Data Sanitisation Protocols for the Privacy Funnel with Differential Privacy Guarantees

Lopuhaä-Zwakenberg, Milan; Tong, Haochen; Škorić, Boris

Home // International Journal On Advances in Security, volume 13, numbers 3 and 4, 2020 // View article

Data Sanitisation Protocols for the Privacy Funnel with Differential Privacy Guarantees

Authors:
Milan Lopuhaä-Zwakenberg
Haochen Tong
Boris Škorić

Keywords: Privacy funnel; local differential privacy; information privacy; database sanitisation; complexity

Abstract:
In the Open Data approach, governments and other public organisations want to share their datasets with the public, for accountability and to support participation. Data must be opened in such a way that individual privacy is safeguarded. The Privacy Funnel is a mathematical approach that produces a sanitised database that does not leak private data beyond a chosen threshold. The downsides to this approach are that it does not give worst-case privacy guarantees, and that finding optimal sanitisation protocols can be computationally prohibitive. These are problems are tackled by using differential privacy metrics, and by considering local protocols that operate on one entry at a time. It is shown that under both the Local Differential Privacy and Local Information Privacy leakage metrics, one can efficiently obtain optimal protocols. Furthermore, Local Information Privacy is both more closely aligned to the privacy requirements of the Privacy Funnel scenario, and optimal protocols satisfying Local Information Privacy are more efficiently computable. This paper also considers the scenario where each user has multiple attributes, for which a side-channel resistant privacy criterion is defined, and efficient methods to find protocols satisfying this criterion, while still offering good utility, are given. Finally, Conditional Reporting is introduced, an explicit LIP protocol that can be used when the optimal protocol is infeasible to compute. Experiments on real-world and synthetic data confirm the validity of these methods. The main output of this paper consists of methods to compute optimal privacy protocols, and explicit privacy protocols when the former are unfeasible computationally.

Pages: 162 to 174

Publication date: December 30, 2020

Published in: journal

ISSN: 1942-2636