Se Sequence Obfu fuscation ion to o Thwar art Pa Pattern - - PowerPoint PPT Presentation
Se Sequence Obfu fuscation ion to o Thwar art Pa Pattern Matching Attacks Bo Guan , Nazanin Takbiri, Dennis L. Goeckel, Amir Houmansadr, Hossein Pishro-Nik University of Massachusetts Amherst IEEE International Symposium on Information
Bo Guan, Nazanin Takbiri, Dennis L. Goeckel, Amir Houmansadr, Hossein Pishro-Nik University of Massachusetts Amherst IEEE International Symposium on Information Theory (ISIT) Los Angeles, California June 2020
2
LBS
Location Based Applications
π! = [π! 1 , π! 2 , π!(3), β¦] Need Utility Lose Privacy π! = [π! 1 , π! 2 , π!(3), β¦]
The collection Data of User π£
Data of User π£ at different times
3
User 1 User 2 . . . User π Sequence 1 Sequence 2 . . . Sequence π
User Profile Adve versa sary: y: Match ch Prior Behavi viors wi with th Realiza zations π" = [π" 1 , π" 2 , π"(3), β¦] π"
($)π" & β― π" '
User v could be identified by his habitual pattern.
we do not know the exact data point model.
pattern matching attack.
patterns in a smart obfuscation noise.
I. I.
Syst ystem Model and De Defin init itio ions
II. II.
Priva vacy cy Guar Guarantee antee for for Model
Free PPM PPMs
III.
cal Resu sults
IV
clusi sion
6
I. I.
Syst ystem Model and De Defin init itio ions
II.
Privacy Guarantee for Model-Free PPMs
7
π* = [π* 1 , π* 2 , β― , π* π ]+, π= [π,, π-, β― , π.]
in a finite size set π = 0, 1, β― , π β 1 . Data point of user π£
ystem Mo Model and Defi finiti tions
vacy cy Guarantees s for Model-Free PPMs s III
cal Resu sults IV IV. . Concl clusi sion
β¦ 3 1 4 2 6 3 4 5 6 β¦ For instance, in the below fragment of the data sequence: If we set β = 3, pattern 164 shows in the sequence fragment, but not the pattern 134.
ystem Mo Model and Defi finiti tions
vacy cy Guarantees s for Model-Free PPMs s III
cal Resu sults IV IV. . Concl clusi sion
Definition 1. A pattern is a sequence πΉ = π(,)π(-) β― π 1 , where π 2 β {0,1, β― , π β 1} for any π β 1,2, β― , π . A user π£ is said to have the pattern πΉ if:
(obfuscated) sequence, and
user π£ with distance less than or equal to β.
For instance, the following sequence is a 2, 3 βsuperstring since it contains all possible lengthβ2 strings, here π = {0, 1}: 000001010011100101110111
ystem Mo Model and Defi finiti tions
vacy cy Guarantees s for Model-Free PPMs s III
cal Resu sults IV IV. . Concl clusi sion
Definition 2. A sequence is an π , π βsuperstring is it contains all possible π 1 lengthβπ strings on a sizeβπ alphabetββ as its contiguous substrings. Note that:
π* = [π* 1 , π* 2 , β― , π* π ]+, π= [π,, π-, β― , π.].
π = 5
()$ *
π
!(π)
Element of superstring sequence π!
ystem Mo Model and Defi finiti tions II. Priva vacy cy of Independent Use sers III
vacy cy of Dependent Use sers
chnique
ππ
π!(1) π!(2) π!(3) π!(4) π!(5) π!(6) π!(7) π!(8) π!(9) β¦ 1 1 1 β¦
πΏπ
π!(1) π!(2) π!(1) π!(4) π!(2) π!(6) π!(7) π!(8) π!(3) β¦
ππ
π = π π = π+1 π = π+1+1 β¦
Alice ce data se sequence ce Bob data se sequence ce Carol data se sequence ce Bob data se sequence ce Alice ce data se sequence ce Carol data se sequence ce Bo Bob Alice ce Ca Carol Bo Bob Alice ce Ca Carol
ystem Mo Model and Defi finiti tions
vacy cy Guarantees s for Model-Free PPMs s III
cal Resu sults IV IV. . Concl clusi sion
Γ Adversary Does Know:
" # 1 , π " # 2 , β―, π " # π for each user π£.
