TY - JOUR
T1 - Exposed! A survey of attacks on private data
AU - Dwork, Cynthia
AU - Smith, Adam
AU - Steinke, Thomas
AU - Ullman, Jonathan
N1 - Publisher Copyright:
Copyright © 2017 by Annual Reviews.
PY - 2017/3/7
Y1 - 2017/3/7
N2 - Privacy-preserving statistical data analysis addresses the general question of protecting privacy when publicly releasing information about a sensitive dataset. A privacy attack takes seemingly innocuous released information and uses it to discern the private details of individuals, thus demonstrating that such information compromises privacy. For example, re-identification attacks have shown that it is easy to link supposedly de-identified records to the identity of the individual concerned. This survey focuses on attacking aggregate data, such as statistics about how many individuals have a certain disease, genetic trait, or combination thereof. We consider two types of attacks: reconstruction attacks, which approximately determine a sensitive feature of all the individuals covered by the dataset, and tracing attacks, which determine whether or not a target individual's data are included in the dataset.Wealso discuss techniques from the differential privacy literature for releasing approximate aggregate statistics while provably thwarting any privacy attack.
AB - Privacy-preserving statistical data analysis addresses the general question of protecting privacy when publicly releasing information about a sensitive dataset. A privacy attack takes seemingly innocuous released information and uses it to discern the private details of individuals, thus demonstrating that such information compromises privacy. For example, re-identification attacks have shown that it is easy to link supposedly de-identified records to the identity of the individual concerned. This survey focuses on attacking aggregate data, such as statistics about how many individuals have a certain disease, genetic trait, or combination thereof. We consider two types of attacks: reconstruction attacks, which approximately determine a sensitive feature of all the individuals covered by the dataset, and tracing attacks, which determine whether or not a target individual's data are included in the dataset.Wealso discuss techniques from the differential privacy literature for releasing approximate aggregate statistics while provably thwarting any privacy attack.
UR - http://www.scopus.com/inward/record.url?scp=85015212128&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85015212128&partnerID=8YFLogxK
U2 - 10.1146/annurev-statistics-060116-054123
DO - 10.1146/annurev-statistics-060116-054123
M3 - Review article
AN - SCOPUS:85015212128
SN - 2326-8298
VL - 4
SP - 61
EP - 84
JO - Annual Review of Statistics and Its Application
JF - Annual Review of Statistics and Its Application
ER -