Abstract
Local differential privacy (LDP) has been received increasing attention as a formal privacy definition without a trusted server. In a typical LDP protocol, the clients perturb their data locally with a randomized mechanism before sending it to the server for analysis. Many studies in the literature of LDP implicitly assume that the clients honestly follow the protocol; however, two recent studies show that LDP is generally vulnerable under malicious clients. Cao et al. (USENIX Security ’21) and Cheu et al. (IEEE S&P ’21) demonstrated that the malicious clients could effectively skew the analysis (such as frequency estimation) by sending fake data to the server, which is called data poisoning attack or manipulation attack against LDP. In this paper, we propose secure and efficient verifiable LDP protocols to prevent manipulation attacks. Specifically, we leverage Cryptographic Randomized Response Technique (CRRT) as a building block to convert existing LDP mechanisms into a verifiable version. In this way, the server can verify the completeness of executing an agreed randomization mechanism on the client side without sacrificing local privacy. Our proposed method can completely protect the LDP protocol from output manipulation attacks, and significantly mitigates unexpected damage from malicious clients with acceptable computational overhead.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Cao, X., Jia, J., Zhenqiang Gong, N.: Data poisoning attacks to local differential privacy protocols. arXiv preprint arXiv:1911.02046 (2019)
Cheu, A., Smith, A., Ullman, J.: Manipulation attacks in local differential privacy, In: 2021 IEEE Symposium on Security and Privacy (SP), pp. 1–18. San Francisco, CA, USA (2021)
Narayan, A., et al.: Verifiable differential privacy. In: Proceedings of the Tenth European Conference on Computer Systems (2015)
Ambainis, A., Jakobsson, M., Lipmaa, H.: Cryptographic randomized response techniques. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 425–438. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24632-9_31
Evfimievski, A., Gehrke, J., Srikant,R.: Imiting privacy breaches in privacy preserving data mining. In: Proceedings of the Twenty-Second ACM SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems (2003)
Dwork, C., McSherry, F., Nissim, K., Smith, A.: Calibrating noise to sensitivity in private data analysis. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 265–284. Springer, Heidelberg (2006). https://doi.org/10.1007/11681878_14
Erlingsson, Ú, Pihur, V., Korolova, A.: RAPPOR: randomized aggregatable privacy-preserving ordinal response. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (2014)
Apple differential privacy team. learning with privacy at scale. Mach. Learn. J. (2017)
Ding, B., Kulkarni, J., Yekhanin, S.: Collecting telemetry data privately. In: NeurIPS (2017)
Kairouz, P., Oh, S., Viswanath, P.: Extremal mechanisms for local differential privacy. In: NeurIPS (2014)
Wang, T., Blocki, T., Li, N., Jha, S.: Locally differentially private protocols for frequency estimation. In: USENIX Security (2017)
EU GDPR: https://www.eugdpr.institute/. Accessed 21 Mar 2021
Brazil’s General Data Protection Law: https://iapp.org/media/pdf/resource_center/Brazilian_General_Data_Protection_Law.pdf. Accessed 21 Mar 2021
Facebook Cambridge Analytica Data Scandal (wikipedia). https://en.wikipedia.org/wiki/Facebook-Cambridge Analytica data scandal
Top10 data breaches of 2020. https://www.securitymagazine.com/articles/94076-the-top-10-data-breaches-of-2020. Accessed 21 Mar 2021
Kairouz, P., Bonawitz, K., Ramage, D.: Discrete distribution estimation under local privacy. In: ICML (2016)
Wang, T., et al.: Answering multi-dimensional analytical queries under local differential privacy. In: SIGMOD (2019)
Wang, T., Li, N., Jha, S.: Locally differentially private frequent itemset mining. In S&P (2018)
Wang, T., Lopuhaä-Zwakenberg, M,, Li, Z., Skoric, B,, Li. N.: Locally differentially private frequency estimation with consistency. In: NDSS (2020)
Gennaro, Rosario, Gentry, Craig, Parno, Bryan, Raykova, Mariana: Quadratic span programs and succinct NIZKs without PCPs. In: Johansson, Thomas, Nguyen, Phong Q.. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 626–645. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38348-9_37
Pedersen, T.P.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992). https://doi.org/10.1007/3-540-46766-1_9
Naor, M., Pinkas, B.: Efficient oblivious transfer protocols. In: Proceedings of the Twelfth Annual ACM-SIAM Symposium on Discrete Algorithms (SODA), vol. 1 (2001)
Cramer, R., Damgård, I., Schoenmakers, B.: Proofs of partial knowledge and simplified design of witness hiding protocols. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 174–187. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48658-5_19
Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: Proceedings of the 1st ACM Conference on Computer and Communications Security (1993)
Goldreich, O.: Secure Multi-Party Computation. Final (Incomplete) Draft, 27 October 2002
Do, C.T., et al.: Game theory for cyber security and privacy. ACM Comput. Surv. 50(2)1–37 (2017)
Prelec, D.: A Bayesian truth serum for subjective data. Science 306, 5695, 462–466 (2004)
Waguih, D.A., Berti-Equille, L.: Truth discovery algorithms: an experimental evaluation. arXiv preprint arXiv:1409.6428 (2014)
Sabt, M., Achemlal, M., Bouabdallah, A.: Trusted execution environment: what it is, and what it is not. In: 2015 IEEE Trustcom/BigDataSE/ISPA, vol. 1. IEEE (2015)
Costan, V., Devadas, S.: Intel SGX explained. IACR Cryptol. ePrint Arch. 2016(86), 1–118 (2016)
Feige, U., Shamir, A.: Witness indistinguishable and witness hiding protocols. In: Proceedings of the Twenty-Second Annual ACM Symposium on Theory of Computing (1990)
Warner, S.L.: Randomized response: a survey technique for eliminating evasive answer bias. J. Am. Stat. Assoc. 60, 309, 63–69(1965)
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 IFIP International Federation for Information Processing
About this paper
Cite this paper
Kato, F., Cao, Y., Yoshikawa, M. (2021). Preventing Manipulation Attack in Local Differential Privacy Using Verifiable Randomization Mechanism. In: Barker, K., Ghazinour, K. (eds) Data and Applications Security and Privacy XXXV. DBSec 2021. Lecture Notes in Computer Science(), vol 12840. Springer, Cham. https://doi.org/10.1007/978-3-030-81242-3_3
Download citation
DOI: https://doi.org/10.1007/978-3-030-81242-3_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-81241-6
Online ISBN: 978-3-030-81242-3
eBook Packages: Computer ScienceComputer Science (R0)
