Fine-grained Manipulation Attacks to Local Differential Privacy Protocols for Data Streams

TL;DR

This paper introduces novel fine-grained manipulation attacks targeting local differential privacy protocols in data streams, revealing vulnerabilities and proposing defenses to enhance streaming data privacy security.

Contribution

It develops a unified attack framework for streaming LDP protocols, addressing a gap in security analysis for dynamic data environments.

Findings

Attacks can successfully manipulate streaming LDP outputs.

The framework adapts to various LDP models and tasks.

Proposed defenses can mitigate manipulation risks.

Abstract

Local Differential Privacy (LDP) enables massive data collection and analysis while protecting end users' privacy against untrusted aggregators. It has been applied to various data types (e.g., categorical, numerical, and graph data) and application settings (e.g., static and streaming). Recent findings indicate that LDP protocols can be easily disrupted by poisoning or manipulation attacks, which leverage injected/corrupted fake users to send crafted data conforming to the LDP reports. However, current attacks primarily target static protocols, neglecting the security of LDP protocols in the streaming settings. Our research fills the gap by developing novel fine-grained manipulation attacks to LDP protocols for data streams. By reviewing the attack surfaces in existing algorithms, We introduce a unified attack framework with composable modules, which can manipulate the LDP estimated stream toward a target stream. Our attack framework can adapt to state-of-the-art streaming LDP algorithms with different analytic tasks (e.g., frequency and mean) and LDP models (event-level, user-level, w-event level). We validate our attacks theoretically and through extensive experiments on real-world datasets, and finally explore a possible defense mechanism for mitigating these attacks.