Exposed! A Survey of Attacks on Private Data

Dwork, Cynthia; Smith, Adam; Steinke, Thomas; Ullman, Jonathan

doi:10.1146/annurev-statistics-060116-054123

Cited by 189 publications

(144 citation statements)

References 34 publications

Supporting

Mentioning

142

Contrasting

Order By: Relevance

“…Anonymous data collection. As a pragmatic means for reducing privacy risks, reports are typically anonymized and often aggregated in deployments of monitoring by careful operators (e.g., RAPPOR [EPK14])even though anonymity is no privacy panacea [DSSU17,Dez18].…”

Section: Background and Related Workmentioning

confidence: 99%

Amplification by Shuffling: From Local to Central Differential Privacy via Anonymity

Erlingsson¹,

Feldman²,

Mironov³

et al. 2019

Proceedings of the Thirtieth Annual ACM-SIAM Symposium on Discrete Algorithms

268

260

View full text Add to dashboard Cite

Sensitive statistics are often collected across sets of users, with repeated collection of reports done over time. For example, trends in users' private preferences or software usage may be monitored via such reports. We study the collection of such statistics in the local differential privacy (LDP) model, and describe an algorithm whose privacy cost is polylogarithmic in the number of changes to a user's value.More fundamentally-by building on anonymity of the users' reports-we also demonstrate how the privacy cost of our LDP algorithm can actually be much lower when viewed in the central model of differential privacy. We show, via a new and general privacy amplification technique, that any permutationinvariant algorithm satisfying ε-local differential privacy will satisfy (O(ε log(1/δ)/n), δ)-central differential privacy. By this, we explain how the high noise and √ n overhead of LDP protocols is a consequence of them being significantly more private in the central model. As a practical corollary, our results imply that several LDP-based industrial deployments may have much lower privacy cost than their advertised ε would indicate-at least if reports are anonymized.By quasi-convexity of (ε, δ)-DP we obtain that Pr [Z 1:i−1 = s 1:i−1 | T = i] Pr [Z 1:i−1 = s 1:i−1 ] ≤ e 2ε 0 .

show abstract

Section: Background and Related Workmentioning

confidence: 99%

Amplification by Shuffling: From Local to Central Differential Privacy via Anonymity

Erlingsson¹,

Feldman²,

Mironov³

et al. 2019

Proceedings of the Thirtieth Annual ACM-SIAM Symposium on Discrete Algorithms

268

260

View full text Add to dashboard Cite

show abstract

“…However, machine learning models, similar to other types of computations, could significantly leak information about the datasets on which they are computed. In particular, an adversary, with even black-box access to a model, can perform a membership inference [23,43] (also known as the tracing [17]) attack against the model to determine whether or not a target data record is a member of its training set [45]. The adversary exploits the distinctive statistical features of the model's predictions on its training data.…”

Section: Introductionmentioning

confidence: 99%

Machine Learning with Membership Privacy using Adversarial Regularization

Nasr

Shokri

Houmansadr

2018

Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security

370

416

View full text Add to dashboard Cite

show abstract

“…Furthermore, there were existing artifacts such as the Poincaré embeddings by [18] built with this model that we could reuse for this work. 1 The metric tensor (like a dot product) gives local notions of length and angle between tangent vectors. By integration local segments, the metric tensor allows us to calculate the global length of curves in the manifold…”

Section: Hyperbolic Space and Geometrymentioning

confidence: 99%

“…These all go to illustrate that the traditional notion of PII which is used to build anonymization systems is fundamentally flawed [8]. Essentially, any part of a user's information can be used to launch these attacks, and we are therefore in a post-PII era [1]. This effect is more pronounced in naturally generated text as opposed to statistical data where techniques such as Differential Privacy (DP) have been established as a de facto way to mitigate these attacks.…”

Section: Introductionmentioning

confidence: 99%

Leveraging Hierarchical Representations for Preserving Privacy and Utility in Text

Feyisetan

Diethe

Drake

2019

2019 IEEE International Conference on Data Mining (ICDM)

View full text Add to dashboard Cite

Guaranteeing a certain level of user privacy in an arbitrary piece of text is a challenging issue. However, with this challenge comes the potential of unlocking access to vast data stores for training machine learning models and supporting data driven decisions. We address this problem through the lens of dχprivacy, a generalization of Differential Privacy to non Hamming distance metrics. In this work, we explore word representations in Hyperbolic space as a means of preserving privacy in text. We provide a proof satisfying dχ-privacy, then we define a probability distribution in Hyperbolic space and describe a way to sample from it in high dimensions. Privacy is provided by perturbing vector representations of words in high dimensional Hyperbolic space to obtain a semantic generalization. We conduct a series of experiments to demonstrate the tradeoff between privacy and utility. Our privacy experiments illustrate protections against an authorship attribution algorithm while our utility experiments highlight the minimal impact of our perturbations on several downstream machine learning models. Compared to the Euclidean baseline, we observe > 20x greater guarantees on expected privacy against comparable worst case statistics.

show abstract

Exposed! A Survey of Attacks on Private Data

Cited by 189 publications

References 34 publications

Amplification by Shuffling: From Local to Central Differential Privacy via Anonymity

Amplification by Shuffling: From Local to Central Differential Privacy via Anonymity

Machine Learning with Membership Privacy using Adversarial Regularization

Leveraging Hierarchical Representations for Preserving Privacy and Utility in Text

Contact Info

Product

Resources

About