File Download
There are no files associated with this item.
Links for fulltext
(May Require Subscription)
- Publisher Website: 10.1109/TIFS.2022.3170242
- Scopus: eid_2-s2.0-85129421492
- Find via
Supplementary
-
Citations:
- Scopus: 0
- Appears in Collections:
Article: An Adversarial Approach to Protocol Analysis and Selection in Local Differential Privacy
Title | An Adversarial Approach to Protocol Analysis and Selection in Local Differential Privacy |
---|---|
Authors | |
Keywords | adversarial analysis Data privacy differential privacy privacy-preserving data collection |
Issue Date | 2022 |
Citation | IEEE Transactions on Information Forensics and Security, 2022, v. 17, p. 1785-1799 How to Cite? |
Abstract | Local Differential Privacy (LDP) is a popular standard for privacy-preserving data collection. Numerous LDP protocols have been proposed in the literature which differ in how they provide higher utility in different settings. Yet, few have engaged in analyzing the privacy relationships of these protocols under varying settings, and consequently, it is non-trivial to select which LDP protocol is best to use in a newly emerging application. In this paper, we present an adversarial approach to protocol analysis and selection and make three original contributions. First, we introduce a Bayesian adversary to analyze the privacy relationships of LDP protocols under varying settings. We show that different protocols have substantially different responses to the attack effectiveness of the Bayesian adversary, measured in terms of Adversarial Success Rate (ASR). Second, we provide a formal and empirical analysis on a set of privacy and utility-critical factors, including encoding parameters, privacy budget, data domain, adversarial knowledge, and statistical distribution. We show that different settings of these factors have significant effects on the ASRs of LDP protocols, and no protocol provides consistently low ASR across all settings. Third, we design and develop LDPLens, a prototype implementation of our proposed framework. Given a data collection scenario with various factors and constraints, LDPLens enables optimized selection of a desirable LDP protocol for the given scenario. We evaluate the effectiveness of LDPLens using three case studies with real-world datasets. Results show that LDPLens recommends a different protocol in each case study, and the protocol recommended by LDPLens can yield up to 1.5-2 fold reduction in utility loss, ASR or privacy budget compared to a randomly selected protocol. |
Persistent Identifier | http://hdl.handle.net/10722/343372 |
ISSN | 2023 Impact Factor: 6.3 2023 SCImago Journal Rankings: 2.890 |
DC Field | Value | Language |
---|---|---|
dc.contributor.author | Gursoy, M. Emre | - |
dc.contributor.author | Liu, Ling | - |
dc.contributor.author | Chow, Ka Ho | - |
dc.contributor.author | Truex, Stacey | - |
dc.contributor.author | Wei, Wenqi | - |
dc.date.accessioned | 2024-05-10T09:07:34Z | - |
dc.date.available | 2024-05-10T09:07:34Z | - |
dc.date.issued | 2022 | - |
dc.identifier.citation | IEEE Transactions on Information Forensics and Security, 2022, v. 17, p. 1785-1799 | - |
dc.identifier.issn | 1556-6013 | - |
dc.identifier.uri | http://hdl.handle.net/10722/343372 | - |
dc.description.abstract | Local Differential Privacy (LDP) is a popular standard for privacy-preserving data collection. Numerous LDP protocols have been proposed in the literature which differ in how they provide higher utility in different settings. Yet, few have engaged in analyzing the privacy relationships of these protocols under varying settings, and consequently, it is non-trivial to select which LDP protocol is best to use in a newly emerging application. In this paper, we present an adversarial approach to protocol analysis and selection and make three original contributions. First, we introduce a Bayesian adversary to analyze the privacy relationships of LDP protocols under varying settings. We show that different protocols have substantially different responses to the attack effectiveness of the Bayesian adversary, measured in terms of Adversarial Success Rate (ASR). Second, we provide a formal and empirical analysis on a set of privacy and utility-critical factors, including encoding parameters, privacy budget, data domain, adversarial knowledge, and statistical distribution. We show that different settings of these factors have significant effects on the ASRs of LDP protocols, and no protocol provides consistently low ASR across all settings. Third, we design and develop LDPLens, a prototype implementation of our proposed framework. Given a data collection scenario with various factors and constraints, LDPLens enables optimized selection of a desirable LDP protocol for the given scenario. We evaluate the effectiveness of LDPLens using three case studies with real-world datasets. Results show that LDPLens recommends a different protocol in each case study, and the protocol recommended by LDPLens can yield up to 1.5-2 fold reduction in utility loss, ASR or privacy budget compared to a randomly selected protocol. | - |
dc.language | eng | - |
dc.relation.ispartof | IEEE Transactions on Information Forensics and Security | - |
dc.subject | adversarial analysis | - |
dc.subject | Data privacy | - |
dc.subject | differential privacy | - |
dc.subject | privacy-preserving data collection | - |
dc.title | An Adversarial Approach to Protocol Analysis and Selection in Local Differential Privacy | - |
dc.type | Article | - |
dc.description.nature | link_to_subscribed_fulltext | - |
dc.identifier.doi | 10.1109/TIFS.2022.3170242 | - |
dc.identifier.scopus | eid_2-s2.0-85129421492 | - |
dc.identifier.volume | 17 | - |
dc.identifier.spage | 1785 | - |
dc.identifier.epage | 1799 | - |
dc.identifier.eissn | 1556-6021 | - |