CLC number: TP309
On-line Access: 2024-08-27
Received: 2023-10-17
Revision Accepted: 2024-05-08
Crosschecked: 2015-08-06
Cited: 2
Clicked: 6201
Kok-Seng Wong, Myung Ho Kim. Towards a respondent-preferred ki-anonymity model[J]. Frontiers of Information Technology & Electronic Engineering, 2015, 16(9): 720-731.
@article{title="Towards a respondent-preferred ki-anonymity model",
author="Kok-Seng Wong, Myung Ho Kim",
journal="Frontiers of Information Technology & Electronic Engineering",
volume="16",
number="9",
pages="720-731",
year="2015",
publisher="Zhejiang University Press & Springer",
doi="10.1631/FITEE.1400395"
}
%0 Journal Article
%T Towards a respondent-preferred ki-anonymity model
%A Kok-Seng Wong
%A Myung Ho Kim
%J Frontiers of Information Technology & Electronic Engineering
%V 16
%N 9
%P 720-731
%@ 2095-9184
%D 2015
%I Zhejiang University Press & Springer
%DOI 10.1631/FITEE.1400395
TY - JOUR
T1 - Towards a respondent-preferred ki-anonymity model
A1 - Kok-Seng Wong
A1 - Myung Ho Kim
J0 - Frontiers of Information Technology & Electronic Engineering
VL - 16
IS - 9
SP - 720
EP - 731
%@ 2095-9184
Y1 - 2015
PB - Zhejiang University Press & Springer
ER -
DOI - 10.1631/FITEE.1400395
Abstract: Recently, privacy concerns about data collection have received an increasing amount of attention. In data collection process, a data collector (an agency) assumed that all respondents would be comfortable with submitting their data if the published data was anonymous. We believe that this assumption is not realistic because the increase in privacy concerns causes some respondents to refuse participation or to submit inaccurate data to such agencies. If respondents submit inaccurate data, then the usefulness of the results from analysis of the collected data cannot be guaranteed. Furthermore, we note that the level of anonymity (i.e., k-anonymity) guaranteed by an agency cannot be verified by respondents since they generally do not have access to all of the data that is released. Therefore, we introduce the notion of ki-anonymity, where ki is the level of anonymity preferred by each respondent i. Instead of placing full trust in an agency, our solution increases respondent confidence by allowing each to decide the preferred level of protection. As such, our protocol ensures that respondents achieve their preferred ki-anonymity during data collection and guarantees that the collected records are genuine and useful for data analysis.
[1]Agrawal, R., Srikant, R., 2000. Privacy-preserving data mining. Proc. ACM SIGMOD Int. Conf. on Management of Data, p.439-450.
[2]Bella, G., Bistarelli, S., Massacci, F., 2005. Retaliation: can we live with flaws? NATO Sec. Sci. Ser. D, 6:3-14.
[3]Bella, G., Giustolisi, R., Riccobene, S., 2011. Enforcing privacy in e-commerce by balancing anonymity and trust. Comput. Secur., 30(8):705-718.
[4]Chaum, D.L., 1981. Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM, 24(2):84-90.
[5]Clifton, C., Tassa, T., 2013. On syntactic anonymity and differential privacy. Proc. IEEE 29th Int. Conf. on Data Engineering Workshops, p.88-93.
[6]Diamond, C.C., Mostashari, F., Shirky, C., 2009. Collecting and sharing data for population health: a new paradigm. Health Aff., 28(2):454-466.
[7]Dingledine, R., Mathewson, N., Syverson, P., 2004. Tor: the second-generation onion router. Proc. 13th Conf. on USENIX Security Symp., p.21.
[8]Domingo-Ferrer, J., 2010. Coprivacy: towards a theory of sustainable privacy. Proc. Int. Conf. on Privacy in Statistical Databases, p.258-268.
[9]Domingo-Ferrer, J., 2011. Coprivacy: an introduction to the theory and applications of co-operative privacy. Stat. Oper. Res. Trans., Special issue, p.25-40.
[10]Domingo-Ferrer, J., Soria-Comas, J., Ciobotaru, O., 2015. Co-utility: self-enforcing protocols without coordination mechanisms. Proc. Int. Conf. on Industrial Engineering and Operations Management, arXiv:1503.02563.
