Francesc Sebé

Efficient Remote Data Possession Checking in Critical Information Infrastructures

Checking data possession in networked information systems such as those related to critical infrastructures (power facilities, airports, data vaults, defense systems, etc.) is a matter of crucial importance. Remote data possession checking protocols permit to check that a remote server can access an uncorrupted file in such a way that the verifier does not need to know beforehand the entire file that is being verified. Unfortunately, current protocols only allow a limited number of successive verifications or are impractical from the computational point of view. In this paper, we present a new remote data possession checking protocol such that: 1) it allows an unlimited number of file integrity verifications; 2) its maximum running time can be chosen at set-up time and traded off against storage at the verifier.

Efficient multivariate data-oriented microaggregation

Microaggregation is a family of methods for statistical disclosure control (SDC) of microdata (records on individuals and/or companies), that is, for masking microdata so that they can be released while preserving the privacy of the underlying individuals. The principle of microaggregation is to aggregate original database records into small groups prior to publication. Each group should contain at least k records to prevent disclosure of individual information, where k is a constant value preset by the data protector. Recently, microaggregation has been shown to be useful to achieve k-anonymity, in addition to it being a good masking method. Optimal microaggregation (with minimum within-groups variability loss) can be computed in polynomial time for univariate data. Unfortunately, for multivariate data it is an NP-hard problem. Several heuristic approaches to microaggregation have been proposed in the literature. Heuristics yielding groups with fixed size k tends to be more efficient, whereas data-oriented heuristics yielding variable group size tends to result in lower information loss. This paper presents new data-oriented heuristics which improve on the trade-off between computational complexity and information loss and are thus usable for large datasets.

A polynomial-time approximation to optimal multivariate microaggregation

Microaggregation is a family of methods for statistical disclosure control (SDC) of microdata (records on individuals and/or companies), that is, for masking microdata so that they can be released without disclosing private information on the underlying individuals. Microaggregation techniques are currently being used by many statistical agencies. The principle of microaggregation is to group original database records into small aggregates prior to publication. Each aggregate should contain at least k records to prevent disclosure of individual information, where k is a constant value preset by the data protector. In addition to it being a good masking method, microaggregation has recently been shown useful to achieve k-anonymity. In k-anonymity, the parameter k specifies the maximum acceptable disclosure risk, so that, once a value for k has been selected, the only job left is to maximize data utility: if microaggregation is used to implement k-anonymity, maximizing utility can be achieved by microaggregating optimally, i.e. with minimum within-groups variability loss. Unfortunately, optimal microaggregation can only be computed in polynomial time for univariate data. For multivariate data, it has been shown to be NP-hard. We present in this paper a polynomial-time approximation to microaggregate multivariate numerical data for which bounds to optimal microaggregation can be derived at least for two different optimality criteria: minimum within-groups Euclidean distance and minimum within-groups sum of squares. Beyond the theoretical interest of being the first microaggregation proposal with proven approximation bounds for any k, our method is empirically shown to be comparable to the best available heuristics for multivariate microaggregation.

Trustworthy Privacy-Preserving Car-Generated Announcements in Vehicular Ad Hoc Networks

Vehicular ad hoc networks (VANETs) allow vehicle-to-vehicle communication and, in particular, vehicle-generated announcements. Provided that the trustworthiness of such announcements can be guaranteed, they can greatly increase the safety of driving. A new system for vehicle-generated announcements is presented that is secure against external and internal attackers attempting to send fake messages. Internal attacks are thwarted by using an endorsement mechanism based on threshold signatures. Our system outperforms previous proposals in message length and computational cost. Three different privacy-preserving variants of the system are also described to ensure that vehicles volunteering to generate and/or endorse trustworthy announcements do not have to sacrifice their privacy.

Probabilistic Information Loss Measures in Confidentiality Protection of Continuous Microdata

Inference control for protecting the privacy of microdata (individual data) should try to optimize the tradeoff between data utility (low information loss) and protection against disclosure (low disclosure risk). Whereas risk measures are bounded between 0 and 1, information loss measures proposed in the literature for continuous data are unbounded, which makes it awkward to trade off information loss for disclosure risk. We propose in this paper to use probabilities to define bounded information loss measures for continuous microdata.

On the Security of Noise Addition for Privacy in Statistical Databases

Noise addition is a family of methods used in the protection of the privacy of individual data (microdata) in statistical databases. This paper is a critical analysis of the security of the methods in that family.

Privacy homomorphisms for social networks with private relationships

Enabling private relationships in social networks is an important issue recently raised in the literature. We describe in this paper a new protocol which offers private relationships allowing resource access through indirect relationships without requiring a mediating trusted third party (although an optimistic trusted third party is used which only acts in case of conflict). Thanks to homomorphic encryption, our scheme prevents the resource owner from learning the relationships and trust levels between the users who collaborate in the resource access. In this way, the number of users who might refuse collaboration due to privacy concerns is minimized. This results in increased resource availability, as the chances that certain nodes become isolated at a given period of time are reduced. Empirical evidence is provided about the proposed protocol being scalable and deployable in practical social networks.

LHS-Based Hybrid Microdata vs Rank Swapping and Microaggregation for Numeric Microdata Protection

In previous work by Domingo-Ferrer et al., rank swapping and multivariate microaggregation has been identified as well-performing masking methods for microdata protection. Recently, Dandekar et al. proposed using synthetic microdata, as an option, in place of original data by using Latin hypercube sampling (LHS) technique. The LHS method focuses on mimicking univariate as well as multivariate statistical characteristics of original data. The LHS-based synthetic data does not allow one to one comparison with original data. This prevents estimating the overall information loss by using current measures. In this paper we utilize unique features of LHS method to create hybrid data sets and evaluate their performance relative to rank swapping and multivariate microaggregation using generalized information loss and disclosure risk measures.

Post-Masking Optimization of the Tradeoff between Information Loss and Disclosure Risk in Masked Microdata Sets

Previous work by these authors has been directed to measuring the performance of microdata masking methods in terms of information loss and disclosure risk. Based on the proposed metrics, we show here how to improve the performance of any particular masking method. In particular, post-masking optimization is discussed for preserving as much as possible the moments of first and second order (and thus multivariate statistics) without increasing the disclosure risk. The technique proposed can also be used for synthetic microdata generation and can be extended to preservation of all moments up to m-th order, for any m.

Short 3-Secure Fingerprinting Codes for Copyright Protection

A construction is presented to obtain 3-secure fingerprinting codes for copyright protection. Resistance against collusions of up to three buyers is achieved with a codeword length dramatically shorter than the one required by the general Boneh-Shaw construction. Thus the proposed fingerprints require much less embedding capacity. Due to their very clandestine nature, collusions tend to involve a small number of buyers, so that there is plenty of use for codes providing cost-effective protection against collusions of size up to 3.