A., Gehrke, J., Götz, M.: Data publishing against realistic adversaries. Proc. VLDB Endow. 2(1), 790–801 (2009) Google Scholar
  41. 41.
    Meyerson, A., Williams, R.: On the complexity of optimal k-anonymity. In: Proceedings of the Twenty-Third ACM SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems, PODS’04, pp. 223–228. ACM, New York (2004) CrossRefGoogle Scholar
  42. 42.
    Mohammed, N., Fung, B.C.M., Wang, K., Hung, P.C.K.: Privacy-preserving data mashup. In: Proceedings of the 12th International Conference on Extending Database Technology: Advances in Database Technology, EDBT’09, pp. 228–239. ACM, New York (2009) CrossRefGoogle Scholar
  43. 43.
    Mohammed, N., Fung, B.C.M., Hung, P.C.K., Lee, C.-K.: Centralized and distributed anonymization for high-dimensional healthcare data. ACM Trans. Knowl. Discov. Data 4, 18 (2010) CrossRefGoogle Scholar
  44. 44.
    Mohammed, N., Chen, R., Fung, B.C., Yu, P.S.: Differentially private data release for data mining. In: Proceedings of the 17th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, KDD’11, pp. 493–501. ACM, New York (2011) Google Scholar
  45. 45.
    Pandey, O., Rouselakis, Y.: Property preserving symmetric encryption. In: Proceedings of the 31st Annual International Conference on Theory and Applications of Cryptographic Techniques, EUROCRYPT’12, pp. 375–391. Springer, Berlin (2012) Google Scholar
  46. 46.
    Rastogi, V., Suciu, D., Hong, S.: The boundary between privacy and utility in data anonymization. CoRR (2006). arXiv:cs/0612103
  47. 47.
    Rastogi, V., Suciu, D., Hong, S.: The boundary between privacy and utility in data publishing. In: Proceedings of the 33rd International Conference on Very Large Data Bases, VLDB’07, pp. 531–542 (2007). VLDB Endowment Google Scholar
  48. 48.
    Sweeney, L.: k-anonymity: a model for protecting privacy. Int. J. Uncertain. Fuzziness Knowl.-Based Syst. 10(5), 557–570 (2002) CrossRefzbMATHMathSciNetGoogle Scholar
  49. 49.
    Xiao, X., Tao, Y.: Anatomy: simple and effective privacy preservation. In: Proceedings of the 32nd International Conference on Very Large Data Bases, VLDB’06, pp. 139–150 (2006). VLDB Endowment Google Scholar
  50. 50.
    Xue, M., Papadimitriou, P., Raïssi, C., Kalnis, P., Pung, H.K.: Distributed privacy preserving data collection. In: Proceedings of the 16th International Conference on Database Systems for Advanced Applications—Volume Part I, DASFAA’11, pp. 93–107. Springer, Berlin (2011) Google Scholar
  51. 51.
    Yao, A.C.: Protocols for secure computations. In: Proceedings of the 23rd Annual Symposium on Foundations of Computer Science, SFCS’82, pp. 160–164. IEEE Comput. Soc., Washington (1982) Google Scholar
  52. 52.
    Zhang, N., Zhao, W.: Distributed privacy preserving information sharing. In: Proceedings of the 31st International Conference on Very Large Data Bases, VLDB’05, pp. 889–900 (2005). VLDB Endowment Google Scholar
  53. 53.
    Zhong, S., Yang, Z., Wright, R.N.: Privacy-enhancing k-anonymization of customer data. In: Proceedings of the Twenty-Fourth ACM SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems, PODS’05, pp. 139–147. ACM, New York (2005) CrossRefGoogle Scholar
  54. 54.
    Zhong, S., Yang, Z., Chen, T.: k-anonymous data collection. Inf. Sci. 179, 2948–2963 (2009) CrossRefzbMATHMathSciNetGoogle Scholar

Copyright information

© Springer Science+Business Media New York 2013

Authors and Affiliations

  • Tristan Allard
    • 1
  • Benjamin Nguyen
    • 2
    • 3
  • Philippe Pucheral
    • 2
    • 3
  1. 1.Distributed Systems LaboratoryUniv. Politécnica de MadridMadridSpain
  2. 2.SMIS ProjectINRIA RocquencourtLe ChesnayFrance
  3. 3.PRISM LaboratoryUniv. Versailles-St-QuentinVersaillesFrance

Personalised recommendations