Abstract
In recent times we are witnessing the emergence of a wide variety of information systems that tailor the information-exchange functionality to meet the specific interests of their users. Most of these personalized information systems capitalize on, or lend themselves to, the construction of user profiles, either directly declared by a user, or inferred from past activity. The ability of these systems to profile users is therefore what enables such intelligent functionality, but at the same time, it is the source of serious privacy concerns. The purpose of this paper is twofold. First, we survey the state of the art in privacy-enhancing technologies for applications where personalization comes in. In particular, we examine the assumptions upon which such technologies build, and then classify them into five broad categories, namely, basic anti-tracking technologies, cryptography-based methods from private information retrieval, approaches relying on trusted third parties, collaborative mechanisms and data-perturbative techniques. Secondly, we review several approaches for evaluating the effectiveness of those technologies. Specifically, our study of privacy metrics explores the measurement of the privacy of user profiles in the still emergent field of personalized information systems.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Technically, machines, not users, are identified by addresses.
- 2.
- 3.
Shannon’s entropy of a discrete r.v. is a measure of the uncertainty of the outcome of this r.v.
References
Ritholtz, B.: Things that happen on internet every sixty seconds. http://www.ritholtz.com/blog/2011/12/60-seconds-things-that-happen-every-sixty-seconds/ (2011)
Grossman, W.M.: alt.scientology.war (1996)
AOL search data scandal: http://en.wikipedia.org/wiki/AOL-search-data-leak (2006). Accessed 15 Nov 2013
Shen, X., Tan, B., Zhai, C.: Privacy protection in personalized search. ACM Spec. Interest Group Inform. Retrieval (SIGIR). Forum 41(1), 4–17 (2007)
Srisuresh, P., Holdrege, M.: IP network address translator (NAT) terminology and considerations. RFC 2663 (Informational) (1999)
Droms, R.: Dynamic host configuration protocol. RFC 2131 (Draft Standard) Updated by RFCs 3396, 4361, 5494, 6842 (1997)
Ostrovsky, R., Skeith III, W.E.: A survey of single-database PIR: Techniques and applications. In: Proceedings of International Conference on Practice, Theory Public-Key Cryptography (PKC). Lecture Notes in Computer Science (LNCS), vol. 4450, pp. 393–411. Beijing, China, Springer-Verlag (2007)
Ghinita, G., Kalnis, P., Khoshgozaran, A., Shahabi, C., Tan, K.L.: Private queries in location based services: anonymizers are not necessary. In: Proceedings ACM SIGMOD International Conference Management of Data, pp. 121–132. Vancouver, Canada (2008)
Chor, B., Goldreich, O., Kushilevitz, E., Sudan, M.: Private information retrieval. In: Proceedings IEEE Annual Symposium Foundations of Computer Science (FOCS), pp. 41–50. Milwaukee, WI (1995)
Kushilevitz, E., Ostrovsky, R.: Replication is not needed: single database, computationally-private information retrieval. In: Proceedings of the IEEE Annual Symposium Foundations on Computer Science (FOCS), pp. 364–373. IEEE Computer Society (1997)
Yekhanin, S.: Private information retrieval. Commun. ACM 53(4), 68–73 (2010)
Canny, J.: Collaborative filtering with privacy via factor analysis. In: Proceedings ACM SIGIR Conference on Research and Development in Information Retrieval, pp. 238–245. Tampere, Finland, ACM (2002)
Canny, J.F.: Collaborative filtering with privacy. In: Proceedings of the IEEE Symposium on Security and Privacy (SP), pp. 45–57 (2002)
Ahmad, W., Khokhar, A.: An architecture for privacy preserving collaborative filtering on Web portals. In: Proceedings IEEE International Symposium on Information Assurance and Security (IAS), pp. 273–278. IEEE Computer Society, Washington, DC (2007)
Zhan, J., Hsieh, C.L., Wang, I.C., Hsu, T.S., Liau, C.J., Wang, D.W.: Privacy-preserving collaborative recommender systems. IEEE Trans. Syst. Man, Cybern. 40(4), 472–476 (2010)
Chaum, D.: Security without identification: transaction systems to make big brother obsolete. Commun. ACM 28(10), 1030–1044 (1985)
Benjumea, V., López, J., Linero, J.M.T.: Specification of a framework for the anonymous use of privileges. Telemat. Informat. 23(3), 179–195 (2006)
Bianchi, G., Bonola, M., Falletta, V., Proto, F.S., Teofili, S.: The SPARTA pseudonym and authorization system. Sci. Comput. Program. 74(1–2), 23–33 (2008)
Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM 24(2), 84–88 (1981)
Serjantov, A., Dingledine, R., Syverson, P.: From a trickle to a flood: active attacks on several mix types. In: Proceedings of Information Hiding Workshop (IH), pp. 36–52. Springer-Verlag (2002)
Serjantov, A., Newman, R.E.: On the anonymity of timed pool mixes. In: Proceedings of the Workshop on Privacy and Anonymity Issues in Networked and Distributed Systems, pp. 427–434. Kluwer (2003)
Möller, U., Cottrell, L., Palfrader, P., Sassaman, L.: Mixmaster protocol—version 2. Internet draft, Internet Eng. Task Force (2003) Accessed 18 Feb 2014.
