The dining cryptographers problem: unconditional sender and recipient untraceability
Journal of Cryptology
Protecting Respondents' Identities in Microdata Release
IEEE Transactions on Knowledge and Data Engineering
The Magic of Duplicates and Aggregates
VLDB '90 Proceedings of the 16th International Conference on Very Large Data Bases
k-anonymity: a model for protecting privacy
International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems
Data Privacy through Optimal k-Anonymization
ICDE '05 Proceedings of the 21st International Conference on Data Engineering
On the complexity of optimal K-anonymity
PODS '04 Proceedings of the twenty-third ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
Incognito: efficient full-domain K-anonymity
Proceedings of the 2005 ACM SIGMOD international conference on Management of data
\ell -Diversity: Privacy Beyond \kappa -Anonymity
ICDE '06 Proceedings of the 22nd International Conference on Data Engineering
Proceedings of the 12th ACM SIGKDD international conference on Knowledge discovery and data mining
Handicapping attacker's confidence: an alternative to k-anonymization
Knowledge and Information Systems
ICDE '08 Proceedings of the 2008 IEEE 24th International Conference on Data Engineering
Indistinguishability: the other aspect of privacy
SDM'06 Proceedings of the Third VLDB international conference on Secure Data Management
An open design privacy-enhancing platform supporting location-based applications
Proceedings of the 6th International Conference on Ubiquitous Information Management and Communication
| Hi-index | 0.00 |
The concept of quasi-ID (QI) is fundamental to the notion of k-anonymity that has gained popularity recently as a privacy-preserving method in microdata publication. This paper shows that it is important to provide QI with a formal underpinning, which, surprisingly, has been generally absent in the literature. The study presented in this paper provides a first look at the correct and incorrect uses of QI in k-anonymization processes and exposes the implicit conservative assumptions when QI is used correctly. The original notions introduced in this paper include (1) k-anonymity under the assumption of a formally defined external information source, independent of the QI notion, and (2) k-QI, which is an extension of the traditional QI and is shown to be a necessary refinement. The concept of k-anonymity defined in a world without using QI is an interesting artifact itself, but more importantly, it provides a sound framework to gauge the use of QI for k-anonymization.