Privacy-Preserving Updates to Confidential and Anonymous Databases

Abstract

A b s t r a c t Suppose that Alice, owner of a k-anonymous database, needs to determine whether her database, when inserted with a tuple owned by Bob, is still k-anonymous. Suppose moreover that access t o the database is strictly controlled, because for example data are used for experiments that need to be maintained confidential. Clearly, allowing Alice to directly read the contents of the tuple breaks the privacy of Bob; on the other hand, the confidentiality of the database managed by Alice is violated once Bob has access to the contents of the database. Thus the problem is t o check whether the database inserted with the tuple is still k-anonymous, without letting Alice and Bob know the contents of the tuple and the database respectively. In this paper, we propose two protocols solving this problem on suppression-based and generalization-based k-anonymous databases. The protocols rely on well-known cryptographic assumptions, and we provide experimental results illustrating their efficiency. It is today well understood that databases represent an important asset for many applications and thus their security is crucial. Data confidentiality is particularly relevant because of the value, often not only monetary, that data have. For example, medical data collected by following the history of patients over several years may represent an invaluable asset that needs to be adequately protected. Such a requirement has motivated a large variety of approaches aiming at better protecting data confidentiality and data ownership. Relevant approaches include query processing techniques for encrypted data and data watermarking techniques. Data confidentiality is not however the only requirement that needs to be addressed. Today there is an increased concern for privacy. The availability of huge numbers of databases recording a large variety of information about individuals makes it possible to discover information about specific individuals by simply correlating all the available databases. Although confidentiality and privacy are often used as synonyms, they are different concepts: data confidentiality is about the difficulty (or impossibility) by an unauthorized user to learn anything about data stored in the database. Usually, confidentiality is achieved by enforcing an access policy, and possibly by using cryptographic tools. Privacy relates to what data can be safely disclosed without leaking sensitive information regarding the legitimate owner [5]. Thus, zf one asks whether conjidentialzty i s still required once data have been anonymized, the reply is yes zf the anonymous data have a Abstract Suppose …

Extracted Key Phrases

7 Figures and Tables

Cite this paper

@inproceedings{Trombetta2007PrivacyPreservingUT, title={Privacy-Preserving Updates to Confidential and Anonymous Databases}, author={Alberto Trombetta and Wei Jiang and Elisa Bertino and Lorenzo Bossi and Alberto Trombettat and Wei Jiangt and Elisa Bertinot and Lorenzo Bossit}, year={2007} }