On Breaching Enterprise Data Privacy Through Adversarial Information Fusion

TL;DR

This paper reveals vulnerabilities in current enterprise data anonymization methods, demonstrating how adversaries can fuse information to breach privacy, and proposes a prototype solution to enhance data privacy resilience.

Contribution

It identifies weaknesses in existing anonymization schemes against information fusion attacks and introduces a new approach to improve privacy protection in enterprise data.

Findings

Demonstrated a web-based information fusion attack on anonymized data

Identified limitations of current anonymization techniques in enterprise scenarios

Proposed a prototype for fusion-resilient data anonymization

Abstract

Data privacy is one of the key challenges faced by enterprises today. Anonymization techniques address this problem by sanitizing sensitive data such that individual privacy is preserved while allowing enterprises to maintain and share sensitive data. However, existing work on this problem make inherent assumptions about the data that are impractical in day-to-day enterprise data management scenarios. Further, application of existing anonymization schemes on enterprise data could lead to adversarial attacks in which an intruder could use information fusion techniques to inflict a privacy breach. In this paper, we shed light on the shortcomings of current anonymization schemes in the context of enterprise data. We define and experimentally demonstrate Web-based Information- Fusion Attack on anonymized enterprise data. We formulate the problem of Fusion Resilient Enterprise Data Anonymization and propose a prototype solution to address this problem.