Measuring anonymity of pseudonymized data after probabilistic background attacks

Abstract

There is clear demand among organizations for sharing their data for mining and other purposes without compromising the privacy of individual objects contained in the data. Pseudonymization is a simple, yet widely employed technique for sanitizing such data prior to its release; it replaces identifying names in the data by pseudonyms. Well-known metrics already exist in the literature for measuring the amount of anonymity still contained in some pseudonymized data in the aftermath of an infeasibility background attack. While the need for a metric for the much wider and more realistic class of probabilistic background attacks has also been well identified, currently no such metric exists. We fulfill that long identified need by presenting two metrics, an approximate and a more exact one, for measuring anonymity in pseudonymized data in the wake of a probabilistic attack. These metrics are rather intractable, thus impractical to employ in real-life situations. Therefore, we also develop an efficient heuristic for our superior metric, and show the remarkable accuracy of our heuristic. Our metrics and heuristic assist a data owner in evaluating the safety level of pseudonymized data against probabilistic attacks before making a decision on its release.