Takao Takenouchi

Anonymization of Sensitive Quasi-Identifiers for l-diversity and t-closeness

A number of studies on privacy-preserving data mining have been proposed. Most of them assume that they can separate quasi-identifiers (QIDs) from sensitive attributes. For instance, they assume that address, job, and age are QIDs but are not sensitive attributes and that a disease name is a sensitive attribute but is not a QID. However, all of these attributes can have features that are both sensitive attributes and QIDs in practice. In this paper, we refer to these attributes as sensitive QIDs and we propose novel privacy models, namely, (l1, …, lq)-diversity and (t1, …, tq)-closeness, and a method that can treat sensitive QIDs. Our method is composed of two algorithms: An anonymization algorithm and a reconstruction algorithm. The anonymization algorithm, which is conducted by data holders, is simple but effective, whereas the reconstruction algorithm, which is conducted by data analyzers, can be conducted according to each data analyzers objective. Our proposed method was experimentally evaluated using real data sets.

Top-down itemset recoding for releasing private complex data

Complex data, which has single-valued attributes and set-Valued attributes, enables us to associate these attribute values and analyze these relationships. Before releasing such complex data, ensuring anonymity for these data owners should be required. However, existing data anonymization methods are not work well because they only assume that quasi-identifiers are either multidimensional single-valued attributes or one set-value attribute. This paper proposes an anonymization method which integrates recodings for single-valued attributes and set-valued attributes into a whole top-down anonymization. Especially, in order to integrate recoding for set-valued attributes, this paper also proposes top-down itemset recoding which follows top-down manner and does not obfuscate items to ensure k-anonymity. In the experiment part, using real dataset, we clarify characteristics and effectiveness of proposed method. This method does not require the generalization hierarchy for set-valued attributes, thus the anonymized itemsets are not obfuscated and can be analyzed by standard data mining tools.

Development of knowledge-filtering agent along with user context in ubiquitous environment

In this paper, we propose combination of Ubiquitous Computing and Semantic Web. Data and services will be annotated even in the ubiquitous devices, and should be connected to the web of the semantics near future. We call it Ubiquitous Semantics, where we would find huge amount of knowledge information, but also find most of them transitive along with user context. Therefore, in order for an agent to meet user’s real-time query it is required to efficiently retrieve timely and useful piece of the knowledge from the Ubiquitous Semantics. Thus, this paper shows a knowledge-filtering agent, which quickly responds the query by dynamic classification of the necessary information along with the user context changing in the real world. Further, to evaluate our approach we validate the performance of an application: Recipe Recommendation Agent.

Behavioral Tendency Obfuscation Framework for Personalization Services

Web service providers collect user behaviors, such as purchases or locations, and use this information to provide personalized content. While no provider can collect behavioral information across different service providers, the behaviors for all service providers are accumulated in a user’s terminal. If a provider could analyze these behaviors stored in the terminal, it could provide more valuable services to the user. There is a problem, however, in that sensitive user information would be revealed when the provider obtained behaviors related to other services. This sensitive information consists of the user’s behaviors and characteristic tendencies analyzed from the collected information. In this paper, we propose a model for preserving privacy, called ρ-tendency certainty, which considers breaches of privacy from collected information. We also propose a behavioral tendency obfuscation framework, which sends dummy queries to service providers in order to satisfy ρ-tendency certainty. Experimental results show that the proposed framework can satisfy ρ-tendency certainty with a few number of dummy queries and create dummies within 1 msec, thus the proposed framework is applicable to real services.

Distributed data federation without disclosure of user existence

Service providers collect users personal information relevant to their businesses. Personal information stored by different service providers is expected to be combined to make new services. However, specific user records risk being identified from the combined personal information, and the users sensitive information may be revealed. Also, personal information collected by a service provider must not be disclosed to other service providers because of security issues. Thus, several researchers have been investigating distributed anonymization protocols, which combine the personal information stored by the providers and sanitize it to ensure an anonymity policy with minimum disclosure. However, when providers have different sets of the users, there is a problem that the existence of users in either service provider may be revealed. This paper introduces a new notion, δ-max-site-presence, which indicates the probability of the existence of users being revealed in a distributed environment and a new distributed anonymization protocol for hiding the existence of users. Our evaluation results show that the proposed protocol can anonymize users in accordance with the policy of hiding their existence and user anonymity without too much information loss.