Evaluating Practical Privacy Attacks for Building Data Anonymized by Standard Methods

Jens Hjort Schwee; Fisayo Caleb Sangogboye; Mikkel Baun Kjærgaard

Evaluating Practical Privacy Attacks for Building Data Anonymized by Standard Methods

Jens Hjort Schwee^*, Fisayo Caleb Sangogboye, Mikkel Baun Kjærgaard

^*Corresponding author for this work

Research output: Contribution to conference without publisher/journal › Paper › Research › peer-review

215 Downloads (Pure)

Abstract

The availability of inexpensive IoT sensors enables the collection of a wide range of data about buildings and their use by occupants. The data originating from these sensors are in many cases privacy-invasive. Therefore, methods for improving privacy protection for such data is needed. In this paper, we explore if suppression, k-anonymity or a combination of them, provides sufficient privacy protection on a published dataset. The results show that the specific dataset only was partly protected in the case of the combination of the two privacy protection methods. The attack vectors used to break the protection includes the sensor deployments, and the physically limitations of the sensors. This indicates, the need to consider how to protect the metadata of sensor deployments as well as the sensor streams. This additional metadata protection can serve as requirements, for anonymization methods for time-series data. However, even with good privacy protection, the building dataset might still be vulnerable to attacks since building data contains repeatable patterns which are susceptible to a range of attacks.

Original language	English
Publication date	15. Apr 2019
Number of pages	4
Publication status	Published - 15. Apr 2019
Event	International Workshop on Security and Privacy for the Internet-of-Things - Montreal, Canada Duration: 15. Apr 2019 → 15. Apr 2019 Conference number: 2 https://synercys.github.io/iotsec/

Workshop

Workshop	International Workshop on Security and Privacy for the Internet-of-Things
Number	2
Country/Territory	Canada
City	Montreal
Period	15/04/2019 → 15/04/2019
Internet address	https://synercys.github.io/iotsec/

Keywords

Data privacy
Pseudonymity
Data anonymization and sanitization
k-anonymity
Privacy-protecting data publishing
Linkage attacks

Documents & Links

Evaluating Practical Privacy Attacks for Building Data Anonymized by Standard MethodsFinal published version, 2 MB

1 Ph.D. thesis

Software Tools for Privacy Control in Publication of Cyber-Physical Data
Schwee, J. H., 15. Mar 2022, Syddansk Universitet. Det Tekniske Fakultet. 398 p.
Research output: Thesis › Ph.D. thesis

Cite this

@conference{2a72a00141db4096a2e6ea4e4dcc63d0,

title = "Evaluating Practical Privacy Attacks for Building Data Anonymized by Standard Methods",

abstract = "The availability of inexpensive IoT sensors enables the collection of a wide range of data about buildings and their use by occupants. The data originating from these sensors are in many cases privacy-invasive. Therefore, methods for improving privacy protection for such data is needed. In this paper, we explore if suppression, k-anonymity or a combination of them, provides sufficient privacy protection on a published dataset. The results show that the specific dataset only was partly protected in the case of the combination of the two privacy protection methods. The attack vectors used to break the protection includes the sensor deployments, and the physically limitations of the sensors. This indicates, the need to consider how to protect the metadata of sensor deployments as well as the sensor streams. This additional metadata protection can serve as requirements, for anonymization methods for time-series data. However, even with good privacy protection, the building dataset might still be vulnerable to attacks since building data contains repeatable patterns which are susceptible to a range of attacks.",

keywords = "Data privacy, Pseudonymity, Data anonymization and sanitization, k-anonymity, Privacy-protecting data publishing, Linkage attacks",

author = "Schwee, {Jens Hjort} and Sangogboye, {Fisayo Caleb} and Kj{\ae}rgaard, {Mikkel Baun}",

year = "2019",

month = apr,

day = "15",

language = "English",

note = "International Workshop on Security and Privacy for the Internet-of-Things, IoTSec ; Conference date: 15-04-2019 Through 15-04-2019",

url = "https://synercys.github.io/iotsec/",

}

Evaluating Practical Privacy Attacks for Building Data Anonymized by Standard Methods. / Schwee, Jens Hjort; Sangogboye, Fisayo Caleb; Kjærgaard, Mikkel Baun.

2019. Paper presented at International Workshop on Security and Privacy for the Internet-of-Things, Montreal, Canada.

Research output: Contribution to conference without publisher/journal › Paper › Research › peer-review

TY - CONF

T1 - Evaluating Practical Privacy Attacks for Building Data Anonymized by Standard Methods

AU - Schwee, Jens Hjort

AU - Sangogboye, Fisayo Caleb

AU - Kjærgaard, Mikkel Baun

N1 - Conference code: 2

PY - 2019/4/15

Y1 - 2019/4/15

N2 - The availability of inexpensive IoT sensors enables the collection of a wide range of data about buildings and their use by occupants. The data originating from these sensors are in many cases privacy-invasive. Therefore, methods for improving privacy protection for such data is needed. In this paper, we explore if suppression, k-anonymity or a combination of them, provides sufficient privacy protection on a published dataset. The results show that the specific dataset only was partly protected in the case of the combination of the two privacy protection methods. The attack vectors used to break the protection includes the sensor deployments, and the physically limitations of the sensors. This indicates, the need to consider how to protect the metadata of sensor deployments as well as the sensor streams. This additional metadata protection can serve as requirements, for anonymization methods for time-series data. However, even with good privacy protection, the building dataset might still be vulnerable to attacks since building data contains repeatable patterns which are susceptible to a range of attacks.

AB - The availability of inexpensive IoT sensors enables the collection of a wide range of data about buildings and their use by occupants. The data originating from these sensors are in many cases privacy-invasive. Therefore, methods for improving privacy protection for such data is needed. In this paper, we explore if suppression, k-anonymity or a combination of them, provides sufficient privacy protection on a published dataset. The results show that the specific dataset only was partly protected in the case of the combination of the two privacy protection methods. The attack vectors used to break the protection includes the sensor deployments, and the physically limitations of the sensors. This indicates, the need to consider how to protect the metadata of sensor deployments as well as the sensor streams. This additional metadata protection can serve as requirements, for anonymization methods for time-series data. However, even with good privacy protection, the building dataset might still be vulnerable to attacks since building data contains repeatable patterns which are susceptible to a range of attacks.

KW - Data privacy

KW - Pseudonymity

KW - Data anonymization and sanitization

KW - k-anonymity

KW - Privacy-protecting data publishing

KW - Linkage attacks

M3 - Paper

T2 - International Workshop on Security and Privacy for the Internet-of-Things

Y2 - 15 April 2019 through 15 April 2019

ER -

Evaluating Practical Privacy Attacks for Building Data Anonymized by Standard Methods

Abstract

Workshop

Keywords

Documents & Links

Fingerprint

Related Research Output

Software Tools for Privacy Control in Publication of Cyber-Physical Data

Cite this