Automated Cryptanalysis of Bloom Filter Encryptions of Health Records

Kroll, Martin H.; Steinmetzer, Simone

doi:10.5220/0005176000050013

Cited by 15 publications

(9 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Applying the decoding algorithms described by Niedermeyer [21] and modified by [22], yielded no successful decoding of bit patterns for any of the newly suggested encoding methods described here. Although random hashing by itself prevents the Niedermeyer attack, a combination of random hashing with balancing codes prohibits any attack based on Hamming weights, including attacks that are -to date -unknown.…”

Section: Discussionmentioning

confidence: 88%

“…Any of the methods tested here detected 90-95% of all true record pairs with F-scores between 0.947 to 0.969. Table I presents the decoding rates for each variation using the attack by [22], privacy metrics, entropy, and number of unique bit patterns in the data.…”

Section: Resultsmentioning

confidence: 99%

“…It should be noted, that the CSS attack is based on the entire Bloom filter, therefore it is no decoding, but an alignment. In contrast to that, [21], [22] attempt the decoding (actual revealing of all identifiers as clear text) by a cryptanalysis of individual bit patterns within the Bloom filters. While [21] were successful with basic Bloom filters, [22] demonstrated partial success with composite Bloom filters.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Randomized Response and Balanced Bloom Filters for Privacy Preserving Record Linkage

Schnell

Borgs

2016

2016 IEEE 16th International Conference on Data Mining Workshops (ICDMW)

View full text Add to dashboard Cite

Section: Discussionmentioning

confidence: 88%

Section: Resultsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Randomized Response and Balanced Bloom Filters for Privacy Preserving Record Linkage

Schnell

Borgs

2016

2016 IEEE 16th International Conference on Data Mining Workshops (ICDMW)

View full text Add to dashboard Cite

“…[3,4,20]. Additionally, several hardening techniques for BFs are sugested in [10,21], such as salting, noise injection, and a random selection of hash functions. Some of which are useful to improve our approach's security.…”

Section: Bloom Filter Hardeningmentioning

confidence: 99%

Privacy-Enhanced Robust Image Hashing with Bloom Filters

Breidenbach

Steinebach

Liu

2021

JCSANDM

View full text Add to dashboard Cite

Robust image hashes are used to detect known illegal images, even after image processing. This is, for example, interesting for a forensic investigation, or for a company to protect their employees and customers by filtering content. The disadvantage of robust hashes is that they leak structural information of the pictures, which can lead to privacy issues. Our scientific contribution is to extend a robust image hash with privacy protection. We thus introduce and discuss such a privacy-preserving concept. The approach uses a probabilistic data structure -- known as Bloom filter -- to store robust image hashes. Bloom filter store elements by mapping hashes of each element to an internal data structure. We choose a cryptographic hash function to one-way encrypt and store elements. The privacy of the inserted elements is thus protected. We evaluate our implementation, and compare it to its underlying robust image hashing algorithm. Thereby, we show the cost with respect to error rates for introducing a privacy protection into robust hashing. Finally, we discuss our approach's results and usability, and suggest possible future improvements.

show abstract

“…Using this idea, [44] demonstrated a manual attack on double hashing-based Bloom filters resulting in a near complete reidentification of all records. This kind of attack has been used by [46] for attacking double hashing based combined Bloom filter (CLKs).…”

Section: A Security Of Bloom Filter-based Approachesmentioning

confidence: 99%

Building a National Perinatal Data Base without the Use of Unique Personal Identifiers

Schnell

Borgs

2015

2015 IEEE International Conference on Data Mining Workshop (ICDMW)

View full text Add to dashboard Cite

Abstract-To assess the quality of hospital care, national databases of standard medical procedures are common. A widely known example are national databases of births. If unique personal identification numbers are available (as in Scandinavian countries), the construction of such databases is trivial from a computational point of view. However, due to privacy legislation, such identifiers are not available in all countries. Given such constraints, the construction of a national perinatal database has to rely on other patient identifiers, such as names and dates of birth. These kind of identifiers are prone to errors. Furthermore, some jurisdictions require the encryption of personal identifiers. The resulting problem is therefore an example of Privacy Preserving Record Linkage (PPRL). This contribution describes the design considerations for a national perinatal database using data of about 600,000 births in about 1,000 hospitals. Based on simulations, recommendations for parameter settings of Bloom filter based PPRL are given for this real world application. I. BACKGROUNDFor the medical assessment of German hospitals, a federal institution (GBA) 1 is obliged by law to link administrative records of more than 600,000 births yearly. The records are scattered across about 1,000 independent perinatal and neonatal units. The linked data is used for monitoring hospital performance and epidemiological analyses like spatial prevalence of very low birth weights. Due to privacy regulations, patient databases of hospitals are not linked by an electronic network. The hospitals use different electronic medical record systems, but have to use the same data exchange format. All details of the data exchange are part of a mandatory regulation. Because the German health insurance system has no common unique personal identifier number, other patient identifiers have to be used. Since the current regulations do not allow names in any form, encrypted or not, current linkage is based on different combinations of health insurance numbers, birth weight and hospital identifiers. Given the described constraints, only about 80% of the records can be linked [1].From a statistical point of view, non-linked records might cause a missing data problem [2]. If the fact, that a true link is missed, depends on variables of interest, this is referred to as differential linkage error [3], [4]. This might result in biased estimates of causal effects and population parameters [5], [6]. Concerning our field of application, evidence of bias caused by differences between linked and non-linked maternal data sets has been published [7], [8]. The easiest way to 1 For details, see www.english.g-ba.de.reduce differential linkage bias is improving the linkage rate. Therefore, using additional identifiers has been proposed to the regulatory authority [9]. As previous research has shown [10] [30]. In this paper, we will describe the design of a national perinatal database using Bloom filters for PPRL. 2 We are not aware of any published attack against encryp...

show abstract

Automated Cryptanalysis of Bloom Filter Encryptions of Health Records

Cited by 15 publications

References 6 publications

Randomized Response and Balanced Bloom Filters for Privacy Preserving Record Linkage

Randomized Response and Balanced Bloom Filters for Privacy Preserving Record Linkage

Privacy-Enhanced Robust Image Hashing with Bloom Filters

Building a National Perinatal Data Base without the Use of Unique Personal Identifiers

Contact Info

Product

Resources

About