Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy-Preserving Datamining on Vertically Partitioned Databases Kobbi Nissim Microsoft, SVC Joint work with Cynthia Dwork.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Privacy-Preserving Datamining on Vertically Partitioned Databases Kobbi Nissim Microsoft, SVC Joint work with Cynthia Dwork."— Presentation transcript:

1 Privacy-Preserving Datamining on Vertically Partitioned Databases Kobbi Nissim Microsoft, SVC Joint work with Cynthia Dwork

2 Privacy and Usability in Large Statistical Databases Kobbi Nissim Microsoft, SVC Joint work with Cynthia Dwork

3 3 Data Privacy Data users breach privacy access mechanism d

4 4 The Data Privacy Game: an Information-Privacy Tradeoff Private functions: E.g  kobbi (DB)=d kobbiPrivate functions: E.g  kobbi (DB)=d kobbi Information functions:Information functions: –want to reveal f (q, DB) for queries q Explicit definition of private functionsExplicit definition of private functions –The question: which information functions may be allowed? Crypto: secure function evaluationCrypto: secure function evaluation –want to reveal f() –want to hide all functions  () not computable from f() –Implicit definition of private functions  kobbi f f f Intuition: privacy breached if it is possible to associate private info with identity

5 5 Model: Statistical Database (SDB) Query (q, f) q  [n]q  [n]q  [n]q  [n] f : {0,1} k  {0,1} Answer a q,f =  i  q f(d i ) n persons k attributes Database {d i,j } f f f f  a q,f 00110 10100 11011 00101 11001 00010 Row distribution D (D 1,D 2,…,D n )

6 6 Perturbation (Randomization Approach) Exact answer to query (q, f):Exact answer to query (q, f): –a q,f =  i  q f(d 1 …d k ) Actual SDB answer: â q,fActual SDB answer: â q,f Perturbation E:Perturbation E: –For all q,f: | â q,f – a q,f | ≤ E Questions:Questions: –Does perturbation give any privacy? –How much perturbation is needed for privacy? –Usability

7 7 Previous Work [Dinur, N] considered 1-attribute SDBs:[Dinur, N] considered 1-attribute SDBs: –Unlimited adversary: Perturbation of magnitude  (n) requiredPerturbation of magnitude  (n) required –Polynomial-time adversary: Perturbation of magnitude  (sqrt(n)) requiredPerturbation of magnitude  (sqrt(n)) required –In both cases, adversary may reconstruct a good approximation for the database Disallows even very week notions of privacyDisallows even very week notions of privacy –These results hold also for our model! –Bounded adversary, restricted to T << n queries (SuLQ): [D, Dwork, N] privacy preserving access mechanism with perturbation magnitude << sqrt(n)[D, Dwork, N] privacy preserving access mechanism with perturbation magnitude << sqrt(n) Chance for usabilityChance for usability Reasonable model as database grow larger and largerReasonable model as database grow larger and larger Affects usability small DB medium DB large DB

8 8 Previous Work - Privacy Definitions (1) X – data, Y – (noisy) observation of X [Agrawal, Srikant ‘00] Interval of confidence[Agrawal, Srikant ‘00] Interval of confidence –Let Y = X+noise (e.g. uniform noise in [-100,100]). Intuition: the larger the interval, the better privacy is preserved. –Problematic when knowledge about how X is distributed is take into account [AA] [Agrawal, Aggarwal ‘01] Mutual information[Agrawal, Aggarwal ‘01] Mutual information –Intuition: the smaller I(X;Y) is, the better privacy is preserved –Example where privacy is not preserved but mutual information does not show any trouble [EGS]

9 9 Previous Work - Privacy Definitions (2) X – data, Y – (noisy) observation of X [Evfimievsky, Gehrke, Srikant PODS 03] p 1 -to-p 2 breach[Evfimievsky, Gehrke, Srikant PODS 03] p 1 -to-p 2 breach –Pr[Q(X)] ≤ p 1 and Pr[Q(x)|Y] ≥ p 2 –Amplification = max a,b,y Pr[a  y]/Pr[b  y] Show relationship between amplification and p 1 -to-p 2 breachesShow relationship between amplification and p 1 -to-p 2 breaches [Dinur, N PODS 03] Similar approach, describing an adversary[Dinur, N PODS 03] Similar approach, describing an adversary –Neglecting privacy breaches that happen with only a negligible probability –Somewhat take into account elsewhere gained knowledge

10 10 Privacy and Usability Concerns for the Multi-Attribute Model Rich set of queries: subset sums over any property of the k attributesRich set of queries: subset sums over any property of the k attributes –Obviously increases usability, but how is privacy affected? More to protect: Functions of the k attributesMore to protect: Functions of the k attributes Adversary prior knowledge: more possibilitiesAdversary prior knowledge: more possibilities –Partial information about the `attacked’ row –Information gained about other rows –Row dependency Data may be vertically split (between k or less databases):Data may be vertically split (between k or less databases): –Can privacy still be maintained with independently operating databases? –How is usability affected?

