On Chameleon Pseudonymisation and Attribute Compartmentation-as-a-Service

Anne Kayem; Nikolai Podlesny; Christoph Meinel

doi:10.5220/0010552207040714

On Chameleon Pseudonymisation and Attribute Compartmentation-as-a-Service

Anne Kayem, Nikolai Podlesny, Christoph Meinel

2021

Abstract

Data privacy legislation and the growing number of security violation incidents in the media, have played a key role in consumer awareness of data protection. Furthermore, the digital trail left by activities such as online purchases, websites browsed, and/or clicked advertisements yield behavioural information that is useful for various data analytics operations. Analysing such information in a privacy-preserving way is useful both in satisfying service level agreements and complying with privacy regulations. Pseudonymisation and anonymisation have been widely advocated as a means of generating privacy-preserving datasets. However, each approach poses drawbacks in terms of composing privacy-preserving datasets from multiple distributed data sources. The issue is made worse when the owners of the datasets co-exist in an untrusted environment. This paper presents a novel method of generating privacy-preserving datasets composed of distributed data in an untrusted scenario. We achieve this by combining cryptographically secure pseudonymisation with data obfuscation and sanitisation. The pseudonymisation and compartmentation are outsourced to a central but fully oblivious entity that can blindly compose datasets based on distributed sources. Controlled non-transitive join operations are used to ensure that the published datasets do not violate the contributing parties’ privacy properties. As a further step, the service provider will employ obfuscation and sanitisation to identify and break functional dependencies between attribute values that hold the risk of inferential disclosures. Our empirical model shows that the overhead due to cryptographic pseudonymisation is negligible and can be deployed in large datasets in a scalable manner. Furthermore, we are able to minimise information loss, even in large datasets, without impacting privacy negatively.

Download

Paper Citation

in Harvard Style

Kayem A., Podlesny N. and Meinel C. (2021). On Chameleon Pseudonymisation and Attribute Compartmentation-as-a-Service. In Proceedings of the 18th International Conference on Security and Cryptography - Volume 1: SECRYPT, ISBN 978-989-758-524-1, pages 704-714. DOI: 10.5220/0010552207040714

in Bibtex Style

@conference{secrypt21,
author={Anne Kayem and Nikolai Podlesny and Christoph Meinel},
title={On Chameleon Pseudonymisation and Attribute Compartmentation-as-a-Service},
booktitle={Proceedings of the 18th International Conference on Security and Cryptography - Volume 1: SECRYPT,},
year={2021},
pages={704-714},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010552207040714},
isbn={978-989-758-524-1},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 18th International Conference on Security and Cryptography - Volume 1: SECRYPT,
TI - On Chameleon Pseudonymisation and Attribute Compartmentation-as-a-Service
SN - 978-989-758-524-1
AU - Kayem A.
AU - Podlesny N.
AU - Meinel C.
PY - 2021
SP - 704
EP - 714
DO - 10.5220/0010552207040714