Article

Preventing Manipulation Attack in Local Differential Privacy Using Verifiable Randomization Mechanism

Authors:

Masatoshi YoshikawaAuthors Info & Claims

Data and Applications Security and Privacy XXXV: 35th Annual IFIP WG 11.3 Conference, DBSec 2021, Calgary, Canada, July 19–20, 2021, Proceedings

Pages 43 - 60

https://doi.org/10.1007/978-3-030-81242-3_3

Published: 19 July 2021 Publication History

Abstract

Local differential privacy (LDP) has been received increasing attention as a formal privacy definition without a trusted server. In a typical LDP protocol, the clients perturb their data locally with a randomized mechanism before sending it to the server for analysis. Many studies in the literature of LDP implicitly assume that the clients honestly follow the protocol; however, two recent studies show that LDP is generally vulnerable under malicious clients. Cao et al. (USENIX Security ’21) and Cheu et al. (IEEE S&P ’21) demonstrated that the malicious clients could effectively skew the analysis (such as frequency estimation) by sending fake data to the server, which is called data poisoning attack or manipulation attack against LDP. In this paper, we propose secure and efficient verifiable LDP protocols to prevent manipulation attacks. Specifically, we leverage Cryptographic Randomized Response Technique (CRRT) as a building block to convert existing LDP mechanisms into a verifiable version. In this way, the server can verify the completeness of executing an agreed randomization mechanism on the client side without sacrificing local privacy. Our proposed method can completely protect the LDP protocol from output manipulation attacks, and significantly mitigates unexpected damage from malicious clients with acceptable computational overhead.

References

[1]

Cao, X., Jia, J., Zhenqiang Gong, N.: Data poisoning attacks to local differential privacy protocols. arXiv preprint arXiv:1911.02046 (2019)

[2]

Cheu, A., Smith, A., Ullman, J.: Manipulation attacks in local differential privacy, In: 2021 IEEE Symposium on Security and Privacy (SP), pp. 1–18. San Francisco, CA, USA (2021)

[3]

Narayan, A., et al.: Verifiable differential privacy. In: Proceedings of the Tenth European Conference on Computer Systems (2015)

[4]

Ambainis A, Jakobsson M, and Lipmaa H Bao F, Deng R, and Zhou J Cryptographic randomized response techniques Public Key Cryptography – PKC 2004 2004 Heidelberg Springer 425-438

[5]

Evfimievski, A., Gehrke, J., Srikant,R.: Imiting privacy breaches in privacy preserving data mining. In: Proceedings of the Twenty-Second ACM SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems (2003)

[6]

Dwork C, McSherry F, Nissim K, and Smith A Halevi S and Rabin T Calibrating noise to sensitivity in private data analysis Theory of Cryptography 2006 Heidelberg Springer 265-284

[7]

Erlingsson, Ú, Pihur, V., Korolova, A.: RAPPOR: randomized aggregatable privacy-preserving ordinal response. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (2014)

[8]

Apple differential privacy team. learning with privacy at scale. Mach. Learn. J. (2017)

[9]

Ding, B., Kulkarni, J., Yekhanin, S.: Collecting telemetry data privately. In: NeurIPS (2017)

[10]

Kairouz, P., Oh, S., Viswanath, P.: Extremal mechanisms for local differential privacy. In: NeurIPS (2014)

[11]

Wang, T., Blocki, T., Li, N., Jha, S.: Locally differentially private protocols for frequency estimation. In: USENIX Security (2017)

[12]

EU GDPR: https://www.eugdpr.institute/. Accessed 21 Mar 2021

[13]

Brazil’s General Data Protection Law: https://iapp.org/media/pdf/resource_center/Brazilian_General_Data_Protection_Law.pdf. Accessed 21 Mar 2021

[14]

Facebook Cambridge Analytica Data Scandal (wikipedia). https://en.wikipedia.org/wiki/Facebook-Cambridge Analytica data scandal

[15]

Top10 data breaches of 2020. https://www.securitymagazine.com/articles/94076-the-top-10-data-breaches-of-2020. Accessed 21 Mar 2021

[16]

Kairouz, P., Bonawitz, K., Ramage, D.: Discrete distribution estimation under local privacy. In: ICML (2016)

[17]

Wang, T., et al.: Answering multi-dimensional analytical queries under local differential privacy. In: SIGMOD (2019)

[18]

Wang, T., Li, N., Jha, S.: Locally differentially private frequent itemset mining. In S&P (2018)

[19]

Wang, T., Lopuhaä-Zwakenberg, M, Li, Z., Skoric, B, Li. N.: Locally differentially private frequency estimation with consistency. In: NDSS (2020)

[20]

Gennaro Rosario, Gentry Craig, Parno Bryan, and Raykova Mariana Johansson Thomas and Nguyen Phong Q. Quadratic span programs and succinct NIZKs without PCPs Advances in Cryptology – EUROCRYPT 2013 2013 Heidelberg Springer 626-645

[21]

Pedersen TP Feigenbaum J Non-interactive and information-theoretic secure verifiable secret sharing Advances in Cryptology — CRYPTO ’91 1992 Heidelberg Springer 129-140

[22]

Naor, M., Pinkas, B.: Efficient oblivious transfer protocols. In: Proceedings of the Twelfth Annual ACM-SIAM Symposium on Discrete Algorithms (SODA), vol. 1 (2001)

[23]

Cramer R, Damgård I, and Schoenmakers B Desmedt YG Proofs of partial knowledge and simplified design of witness hiding protocols Advances in Cryptology — CRYPTO ’94 1994 Heidelberg Springer 174-187

[24]

Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: Proceedings of the 1st ACM Conference on Computer and Communications Security (1993)

[25]

Goldreich, O.: Secure Multi-Party Computation. Final (Incomplete) Draft, 27 October 2002

[26]

Do, C.T., et al.: Game theory for cyber security and privacy. ACM Comput. Surv. 50(2)1–37 (2017)

[27]

Prelec, D.: A Bayesian truth serum for subjective data. Science 306, 5695, 462–466 (2004)

[28]

Waguih, D.A., Berti-Equille, L.: Truth discovery algorithms: an experimental evaluation. arXiv preprint arXiv:1409.6428 (2014)

[29]

Sabt, M., Achemlal, M., Bouabdallah, A.: Trusted execution environment: what it is, and what it is not. In: 2015 IEEE Trustcom/BigDataSE/ISPA, vol. 1. IEEE (2015)

[30]

Costan V and Devadas S Intel SGX explained IACR Cryptol. ePrint Arch. 2016 2016 86 1-118

[31]

Feige, U., Shamir, A.: Witness indistinguishable and witness hiding protocols. In: Proceedings of the Twenty-Second Annual ACM Symposium on Theory of Computing (1990)

[32]

Warner, S.L.: Randomized response: a survey technique for eliminating evasive answer bias. J. Am. Stat. Assoc. 60, 309, 63–69(1965)

Cited By

Kato FXiong LTakagi SCao YYoshikawa M(2024)Uldp-FL: Federated Learning with Across-Silo User-Level Differential PrivacyProceedings of the VLDB Endowment10.14778/3681954.368196617:11(2826-2839)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.14778/3681954.3681966
Zhao YDu JChen J(2024)Scenario-based Adaptations of Differential Privacy: A Technical SurveyACM Computing Surveys10.1145/365115356:8(1-39)Online publication date: 26-Apr-2024
https://dl.acm.org/doi/10.1145/3651153
Arcolezi HGambs SCouchot JPalamidessi C(2023)On the Risks of Collecting Multidimensional Data Under Local Differential PrivacyProceedings of the VLDB Endowment10.14778/3579075.357908616:5(1126-1139)Online publication date: 6-Mar-2023
https://dl.acm.org/doi/10.14778/3579075.3579086
Show More Cited By

Index Terms

Preventing Manipulation Attack in Local Differential Privacy Using Verifiable Randomization Mechanism
1. Security and privacy
  1. Cryptography
  2. Human and societal aspects of security and privacy
2. Social and professional topics
  1. Computing / technology policy
    1. Privacy policies

Index terms have been assigned to the content through auto-classification.

Recommendations

Towards Defending Against Byzantine LDP Amplified Gain Attacks
Database Systems for Advanced Applications
Abstract
Local differential privacy (LDP) has been widely used to collect sensitive data from distributed users while preserving individual privacy. However, very recent studies show that LDP is vulnerable to manipulation and poisoning attacks. Maximal ...
Privacy preservation in the internet of vehicles using local differential privacy and IOTA ledger
Abstract
With the growth in Vehicular Ad Hoc Network (VANET) technology, many vehicular devices are communicating with each other and with the edge nodes, generating a massive amount of data. One of the biggest challenges is to preserve users’ privacy as ...
Secure distributed estimation under Byzantine attack and manipulation attack
Abstract
Wireless sensor networks (WSN) with distributed cooperation has been widely used in various fields due to their strong adaptive learning ability. However, WSN is vulnerable to malicious attacks, and the damaging behaviors of these ...
Highlights
- A novel DLMS-H algorithm is proposed to resist Byzantine and manipulation attacks.

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

Data and Applications Security and Privacy XXXV: 35th Annual IFIP WG 11.3 Conference, DBSec 2021, Calgary, Canada, July 19–20, 2021, Proceedings

Jul 2021

410 pages

ISBN:978-3-030-81241-6

DOI:10.1007/978-3-030-81242-3

Editors:
Ken Barker
University of Calgary, Calgary, AB, Canada
,
Kambiz Ghazinour
State University of New York at Canton, Canton, NY, USA

© IFIP International Federation for Information Processing 2021.

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 19 July 2021

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 04 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Kato FXiong LTakagi SCao YYoshikawa M(2024)Uldp-FL: Federated Learning with Across-Silo User-Level Differential PrivacyProceedings of the VLDB Endowment10.14778/3681954.368196617:11(2826-2839)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.14778/3681954.3681966
Zhao YDu JChen J(2024)Scenario-based Adaptations of Differential Privacy: A Technical SurveyACM Computing Surveys10.1145/365115356:8(1-39)Online publication date: 26-Apr-2024
https://dl.acm.org/doi/10.1145/3651153
Arcolezi HGambs SCouchot JPalamidessi C(2023)On the Risks of Collecting Multidimensional Data Under Local Differential PrivacyProceedings of the VLDB Endowment10.14778/3579075.357908616:5(1126-1139)Online publication date: 6-Mar-2023
https://dl.acm.org/doi/10.14778/3579075.3579086
Song SXu LZhu L(2023)Efficient Defenses Against Output Poisoning Attacks on Local Differential PrivacyIEEE Transactions on Information Forensics and Security10.1109/TIFS.2023.330587318(5506-5521)Online publication date: 1-Jan-2023
https://dl.acm.org/doi/10.1109/TIFS.2023.3305873
Yan YYe QHu HChen RHan QWang L(2023)Towards Defending Against Byzantine LDP Amplified Gain AttacksDatabase Systems for Advanced Applications10.1007/978-3-031-30637-2_42(627-643)Online publication date: 17-Apr-2023
https://dl.acm.org/doi/10.1007/978-3-031-30637-2_42

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents