Abstract: Recently, privacy concerns about data collection have received an increasing amount of attention. In data collection process, a data collector (an agency) assumed that all respondents would be comfortable with submitting their data if the published data was anonymous. We believe that this assumption is not realistic because the increase in privacy concerns causes some respondents to refuse participation or to submit inaccurate data to such agencies. If respondents submit inaccurate data, then the usefulness of the results from analysis of the collected data cannot be guaranteed. Furthermore, we note that the level of anonymity (i.e., k-anonymity) guaranteed by an agency cannot be verified by respondents since they generally do not have access to all of the data that is released. Therefore, we introduce the notion of k_i-anonymity, where k_i is the level of anonymity preferred by each respondent i. Instead of placing full trust in an agency, our solution increases respondent confidence by allowing each to decide the preferred level of protection. As such, our protocol ensures that respondents achieve their preferred k_i-anonymity during data collection and guarantees that the collected records are genuine and useful for data analysis.

面向优选应答的k-匿名模型

[1]Agrawal, R., Srikant, R., 2000. Privacy-preserving data mining. Proc. ACM SIGMOD Int. Conf. on Management of Data, p.439-450.

[2]Bella, G., Bistarelli, S., Massacci, F., 2005. Retaliation: can we live with flaws? NATO Sec. Sci. Ser. D, 6:3-14.

[3]Bella, G., Giustolisi, R., Riccobene, S., 2011. Enforcing privacy in e-commerce by balancing anonymity and trust. Comput. Secur., 30(8):705-718.

[4]Chaum, D.L., 1981. Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM, 24(2):84-90.

[5]Clifton, C., Tassa, T., 2013. On syntactic anonymity and differential privacy. Proc. IEEE 29th Int. Conf. on Data Engineering Workshops, p.88-93.

[6]Diamond, C.C., Mostashari, F., Shirky, C., 2009. Collecting and sharing data for population health: a new paradigm. Health Aff., 28(2):454-466.

[7]Dingledine, R., Mathewson, N., Syverson, P., 2004. Tor: the second-generation onion router. Proc. 13th Conf. on USENIX Security Symp., p.21.

[8]Domingo-Ferrer, J., 2010. Coprivacy: towards a theory of sustainable privacy. Proc. Int. Conf. on Privacy in Statistical Databases, p.258-268.

[9]Domingo-Ferrer, J., 2011. Coprivacy: an introduction to the theory and applications of co-operative privacy. Stat. Oper. Res. Trans., Special issue, p.25-40.

[10]Domingo-Ferrer, J., Soria-Comas, J., Ciobotaru, O., 2015. Co-utility: self-enforcing protocols without coordination mechanisms. Proc. Int. Conf. on Industrial Engineering and Operations Management, arXiv:1503.02563.

[11]Du, W., Zhan, Z., 2003. Using randomized response techniques for privacy-preserving data mining. Proc. 9th ACM SIGKDD Int. Conf. on Knowledge Discovery and Data Mining, p.505-510.

[12]Dwork, C., 2008. Differential privacy: a survey of results. Proc. 5th Int. Conf. on Theory and Applications of Models of Computation, p.1-19.

[13]Edman, M., Yener, B., 2009. On anonymity in an electronic society: a survey of anonymous communication systems. ACM Comput. Surv., 42(1), Article 5.

[14]Evfimievski, A., Srikant, R., Agrawal, R., et al., 2002. Privacy preserving mining of association rules. Proc. 8th ACM SIGKDD Int. Conf. on Knowledge Discovery and Data Mining, p.217-228.

[15]Kargupta, H., Datta, S., Wang, Q., et al., 2003. On the privacy preserving properties of random data perturbation techniques. Proc. 3rd IEEE Int. Conf. on Data Mining, p.99-106.

[16]Kumar, R., Gopal, R., Garfinkel, R., 2010. Freedom of privacy: anonymous data collection with respondent-defined privacy protection. INFORMS J. Comput., 22(3):471-481.

[17]Li, B., Erdin, E., Güneş, M.H., et al., 2011. An analysis of anonymity technology usage. Proc. 3rd Int. Conf. on Traffic Monitoring and Analysis, p.108-121.

[18]Li, N., Li, T., Venkatasubramanian, S., 2007. T-closeness: privacy beyond k-anonymity and l-diversity. Proc. 23rd Int. Conf. on Data Engineering, p.106-115.

[19]Machanavajjhala, A., Kifer, D., Gehrke, J., et al., 2007. L-diversity: privacy beyond k-anonymity. ACM Trans. Knowl. Discov. Data, 1(1), Article 3.

[20]Paillier, P., 1999. Public-key cryptosystems based on composite degree residuosity classes. Proc. 17th Int. Conf. on Theory and Application of Cryptographic Techniques, p.223-238.

[21]Samarati, P., 2001. Protecting respondents identities in microdata release. IEEE Trans. Knowl. Data Eng., 13(6):188-200.

[22]Sweeney, L., 1997. Weaving technology and policy together to maintain confidentiality. J. Law Med. Ethics, 25(2-3):98-110.

[23]Sweeney, L., 2002. k-anonymity: a model for protecting privacy. Int. J. Uncertain. Fuzz. Knowl.-Based Syst., 10(5):557-570.

[24]Warner, S.L., 1965. Randomized response: a survey technique for eliminating evasive answer bias. J. Am. Stat. Assoc., 60(309):63-69.

[25]Wong, K.S., Kim, M.H., 2014a. Privacy-preserving data collection with self-awareness protection. In: Park, J.J., Zomaya, A., Jeong, H.Y., et al. (Eds.), Frontier and Innovation in Future Computing and Communications. Springer, Netherlands, p.365-371.

[26]Wong, K.S., Kim, M.H., 2014b. Towards self-awareness privacy protection for Internet of things data collection. J. Appl. Math., 2014:827959.1-827959.9.

[27]Wong, R.C.W., Li, J., Fu, A.W.C., et al., 2006. (α, k)-anonymity: an enhanced k-anonymity model for privacy preserving data publishing. Proc. 12th ACM SIGKDD Int. Conf. on Knowledge Discovery and Data Mining, p.754-759.

[28]Wong, R.C.W., Fu, A.W.C., Wang, K., et al., 2007a. Minimality attack in privacy preserving data publishing. Proc. 33rd Int. Conf. on Very Large Data Bases, p.543-554.

[29]Wong, R.C.W., Liu, Y., Yin, J., et al., 2007b. (α, k)-anonymity based privacy preservation by lossy join. Proc. Joint 9th Asia-Pacific Web Conf. on Advances in Data and Web Management and 8th Int. Conf. on Web-Age Information Management, p.733-744.

[30]Zhang, N., Wang, S., Zhao, W., 2005. A new scheme on privacy-preserving data classification. Proc. 11th ACM SIGKDD Int. Conf. on Knowledge Discovery in Data Mining, p.374-383.