Pattern-Mining Based Cryptanalysis of Bloom Filters for Privacy-Preserving Record Linkage

Christen, Peter; Vidanage, Anushka; Ranbaduge, Thilina; Schnell, Rainer

doi:10.1007/978-3-319-93040-4_42

Cited by 18 publications

(12 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We refer to these columns as encoded match-keys. As with existing attacks on PPRL [2,3,4], we assume the adversary has access to a plain-text database V with a frequency distribution of attribute values similar to the encoded database D. Such plain-text databases can be sourced externally (e.g. a telephone directory or voter database) or internally (if the attack is conducted by an insider who has access to some type of plain-text database that is similar to the encoded database).…”

Section: Methodsmentioning

confidence: 99%

“…Privacy-preserving record linkage (PPRL) is the process of linking records that belong to the same individual across different databases while preserving the privacy of the individuals that are represented by the records in these databases [1]. Exist-ing PPRL approaches have a trade-off between linkage quality, scalability, and privacy [1], with some being vulnerable to privacy attacks [2,3,4].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Privacy Attack on Multiple Dynamic Match-key based Privacy-Preserving Record Linkage

Vidanage

Ranbaduge

Christen

et al. 2020

IJPDS

Self Cite

View full text Add to dashboard Cite

Introduction Over the last decade, the demand for linking records about people across databases has increased in various domains. Privacy challenges associated with linking sensitive information led to the development of privacy-preserving record linkage techniques. The multiple dynamic match-key encoding approach recently proposed by Randall et al. (IJPDS, 2019) is such a technique aimed at providing sufficient privacy for linkage applications while obtaining high linkage quality. However, the use of this encoding in large databases can reveal frequency information that can allow the re-identification of encoded values. Objectives We propose a frequency-based attack to evaluate the privacy guarantees of multiple dynamic match-key encoding. We then present two improvements to this match-key encoding approach to prevent such a privacy attack. Methods The proposed attack analyses the frequency distributions of individual match-keys in order to identify the attributes used for each match-key, where we assume the adversary has access to a plain-text database with similar characteristics as the encoded database. We employ a set of statistical correlation tests to compare the frequency distributions of match-key values between the encoded and plain-text databases. Once the attribute combinations used for match-keys are discovered, we then re-identify encoded sensitive values by utilising a frequency alignment method. Next, we propose two modifications to the match-key encoding; one to alter the original frequency distributions and another to make the frequency distributions uniform. Both will help to prevent frequency-based attacks. Results We evaluate our privacy attack using two large real-world databases. The results show that in certain situations the attack can successfully re-identify a set of sensitive values encoded using the multiple dynamic match-key encoding approach. On the databases used in our experiments, the attack is able to re-identify plain-text values with a precision and recall of both up to 98%. Furthermore, we show that our proposed improvements are able to make this attack harder to perform with only a small reduction in linkage quality. Conclusions Our proposed privacy attack demonstrates the weaknesses of multiple match-key encoding that should be taken into consideration when linking databases that contain sensitive personal information. Our proposed modifications ensure that the multiple dynamic match-key encoding approach can be used securely while retaining high linkage quality.

show abstract

Section: Methodsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Privacy Attack on Multiple Dynamic Match-key based Privacy-Preserving Record Linkage

Vidanage

Ranbaduge

Christen

et al. 2020

IJPDS

Self Cite

View full text Add to dashboard Cite

show abstract

“…However, BFs are susceptible to inference attacks by adversaries as has been shown in several studies [20,21,42,43]. Counting Bloom filter (CBF), a variation of BF (as described in Section 2), provides improved privacy guarantees compared to BF for multiparty PPRL [24].…”

Section: Improving Privacymentioning

confidence: 99%

“…Furthermore, sending all the encoded records from multiple parties to the LU has privacy risks. For example, with Bloom filter-based encoding [19] (to be described in the next section), the more Bloom filters the LU receives the more likely it will be able to attack these Bloom filter databases using cryptanalysis attacks because more frequency information will become available that can be exploited [20,21].…”

Section: Introductionmentioning

confidence: 99%

Incremental clustering techniques for multi-party Privacy-Preserving Record Linkage

Vatsalan

Christen

Rahm

2020

Data & Knowledge Engineering

Self Cite

View full text Add to dashboard Cite

Privacy-Preserving Record Linkage (PPRL) supports the integration of sensitive information from multiple datasets, in particular the privacy-preserving matching of records referring to the same entity. PPRL has gained much attention in many application areas, with the most prominent ones in the healthcare domain. PPRL techniques tackle this problem by conducting linkage on masked (encoded) values. Employing PPRL on records from multiple (more than two) parties/sources (multi-party PPRL, MP-PPRL) is an increasingly important but challenging problem that so far has not been sufficiently solved. Existing MP-PPRL approaches are limited to finding only those entities that are present in all parties thereby missing entities that match only in a subset of parties. Furthermore, previous MP-PPRL approaches face substantial scalability limitations due to the need of a large number of comparisons between masked records. We thus propose and evaluate new MP-PPRL approaches that find matches in any subset of parties and still scale to many parties. Our approaches maintain all matches within clusters, where these clusters are incrementally extended or refined by considering records from one party after the other. An empirical evaluation using multiple real datasets ranging from 3 to 26 parties each containing up to 5 million records validates that our protocols are efficient, and significantly outperform existing MP-PPRL approaches in terms of linkage quality and scalability.

show abstract

“…Researchers have proposed many methods for PPRL [3][4][5][6][7][8][9], one of which is to encrypt the fields based on Bloom filter [10][11][12] and calculate their similarity. To compare two strings, we can add a null letter on both sides of each string and split them into bi-gram [13], then store them in the Bloom filters and their similarity can be calculated by Dice coefficient.…”

Section: Introductionmentioning

confidence: 99%

An Improved Chinese String Comparator for Bloom Filter Based Privacy-Preserving Record Linkage

Sun

Qian

Zhang

et al. 2021

Entropy

View full text Add to dashboard Cite

With the development of information technology, it has become a popular topic to share data from multiple sources without privacy disclosure problems. Privacy-preserving record linkage (PPRL) can link the data that truly matches and does not disclose personal information. In the existing studies, the techniques of PPRL have mostly been studied based on the alphabetic language, which is much different from the Chinese language environment. In this paper, Chinese characters (identification fields in record pairs) are encoded into strings composed of letters and numbers by using the SoundShape code according to their shapes and pronunciations. Then, the SoundShape codes are encrypted by Bloom filter, and the similarity of encrypted fields is calculated by Dice similarity. In this method, the false positive rate of Bloom filter and different proportions of sound code and shape code are considered. Finally, we performed the above methods on the synthetic datasets, and compared the precision, recall, F1-score and computational time with different values of false positive rate and proportion. The results showed that our method for PPRL in Chinese language environment improved the quality of the classification results and outperformed others with a relatively low additional cost of computation.

show abstract

Pattern-Mining Based Cryptanalysis of Bloom Filters for Privacy-Preserving Record Linkage

Cited by 18 publications

References 12 publications

Privacy Attack on Multiple Dynamic Match-key based Privacy-Preserving Record Linkage

Privacy Attack on Multiple Dynamic Match-key based Privacy-Preserving Record Linkage

Incremental clustering techniques for multi-party Privacy-Preserving Record Linkage

An Improved Chinese String Comparator for Bloom Filter Based Privacy-Preserving Record Linkage

Contact Info

Product

Resources

About