Kesdogan, D., Egner, J., Büschkes, R.: Stop-and-go mixes: providing probabilistic anonymity in an open system. In: Proceedings of Information Hiding Workshop (IH), pp. 83–98. Springer-Verlag (1998)
Rennhard, M., Plattner, B.: Practical anonymity for the masses with mix-networks. In: Proceedings of International Workshops on Enabling Technologies: Infrastructures for Collaborative Enterprises (WETICE), pp. 255–260. IEEE Computer Society (2003)
Danezis, G.: Mix-networks with restricted routes. In: Proceedings of International Symposium on Privacy Enhancing Technologies Symposium (PETS). Lecture Notes in Computer Science (LNCS), pp. 1–17 (2003)
Reiter, M.K., Rubin, A.D.: Crowds: anonymity for Web transactions. ACM Trans. Inform. Syst. Secur. 1(1), 66–92 (1998)
Tripp-Barba, C., Urquiza, L., Aguilar, M., Parra-Arnau, J., Rebollo-Monedero, D., J. Forné, E.P.: A collaborative protocol for anonymous reporting in vehicular adhoc networks. Comput. Stand. Interf. 36:1, 188–197 (2013) (To appear)
Rebollo-Monedero, D., Forné, J., Pallarès, E., Parra-Arnau, J., Tripp, C., Urquiza, L., Aguilar, M.: On collaborative anonymous communications in lossy networks. Secur Commun. Netw (2013). doi:10.1002/sec.793
Rebollo-Monedero, D., Forné, J., Solanas, A., Martnez-Ballesté, T.: Private location-based information retrieval through user collaboration. Comput. Commun. 33(6), 762–774 (2010)
Erola, A., Castellà-Roca, J., Viejo, A., Mateo-Sanz, J.M.: Exploiting social networks to provide privacy in personalized Web search. J. Syst. Softw. 84(10), 1734–745 (2011)
Rebollo-Monedero, D., Forné, J., Domingo-Ferrer, J.: Coprivate query profile obfuscation by means of optimal query exchange between users. IEEE Trans. Depend. Secure Comput. 9(5), 641–654 (2012)
Domingo-Ferrer, J., González-Nicolás, Ú.: Rational behavior in peer-to-peer profile obfuscation for anonymous keyword search. Inform. Sci. 185(1), 191–204 (2012)
Rebollo-Monedero, D., Forné, J.: Optimal query forgery for private information retrieval. IEEE Trans. Inform. Theory 56(9), 4631–4642 (2010)
Elovici, Y., Shapira, B., Maschiach, A.: A new privacy model for hiding group interests while accessing the Web. In: Proceedings of Workshops on Privacy in the Electronic Society, pp. 63–70. ACM, Washington, DC (2002)
Elovici, Y., Shapira, B., Maschiach, A.: A new privacy model for Web surfing. In: Proceedings of International Workshop on Next Generation Information Technologies and System (NGITS), pp. 45–57.Springer-Verlag (2002)
Elovici, Y., Glezer, C., Shapira, B.: Enhancing customer privacy while searching for products and services on the World Wide Web. Internet Res. 15(4), 378–399 (2005)
Elovici, Y., Shapira, B., Meshiach, A.: Cluster-analysis attack against a private Web solution (PRAW). Online Inform. Rev. 30, 624–643 (2006)
Ye, S., Wu, F., Pandey, R., Chen, H.: Noise injection for search privacy protection. In: Proceedings of IEEE International Conference on Computational Science and Engineering, pp. 1–8. IEEE Computer Society (2009)
Howe, D.C., Nissenbaum, H.: TrackMeNot: Resisting surveillance in Web search. In: Lessons from the Identity Trail: Privacy, Anonymity and Identity in a Networked Society, pp. 417–436. Oxford University Press, NY (2009)
