Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy Enhancing Technologies

Published byJudith Wells Modified over 9 years ago

Similar presentations

Presentation on theme: "Privacy Enhancing Technologies"— Presentation transcript:

1 Privacy Enhancing Technologies
Lecture 3 Differential Privacy Elaine Shi Some slides adapted from Adam Smith’s lecture and other talk slides

2 Roadmap Defining Differential Privacy Techniques for Achieving DP
Output perturbation Input perturbation Perturbation of intermediate values Sample and aggregate

3 General Setting Medical data Query logs Social network data …
Data mining Statistical queries

4 General Setting publish Data mining Statistical queries

5 How can you allow meaningful usage of such datasets while preserving individual privacy?

6 Blatant Non-Privacy

7 Blatant Non-Privacy Leak individual records
Can link with public databases to re-identify individuals Allow adversary to reconstruct database with significant probablity

8 Attempt 1: Crypto-ish Definitions
I am releasing some useful statistic f(D), and nothing more will be revealed. What kind of statistics are safe to publish?

9 How do you define privacy?

10 Attempt 2: I am releasing researching findings showing that people who smoke are very likely to get cancer. You cannot do that, since it will break my privacy. My insurance company happens to know that I am a smoker…

11 Attempt 2: Absolute Disclosure Prevention
“If the release of statistics S makes it possible to determine the value [of private information] more accurately than is possible without access to S, a disclosure has taken place.” [Dalenius]

12 An Impossibility Result
[informal] It is not possible to design any non-trivial mechanism that satisfies such strong notion of privacy.[Dalenius]

13 Attempt 3: “Blending into Crowd” or k-Anonymity
K people purchased A and B, and all of them also purchased C.

14 Attempt 3: “Blending into Crowd” or k-Anonymity
K people purchased A and B, and all of them also purchased C. I know that Elaine bought A and B…

15 Attempt 4: Differential Privacy
From the released statistics, it is hard to tell which case it is.

16 Attempt 4: Differential Privacy
For all neighboring databases x and x’ For all subsets of transcripts: Pr[A(x) є S] ≤ eε Pr[A(x’) є S]

17 Attempt 4: Differential Privacy
Please don’t blame me if your insurance company knows that you are a smoker, since I am doing the society a favor. I am releasing researching findings showing that people who smoke are very likely to get cancer. 1 2 Oh, btw, please feel safe to participate in my survey, since you have nothing more to lose. Since my mechanism is DP, whether or not you participate, your privacy loss would be roughly the same! 3 4

18 Notable Properties of DP
Adversary knows arbitrary auxiliary information No linkage attacks Oblivious to data distribution Sanitizer need not know the adversary’s prior distribution on the DB

19 Notable Properties of DP

20 DP Techniques

21 Techniques for Achieving DP
Output perturbation Input perturbation Perturbation of intermediate values Sample and aggregate

22 Method1: Output Perturbation
x,x’ neighbors

23 Method1: Output Perturbation
Theorem: A(x) = f(x) + Lap() is -DP Intuition: add more noise when function is sensitive

24 Method1: Output Perturbation
A(x) = f(x) + Lap() is -DP

25 Examples of Low Global Sensitivity
Average Histograms and contingency tables Covariance matrix [BDMN] Many data-mining algorithms can be implemented through a sequence of low-sensitivity queries Perceptron, some EM algorithms, SQ learning algorithms

26 Examples of High Global Sensitivity
Order statistics Clustering

27 PINQ

28 PINQ Language for writing differentially-private data analyses
Language extension to .NET framework Provides a SQL-like interface for querying data Goal: Hopefully, non-privacy experts can perform privacy-preserving data analytics

29 Scenario Query through PINQ interface Trusted curator Data analyst

30 Example 1

31 Example 2: K-Means

32 Example 3: K-Means with Partition Operation

33 Partition O1 O2 Ok O1 O2 Ok P1 P2 Pk P1 P2 Pk

34 Composition and privacy budget
Sequential composition Parallel composition

35 K-Means: Privacy Budget Allocation

36 Privacy Budget Allocation
Allocation between users/computation providers Auction? Allocation between tasks In-task allocation Between iterations Between multiple statistics Optimization problem No satisfactory solution yet!