[11]Du, W., Zhan, Z., 2003. Using randomized response techniques for privacy-preserving data mining. Proc. 9th ACM SIGKDD Int. Conf. on Knowledge Discovery and Data Mining, p.505-510.
[12]Dwork, C., 2008. Differential privacy: a survey of results. Proc. 5th Int. Conf. on Theory and Applications of Models of Computation, p.1-19.
[13]Edman, M., Yener, B., 2009. On anonymity in an electronic society: a survey of anonymous communication systems. ACM Comput. Surv., 42(1), Article 5.
[14]Evfimievski, A., Srikant, R., Agrawal, R., et al., 2002. Privacy preserving mining of association rules. Proc. 8th ACM SIGKDD Int. Conf. on Knowledge Discovery and Data Mining, p.217-228.
[15]Kargupta, H., Datta, S., Wang, Q., et al., 2003. On the privacy preserving properties of random data perturbation techniques. Proc. 3rd IEEE Int. Conf. on Data Mining, p.99-106.
[16]Kumar, R., Gopal, R., Garfinkel, R., 2010. Freedom of privacy: anonymous data collection with respondent-defined privacy protection. INFORMS J. Comput., 22(3):471-481.
[17]Li, B., Erdin, E., Güneş, M.H., et al., 2011. An analysis of anonymity technology usage. Proc. 3rd Int. Conf. on Traffic Monitoring and Analysis, p.108-121.
[18]Li, N., Li, T., Venkatasubramanian, S., 2007. T-closeness: privacy beyond k-anonymity and l-diversity. Proc. 23rd Int. Conf. on Data Engineering, p.106-115.
[19]Machanavajjhala, A., Kifer, D., Gehrke, J., et al., 2007. L-diversity: privacy beyond k-anonymity. ACM Trans. Knowl. Discov. Data, 1(1), Article 3.
[20]Paillier, P., 1999. Public-key cryptosystems based on composite degree residuosity classes. Proc. 17th Int. Conf. on Theory and Application of Cryptographic Techniques, p.223-238.
[21]Samarati, P., 2001. Protecting respondents identities in microdata release. IEEE Trans. Knowl. Data Eng., 13(6):188-200.
[22]Sweeney, L., 1997. Weaving technology and policy together to maintain confidentiality. J. Law Med. Ethics, 25(2-3):98-110.
[23]Sweeney, L., 2002. k-anonymity: a model for protecting privacy. Int. J. Uncertain. Fuzz. Knowl.-Based Syst., 10(5):557-570.
[24]Warner, S.L., 1965. Randomized response: a survey technique for eliminating evasive answer bias. J. Am. Stat. Assoc., 60(309):63-69.
[25]Wong, K.S., Kim, M.H., 2014a. Privacy-preserving data collection with self-awareness protection. In: Park, J.J., Zomaya, A., Jeong, H.Y., et al. (Eds.), Frontier and Innovation in Future Computing and Communications. Springer, Netherlands, p.365-371.
[26]Wong, K.S., Kim, M.H., 2014b. Towards self-awareness privacy protection for Internet of things data collection. J. Appl. Math., 2014:827959.1-827959.9.
[27]Wong, R.C.W., Li, J., Fu, A.W.C., et al., 2006. (α, k)-anonymity: an enhanced k-anonymity model for privacy preserving data publishing. Proc. 12th ACM SIGKDD Int. Conf. on Knowledge Discovery and Data Mining, p.754-759.
[28]Wong, R.C.W., Fu, A.W.C., Wang, K., et al., 2007a. Minimality attack in privacy preserving data publishing. Proc. 33rd Int. Conf. on Very Large Data Bases, p.543-554.
[29]Wong, R.C.W., Liu, Y., Yin, J., et al., 2007b. (α, k)-anonymity based privacy preservation by lossy join. Proc. Joint 9th Asia-Pacific Web Conf. on Advances in Data and Web Management and 8th Int. Conf. on Web-Age Information Management, p.733-744.
[30]Zhang, N., Wang, S., Zhao, W., 2005. A new scheme on privacy-preserving data classification. Proc. 11th ACM SIGKDD Int. Conf. on Knowledge Discovery in Data Mining, p.374-383.
Open peer comments: Debate/Discuss/Question/Opinion
<1>