This document presents a study on privacy-preserving techniques for continually publishing location data. The authors propose a new definition of adversarial privacy that aims to preserve utility of published histograms while guaranteeing privacy against adversaries. They assume people's movements follow a Markov process and evaluate their approach on change point detection and frequent path extraction tasks, finding it achieves better utility than differential privacy while providing privacy guarantees.
The document discusses how search engines can sell advertising tied to search queries through an auction-based system. It describes how search queries express a user's intent, allowing targeted advertising. The document proposes using a Vickrey-Clarke-Groves auction to encourage truthful bidding by advertisers by having the winner pay an amount equal to the harm caused to other bidders. This system maximizes total advertiser valuations and incentives truthful reporting of private valuations.
This document presents a study on privacy-preserving techniques for continually publishing location data. The authors propose a new definition of adversarial privacy that aims to preserve utility of published histograms while guaranteeing privacy against adversaries. They assume people's movements follow a Markov process and evaluate their approach on change point detection and frequent path extraction tasks, finding it achieves better utility than differential privacy while providing privacy guarantees.
The document discusses how search engines can sell advertising tied to search queries through an auction-based system. It describes how search queries express a user's intent, allowing targeted advertising. The document proposes using a Vickrey-Clarke-Groves auction to encourage truthful bidding by advertisers by having the winner pay an amount equal to the harm caused to other bidders. This system maximizes total advertiser valuations and incentives truthful reporting of private valuations.
Private Range Query by Perturbation and Matrix Based EncryptionJunpei Kawamoto
This document proposes a new method called Inner Product Predicate (IPP) for performing private range queries over encrypted data. The IPP method adds perturbations to attribute values and queries through matrix-based encryption to prevent frequency analysis attacks. Experimental results show the transformed query distributions are different from the originals and query processing time is linear in the number of tuples. Open problems remain around reducing computational costs and defending against attacks using aggregate query results.
VLDB2009のSession27より,
1) Anonymization of Set-Valued Data via Top-Down, Local Generalization (He and Naughton)
2) K-Automorphism: A General Framework For Privacy Preserving Network Publication (Zou, Chen, and Özsu)
3) Distribution-based Microdata Anonymization (Koudas, Srivastava, Yu, Zhang)
を簡単に紹介.
VLDB2009勉強会: http://qwik.jp/vldb2009-study/
Frequency-based Constraint Relaxation for Private Query Processing in Cloud D...Junpei Kawamoto
This document proposes a frequency-based constraint relaxation methodology for private queries in cloud databases. It aims to reduce computational costs for servers while maintaining privacy risks below existing "complete" protocols. The approach relaxes the constraint that servers must check all database items for a query by instead checking a subset, or "handled set", based on search intention frequencies. Evaluation on a real dataset found the approach reduces average query costs to 6.5% of complete protocols while keeping privacy risks comparable.
Securing Social Information from Query Analysis in Outsourced DatabasesJunpei Kawamoto
The document presents two methods for securing social information when databases are outsourced: Query Generalization by Dynamic Hash and Result Generalization by Bloom Filter. Queries are generalized through dynamic hashing to mix user queries and prevent determining relationships. Results are generalized using Bloom filters by including irrelevant tuples to mask which users requested the same tuples. The goal is to protect users' social information and relationships from being discovered by the outsourced database provider. Future work involves implementing and evaluating these methods on a real outsourced database service.
Private Range Query by Perturbation and Matrix Based EncryptionJunpei Kawamoto
This document proposes a new method called Inner Product Predicate (IPP) for performing private range queries over encrypted data. The IPP method adds perturbations to attribute values and queries through matrix-based encryption to prevent frequency analysis attacks. Experimental results show the transformed query distributions are different from the originals and query processing time is linear in the number of tuples. Open problems remain around reducing computational costs and defending against attacks using aggregate query results.
