Exploring Privacy Preservation in Outsourced K-Nearest Neighbors with Multiple Data Owners

TL;DR

This paper investigates privacy issues in outsourced k-NN systems with multiple data owners, revealing vulnerabilities under certain threat models and proposing a privacy-preserving kernel density estimation alternative.

Contribution

It is the first to analyze privacy preservation in multi-owner outsourced k-NN systems and introduces a new privacy-preserving kernel density estimation method as a substitute.

Findings

Exact k-NN systems are vulnerable to adaptive attacks in multi-owner settings.

A privacy-preserving kernel density estimation algorithm is proposed.

Extensions of existing single-owner solutions are explored for various threat models.

Abstract

The k-nearest neighbors (k-NN) algorithm is a popular and effective classification algorithm. Due to its large storage and computational requirements, it is suitable for cloud outsourcing. However, k-NN is often run on sensitive data such as medical records, user images, or personal information. It is important to protect the privacy of data in an outsourced k-NN system. Prior works have all assumed the data owners (who submit data to the outsourced k-NN system) are a single trusted party. However, we observe that in many practical scenarios, there may be multiple mutually distrusting data owners. In this work, we present the first framing and exploration of privacy preservation in an outsourced k-NN system with multiple data owners. We consider the various threat models introduced by this modification. We discover that under a particularly practical threat model that covers numerous scenarios, there exists a set of adaptive attacks that breach the data privacy of any exact k-NN system. The vulnerability is a result of the mathematical properties of k-NN and its output. Thus, we propose a privacy-preserving alternative system supporting kernel density estimation using a Gaussian kernel, a classification algorithm from the same family as k-NN. In many applications, this similar algorithm serves as a good substitute for k-NN. We additionally investigate solutions for other threat models, often through extensions on prior single data owner systems.