Unexpected Information Leakage of Differential Privacy Due to Linear Property of Queries

by   Wen Huang, et al.

The differential privacy is a widely accepted conception of privacy preservation and the Laplace mechanism is a famous instance of differential privacy mechanisms to deal with numerical data. In this paper, we find that the differential privacy does not take liner property of queries into account, resulting in unexpected information leakage. In specific, the linear property makes it possible to divide one query into two queries such as q(D)=q(D_1)+q(D_2) if D=D_1∪ D_2 and D_1∩ D_2=∅. If attackers try to obtain an answer of q(D), they not only can issue the query q(D), but also can issue the q(D_1) and calculate the q(D_2) by themselves as long as they know D_2. By different divisions of one query, attackers can obtain multiple different answers for the query from differential privacy mechanisms. However, from attackers' perspective and from differential privacy mechanisms' perspective, the totally consumed privacy budget is different if divisions are delicately designed. The difference leads to unexpected information leakage because the privacy budget is the key parameter to control the amount of legally released information from differential privacy mechanisms. In order to demonstrate the unexpected information leakage, we present a membership inference attacks against the Laplace mechanism.


Chorus: Differential Privacy via Query Rewriting

We present Chorus, a system with a novel architecture for providing diff...

The Bounded Laplace Mechanism in Differential Privacy

The Laplace mechanism is the workhorse of differential privacy, applied ...

The Laplace Mechanism has optimal utility for differential privacy over continuous queries

Differential Privacy protects individuals' data when statistical queries...

Differential Privacy Via a Truncated and Normalized Laplace Mechanism

When querying databases containing sensitive information, the privacy of...

Quantifying the Tradeoff Between Cybersecurity and Location Privacy

Previous data breaches that occurred in the mobility sector, such as Ube...

QuerySnout: Automating the Discovery of Attribute Inference Attacks against Query-Based Systems

Although query-based systems (QBS) have become one of the main solutions...

Defensive Design of Saturating Counters Based on Differential Privacy

The saturating counter is the basic module of the dynamic branch predict...

Please sign up or login with your details

Forgot password? Click here to reset