One of the approaches to the problem of data-privacy protection is given by the application of obfuscation techniques; in many situations, however, context information can help an attacker to perform inference over obfuscated data and to refine the estimate of the sensitive data up to a violation of the original privacy requirements. We consider the problem in a location privacy protection set-up where the sensitive attribute to be protected is the position of a Location Based Service user, and where the location anonymization technique is cloaking, whereas the context, supporting inference attacks, consists in some landscape-related information, namely positional constraints. In this work we adopt the assumption that the anonymizer and the attacker are two rational agents and frame the problem in a game theoretical approach by modeling the contest as a two-player, zero-sum, signaling game, then we point to the corresponding equilibrium solution and show that, when the anonymizer plays the equilibrium strategies, the advantage provided to the attacker by a non-neutral landscape gets canceled. We suggest that the game theoretical solution could be used as a reference solution for inter-technique comparisons.
Gianini, G., Damiani, E. (2008). A game-theoretical approach to data-privacy protection from context-based inference attacks: A location-privacy protection case study. In Secure Data Management 5th VLDB Workshop, SDM 2008, Auckland, New Zealand, August 24, 2008, Proceedings (pp.133-150) [10.1007/978-3-540-85259-9_9].
A game-theoretical approach to data-privacy protection from context-based inference attacks: A location-privacy protection case study
Gianini, G;
2008
Abstract
One of the approaches to the problem of data-privacy protection is given by the application of obfuscation techniques; in many situations, however, context information can help an attacker to perform inference over obfuscated data and to refine the estimate of the sensitive data up to a violation of the original privacy requirements. We consider the problem in a location privacy protection set-up where the sensitive attribute to be protected is the position of a Location Based Service user, and where the location anonymization technique is cloaking, whereas the context, supporting inference attacks, consists in some landscape-related information, namely positional constraints. In this work we adopt the assumption that the anonymizer and the attacker are two rational agents and frame the problem in a game theoretical approach by modeling the contest as a two-player, zero-sum, signaling game, then we point to the corresponding equilibrium solution and show that, when the anonymizer plays the equilibrium strategies, the advantage provided to the attacker by a non-neutral landscape gets canceled. We suggest that the game theoretical solution could be used as a reference solution for inter-technique comparisons.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.