Γ Adversary Does NOT Know:
13
ystem Mo Model and Defi finiti tions
vacy cy Guarantees s for Model-Free PPMs s III
cal Resu sults IV IV. . Concl clusi sion
ystem Mo Model and Defi finiti tions
vacy cy Guarantees s for Model-Free PPMs s III
cal Resu sults IV IV. . Concl clusi sion
βPerfect Privacyβ is proposed and achieved in Takbiriβs journal paper [1]:
In this paper,
[1] Takbiri, Nazanin, et al. "Matching anonymized and obfuscated time series to usersβ profiles." IEEE Transactions
ystem Mo Model and Defi finiti tions
vacy cy Guarantees s for Model-Free PPMs s III
cal Resu sults IV IV. . Concl clusi sion
Definition 3. User π€ with data pattern π<
, π< - β― π< 1 has π βprivacy if :
in their obfuscated data sequence is at least π.
For instance, a 3, 2 βsuperstring which contains all possible lengthβ2 strings, here π = {0, 1, 2}:
001122011002201221 Definition 4. β(β¬*) is defined as the probability that the obfuscated sequence π* has user 1 βs identifying pattern due to
π , π β superstring with length ππ 1.
possible π 1 substrings without overlapping.
For instance, a shortest 3, 2 βsuperstring constructed by using the De Bruijn sequence πΆ(3, 2):
πΆ 3, 2 = β001021122β
ystem Mo Model and Defi finiti tions
vacy cy Guarantees s for Model-Free PPMs s III
cal Resu sults IV IV. . Concl clusi sion
Definition 5. β(β¬*
D ) is defined as the
probability that the
sequence π* has user 1βs identifying pattern due to obfuscation by the shortest π , π βsuperstring with length π π , π = π 1 + π β 1.
Bruijn sequence, which is the optimal shortest cyclic sequence containing all the possible substrings. 0010211220
I.
System Model and Metrics
II. II.
Priva vacy cy Guar Guarantee antee for for Mo Model-Fre Free PPM PPMs
17
ystem Mo Model and and De Definitions II.
vacy cy Gu Guara rante tees fo for Mo Model-Fr Free ee PPM PPMs III
cal Resu sults IV IV. . Concl clusi sion
Theorem 1. If π is the obfuscated version of π, and π is the anonymized version of π as defined previously, there exists a lower bound π for the probability β(β¬*): , (1) where β π!
β₯ 1 β 1 β π"#$
% &'(
π & n
)*+ ,-. /,'( , 12-./ &
1 β exp β π) 2 π»π"#$ π» = π β β π β 1 , π) = 1 β
)& 12-./, for π½ = 0, 1, β― , π & β 1
Achieves a lower bound: Define two Events: Independent
ystem Mo Model and and De Definitions II.
vacy cy Gu Guara rante tees fo for Mo Model-Fr Free ee PPM PPMs III
cal Resu sults IV IV. . Concl clusi sion
β*: the user 1βs pattern appears in user uβs obfuscated data points π*. β±
*: the distance between any neighboring points of pattern in π* is
smaller than or equal to β.
β!: π!,(
(() β€ π β β π β 1 = π»
β±
!: πΈ! (() β€ β; πΈ! C
β€ β; β― ; πΈ!
(&'() β€ β
β π! β₯ β β! β(β±
!)
The idea behind the Proof:
Achieves a lower bound: Independent
ystem Mo Model and and De Definitions II.
vacy cy Gu Guara rante tees fo for Mo Model-Fr Free ee PPM PPMs III
cal Resu sults IV IV. . Concl clusi sion
G Reserve enough space for the obfuscation Distance requirement m
β!: π!,(
(() β€ π β β π β 1 = π»
β±
!: πΈ! (() β€ β; πΈ! C
β€ β; β― ; πΈ!
(&'() β€ β
β!: π!,(
(() + β π β 1
β€ π
Independent
β π! β₯ β β! β(β±
!)
