Challenging Differential Privacy:The Case of Non-interactive Mechanisms

  • Raghavendran Balu
  • Teddy Furon
  • Sébastien Gambs
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8713)

Abstract

In this paper, we consider personalized recommendation systems in which before publication, the profile of a user is sanitized by a non-interactive mechanism compliant with the concept of differential privacy. We consider two existing schemes offering a differentially private representation of profiles: BLIP (BLoom-and-flIP) and JLT (Johnson-Lindenstrauss Transform). For assessing their security levels, we play the role of an adversary aiming at reconstructing a user profile. We compare two inference attacks, namely single and joint decoding. The first one decides of the presence of a single item in the profile, and sequentially explores all the item set. The latter strategy decides whether a subset of items is likely to be the user profile, and considers all the possible subsets. Our contributions are a theoretical analysis as well as a practical implementation of both attacks, which were evaluated on datasets of real user profiles. The results obtained clearly demonstrates that joint decoding is the most powerful attack, while also giving useful insights on how to set the differential privacy parameter ε.

Keywords

Differential privacy Joint decoding 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Dwork, C.: Differential privacy. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006, Part II. LNCS, vol. 4052, pp. 1–12. Springer, Heidelberg (2006)Google Scholar
  2. 2.
    Alaggan, M., Gambs, S., Kermarrec, A.-M.: BLIP: Non-interactive Differentially-Private Similarity Computation on Bloom Filters. In: Richa, A.W., Scheideler, C. (eds.) SSS 2012. LNCS, vol. 7596, pp. 202–216. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  3. 3.
    Kenthapadi, K., Korolova, A., Mironov, I., Mishra, N.: Privacy via the johnson-lindenstrauss transform. arXiv preprint arXiv:1204.2606 (2012)Google Scholar
  4. 4.
    Liu, K., Giannella, C., Kargupta, H.: A survey of attack techniques on privacy-preserving data perturbation methods. In: Privacy-Preserving Data Mining. Advances in Database Systems, vol. 34, pp. 359–381. Springer (2008)Google Scholar
  5. 5.
    Chen, K., Liu, L.: A survey of multiplicative perturbation for privacy-preserving data mining. In: Privacy-Preserving Data Mining, pp. 157–181. Springer (2008)Google Scholar
  6. 6.
    Guo, S., Wu, X.: On the use of spectral filtering for privacy preserving data mining. In: ACM Symp. on Applied Computing, pp. 622–626 (2006)Google Scholar
  7. 7.
    Huang, Z., Du, W., Chen, B.: Deriving private information from randomized data. In: ACM SIGMOD Int. Conf. on Management of Data, pp. 37–48. ACM (2005)Google Scholar
  8. 8.
    Guo, S., Wu, X.: Deriving private information from arbitrarily projected data. In: Zhou, Z.-H., Li, H., Yang, Q. (eds.) PAKDD 2007. LNCS (LNAI), vol. 4426, pp. 84–95. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  9. 9.
    Agrawal, D., Aggarwal, C.C.: On the design and quantification of privacy preserving data mining algorithms. In: 20th ACM SIGMOD-SIGACT-SIGART Symp. on Principles of Database Systems, pp. 247–255 (2001)Google Scholar
  10. 10.
    Diaconis, P., Sturmfels, B.: Algebraic algorithms for sampling from conditional distributions. The Annals of Statistics 26(1), 363–397 (1998)CrossRefMATHMathSciNetGoogle Scholar
  11. 11.
    Dobra, A.: Measuring the disclosure risk for multi-way tables with fixed marginals corresponding to decomposable log-linear models. Technical report (2000)Google Scholar
  12. 12.
    Williams, O., McSherry, F.: Probabilistic inference and differential privacy. In: Advances in Neural Information Processing Systems, pp. 2451–2459 (2010)Google Scholar
  13. 13.
    Dwork, C., McSherry, F., Nissim, K., Smith, A.: Calibrating noise to sensitivity in private data analysis. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 265–284. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  14. 14.
    Dwork, C., Kenthapadi, K., McSherry, F., Mironov, I., Naor, M.: Our data, ourselves: Privacy via distributed noise generation. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 486–503. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  15. 15.
    McSherry, F., Talwar, K.: Mechanism design via differential privacy. In: IEEE Symposium on Foundations of Computer Science, pp. 94–103 (2007)Google Scholar
  16. 16.
    Beimel, A., Nissim, K., Omri, E.: Distributed private data analysis: Simultaneously solving how and what. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 451–468. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  17. 17.
    Li, Y.D., Zhang, Z., Winslett, M., Yang, Y.: Compressive mechanism: utilizing sparse representation in differential privacy. CoRR abs/1107.3350 (2011)Google Scholar
  18. 18.
    Moulin, P.: Universal fingerprinting: capacity and random-coding exponents. arXiv:0801.3837 (January 2008)Google Scholar
  19. 19.
    Knill, E., Schliep, A., Torney, D.C.: Interpretation of pooling experiments using the Markov chain Monte Carlo method. J. Comput. Biol. 3(3), 395–406 (1996)CrossRefGoogle Scholar
  20. 20.
    Furon, T., Guyader, A., Cerou, F.: Decoding fingerprints using the Markov Chain Monte Carlo method. In: IEEE Int. Work. on Information Forensics and Security (WIFS), pp. 187–192 (2012)Google Scholar
  21. 21.
    Sejdinovic, D., Johnson, O.: Note on noisy group testing: asymptotic bounds and belief propagation reconstruction. In: Proc. 48th Allerton Conf. on Commun., Control and Computing, Monticello, IL, USA (October 2010) arXiv:1010.2441v1Google Scholar
  22. 22.
    Meerwald, P., Furon, T.: Toward practical joint decoding of binary Tardos fingerprinting codes. IEEE Trans. on Inf. Forensics and Security 7(4), 1168–1180 (2012)CrossRefGoogle Scholar
  23. 23.
    Robert, C., Casella, G.: Monte Carlo statistical methods. Springer (2004)Google Scholar
  24. 24.
    Lee, J., Clifton, C.: How much is enough? Choosing ε for differential privacy. In: Lai, X., Zhou, J., Li, H. (eds.) ISC 2011. LNCS, vol. 7001, pp. 325–340. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  25. 25.
    Alvim, M.S., Andrés, M.E., Chatzikokolakis, K., Palamidessi, C.: On the relation between differential privacy and quantitative information flow. In: Aceto, L., Henzinger, M., Sgall, J. (eds.) ICALP 2011, Part II. LNCS, vol. 6756, pp. 60–76. Springer, Heidelberg (2011)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Raghavendran Balu
    • 1
  • Teddy Furon
    • 1
  • Sébastien Gambs
    • 1
    • 2
  1. 1.Inria Rennes Bretagne-AtlantiqueFrance
  2. 2.Université de Rennes 1 / IRISAFrance

Personalised recommendations