skip to main content
10.1145/1866919.1866923acmconferencesArticle/Chapter ViewAbstractPublication PagesccsConference Proceedingsconference-collections
research-article

Turning privacy leaks into floods: surreptitious discovery of social network friendships and other sensitive binary attribute vectors

Published: 04 October 2010 Publication History

Abstract

We study methods for attacking the privacy of social networking sites, collaborative filtering sites, databases of genetic signatures, and other data sets that can be represented as vectors of binary relationships. Our methods are based on reductions to nonadaptive group testing, which implies that our methods can exploit a minimal amount of privacy leakage, such as contained in a single bit that indicates if two people in a social network have a friend in common or not. We analyze our methods for turning such privacy leaks into floods using theoretical characterizations as well as experimental tests. Our empirical analyses are based on experiments involving privacy attacks on the social networking sites Facebook and LiveJournal, a database of mitochondrial DNA, a power grid network, and the movie-rating database released as a part of the Netflix Prize contest. For instance, with respect to Facebook, our analysis shows that it is effectively possible to break the privacy of members who restrict their friends lists to friends-of-friends.

References

[1]
}}A. Amirbekyan and V. Estivill-Castro. A new efficient privacy-preserving scalar product protocol. In AusDM, 2007.
[2]
}}M. J. Atallah, F. Kerschbaum, and W. Du. Secure and private sequence comparisons. In WPES. ACM, 2003.
[3]
}}M. J. Atallah and J. Li. Secure outsourcing of sequence comparisons. Int. J. Inf. Secur., 4(4):277--287, 2005.
[4]
}}L. Backstrom, C. Dwork, and J. Kleinberg. Wherefore art thou r3579x?: Anonymized social networks, hidden patterns, and structural steganography. In WWW. ACM, 2007.
[5]
}}F. Bancilhon and N. Spyratos. Protection of information in relational data bases. In VLDB, pages 494--500, 1977.
[6]
}}D. M. Behar1, S. Rosset, J. Blue-Smith, O. Balanovsky, S. Tzur1, D. Comas, R. J. Mitchell, L. Quintana-Murci, C. Tyler-Smith, and R. S. Wells. The genographic project public participation mitochondrial DNA database. PLoS Genetics, 3(6), 2005.
[7]
}}M. Brandon, M. Lott, K. Nguyen, S. Spolim, S. Navathe, P. Baldi, and D. Wallace. MITOMAP: a human mitochondrial genome database - 2004 update. Nucleic Acids Research, 33, 2005.
[8]
}}A. Deutsch and Y. Papakonstantinou. Privacy in database publishing. In T. Eiter and L. Libkin, editors, ICDT, volume 3363 of LNCS, pages 230--245. Springer, 2005.
[9]
}}R. Dorfman. The detection of defective members of large populations. Ann. Math. Statist., 14:436--440, 1943.
[10]
}}D.-Z. Du and F. K. Hwang. Combinatorial Group Testing and Its Applications, 2nd ed. World Scientific, 2000.
[11]
}}W. Du and M. J. Atallah. Protocols for secure remote database access with approximate matching. In E-Commerce Security and Privacy: Adv. in Info Security, volume 2, pages 87--112. 2001.
[12]
}}W. Du and M. J. Atallah. Secure multi-party computation problems and their applications: A review and open problems. In NSPW, 2001.
[13]
}}C. L. DuBois. UCI network data repository, 2008.
[14]
}}C. Dwork, F. McSherry, and K. Talwar. The price of privacy and the limits of LP decoding. In STOC, pages 85--94. ACM, 2007.
[15]
}}D. Eppstein, M. T. Goodrich, and D. S. Hirschberg. Improved combinatorial group testing for real-world problem sizes. In WADS, Lecture Notes Comput. Sci. Springer, 2005.
[16]
}}M. Freedman, K. Nissim, and B. Pinkas. Efficient private matching and set intersection. In Adv. in Cryptology - EUROCRYPT, 2004.
[17]
}}M. Gjoka, M. Kurant, C. T. Butts, and A. Markopoulou. A walk in facebook: Uniform sampling of users in online social networks. CoRR, abs/0906.0060, 2009.
[18]
}}O. Goldreich, S. Micali, and A. Wigderson. How to play any mental game. In STOC, pages 218--229. ACM, 1987.
[19]
}}M. T. Goodrich. The mastermind attack on genomic data. In IEEE Symposium on Security and Privacy. IEEE Press, 2009.
[20]
}}R. Gross, A. Acquisti, and H. J. Heinz, III. Information revelation and privacy in online social networks. In WPES. ACM, 2005.
[21]
}}S. Harihara, M. Hirai, Y. Suutou, K. Shimizu, and K. Omoto. Frequency of a 9-bp deletion in the mitochondrial DNA among Asian populations. Human Biology, 64(2):161--166, 1992.
[22]
}}C. Jernigan and B. Mistree. Gaydar: Facebook friendships expose sexual orientation. First Monday {online}, 14(10), 2009.
[23]
}}S. Jha, L. Kruger, and V. Shmatikov. Towards practical privacy for genomic computation. In IEEE Symp. on Security and Privacy, pages 216--230, 2008.
[24]
}}W. Jiang, M. Murugesan, C. Clifton, and L. Si. Similar document detection with limited information disclosure. In ICDE, pages 735--743. IEEE, 2008.
[25]
}}M. Kantarcioğlu, J. Jin, and C. Clifton. When do data mining results violate privacy? In KDD, pages 599--604. ACM, 2004.
[26]
}}D. Knuth. The art of computer programming. Addison-Wesley, 1973.
[27]
}}K. Lewis, J. Kaufman, M. Gonzalez, A. Wimmer, and N. Christakis. Tastes, ties, and time: A new social network dataset using Facebook.com. Social Networks, 30(4):330--342, 2008.
[28]
}}G. Miklau and D. Suciu. A formal analysis of information disclosure in data exchange. J of Comp and Sys Sciences, 73(3):507--534, 2007.
[29]
}}A. Narayanan and V. Shmatikov. Robust de-anonymization of large sparse datasets. In IEEE SP, pages 111--125, 2008.
[30]
}}A. Narayanan and V. Shmatikov. De-anonymizing social networks. In IEEE SP, pages 173--187, 2009.
[31]
}}B. Pakendorf and M. Stoneking. Mitochondrial DNA and human evolution. Annual Rev. Genomics Hum. Genet., 6:165--183, 2005.
[32]
}}E. Ruiz-Pesini, M. T. Lott, V. Procaccio, J. Poole, M. C. Brandon, D. Mishmar, C. Yi, J. Kreuziger, P. Baldi, and D. C. Wallace. An enhanced MITOMAP with a global mtDNA mutational philogeny. Nucleic Acids Research, 35:D823--D828, 2007.
[33]
}}M. Ruszinkó. On the upper bound of the size of the r-cover-free families. J. Combin. Th. Ser. A, 66:302--310, 1994.
[34]
}}Y. Sang and H. Shen. Privacy preserving set intersection based on bilinear groups. In ACSC, pages 47--54, 2008.
[35]
}}L. A. Stern and K. Taylor. Social networking on Facebook. J of the Comm., Speech & Theatre Association of ND, 20:9--20, 2007.
[36]
}}A. Traud, E. Kelsic, P. Mucha, and M. Porter. Community structure in online collegiate social networks. arXiv:0809.0960, 2008.
[37]
}}J. R. Troncoso-Pastoriza, S. Katzenbeisser, and M. Celik. Privacy preserving error resilient DNA searching through oblivious automata. In ACM CCS, pages 519--528, 2007.
[38]
}}J. Vaidya and C. Clifton. Secure set intersection cardinality with application to association rule mining. JSC, 13(4):593--622, 2005.
[39]
}}A. C. Yao. Protocols for secure computations. In FOCS, pages 160--164, 1982.