37 When Budget Has Exhausted
?

38 Transformations Where Select GroupBy Join

39 Method 2: Input Perturbation
Randomized response [Warner65] Please analyze this method in homework

40 Method 3: Perturb Intermediate Results

41 Continual Setting

42 Perturbation of Outputs, Inputs, and Intermediate Results

43 Comparison Method Error Output perturbation Input perturbation
Perturbation of Intermediate results

44 Binary Tree Technique [1, 8] [1, 4] [5, 8] [1, 2]

45 Binary Tree Technique [1, 8] [1, 4] [5, 8] [1, 2]

46 Key Observation Each output is the sum of O(log T) partial sums
Each input appears in O(log T) partial sums

47 Method 4: Sample and Aggregate
Data dependent techniques

48 Examples of High Global Sensitivity

49 Examples of High Global Sensitivity

50 Sample and Aggregate [NRS07, Smith11]

51 Sample and Aggregate Theorem:
Theorem: The sample and aggregate algorithm preserves -DP, and converges to the “true value” when the statistic f is asymptotically normal on a database consisting of i.i.d. values.

52 “Asymptotically Normal”
CLT: sum of h(xi) where h(Xi) has finite expectation and variance Common maximum likelihood estimators Estimators for common regression problems

53 DP Pros, Cons, and Challenges?
Utility v.s. privacy Privacy budget management and depletion Allow non-experts to use? Many non-trivial DP algorithms require really large datasets to be practically useful What privacy budget is reasonable for a dataset? Implicit independence assumption? Consider replicating a DB k times

54 Other Notions Noiseless privacy Crowd-blending privacy

55 Homework If I randomly sample one record from a large database consisting of many records, and publish that record, would this be differentially private? Prove or disprove this. (If you cannot give a formal proof, say why or why not). Suppose I have a very large database (e.g., containing ages of all people living in Maryland), and I publish the average age of all people in the database. Intuitively, do you think this preserves users' privacy? Is this differentially private? Prove or disprove this. (If you cannot give a formal proof, say why or why not). What do you think are the pros and cons of differential privacy? Anlyze Input Perturbation(Second techniques for achieving DP)

56 Reading list Cynthia Dwork's video tutoial on DP
[Cynthia 06] Differential Privacy (Invited talk at ICALP 2006) [Frank 09] Privacy Integrated Queries [Mohan et. al. 12] GUPT: Privacy Preserving Data Analysis Made Easy [Cynthia Dwork 09] The Differential Privacy Frontier

Download ppt "Privacy Enhancing Technologies"

Similar presentations

I have a DREAM! (DiffeRentially privatE smArt Metering) Gergely Acs and Claude Castelluccia {gergely.acs, INRIA 2011.

I have a DREAM! (DiffeRentially privatE smArt Metering) Gergely Acs and Claude Castelluccia {gergely.acs, INRIA 2011.
Differentially Private Recommendation Systems Jeremiah Blocki Fall 2009 18739A: Foundations of Security and Privacy.

Differentially Private Recommendation Systems Jeremiah Blocki Fall A: Foundations of Security and Privacy.
Ragib Hasan Johns Hopkins University en.600.412 Spring 2011 Lecture 8 04/04/2011 Security and Privacy in Cloud Computing.

Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 8 04/04/2011 Security and Privacy in Cloud Computing.
Private Analysis of Graph Structure With Vishesh Karwa, Sofya Raskhodnikova and Adam Smith Pennsylvania State University Grigory Yaroslavtsev

Private Analysis of Graph Structure With Vishesh Karwa, Sofya Raskhodnikova and Adam Smith Pennsylvania State University Grigory Yaroslavtsev
Raef Bassily Adam Smith Abhradeep Thakurta Penn State Yahoo! Labs Private Empirical Risk Minimization: Efficient Algorithms and Tight Error Bounds Penn.

