Protecting data privacy through hard-to-reverse negative databases

Esponda, Fernando; Ackley, Elena S.; Helman, Paul; Jia, Haixia; Forrest, Stephanie

doi:10.1007/s10207-007-0030-1

Cited by 54 publications

(41 citation statements)

References 37 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Informally, we say that a data set has been sanitized if it is impossible or very difficult for an attacker to infer sensitive information from the data. Difficulty could either result from a high average-case computational complexity [18] or from the amount of extra information an attacker needs to collect in order to breach privacy [35,36,10]. Thus it is clear that when designing a method for sanitizing data, one should also reason about attacks available to an attacker.…”

Section: Introductionmentioning

confidence: 99%

Attacks on privacy and deFinetti's theorem

Kifer

2009

Proceedings of the 2009 ACM SIGMOD International Conference on Management of Data

136

128

View full text Add to dashboard Cite

In this paper we present a method for reasoning about privacy using the concepts of exchangeability and deFinetti's theorem. We illustrate the usefulness of this technique by using it to attack a popular data sanitization scheme known as Anatomy. We stress that Anatomy is not the only sanitization scheme that is vulnerable to this attack. In fact, any scheme that uses the random worlds model, i.i.d. model, or tuple-independent model needs to be re-evaluated.The difference between the attack presented here and others that have been proposed in the past is that we do not need extensive background knowledge. An attacker only needs to know the nonsensitive attributes of one individual in the data, and can carry out this attack just by building a machine learning model over the sanitized data. The reason this attack is successful is that it exploits a subtle flaw in the way prior work computed the probability of disclosure of a sensitive attribute. We demonstrate this theoretically, empirically, and with intuitive examples. We also discuss how this generalizes to many other privacy schemes.

show abstract

Section: Introductionmentioning

confidence: 99%

Attacks on privacy and deFinetti's theorem

Kifer

2009

Proceedings of the 2009 ACM SIGMOD International Conference on Management of Data

136

128

View full text Add to dashboard Cite

show abstract

“…There are a several algorithms in the literature for creating negative databases [8,12,9]. Moreover, since it was shown in [9] that negative databases are linked by a simple transformation to boolean satisfiability formulas, algorithms for generating formulas can be adapted to generate N DBs.…”

Section: Generating a Negative Databasementioning

confidence: 99%

“…First, is the previous work on negative databases: In [11] the negative database representation is introduced; [8] uses a similar algorithm for generating N DBs and introduces some interesting applications, but relies on NP-hardness for its security. In [12] the issue of attaching a code is proposed, albeit it is used with a different purpose, and [7] is concerned with generating N DBs efficiently. Both consider ways of creating secure N DBs.…”

Section: Related Workmentioning

confidence: 99%

“…Previous work on negative databases relied on the theoretical difficulty of "reversing" a negative database (deciding whether a negative database is empty or not is NP-complete) and on finding suitably hard instances for its security [12]. Our current proposal does not lean on this property, as it may very well be easy to find entries not included in the negative database; its security relies on the number of superfluous entries included alongside the data and on the infeasibility of retrieving only the valid items.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Hiding a Needle in a Haystack Using Negative Databases

Esponda

2008

Information Hiding

Self Cite

View full text Add to dashboard Cite

Abstract. In this paper we present a method for hiding a list of data by mixing it with a large amount of superfluous items. The technique uses a device known as a negative database which stores the complement of a set rather that the set itself to include an arbitrary number of garbage entries efficiently. The resulting structure effectively hides the data, without encrypting it, and obfuscates the number of data items hidden; it prevents arbitrary data lookups, while supporting simple membership queries; and can be manipulated to reflect relational algebra operations on the original data.

show abstract

“…As the profile consists of invalid entities, it is called a complement profile or negative profile. This complement profile represents the negative abstraction of valid credentials and actually is the problem specific realization of the negative database described in [12]. The use of negative authentication for a system login application was first examined in [10].…”

Section: Negative Authentication (Filtering) Modelmentioning

confidence: 99%

Password Security through Negative Filtering

Dasgupta

Saha

2010

2010 International Conference on Emerging Security Technologies

View full text Add to dashboard Cite

Abstract-the purpose of an authentication system is to identify and verify incoming authentication requests comparing with some form of (stored) user identity. This stored user profile is at risk of being hacked and exploited by the attackers. The Negative Filtering or Negative Authentication (NA) approach utilizes a form of complement profiles which resembles the censoring and maturation process of T-cells in the immune system. The scope and applicability issues of this approach in the context of existing (positive) authentication systems have been discussed. The negative authentication is implemented using a real-valued negative selection algorithm [1]. The performance of the technique along with security considerations has been analyzed and feasible configuration settings are reported.

show abstract

Protecting data privacy through hard-to-reverse negative databases

Cited by 54 publications

References 37 publications

Attacks on privacy and deFinetti's theorem

Attacks on privacy and deFinetti's theorem

Hiding a Needle in a Haystack Using Negative Databases

Password Security through Negative Filtering

Contact Info

Product

Resources

About