Auditing Information Leakage for Distance Metrics

Yikan Chen and David Evans
Third IEEE Conference on Privacy, Security, Risk and Trust
Boston, MA
9-11 October 2011

Abstract

Many useful scenarios involve allowing untrusted users to run queries against secret data, so long as the results do not leak too much information. This problem has been studied widely for statistical queries, but not for queries with more direct semantics. In this paper, we consider the problem of auditing queries where the result is a distance metric between the query input and some secret data. We develop an efficient technique for estimating a lower bound on the entropy remaining after a series of query-responses that applies to a class of distance functions including Hamming distance. We also present a technique for ensuring that no individual bits of the secret sequence is leaked. In this paper, we formalize the information leakage problem, describe our design for a query auditor, and report on experiments showing the feasibility and effectiveness of our approach for sensitive sequences up to thousands of bits.

Paper

Full paper (10 pages): [PDF]
Talk slides (Yikan Chen): [PPTX] [PDF]

Project: www.securecomputation.org

David Evans
University of Virginia
Department of Computer Science
 evans@virginia.edu