On the measurement of privacy as an attacker's estimation error

A wide variety of privacy metrics have been proposed in the literature to evaluate the level of protection offered by privacy enhancing-technologies. Most of these metrics are specific to concrete systems and adversarial models, and are difficult to generalize or translate to other contexts. Further...

ver descrição completa

Detalhes bibliográficos
Autores: Rebollo Monedero, David|||0000-0002-0783-2382, Parra Arnau, Javier|||0000-0002-1772-1088, Diaz, Claudia, Forné Muñoz, Jorge|||0000-0002-8401-3292
Formato: artículo
Fecha de publicación:2012
País:España
Recursos:Universitat Politècnica de Catalunya (UPC)
Repositorio:UPCommons. Portal del coneixement obert de la UPC
Idioma:inglés
OAI Identifier:oai:upcommons.upc.edu:2117/18044
Acesso em linha:https://hdl.handle.net/2117/18044
https://dx.doi.org/10.1007/s10207-012-0182-5
Access Level:acceso abierto
Palavra-chave:Privacy
Location-based services
Ordinadors, Xarxes d' -- Mesures de seguretat
Àrees temàtiques de la UPC::Informàtica::Seguretat informàtica
Descrição
Resumo:A wide variety of privacy metrics have been proposed in the literature to evaluate the level of protection offered by privacy enhancing-technologies. Most of these metrics are specific to concrete systems and adversarial models, and are difficult to generalize or translate to other contexts. Furthermore, a better understanding of the relationships between the different privacy metrics is needed to enable more grounded and systematic approach to measuring privacy, as well as to assist system designers in selecting the most appropriate metric for a given application. In this work we propose a theoretical framework for privacypreserving systems, endowed with a general definition of privacy in terms of the estimation error incurred by an attacker who aims to disclose the private information that the system is designed to conceal. We show that our framework permits interpreting and comparing a number of well-known metrics under a common perspective. The arguments behind these interpretations are based on fundamental results related to the theories of information, probability and Bayes decision.