Distributed Data Federation without Disclosure of User Existence
نویسندگان
چکیده
Service providers collect user’s personal information relevant to their businesses. Personal information stored by different service providers is expected to be combined to make new services. However, specific user records risk being identified from the combined personal information, and the user’s sensitive information may be revealed. Also, personal information collected by a service provider must not be disclosed to other service providers because of security issues. Thus, several researchers have been investigating distributed anonymization protocols, which combine the personal information stored by the providers and sanitize it to ensure an anonymity policy with minimum disclosure. However, when providers have different sets of the users, there is a problem that the existence of users in either service provider may be revealed. This paper introduces a new notion, δ-max-site-presence, which indicates the probability of the existence of users being revealed in a distributed environment and a new distributed anonymization protocol for hiding the existence of users. Our evaluation results show that the proposed protocol can anonymize users in accordance with the policy of hiding their existence and user anonymity without too much information loss.
منابع مشابه
BioMart: driving a paradigm change in biological data management
Biological data management is a challenging undertaking. It is challenging for database designers, because biological concepts are complex and not always well defined, and therefore the data models that are used to represent them are constantly changing as new techniques are developed and new information becomes available. It is challenging for collaborating groups based in different geographic...
متن کاملA Model for Privacy-enhanced Federated Identity Management
Identity federations operating in a business or consumer context need to prevent the collection of user data across trust service providers for legal and business case reasons. Legal reasons are given by data protection legislation such as [1]. Other reasons include business owners becoming increasingly aware of confidentiality risks that go beyond traditional information security, e.g., the nu...
متن کاملA Service-based Approach to Schema Federation of Distributed Databases
In the last few years, we have witnessed a rapid growth in distributed database processing. We consider the question of data integration: how we can integrate distributed schemas into a new one and query just that new schema without losing the ability to retrieve data from the original schemas. The area in which we try to answer that question is federated databases, where the original heterogen...
متن کاملSPARSI: Partitioning Sensitive Data amongst Multiple Adversaries
We present SPARSI, a novel theoretical framework for partitioning sensitive data across multiple non-colluding adversaries. Most work in privacy-aware data sharing has considered disclosing summaries where the aggregate information about the data is preserved, but sensitive user information is protected. Nonetheless, there are applications, including online advertising, cloud computing and crow...
متن کاملA "privacy by design" eID scheme supporting Attribute-based Access Control (ABAC)
This eID scheme built along "privacy by design" principles covers a full range of identification using a single mechanism starting from the use of pseudonyms, followed by a gradual disclosure of some attributes with the consent of the end-user, up to the disclosure of a sufficient number attributes that allows a full identification of an end-user under a given context, again with the consent of...
متن کامل