Chow, R., Golle, P.: Faking contextual data for fun, profit, and privacy. In: Proceedings of ACM workshop on Privacy in the Electronic Society, pp. 105–108. ACM (2009)
Domingo-Ferrer, J., Solanas, A., Castellà-Roca, J.: \(h(k)\)-private information retrieval from privacy-uncooperative queryable databases. Online Inform. Rev. 33(4), 720–744 (2009)
Balsa, E., Troncoso, C., Daz, C.: OB-PWS: Obfuscation-based private Web search. In: Proceedings of IEEE Symposium on Security and Privacy (SP), pp. 491–505. IEEE Computer Society (2012)
Parra-Arnau, J., Rebollo-Monedero, D., Forné, J.: A privacy-preserving architecture for the semantic Web based on tag suppression. In: Proceedings of International Conference on Trust, Privacy and Security in Digital Business (TrustBus). Lecture Notes in Computer Science (LNCS), vol. 6264, pp. 58–68. Bilbao, Spain (2010)
Parra-Arnau, J., Rebollo-Monedero, D., Forné, J., Muñoz, J.L., Esparza, O.: Optimal tag suppression for privacy protection in the semantic Web. Data Knowl. Eng. 81–82, 46–66 (2012)
Parra-Arnau, J., Perego, A., Ferrari, E., Forné, J., Rebollo-Monedero, D.: Privacy-preserving enhanced collaborative tagging. IEEE Trans. Knowl. Data Eng. 26(1), 180–193 (2014)
Parra-Arnau, J., Rebollo-Monedero, D., Forné, J.: A privacy-protecting architecture for collaborative filtering via forgery and suppression of ratings. In: Proceedings of the International Workshop on Data Privacy Management (DPM). Lecture Notes in Computer Science (LNCS), vol. 7122, pp. 42–57. Leuven, Belgium (2011)
Parra-Arnau, J., Rebollo-Monedero, D., Forné, J.: Optimal forgery and suppression of ratings for privacy enhancement in recommendation systems. Entropy 16(3), 1586–1631 (2014)
Xu, Y., Wang, K., Zhang, B., Chen, Z.: Privacy-enhancing personalized web search. In: Proceedings of the International WWW Conference, pp. 591–600. ACM (2007)
Goldschlag, D., Reed, M., Syverson, P.: Hiding routing information. In: Proceedings of International Workshop on Information Hiding (IH), pp. 137–150 (1996)
Kuflik, T., Shapira, B., Elovici, Y., Maschiach, A.: Privacy preservation improvement by learning optimal profile generation rate. In: User Modeling. Lecture Notes in Computer Science (LNCS), vol. 2702, pp. 168–177. Springer-Verlag (2003)
Shapira, B., Elovici, Y., Meshiach, A., Kuflik, T.: PRAW—The model for PRivAte Web. J. Am. Soc. Inform. Sci. Technol. 56(2), 159–172 (2005)
Markines, B., Cattuto, C., Menczer, F., Benz, D., Hotho, A., Stum, G.: Evaluating similarity measures for emergent semantics of social tagging. In: Proceedings of the International WWW Conference, pp. 641–650. ACM (2009)
Halkidi, M., Koutsopoulos, I.: A game theoretic framework for data privacy preservation in recommender systems. In: Proceedings of European Machine Learning Principles and Practice of Knowledge Discovery in Databases (ECML PKDD), pp. 629–644. Springer-Verlag (2011)
Cover, T.M., Thomas, J.A.: Elements of Information Theory, 2nd edn. Wiley, New York (2006)
Rebollo-Monedero, D., Parra-Arnau, J., Diaz, C., Forné, J.: On the measurement of privacy as an attacker’s estimation error. Int. J. Inform. Secur. 12(2), 129–149 (2012)
Parra-Arnau, J., Rebollo-Monedero, D., Forné, J.: Measuring the privacy of user profiles in personalized information systems. Future Gen. Comput. Syst. (FGCS), Special Issue Data Knowl. Eng. 33, 53–63 (2014)
