TY - JOUR

T1 - K-concealment

T2 - An alternative model of k-type anonymity

AU - Tassa, Tamir

AU - Mazza, Arnon

AU - Gionis, Aristides

N1 - Copyright:
Copyright 2013 Elsevier B.V., All rights reserved.

PY - 2012/4

Y1 - 2012/4

N2 - We introduce a new model of k-type anonymity, called k-concealment, as an alternative to the well-known model of k-anonymity. This new model achieves similar privacy goals as kanonymity: While in k-anonymity one generalizes the table records so that each one of them becomes equal to at least k -1 other records, when projected on the subset of quasi-identifiers, k-concealment proposes to generalize the table records so that each one of them becomes computationally - indistinguishable from at least k - 1 others. As the new model extends that of k-anonymity, it offers higher utility. To motivate the new model and to lay the ground for its introduction, we first present three other models, called (1, k)-, (k, 1)- and (k, k)-anonymity which also extend k-anonymity. We characterize the interrelation between the four models and propose algorithms for anonymizing data according to them. Since k-anonymity, on its own, is insecure, as it may allow adversaries to learn the sensitive information of some individuals, it must be enhanced by a security measure such as p-sensitivity or l-diversity. We show how also k-concealment can be enhanced by such measures. We demonstrate the usefulness of our models and algorithms through extensive experiments.

AB - We introduce a new model of k-type anonymity, called k-concealment, as an alternative to the well-known model of k-anonymity. This new model achieves similar privacy goals as kanonymity: While in k-anonymity one generalizes the table records so that each one of them becomes equal to at least k -1 other records, when projected on the subset of quasi-identifiers, k-concealment proposes to generalize the table records so that each one of them becomes computationally - indistinguishable from at least k - 1 others. As the new model extends that of k-anonymity, it offers higher utility. To motivate the new model and to lay the ground for its introduction, we first present three other models, called (1, k)-, (k, 1)- and (k, k)-anonymity which also extend k-anonymity. We characterize the interrelation between the four models and propose algorithms for anonymizing data according to them. Since k-anonymity, on its own, is insecure, as it may allow adversaries to learn the sensitive information of some individuals, it must be enhanced by a security measure such as p-sensitivity or l-diversity. We show how also k-concealment can be enhanced by such measures. We demonstrate the usefulness of our models and algorithms through extensive experiments.

UR - http://www.scopus.com/inward/record.url?scp=84863609453&partnerID=8YFLogxK

M3 - ???researchoutput.researchoutputtypes.contributiontojournal.article???

AN - SCOPUS:84863609453

SN - 1888-5063

VL - 5

SP - 189

EP - 222

JO - Transactions on Data Privacy

JF - Transactions on Data Privacy

IS - 1

ER -