Raef Bassily Adam Smith Abhradeep Thakurta Penn State Yahoo! Labs Private Empirical Risk Minimization: Efficient Algorithms and Tight Error Bounds Penn.
Seminar in Foundations of Privacy 1.Adding Consistency to Differential Privacy 2.Attacks on Anonymized Social Networks Inbal Talgam March 2008.

Seminar in Foundations of Privacy 1.Adding Consistency to Differential Privacy 2.Attacks on Anonymized Social Networks Inbal Talgam March 2008.
An brief tour of Differential Privacy Avrim Blum Computer Science Dept Your guide:

An brief tour of Differential Privacy Avrim Blum Computer Science Dept Your guide:
Kunal Talwar MSR SVC [Dwork, McSherry, Talwar, STOC 2007] TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: A A A AA A.

Kunal Talwar MSR SVC [Dwork, McSherry, Talwar, STOC 2007] TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: A A A AA A.
Differential Privacy 18739A: Foundations of Security and Privacy Anupam Datta Fall 2009.

Differential Privacy 18739A: Foundations of Security and Privacy Anupam Datta Fall 2009.
Anatomy: Simple and Effective Privacy Preservation Israel Chernyak DB Seminar (winter 2009)

Anatomy: Simple and Effective Privacy Preservation Israel Chernyak DB Seminar (winter 2009)
Privacy without Noise Yitao Duan NetEase Youdao R&D Beijing China CIKM 2009.

Privacy without Noise Yitao Duan NetEase Youdao R&D Beijing China CIKM 2009.
Calibrating Noise to Sensitivity in Private Data Analysis

Calibrating Noise to Sensitivity in Private Data Analysis
Privacy Preserving Data Mining: An Overview and Examination of Euclidean Distance Preserving Data Transformation Chris Giannella cgiannel AT acm DOT org.

Privacy Preserving Data Mining: An Overview and Examination of Euclidean Distance Preserving Data Transformation Chris Giannella cgiannel AT acm DOT org.
Foundations of Privacy Lecture 11 Lecturer: Moni Naor.

Foundations of Privacy Lecture 11 Lecturer: Moni Naor.
Differential Privacy (2). Outline  Using differential privacy Database queries Data mining  Non interactive case  New developments.

Differential Privacy (2). Outline  Using differential privacy Database queries Data mining  Non interactive case  New developments.
Current Developments in Differential Privacy Salil Vadhan Center for Research on Computation & Society School of Engineering & Applied Sciences Harvard.

Current Developments in Differential Privacy Salil Vadhan Center for Research on Computation & Society School of Engineering & Applied Sciences Harvard.
Differentially Private Data Release for Data Mining Benjamin C.M. Fung Concordia University Montreal, QC, Canada Noman Mohammed Concordia University Montreal,

Differentially Private Data Release for Data Mining Benjamin C.M. Fung Concordia University Montreal, QC, Canada Noman Mohammed Concordia University Montreal,
Differentially Private Transit Data Publication: A Case Study on the Montreal Transportation System Rui Chen, Concordia University Benjamin C. M. Fung,

Differentially Private Transit Data Publication: A Case Study on the Montreal Transportation System Rui Chen, Concordia University Benjamin C. M. Fung,
Multiplicative Weights Algorithms CompSci 590.03 Instructor: Ashwin Machanavajjhala 1Lecture 13 : 590.03 Fall 12.

Multiplicative Weights Algorithms CompSci Instructor: Ashwin Machanavajjhala 1Lecture 13 : Fall 12.
Private Analysis of Graphs

Private Analysis of Graphs

Similar presentations

Ads by Google