Discrimination rate: an attribute-centric metric to measure privacy

Abstract

As far as we know, there is no good privacy metric for quantifying how privacy-efficient an anonymity system is. This paper discusses first the features needed for defining such a metric and proposes a new metric based on information theory and named DR for Discrimination Rate. The DR is the first metric enabling some fine-grained measurements down to the attribute level to quantify the attribute identification capacity with a score scaling from 0 to 1 for any given anonymity system. The DR can be easily applied in practice, thanks to the algorithms provided in the paper. The DR measurement onto attributes enables to reflect the attacker’s capacity, and to evaluate how much the attribute is able to refine the anonymity set. The formalization brought by the DR permits to give more accurate definitions of identifiers and to introduce new notions like sketchy-identifiers, zero-identifiers, and partial-identifiers. Finally, the usefulness and practical dimensions of the DR are illustrated through evaluation and comparison of the k-anonymity and l-diversity mechanisms over a dataset.

This is a preview of subscription content, access via your institution.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Notes

  1. 1.

    Location service: service delivered through mobile platforms and based on location data.

  2. 2.

    d.r.v.: discrete random variable.

References

  1. 1.

    Chabridon S, Laborde R, Desprats T, Oglaza A, Marie P, Marquez SM (2014) A survey on addressing privacy together with quality of context for context management in the internet of things. Ann Telecommun 69 (1-2):47–62

    Article  Google Scholar 

  2. 2.

    Chokkathukalam A, Jankevics A, Creek DJ, Achcar F, Barrett MP, Breitling R (2013) mzMatch–ISO: an R tool for the annotation and relative quantification of isotope-labelled mass spectrometry data. Bioinformatics 29(2):281–283

    Article  Google Scholar 

  3. 3.

    Diaz C, Seys S, Claessens J, Preneel B (2003) Towards measuring anonymity. In: Privacy enhancing technologies. Springer, pp 54–68

  4. 4.

    Diaz C, Troncoso C, Danezis G (2007) Does additional information always reduce anonymity?. In: Proceedings of the 2007 ACM workshop on privacy in electronic society. ACM, pp 72–75

  5. 5.

    Domingo-Ferrer J, Torra V (2008) A critique of k-anonymity and some of its enhancements. In: Third international conference on availability, reliability and security ARES 08, p 2008

  6. 6.

    Ghinita G, Kalnis P, Skiadopoulos S (2007) PRIVE: anonymous location-based queries in distributed mobile systems. In: Proceedings of the 16th international conference on World Wide Web. ACM, pp 371–380

  7. 7.

    Gruteser M, Grunwald D (2003) Anonymous usage of location-based services through spatial and temporal cloaking. In: Proceedings of the 1st international conference on mobile systems, applications and services. ACM, pp 31–42

  8. 8.

    Kolmogorov A (1956) On the shannon theory of information transmission in the case of continuous signals. IRE Trans Inf Theory 4(2):102–108

    Article  Google Scholar 

  9. 9.

    Li N, Li T, Venkatasubramanian S (2007) T-closeness: privacy beyond k-anonymity and l-diversity. In: ICDE 2007. IEEE 23rd International conference on data engineering, 2007. IEEE, pp 106–115

  10. 10.

    Machanavajjhala A, Kifer D, Gehrke J, Venkitasubramaniam M (2007) l-diversity: privacy beyond k-anonymity. ACM Trans Knowl Discov Data (TKDD) 1(1):3

    Article  Google Scholar 

  11. 11.

    Pfitzmann A, Hansen M (2010) A terminology for talking about privacy by data minimization: anonymity, unlinkability, undetectability, unobservability, pseudonymity and identity management

  12. 12.

    Polonetsky J, Tene O, Jerome J (2014) Benefit-risk analysis for big data projects. In: Future of privacy forum

  13. 13.

    Reiter MK, Rubin AD (1998) Crowds: anonymity for web transactions. ACM Trans Inf Syst Secur (TISSEC) 1(1):66–92

    Article  Google Scholar 

  14. 14.

    Samarati P, Sweeney L (1998) Protecting privacy when disclosing information: k-anonymity and its enforcement through generalization and suppression. Technical report, SRI International

  15. 15.

    Serjantov A, Danezis G (2002) Towards an information theoretic metric for anonymity. In: Privacy enhancing technologies. Springer, pp 41–53

  16. 16.

    Shin KG, Ju X, Chen Z, Hu X (2012) Privacy protection for users of location-based services. IEEE Wirel Commun 19(1):30–39

    Article  Google Scholar 

  17. 17.

    Shin KG, Ju X, Chen Z, Hu X (2012) Privacy protection for users of location-based services. IEEE Wirel Commun 19(1):30–39

    Article  Google Scholar 

  18. 18.

    Singh A, Bansal D, Sofat S (2014) Privacy preserving techniques in social networks data publishing—a review. International Journal of Computer Applications, 87(15)

  19. 19.

    Tóth G, Hornák Z, Vajda F (2004) Measuring anonymity revisited. In: Proceedings of the ninth nordic workshop on secure IT systems. Espoo, Finland, pp 85–90

    Google Scholar 

  20. 20.

    Wernke M, Skvortsov P, Dürr F, Rothermel K (2014) A classification of location privacy attacks and approaches. Pers Ubiquit Comput 18(1):163–175

    Article  Google Scholar 

  21. 21.

    Willenborg L, De Waal T (2012) Elements of statistical disclosure control, volume 155 Springer Science & Business Media

Download references

Author information

Affiliations

Authors

Corresponding author

Correspondence to Louis Philippe Sondeck.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Sondeck, L.P., Laurent, M. & Frey, V. Discrimination rate: an attribute-centric metric to measure privacy. Ann. Telecommun. 72, 755–766 (2017). https://doi.org/10.1007/s12243-017-0581-8

Download citation

Keywords

  • Privacy measurement
  • Information theory
  • Discrimination Rate
  • LBS
  • K-anonymity