The idea behind the Proof:
For instance, a 3, 2 βsuperstring which contains all possible lengthβ2 strings, here π = {0, 1, 2}:
001122011002201221 β π*,, = π½π + 1 = 1 π 1 , π½ = 0, 1, β― , π 1 β 1 probability of Event β°*: Could be categorized on π*,, with different choices of values and equally likely:
The idea behind the Proof:
ystem Mo Model and and De Definitions II.
vacy cy Gu Guara rante tees fo for Mo Model-Fr Free ee PPM PPMs III
cal Resu sults IV IV. . Concl clusi sion
ππ possible location choices for pattern head in the superstring. Also, they are equally likely. Location of the pattern head in the superstring
β β! = β(at least π!,( sucess in π» trials)
= 1 π & n
)*+ /,'(
β at least π½π + 1 sucess in π» trials β β! = n
)*+ /,'(
β at least π!,( sucess in π» trials. π!,( = π½π + 1 . β π!,( = π½π + 1
By the Law of Total Probability:
ystem Mo Model and and De Definitions II.
vacy cy Gu Guara rante tees fo for Mo Model-Fr Free ee PPM PPMs III
cal Resu sults IV IV. . Concl clusi sion
Equally likely
= 1 π & n
)*+ /,'(
1 β β less than π½π + 1 sucess in π» trials
The idea behind the Proof:
By using the Chernoff Bound: Define the probability of event πF: β πF = β(Less than π½π + 1 success in π» trials).
ystem Mo Model and and De Definitions II.
vacy cy Gu Guara rante tees fo for Mo Model-Fr Free ee PPM PPMs III
cal Resu sults IV IV. . Concl clusi sion
β π* β₯ β β* β(β±
*)
The idea behind the Proof:
Thus, by (5), (8) and (9), we obtain (1). Probability of Event β±
*:
ystem Mo Model and and De Definitions II.
vacy cy Gu Guara rante tees fo for Mo Model-Fr Free ee PPM PPMs III
cal Resu sults IV IV. . Concl clusi sion
β π* β₯ β β* β(β±
*)
The idea behind the Proof:
Constructing the shortest superstring by Lemma 1:
length-l substring aggressively overlapping.
Add the front (π β 1) symbols at the end
ystem Mo Model and and De Definitions II.
vacy cy Gu Guara rante tees fo for Mo Model-Fr Free ee PPM PPMs III
cal Resu sults IV IV. . Concl clusi sion
Lemma 1. The length of a sequence solution for the shortest π , π βsuperstring is equal to π 1 + π β 1. That is, π π , π = π 1 + π β 1.
Can be proved similarly: The location index for each pattern showing in the superstring is most aggressively overlapping:
ystem Mo Model and and De Definitions II.
vacy cy Gu Guara rante tees fo for Mo Model-Fr Free ee PPM PPMs III
cal Resu sults IV IV. . Concl clusi sion
Theorem 2. If π is the obfuscated version of π, and π is the anonymized version of π as defined previously, there exists a lower bound πD for the probability β(β¬*
D ): For instance, a shortest 3, 2 βsuperstring constructed by using the De Bruijn sequence πΆ(3, 2):
πΆ 3, 2 = β001021122β 0010211220
ππ possible location choices for pattern head in the superstring. And they are equally likely.
β π#,- = π½ + 1 = 1
π 2 , π½ = 0, 1, β― , π 2 β 1
π» = π β β π β 1 , π)
I = 1 β ) 12-./, for π½ = 0, 1, β― , π & β 1
where β π!
I
β₯ 1 β 1 β π"#$
% &'(
π & n
)*+ ,-. /,'( , 12-./
1 β exp β πI
) C
2 π»π"#$
π: theoretical lower bound of β(π*) from Theorem 1. πβ: theoretical lower bound of β(πβ²*) from Theorem 2. Increasing π or πHIJ β Achieves LARGER lower bound.
ystem Mo Model and and De Definitions
vacy cy Guarantees s for Model-Fr Free ee PPMs
cal Resu sults IV IV. . Concl clusi sion
matching attacks.
have the same pattern as user 1βs by using the proposed obfuscation method.
ystem Mo Model and and De Definitions
vacy cy Guarantees s for Model-Fr Free ee PPMs
cal Resu sults IV
clusi sion