Finding the Sweet Spot for Data Anonymization: A Mechanism Design Perspective

Data sharing between different organizations is an essential process in today's connected world. However, recently there were many concerns about data sharing as sharing sensitive information can jeopardize users' privacy. To preserve privacy, organizations use anonymization techniques to conceal users' sensitive data. However, these techniques are vulnerable to de-anonymization attacks which aim to identify individual records within a dataset. In this paper, a two-tier mathematical framework is proposed for analyzing and mitigating the de-anonymization attacks, by studying the interactions between sharing organizations, a data collector, and an attacker. In the first level, a game-theoretic model is proposed to enable sharing organizations to optimally select their anonymization levels for k-anonymization under two potential attacks: background-knowledge attack and homogeneity attack. In the second level, a contract-theoretic model is proposed to enable the data collector to optimally reward the organizations for their data. The formulated problems are studied under single-time sharing and repeated sharing scenarios. Different Nash equilibria for the proposed game and the optimal solution of the contract-based problem are analytically derived for both scenarios. Simulation results show that the organizations can optimally select their anonymization levels, while the data collector can benefit from incentivizing the organizations to share their data.

Automated summary

This paper proposes a two-tier mathematical framework for analyzing and mitigating de-anonymization attacks in data sharing. A game-theoretic model is used to guide sharing organizations in selecting optimal anonymization levels, while a contract-theoretic model is used to guide the data collector in providing optimal rewards for the organizations. Simulation results demonstrate the effectiveness of the proposed models.