chapter 2

Question 1

what are the roles in data collection and data publishing

Answer 1

Data Recipient
Data Publisher
Record Owners

Question 2

an example of data recipient

Answer 2

Medical Center
(data mining)

Question 3

an example of data Publisher

Answer 3

Hospital
(data anonymization)

Question 4

an example of record owners

Answer 4

patients

Question 5

what are the data attributes

Answer 5

Explicit Identifier

Quasi Identifier (QID)

Sensitive Attributes

Non-Sensitive Attributes

Question 6

what are explicit identifiers

Answer 6

Data attributes that explicitly identifies record owners, e.g., name, identity card number, mobile phone number.

Question 7

what are Quasi Identifier (QID)

Answer 7

Data attributes that could potentially identify record owners, e.g., postal code, age, gender.

Question 8

what are sensitive attributes

Answer 8

Data attributes that are sensitive person-specific information, e.g., salary, disease, disability status

Question 9

what are non sensitive attributes

Answer 9

Data attributes that do not fall into all of the other categories.

Question 10

what are the roles responsible with data collection

Answer 10

data publisher

record owners

Question 11

what are the roles responsible for data publishing

Answer 11

data receipient

Question 12

what are the privacy attacks

Answer 12

record linkage

attribute linkage

table linkage

probabilistic

Question 13

what is the record linkage model

Answer 13

• Similar Quasi Identifier (QID) values grouped into small number of records
• Victim’s QID matches and linked to this group
• Smaller number of possibilities in identifying the
  victim’s record
• Identifying the victim in this group, with additional
  information

Question 14

example of record linkage model

Answer 14

Example: Hospital wants to publish the patient records in Table 1 to a research center

• Research center has access to the external table, Table 2
• Research center knows that every person with a record in Table 2 has a record in Table 1
• Joining the two tables on the common attributes Job, Sex, and Age may link the identity of a person to his/her Disease

Question 15

what is the attribute linkage model

Answer 15

• Adversary may not precisely identify the record of the
  target victim
• Victim belongs to a group, based on a set of
  Sensitive Attributes
• Adversary could infer victim’s sensitive values from
  the published data

Question 16

example of attribute linkage model

Answer 16

Example: Hospital anonymizes the data, Job/Age, into a range, to reduce record linkage

• Adversary has knowledge that the target victim Emily, is a dancer, is 30 years old, and has a record in the published data
• Adversary may infer that Emily has HIV with 75% confidence, because 3 out of 4 artists at age 30-35 have HIV

Question 17

what is the table linkage model

Answer 17

• Adversary can confidently infer the presence, or the
  absence, of the victim’s record in the published data
• If a hospital publishes data with a particular type of
  disease
• Inferring presence of the victim’s record in the table
  is already damaging

Question 18

example of table linkage model

Answer 18

Example: Hospital publishes patient data in Table 3 – table linkage attack on
target victim, Alice
* Adversary is presumed to also have access to external public data in Table 4
* 4/5th or 80% probability that Alice has HIV
* 4 records in Table 3 and 5 records in Table 4 containing, Artist, Female,
[30−35]

Question 19

what is Probabilistic Model

Answer 19

• Does not focus on records, attributes, or tables that
  can be linked to a target victim
• Compare probability before and after access the
  published data
• Adversary believes that the probability of identifying
  the target victim’s sensitive information, increases
  after accessing the published data, compared to the
  probability before

Question 20

is the adversary’s knowledge limited to quasi identifiers ?

Answer 20

No,

• Privacy-preserving data publishing has to take
  additional Background Knowledge into consideration
• Includes, public statistical data, social networks like
  Facebook and LinkedIn, common sense, etc.