11 11 Privacy Definition - Intuition 3-phase adversary3-phase adversary –Phase 0: define a target set G of poly(n) functions g: {0,1} k  {0,1} Will try to learn some of this information about someoneWill try to learn some of this information about someone –Phase 1: adaptively query the database T=o(n) times –Phase 2: choose an index i of a row it intends to attack and a function g  G Attack: try to guess g(d i,1 …d i,k )Attack: try to guess g(d i,1 …d i,k ) –given d -i use all gained info to choose i,g

12 12 Privacy Definition p 0 i,g – a-priori probability that g(d i,1 …d i,k )=1p 0 i,g – a-priori probability that g(d i,1 …d i,k )=1 –Assuming the adversary only knows the underlying distributions D 1 …D n p T i,g – a-posteriori probability that g(d i,1 …d i,k )=1p T i,g – a-posteriori probability that g(d i,1 …d i,k )=1 –Given answers to the T queries, and d -i Define conf(p) = log (p/(1-p))Define conf(p) = log (p/(1-p)) –Proved useful in [DN03] –Possible to rewrite our definitions using probabilities  conf i,g = conf(p T i,g ) – conf(p 0 i,g )  conf i,g = conf(p T i,g ) – conf(p 0 i,g ) ( ,T) – privacy:( ,T) – privacy: –For all distributions D 1 …D n, row i, function g and any adversary making at most T queries: Pr[  conf i,g >  ] = neg(n)

13 13 Notes on the Privacy Definition Somewhat models knowledge adversary may acquire `out of the system’Somewhat models knowledge adversary may acquire `out of the system’ –Different distribution per person (smoking/non-smoking) –i th privacy preserved even when d -i given Relative privacyRelative privacy –Compares a-priori and a-posteriori knowledge Privacy achieved:Privacy achieved: –For k = O(log n): Bounded loss of privacy of property g(d i1,…,d ik ) for all Boolean functions g and all iBounded loss of privacy of property g(d i1,…,d ik ) for all Boolean functions g and all i –Larger k: bounded loss of privacy of g(d i ) for any member g of pre- specified poly-sized set of target functionsbounded loss of privacy of g(d i ) for any member g of pre- specified poly-sized set of target functions

14 14 The SuLQ Database Adversary restricted to T << n queriesAdversary restricted to T << n queries On query (q, f):On query (q, f): q  [n]q  [n] f : {0,1} k  {0,1} :f : {0,1} k  {0,1} : –Let a q,f =  i  q f(d i,1 …d i,k ) –Let N  Binomial(0, T ) –Let N  Binomial(0,  T ) –Return a q,f +N

15 15 Privacy Analysis of the SuLQ Database P m i,g - a-posteriori probability that g(d i,1 …d i,k )=1P m i,g - a-posteriori probability that g(d i,1 …d i,k )=1 –Given d -i and answers to the first m queries conf(p m i,g ) Describes a random walk on the line with:conf(p m i,g ) Describes a random walk on the line with: –Starting point: conf(p 0 i,g ) –Compromise: conf(p m i,g ) – conf(p 0 i,g ) >  W.h.p. more than T steps needed to reach compromiseW.h.p. more than T steps needed to reach compromise conf(p 0 i,g ) conf(p 0 i,g ) + 

16 16 Usability (1) One multi-attribute SuLQ DB Statistics of any property f of the k attributesStatistics of any property f of the k attributes –I.e. for what fraction of the (sub)population does f(d 1 …d k ) hold? –Easy: just put f in the query 0 1 1 0 1 0 1 1 0 1 1 0 0 1 1 1 1 0 1 1 1 0 0 1 0 0 1 0 1 1

17 17 Usability (2) k ind. multi-attribute SuLQ DBs  implies  in probability: Pr[  |  ] ≥ Pr[  ]+   implies  in probability: Pr[  |  ] ≥ Pr[  ]+  –Estimate  within constant additive error Learn statistics for any conjunct of two attributes:Learn statistics for any conjunct of two attributes: –Pr[  ^  ]=Pr[  ] (Pr[  ]+  ) Principal Component Analysis?Principal Component Analysis? Statistics for any Boolean function f of the two attribute values. E.g. Pr[    ]Statistics for any Boolean function f of the two attribute values. E.g. Pr[    ] 0 1 1 0 1 0 1 1 0 1 1 0 0 1 1 1 1 0 1 1 1 0 0 1 0 0 1 0 1 1

