Title :
Closeness: A New Privacy Measure for Data Publishing
Author :
Li, Ninghui ; Li, Tiancheng ; Venkatasubramanian, Suresh
Author_Institution :
Dept. of Comput. Sci., Purdue Univ., West Lafayette, IN, USA
fDate :
7/1/2010 12:00:00 AM
Abstract :
The k-anonymity privacy requirement for publishing microdata requires that each equivalence class (i.e., a set of records that are indistinguishable from each other with respect to certain “identifying” attributes) contains at least k records. Recently, several authors have recognized that k-anonymity cannot prevent attribute disclosure. The notion of ℓ-diversity has been proposed to address this; ℓ-diversity requires that each equivalence class has at least ℓ well-represented (in Section 2) values for each sensitive attribute. In this paper, we show that ℓ-diversity has a number of limitations. In particular, it is neither necessary nor sufficient to prevent attribute disclosure. Motivated by these limitations, we propose a new notion of privacy called “closeness.” We first present the base model t-closeness, which requires that the distribution of a sensitive attribute in any equivalence class is close to the distribution of the attribute in the overall table (i.e., the distance between the two distributions should be no more than a threshold t). We then propose a more flexible privacy model called (n,t)-closeness that offers higher utility. We describe our desiderata for designing a distance measure between two probability distributions and present two distance measures. We discuss the rationale for using closeness as a privacy measure and illustrate its advantages through examples and experiments.
Keywords :
data privacy; publishing; closeness; data publishing; k-anonymity privacy requirement; microdata; privacy measure; probability distributions; Privacy preservation; data anonymization; data publishing; data security.;
Journal_Title :
Knowledge and Data Engineering, IEEE Transactions on
DOI :
10.1109/TKDE.2009.139