Rebollo-Monedero, D., Parra-Arnau, J., Forné, J.: An information-theoretic privacy criterion for query forgery in information retrieval. In: Proceedings of International Conference on Security Technology (SecTech). Communications in Computer and Information Science (CCIS), vol. 259, pp. 146–154. Jeju Island, South Korea, Springer-Verlag (2011)
Parra-Arnau, J.: Privacy protection of user profiles in personalized information systems. PhD Thesis, Technical University Catalonia (UPC) (2013)
Jaynes, E.T.: On the rationale of maximum-entropy methods. Proc. IEEE 70(9), 939–952 (1982)
Berthold, O., Pfitzmann, A., Standtke, R.: The disadvantages of free MIX routes and how to overcome them. In: Proceedings of Design. Privacy Enhancing Technologies: Workshop on Design Issues in Anonymity Unobser. Lecture Notes in Computer Science (LNCS), pp. 30–45. Berkeley, CA, Springer-Verlag (July 2000)
Díaz, C., Seys, S., Claessens, J., Preneel, B.: Towards measuring anonymity. In: Proceedings of International Symposium on Privacy Enhancing Technologies (PETS). Lecture Notes in Computer Science (LNCS), vol. 2482, pp. 54–68. Springer-Verlag (2002)
Serjantov, A., Danezis, G.: Towards an information theoretic metric for anonymity. In: Proceedings of International Symposium on Privacy Enhancing Technologies (PETS), vol. 2482, pp. 41–53. Springer-Verlag (2002)
Steinbrecher, S., Kopsell, S.: Modelling unlinkability. IIn: Proceedings of International Symposium on Privacy Enhancing Technologies (PETS), pp. 32–47. Springer-Verlag (2003)
Tóth, G., Hornák, Z., Vajda, F.: Measuring anonymity revisited. In: Proceedings of Nordic Workshop Secure IT Systems, pp. 85–90 (2004)
Tóth, G., Hornák, Z.: Measuring anonymity in a non-adaptive, real-time system. In: Proceedings of International Symposium on Privacy Enhancing Technologies (PETS). Lecture Notes in Computer Science (LNCS), vol. 3424, pp. 226-241. Toronto, Canada, Springer-Verlag (2004)
Shmatikov, V., Wang, M.H.: Measuring relationship anonymity in mix networks. In: Proceedings of Workshops on Privacy in the Electronic Society, pp. 59–62. ACM (2006)
Pfitzmann, A., Hansen, M.: A terminology for talking about privacy by data minimization: Anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management. v 0.34 (2010)
Clauß, S., Schiffner, S.: Structuring anonymity metrics. In: Proceedings of ACM Workshop on Digital Identity Management, pp. 55–62. Fairfax, VA, ACM (2006)
Rebollo-Monedero, D., Parra-Arnau, J., Forné, J., Diaz, C.: Optimizing the design parameters of threshold pool mixes for anonymity and delay. Comput. Netw. (2014) (To appear)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Parra-Arnau, J., Rebollo-Monedero, D., Forné, J. (2015). Privacy-Enhancing Technologies and Metrics in Personalized Information Systems. In: Navarro-Arribas, G., Torra, V. (eds) Advanced Research in Data Privacy. Studies in Computational Intelligence, vol 567. Springer, Cham. https://doi.org/10.1007/978-3-319-09885-2_23
Download citation
DOI: https://doi.org/10.1007/978-3-319-09885-2_23
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-09884-5
Online ISBN: 978-3-319-09885-2
eBook Packages: EngineeringEngineering (R0)