18 18 Probabilistic Implication  implies  in probability:  implies  in probability: –Pr[  |  ] ≥ Pr[  ]+  We construct a tester for distinguishing   2 (for constants  1  2 (for constants  1 <  2 ) –Estimating  follows by standard methods In the analysis we consider deviations from an expected value, of magnitude sqrt(n)In the analysis we consider deviations from an expected value, of magnitude sqrt(n) –As perturbation << sqrt(n), it does not mask out these deviations

19 19 Probabilistic Implication – The Tester Pr[  |  ] ≥ Pr[  ]+ Pr[  |  ] ≥ Pr[  ]+  Distinguishing   2 :Distinguishing   2 : –Find a query q s.t. a q,  > |q|  p  + sqrt(n) Let bias  = a q,  - |q|  p Let bias  = a q,  - |q|  p  –Issue query (q,  ) If a q,  > threshold(bias , p ,  1 ) output 1If a q,  > threshold(bias , p ,  1 ) output 1 random q <1<1<1<1 >2>2>2>2  (  2 -  1 )  sqrt(n) 10 Pr[a q,  ] a q, 

20 20 Usability (3) Vertically Partitioned SulQ DBs –E.g. k=k 1 +k 2 –Learn statistics for any property f that is a Boolean function of outputs of the results from the two databases k 1 attributes 001 101 110 001 110 000 0110 0100 1011 0101 1001 0010 k 2 attributes k attributes f1f1f1f1 f2f2f2f2 f

21 21 Usability (4) Published Statistics Model: A trusted party (e.g. the Census Bureau) collects confidential information and publishes aggregate statisticsModel: A trusted party (e.g. the Census Bureau) collects confidential information and publishes aggregate statistics Let d<<kLet d<<k Repeat t times:Repeat t times: –Choose a (pseudo) random q and publish SuLQ answer (noisy statistics) for all d-ary conjuncts over the k attributes KdKdKdKd Total of t ( )2 d numbers (q,  1 ^  2 ^  3 ) (q,  1 ^  2 ^  3 ) … (q,  k-2 ^  k-1 ^  k ) (q’,  1 ^  2 ^  3 ) (q’,  1 ^  2 ^  3 ) … (q’,  k-2 ^  k-1 ^  k ) …

22 22 Usability (4) Published Statistics (cont.) A dataminer can now compute statistics for all 2d-ary conjuncts:A dataminer can now compute statistics for all 2d-ary conjuncts: –E.g. to compute Pr[  1 ^  4 ^  7 ^  11 ^  12 ^  15 ], run probabilistic implication tester on  1 ^  4 ^  7 and  11 ^  12 ^  15 Hence, the dataminer can now compute statistics for allHence, the dataminer can now compute statistics for all 2d-ary Boolean functions 2d-ary Boolean functions K 2d ( )2 ( )2 22d 22d 22d 22d t picked such that with probability 1- , statistics for all functions is estimated within additive error t picked such that with probability 1- , statistics for all functions is estimated within additive error  Savings: O(2 5d k d d 2 logd) vs. O(2 2d k 2d ) for constant ,  KdKdKdKd Savings: t ( )2 d numbers vs. numbers K 2d ( )2 2d

23 23 Summary Strong privacy definition and rigorous privacy proof in SuLQStrong privacy definition and rigorous privacy proof in SuLQ –Extending the DiDwNi observation that privacy may be preserved in large databases Usability for the dataminer:Usability for the dataminer: –Single database case –Vertically split databases Positive indications regarding published statisticsPositive indications regarding published statistics –Preserving privacy –Enabling usability

24 24 Open Questions (1) Privacy definition - What’s the next step?Privacy definition - What’s the next step? –Goal: cover everything a realistic adversary may do Improve usability/efficiency/…Improve usability/efficiency/… –Is there an alternative way to perturb and use the data that would result in more efficient/accurate datamining? –Same for datamining published statistics Datamining 3-ary Boolean functions from single attribute SuLQ DBsDatamining 3-ary Boolean functions from single attribute SuLQ DBs –Our method does not seem to extend to ternary functions

25 25 Open Questions (2) Maintaining privacy of all possible functionsMaintaining privacy of all possible functions –Cryptographic measures??? New applications for our confidence analysisNew applications for our confidence analysis –Self Auditing? – Decision whether to allow a query based on previous `good’ queries and their answers (But not DB contents) –How to compute conf? approximation?

