Privacy Analysis of Format-Preserving Data-Masking Techniques

2019 12th CMI Conference on Cybersecurity and Privacy (CMI) Pub Date : 2019-11-01 DOI:10.1109/CMI48017.2019.8962143

Zaruhi Aslanyan, M. Boesgaard

{"title":"Privacy Analysis of Format-Preserving Data-Masking Techniques","authors":"Zaruhi Aslanyan, M. Boesgaard","doi":"10.1109/CMI48017.2019.8962143","DOIUrl":null,"url":null,"abstract":"With the growing number of regulations and concerns regarding data privacy, there is an increasing need for protecting Personally Identifiable Information (PII). A widely-used approach to protect PII is to apply data-masking techniques in order to remove or hide the identities of the individuals referred to in the data under investigation. A particular class of data-masking techniques aims at preserving the format of the source data, so as to allow using encoded data where the corresponding source is expected, thereby minimising application changes to perform tasks such as statistical analysis or testing. Various encoding techniques are used to protect data privacy while preserving the format, including Format-Preserving Encryption (FPE) and masking out. Even though convenient, preserving the format of data might lead to re-identification attacks. In this paper, we discuss the vulnerabilities of data-masking techniques that preserve the format of data and analyse their security and privacy properties. We investigate two industrial datasets and quantify the potential data privacy leakage that could arise from using inappropriate data masking techniques.","PeriodicalId":142770,"journal":{"name":"2019 12th CMI Conference on Cybersecurity and Privacy (CMI)","volume":"10 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 12th CMI Conference on Cybersecurity and Privacy (CMI)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CMI48017.2019.8962143","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

Abstract

With the growing number of regulations and concerns regarding data privacy, there is an increasing need for protecting Personally Identifiable Information (PII). A widely-used approach to protect PII is to apply data-masking techniques in order to remove or hide the identities of the individuals referred to in the data under investigation. A particular class of data-masking techniques aims at preserving the format of the source data, so as to allow using encoded data where the corresponding source is expected, thereby minimising application changes to perform tasks such as statistical analysis or testing. Various encoding techniques are used to protect data privacy while preserving the format, including Format-Preserving Encryption (FPE) and masking out. Even though convenient, preserving the format of data might lead to re-identification attacks. In this paper, we discuss the vulnerabilities of data-masking techniques that preserve the format of data and analyse their security and privacy properties. We investigate two industrial datasets and quantify the potential data privacy leakage that could arise from using inappropriate data masking techniques.

查看原文本刊更多论文

保格式数据屏蔽技术的隐私分析

随着越来越多的法规和对数据隐私的关注，保护个人身份信息(PII)的需求越来越大。保护PII的一种广泛使用的方法是应用数据屏蔽技术，以删除或隐藏正在调查的数据中所涉及的个人的身份。一类特殊的数据屏蔽技术旨在保留源数据的格式，以便允许在预期的相应源处使用编码数据，从而最大限度地减少应用程序更改以执行诸如统计分析或测试之类的任务。在保留格式的同时使用各种编码技术来保护数据隐私，包括保格式加密(FPE)和屏蔽。尽管很方便，但保留数据的格式可能会导致重新识别攻击。本文讨论了保护数据格式的数据屏蔽技术的漏洞，并分析了其安全性和隐私性。我们研究了两个工业数据集，并量化了使用不适当的数据屏蔽技术可能导致的潜在数据隐私泄露。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2019 12th CMI Conference on Cybersecurity and Privacy (CMI)

自引率

0.00%

发文量