On Minimality Attack for Privacy-Preserving Data Publishing

Preserving privacy while publishing data is an important requirement in many practical applications. Information about individuals and/or organizations are collected from various sources which are being published, after applying some kinds pre-processing logic, that may lead to leaking sensitive information of individual. Anonymization is a widely used technique to suppress or generalize data so that essence of data can be hidden to a certain degree. In this paper, we present an analysis of some well-known anonymization-based privacy preserving schemes such as k-anonymity and l-diversity to show how these schemes suffer from the minimality attack that can lead to potential information leakage from the published data. We present a mitigation mechanism, NoMin algorithm, to address the minimality attack in anonymization-based privacy preserving schemes. The proposed NoMin algorithm uses random sample of spurious records in an equivalence class of actual records such that an adversary cannot figure out an individual from the published data. The analysis and experimental results of the proposed algorithm illustrate its strengths, practicality and limitations with respect to minimality attacks on anonymization-based published data.