Sign up to save your podcasts
Or
Share Episode 139 - Probable not Provable Privacy for Census Data vulnerable to attack - Chief Scientist Optus Macquarie University Cyber Security Hub
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Episode 139 - Probable not Provable Privacy for Census Data vulnerable to attack - Chief Scientist Optus Macquarie University Cyber Security Hub
Interview with Professor Dali Kaafar, Chief Scientist at Optus Macquarie University Cyber Security Hub and Professor at the Faculty of Science and Engineering at Macquarie University. Professor Kaafar and Macquarie University Lecturer Hassan Jameel Asghar, released a paper mid February, titled, ‘Averaging Attacks on Bounded Perturbation Algorithms’ (https://arxiv.org/pdf/1902.06414.pdf) that identifies and demonstrates a vulnerability of the Perturbation Algorithm used by the Australian Bureau of Statistics (https://www.abs.gov.au/) for its online tool, TableBuilder, that enables querying the Australian Census Data.
Dali Kaafar has disclosed “In a nutshell, the algorithm named TBE, perturbing answers to the queries by adding noise distributed within a bounded range is faulty and puts the highly sensitive original census data at major risk of being revealed. We demonstrated how an attacker, who may not know the perturbation parameters, can not only find any hidden parameters of the algorithm but also remove the noise to obtain the original answer to any query of choice. None of the attacks we presented depend on any background information. Implications of go beyond re-identification risks. The attack reveals values intended to be hidden by the TBE algorithm and hence reconstructs the original census data. While the attack is applicable to the actual Australian census data available through TableBuilder, for ethical considerations we only show the success of the attack on synthetic data. We note however, that the perturbation method used in ABS TableBuilder tool is proven vulnerable to this attack.
In response to the research, an ABS spokesperson stated, “The ABS is strongly committed to privacy. With emerging data analytics techniques, the ABS needs to be on the front foot of any emerging risks to the data we hold. We have been working, and will continue to work, with leading experts to ensure we are using the best approaches possible to protect individuals’ data.
The ABS has been working with Dr Kaafar and his co-researchers on Table Builder, and strategies to mitigate the vulnerability discovered by the researchers since early 2017. The ABS has already implemented measures to address the vulnerability. This includes reducing the amount of details to be accessed by certain Table Builder applications, strengthening the terms of use of Table Builder and also regularly monitoring the job logs to forestall any possible attacks.
There is no evidence of anyone’s privacy being compromised with the use of Table Builder.”
The discussion includes consideration to the Differential Privacy framework and the application of provable privacy versus probable privacy for the 2020 USA Census.
Interview recorded in Sydney on 26 February 2019.
Original release on the Australian Cyber Security Magazine website is available here (https://australiancybersecuritymagazine.com.au/census-data-at-major-risk-of-being-revealed-vulnerability-discovered-in-the-australian-bureau-of-statistics-tablebuilder-tool/)
View all episodes
By MySecurity Media
3.9
1919 ratings
Interview with Professor Dali Kaafar, Chief Scientist at Optus Macquarie University Cyber Security Hub and Professor at the Faculty of Science and Engineering at Macquarie University. Professor Kaafar and Macquarie University Lecturer Hassan Jameel Asghar, released a paper mid February, titled, ‘Averaging Attacks on Bounded Perturbation Algorithms’ (https://arxiv.org/pdf/1902.06414.pdf) that identifies and demonstrates a vulnerability of the Perturbation Algorithm used by the Australian Bureau of Statistics (https://www.abs.gov.au/) for its online tool, TableBuilder, that enables querying the Australian Census Data.
Dali Kaafar has disclosed “In a nutshell, the algorithm named TBE, perturbing answers to the queries by adding noise distributed within a bounded range is faulty and puts the highly sensitive original census data at major risk of being revealed. We demonstrated how an attacker, who may not know the perturbation parameters, can not only find any hidden parameters of the algorithm but also remove the noise to obtain the original answer to any query of choice. None of the attacks we presented depend on any background information. Implications of go beyond re-identification risks. The attack reveals values intended to be hidden by the TBE algorithm and hence reconstructs the original census data. While the attack is applicable to the actual Australian census data available through TableBuilder, for ethical considerations we only show the success of the attack on synthetic data. We note however, that the perturbation method used in ABS TableBuilder tool is proven vulnerable to this attack.
In response to the research, an ABS spokesperson stated, “The ABS is strongly committed to privacy. With emerging data analytics techniques, the ABS needs to be on the front foot of any emerging risks to the data we hold. We have been working, and will continue to work, with leading experts to ensure we are using the best approaches possible to protect individuals’ data.
The ABS has been working with Dr Kaafar and his co-researchers on Table Builder, and strategies to mitigate the vulnerability discovered by the researchers since early 2017. The ABS has already implemented measures to address the vulnerability. This includes reducing the amount of details to be accessed by certain Table Builder applications, strengthening the terms of use of Table Builder and also regularly monitoring the job logs to forestall any possible attacks.
There is no evidence of anyone’s privacy being compromised with the use of Table Builder.”
The discussion includes consideration to the Differential Privacy framework and the application of provable privacy versus probable privacy for the 2020 USA Census.
Interview recorded in Sydney on 26 February 2019.
Original release on the Australian Cyber Security Magazine website is available here (https://australiancybersecuritymagazine.com.au/census-data-at-major-risk-of-being-revealed-vulnerability-discovered-in-the-australian-bureau-of-statistics-tablebuilder-tool/)
More shows like Cyber Security Weekly Podcast
View all
Security Now (Audio)
1,979 Listeners
Risky Business
365 Listeners
Future Tense
73 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
366 Listeners
Politics Now
104 Listeners
Smashing Security
312 Listeners
Click Here
413 Listeners
Darknet Diaries
7,879 Listeners
Cybersecurity Today
166 Listeners
If You're Listening
313 Listeners
CISO Series Podcast
189 Listeners
Hacking Humans
314 Listeners
A Bit of Optimism
2,189 Listeners
Cyber Security Headlines
127 Listeners
The TED AI Show
46 Listeners