Database Matching Under Adversarial Column Deletions

TL;DR

This paper studies how to match anonymized databases when an adversary can delete a fraction of columns to hinder matching, revealing the limits of privacy-preserving data publication under adversarial attacks.

Contribution

It introduces a two-phase scheme for adversarial database matching, providing necessary and sufficient conditions, and characterizes the adversarial matching capacity.

Findings

Adversarial column deletions significantly lower matching capacity than random deletions.

A two-phase detection and matching scheme achieves near-perfect recovery under certain conditions.

Adversarial mechanisms offer stronger privacy protection compared to random distortions.

Abstract

The de-anonymization of users from anonymized microdata through matching or aligning with publicly-available correlated databases has been of scientific interest recently. While most of the rigorous analyses of database matching have focused on random-distortion models, the adversarial-distortion models have been wanting in the relevant literature. In this work, motivated by synchronization errors in the sampling of time-indexed microdata, matching (alignment) of random databases under adversarial column deletions is investigated. It is assumed that a constrained adversary, which observes the anonymized database, can delete up to a $\delta$ fraction of the columns (attributes) to hinder matching and preserve privacy. Column histograms of the two databases are utilized as permutation-invariant features to detect the column deletion pattern chosen by the adversary. The detection of the column deletion pattern is then followed by an exact row (user) matching scheme. The worst-case analysis of this two-phase scheme yields a sufficient condition for the successful matching of the two databases, under the near-perfect recovery condition. A more detailed investigation of the error probability leads to a tight necessary condition on the database growth rate, and in turn, to a single-letter characterization of the adversarial matching capacity. This adversarial matching capacity is shown to be significantly lower than the random matching capacity, where the column deletions occur randomly. Overall, our results analytically demonstrate the privacy-wise advantages of adversarial mechanisms over random ones during the publication of anonymized time-indexed data.