Download ppt "Privacy-Preserving Datamining on Vertically Partitioned Databases Kobbi Nissim Microsoft, SVC Joint work with Cynthia Dwork."

Similar presentations

“Students” t-test.

“Students” t-test.
Approximate List- Decoding and Hardness Amplification Valentine Kabanets (SFU) joint work with Russell Impagliazzo and Ragesh Jaiswal (UCSD)

Approximate List- Decoding and Hardness Amplification Valentine Kabanets (SFU) joint work with Russell Impagliazzo and Ragesh Jaiswal (UCSD)
Foundations of Cryptography Lecture 10 Lecturer: Moni Naor.

Foundations of Cryptography Lecture 10 Lecturer: Moni Naor.
CS4432: Database Systems II

CS4432: Database Systems II
Chapter 10: Estimating with Confidence

Chapter 10: Estimating with Confidence
Integration of sensory modalities

Integration of sensory modalities
Online Auditing - How may Auditors Inadvertently Compromise Your Privacy Kobbi Nissim Microsoft With Nina Mishra HP/Stanford Work in progress.

Online Auditing - How may Auditors Inadvertently Compromise Your Privacy Kobbi Nissim Microsoft With Nina Mishra HP/Stanford Work in progress.
S EMANTICALLY - SECURE FUNCTIONAL ENCRYPTION : P OSSIBILITY RESULTS, IMPOSSIBILITY RESULTS AND THE QUEST FOR A GENERAL DEFINITION Adam O’Neill, Georgetown.

S EMANTICALLY - SECURE FUNCTIONAL ENCRYPTION : P OSSIBILITY RESULTS, IMPOSSIBILITY RESULTS AND THE QUEST FOR A GENERAL DEFINITION Adam O’Neill, Georgetown.
Differential Privacy 18739A: Foundations of Security and Privacy Anupam Datta Fall 2009.

Differential Privacy 18739A: Foundations of Security and Privacy Anupam Datta Fall 2009.
Helping Kinsey Compute Cynthia Dwork Microsoft Research Cynthia Dwork Microsoft Research.

Helping Kinsey Compute Cynthia Dwork Microsoft Research Cynthia Dwork Microsoft Research.
Revealing Information while Preserving Privacy Kobbi Nissim NEC Labs, DIMACS Based on work with: Irit DinurCynthia Dwork and Joe Kilian Irit Dinur, Cynthia.

Revealing Information while Preserving Privacy Kobbi Nissim NEC Labs, DIMACS Based on work with: Irit DinurCynthia Dwork and Joe Kilian Irit Dinur, Cynthia.
Evaluating Hypotheses

Evaluating Hypotheses
Security in Databases. 2 Srini & Nandita (CSE2500)DB Security Outline review of databases reliability & integrity protection of sensitive data protection.

Security in Databases. 2 Srini & Nandita (CSE2500)DB Security Outline review of databases reliability & integrity protection of sensitive data protection.
Anatomy: Simple and Effective Privacy Preservation Israel Chernyak DB Seminar (winter 2009)

Anatomy: Simple and Effective Privacy Preservation Israel Chernyak DB Seminar (winter 2009)
Private Information Retrieval. What is Private Information retrieval (PIR) ? Reduction from Private Information Retrieval (PIR) to Smooth Codes Constructions.

Private Information Retrieval. What is Private Information retrieval (PIR) ? Reduction from Private Information Retrieval (PIR) to Smooth Codes Constructions.
Privacy without Noise Yitao Duan NetEase Youdao R&D Beijing China CIKM 2009.

Privacy without Noise Yitao Duan NetEase Youdao R&D Beijing China CIKM 2009.
1 Constructing Pseudo-Random Permutations with a Prescribed Structure Moni Naor Weizmann Institute Omer Reingold AT&T Research.

1 Constructing Pseudo-Random Permutations with a Prescribed Structure Moni Naor Weizmann Institute Omer Reingold AT&T Research.
Foundations of Privacy Lecture 11 Lecturer: Moni Naor.

Foundations of Privacy Lecture 11 Lecturer: Moni Naor.
Security in Databases. 2 Outline review of databases reliability & integrity protection of sensitive data protection against inference multi-level security.

Security in Databases. 2 Outline review of databases reliability & integrity protection of sensitive data protection against inference multi-level security.
Privacy Preserving OLAP Rakesh Agrawal, IBM Almaden Ramakrishnan Srikant, IBM Almaden Dilys Thomas, Stanford University.

Privacy Preserving OLAP Rakesh Agrawal, IBM Almaden Ramakrishnan Srikant, IBM Almaden Dilys Thomas, Stanford University.

Similar presentations

Ads by Google