VLDB2009のSession27より,
1) Anonymization of Set-Valued Data via Top-Down, Local Generalization (He and Naughton)
2) K-Automorphism: A General Framework For Privacy Preserving Network Publication (Zou, Chen, and Özsu)
3) Distribution-based Microdata Anonymization (Koudas, Srivastava, Yu, Zhang)
を簡単に紹介.
VLDB2009勉強会: http://qwik.jp/vldb2009-study/
Frequency-based Constraint Relaxation for Private Query Processing in Cloud D...Junpei Kawamoto
This document proposes a frequency-based constraint relaxation methodology for private queries in cloud databases. It aims to reduce computational costs for servers while maintaining privacy risks below existing "complete" protocols. The approach relaxes the constraint that servers must check all database items for a query by instead checking a subset, or "handled set", based on search intention frequencies. Evaluation on a real dataset found the approach reduces average query costs to 6.5% of complete protocols while keeping privacy risks comparable.
Securing Social Information from Query Analysis in Outsourced DatabasesJunpei Kawamoto
The document presents two methods for securing social information when databases are outsourced: Query Generalization by Dynamic Hash and Result Generalization by Bloom Filter. Queries are generalized through dynamic hashing to mix user queries and prevent determining relationships. Results are generalized using Bloom filters by including irrelevant tuples to mask which users requested the same tuples. The goal is to protect users' social information and relationships from being discovered by the outsourced database provider. Future work involves implementing and evaluating these methods on a real outsourced database service.
1. プライベート問合せにおける
問合せ頻度を用いた制約緩和手法
川本 淳平 (筑波大学)
Patricia L. Gillett (École Polytechnique de Montréal)
佐久間 淳 (筑波大学, 科学技術振興機構さきがけ)
2. 2012年11月20日
プライベート問合せにおける問合せ頻度を用いた制約緩和手法
2
問合せからの情報漏洩
• データベースに対する問合せとプライベート情報
記事 x が読みたいが
何を閲覧したかは秘密にしたい
ニュースサイト
• 閲覧記事から趣味や政治観,宗教観が推測されてしまうリスク
• 薬剤データベースの場合,病名が推測されるリスク
• 特許データベースでは事業計画が漏洩するリスク, etc.
3. 2012年11月20日
プライベート問合せにおける問合せ頻度を用いた制約緩和手法
3
プライベート問合せ
• 問合せ内容を隠したまま目的のデータを取得する方法
記事 x が読みたいが 問合せ内容を知ること
何を閲覧したかは秘密にしたい
無く結果を計算
問合せ
結果
ニュースサイト
特殊な符号化を利用
- 検索意図は分からない
- 目的の記事は取得できる
• 既存プロトコル
• cPIR†や IPP法†† などいくつかのプロトコルが提案されている
†Kushilevitz,E. and Ostrovsky, R.: Replication Is Not Needed: Single Database, Computationally-
Private Information Retrieval, Proc. of the 38th Annual Symposium on Foundations of Computer
Science, pp. 364-373, 1997.
††Kawamoto, J. and Yoshikawa, M.: Private Range Query by Perturbation and Matrix Based
Encryption, Proc. of the Sixth IEEE International Conference on Digital Information Management,
pp. 211-216, 2011.
19. 2012年11月20日
プライベート問合せにおける問合せ頻度を用いた制約緩和手法
19
評価実験 2
• データセット
• 2500 タプルからなるデータベースを作成
• 頻度がガウス分布及びZipf分布に従う二種類の問合せログを作成
• 問合せ処理プロトコル
• 実際に問合せを評価するプロトコルとして cPIR† を利用
• 以下の時間を計測
• 制約緩和された走査集合の計算時間
• サーバにおける問合せ処理時間
†Kushilevitz, E. and Ostrovsky, R.: Replication Is Not Needed: Single Database,
Computationally-Private Information Retrieval, Proc. of the 38th Annual Symposium on
Foundations of Computer Science, pp. 364-373, 1997.