Evaluating Practical Privacy Attacks for Building Data Anonymized by Standard Methods

Jens Hjort Schwee, Fisayo Caleb Sangogboye, Mikkel Baun Kjærgaard

Publikation: Konferencebidrag uden forlag/tidsskriftPaperForskningpeer review

68 Downloads (Pure)

Resumé

The availability of inexpensive IoT sensors enables the collection of a wide range of data about buildings and their use by occupants. The data originating from these sensors are in many cases privacy-invasive. Therefore, methods for improving privacy protection for such data is needed. In this paper, we explore if suppression, k-anonymity or a combination of them, provides sufficient privacy protection on a published dataset. The results show that the specific dataset only was partly protected in the case of the combination of the two privacy protection methods. The attack vectors used to break the protection includes the sensor deployments, and the physically limitations of the sensors. This indicates, the need to consider how to protect the metadata of sensor deployments as well as the sensor streams. This additional metadata protection can serve as requirements, for anonymization methods for time-series data. However, even with good privacy protection, the building dataset might still be vulnerable to attacks since building data contains repeatable patterns which are susceptible to a range of attacks.
OriginalsprogEngelsk
Publikationsdato15. apr. 2019
Antal sider4
StatusUdgivet - 15. apr. 2019
BegivenhedInternational Workshop on Security and Privacy for the Internet-of-Things - Montreal, Canada
Varighed: 15. apr. 201915. apr. 2019
Konferencens nummer: 2
https://synercys.github.io/iotsec/

Workshop

WorkshopInternational Workshop on Security and Privacy for the Internet-of-Things
Nummer2
LandCanada
ByMontreal
Periode15/04/201915/04/2019
Internetadresse

Fingeraftryk

Sensors
Metadata
Time series
Availability

Citer dette

Schwee, J. H., Sangogboye, F. C., & Kjærgaard, M. B. (2019). Evaluating Practical Privacy Attacks for Building Data Anonymized by Standard Methods. Afhandling præsenteret på International Workshop on Security and Privacy for the Internet-of-Things, Montreal, Canada.
Schwee, Jens Hjort ; Sangogboye, Fisayo Caleb ; Kjærgaard, Mikkel Baun. / Evaluating Practical Privacy Attacks for Building Data Anonymized by Standard Methods. Afhandling præsenteret på International Workshop on Security and Privacy for the Internet-of-Things, Montreal, Canada.4 s.
@conference{2a72a00141db4096a2e6ea4e4dcc63d0,
title = "Evaluating Practical Privacy Attacks for Building Data Anonymized by Standard Methods",
abstract = "The availability of inexpensive IoT sensors enables the collection of a wide range of data about buildings and their use by occupants. The data originating from these sensors are in many cases privacy-invasive. Therefore, methods for improving privacy protection for such data is needed. In this paper, we explore if suppression, k-anonymity or a combination of them, provides sufficient privacy protection on a published dataset. The results show that the specific dataset only was partly protected in the case of the combination of the two privacy protection methods. The attack vectors used to break the protection includes the sensor deployments, and the physically limitations of the sensors. This indicates, the need to consider how to protect the metadata of sensor deployments as well as the sensor streams. This additional metadata protection can serve as requirements, for anonymization methods for time-series data. However, even with good privacy protection, the building dataset might still be vulnerable to attacks since building data contains repeatable patterns which are susceptible to a range of attacks.",
keywords = "Data privacy, Pseudonymity, Data anonymization and sanitization, k-anonymity, Privacy-protecting data publishing, Linkage attacks",
author = "Schwee, {Jens Hjort} and Sangogboye, {Fisayo Caleb} and Kj{\ae}rgaard, {Mikkel Baun}",
year = "2019",
month = "4",
day = "15",
language = "English",
note = "International Workshop on Security and Privacy for the Internet-of-Things, IoTSec ; Conference date: 15-04-2019 Through 15-04-2019",
url = "https://synercys.github.io/iotsec/",

}

Schwee, JH, Sangogboye, FC & Kjærgaard, MB 2019, 'Evaluating Practical Privacy Attacks for Building Data Anonymized by Standard Methods' Paper fremlagt ved International Workshop on Security and Privacy for the Internet-of-Things, Montreal, Canada, 15/04/2019 - 15/04/2019, .

Evaluating Practical Privacy Attacks for Building Data Anonymized by Standard Methods. / Schwee, Jens Hjort; Sangogboye, Fisayo Caleb; Kjærgaard, Mikkel Baun.

2019. Afhandling præsenteret på International Workshop on Security and Privacy for the Internet-of-Things, Montreal, Canada.

Publikation: Konferencebidrag uden forlag/tidsskriftPaperForskningpeer review

TY - CONF

T1 - Evaluating Practical Privacy Attacks for Building Data Anonymized by Standard Methods

AU - Schwee, Jens Hjort

AU - Sangogboye, Fisayo Caleb

AU - Kjærgaard, Mikkel Baun

PY - 2019/4/15

Y1 - 2019/4/15

N2 - The availability of inexpensive IoT sensors enables the collection of a wide range of data about buildings and their use by occupants. The data originating from these sensors are in many cases privacy-invasive. Therefore, methods for improving privacy protection for such data is needed. In this paper, we explore if suppression, k-anonymity or a combination of them, provides sufficient privacy protection on a published dataset. The results show that the specific dataset only was partly protected in the case of the combination of the two privacy protection methods. The attack vectors used to break the protection includes the sensor deployments, and the physically limitations of the sensors. This indicates, the need to consider how to protect the metadata of sensor deployments as well as the sensor streams. This additional metadata protection can serve as requirements, for anonymization methods for time-series data. However, even with good privacy protection, the building dataset might still be vulnerable to attacks since building data contains repeatable patterns which are susceptible to a range of attacks.

AB - The availability of inexpensive IoT sensors enables the collection of a wide range of data about buildings and their use by occupants. The data originating from these sensors are in many cases privacy-invasive. Therefore, methods for improving privacy protection for such data is needed. In this paper, we explore if suppression, k-anonymity or a combination of them, provides sufficient privacy protection on a published dataset. The results show that the specific dataset only was partly protected in the case of the combination of the two privacy protection methods. The attack vectors used to break the protection includes the sensor deployments, and the physically limitations of the sensors. This indicates, the need to consider how to protect the metadata of sensor deployments as well as the sensor streams. This additional metadata protection can serve as requirements, for anonymization methods for time-series data. However, even with good privacy protection, the building dataset might still be vulnerable to attacks since building data contains repeatable patterns which are susceptible to a range of attacks.

KW - Data privacy

KW - Pseudonymity

KW - Data anonymization and sanitization

KW - k-anonymity

KW - Privacy-protecting data publishing

KW - Linkage attacks

M3 - Paper

ER -

Schwee JH, Sangogboye FC, Kjærgaard MB. Evaluating Practical Privacy Attacks for Building Data Anonymized by Standard Methods. 2019. Afhandling præsenteret på International Workshop on Security and Privacy for the Internet-of-Things, Montreal, Canada.

Dokumenter og links