Recognising Re-identification Attacks on Databases, by Interpreting them as SQL Queries: A Technical Study

Abstract

The more data sharing becomes prominent in the information age, the higher the risk of shared data being used in unexpected and undesirable ways. Data holders have employed anonymisation techniques as a means of data protection when they share a database. However, attackers can circumvent the protection or presumed protection offered by anonymisation, through re identi cation attacks. Datasets are where personal information live and SQL queries are the medium through which users interact with these datasets. This paper explores from a technical perspective, how the process (killchain) of executing a re-identi cation attack can be represented and recognised as a series of SQL queries. Using one of the best known re-identi cation attack cases as a scenario, this paper explores a method for recognising re-identi cation attack as SQL queries on a database.

Description

Keywords

Data Privacy, Anonymisation, Re-identi cation, SQL, Database Queries, Netflix Prize Data

Citation

Ishola, O., Boiten, E.A., Ayesh, A., Albakri, A. (2020) Recognising Re-identification Attacks on Databases, by Interpreting them as SQL Queries: A Technical Study. Privacy in Statistical Databases 2020 (PSD2020), Arezzo, Italy, September 2020.

Rights

Research Institute