Cited By

View all
  • (2024)Local Certification of Majority DynamicsSOFSEM 2024: Theory and Practice of Computer Science10.1007/978-3-031-52113-3_26(369-382)Online publication date: 7-Feb-2024
  • (2015)Online Social Snapshots of a Generic Facebook Session Based on Digital Insight Data for a Secure Future IT EnvironmentSymmetry10.3390/sym70205467:2(546-560)Online publication date: 4-May-2015
  • (2014)Exploiting Users' Inconsistent Preferences in Online Social Networks to Discover Private Friendship LinksProceedings of the 13th Workshop on Privacy in the Electronic Society10.1145/2665943.2665956(59-68)Online publication date: 3-Nov-2014
  • Show More Cited By

Index Terms

  1. Turning privacy leaks into floods: surreptitious discovery of social network friendships and other sensitive binary attribute vectors

        Recommendations

        Comments

        Information & Contributors

        Information

        Published In

        cover image ACM Conferences
        WPES '10: Proceedings of the 9th annual ACM workshop on Privacy in the electronic society
        October 2010
        136 pages
        ISBN:9781450300964
        DOI:10.1145/1866919
        Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

        Sponsors

        Publisher

        Association for Computing Machinery

        New York, NY, United States

        Publication History

        Published: 04 October 2010

        Permissions

        Request permissions for this article.

        Check for updates

        Author Tags

        1. binary attribute vectors
        2. combinatorial group testing
        3. genetic signatures
        4. privacy leaks
        5. social networks

        Qualifiers

        • Research-article

        Conference

        CCS '10
        Sponsor:

        Acceptance Rates

        Overall Acceptance Rate 106 of 355 submissions, 30%

        Upcoming Conference

        CCS '25

        Contributors

        Other Metrics

        Bibliometrics & Citations

        Bibliometrics

        Article Metrics

        • Downloads (Last 12 months)4
        • Downloads (Last 6 weeks)0
        Reflects downloads up to 17 Feb 2025

        Other Metrics

        Citations

        Cited By

        View all
        • (2024)Local Certification of Majority DynamicsSOFSEM 2024: Theory and Practice of Computer Science10.1007/978-3-031-52113-3_26(369-382)Online publication date: 7-Feb-2024
        • (2015)Online Social Snapshots of a Generic Facebook Session Based on Digital Insight Data for a Secure Future IT EnvironmentSymmetry10.3390/sym70205467:2(546-560)Online publication date: 4-May-2015
        • (2014)Exploiting Users' Inconsistent Preferences in Online Social Networks to Discover Private Friendship LinksProceedings of the 13th Workshop on Privacy in the Electronic Society10.1145/2665943.2665956(59-68)Online publication date: 3-Nov-2014
        • (2013)Nonadaptive Mastermind Algorithms for String and Vector Databases, with Case StudiesIEEE Transactions on Knowledge and Data Engineering10.1109/TKDE.2011.14725:1(131-144)Online publication date: 1-Jan-2013
        • (2013)Convergence in Social Influence NetworksProceedings of the 27th International Symposium on Distributed Computing - Volume 820510.1007/978-3-642-41527-2_30(433-446)Online publication date: 14-Oct-2013
        • (2012)Fake identities in social media: A case study on the sustainability of the Facebook business modelJournal of Service Science Research10.1007/s12927-012-0008-z4:2(175-212)Online publication date: 31-Dec-2012

        View Options

        Login options

        View options

        PDF

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader

        Figures

        Tables

        Media

        Share

        Share

        Share this Publication link

        Share on social media