Paper 2008/347

Information Leakage in Optimal Anonymized and Diversified Data

Chengfang Fang and Ee-Chien Chang

Abstract

To reconcile the demand of information dissemination and preservation of privacy, a popular approach generalizes the attribute values in the dataset, for example by dropping the last digit of the postal code, so that the published dataset meets certain privacy requirements, like the notions of k-anonymity and l-diversity. On the other hand, the published dataset should remain useful and not over generalized. Hence it is desire to disseminate a database with high "usefulness", measured by a utility function. This leads to a generic framework whereby the optimal dataset (w.r.t. the utility function) among all the generalized datasets that meet certain privacy requirements, is chosen to be disseminated. In this paper, we observe that, the fact that a generalized dataset is optimal may leak information about the original. Thus, an adversary who is aware of how the dataset is generalized may able to derive more information than what the privacy requirements constrained. This observation challenges the widely adopted approach that treats the generalization process as an optimization problem. We illustrate the observation by giving counter-examples in the context of k-anonymity and l-diversity.

Metadata
Available format(s)
PDF
Publication info
Published elsewhere. an updated version of the paper of the same title published in IH2008
Keywords
Data disseminationPrivacy-preservingk-anonymity and l-diversity
Contact author(s)
fangchengfang @ alumni nus edu sg
History
2008-08-11: received
Short URL
https://ia.cr/2008/347
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2008/347,
      author = {Chengfang Fang and Ee-Chien Chang},
      title = {Information Leakage in Optimal Anonymized and Diversified Data},
      howpublished = {Cryptology ePrint Archive, Paper 2008/347},
      year = {2008},
      note = {\url{https://eprint.iacr.org/2008/347}},
      url = {https://eprint.iacr.org/2008/347}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.