Abstract
Real-world entities are not always represented by the same set of features in different data sets. Therefore, matching records of the same real-world entity distributed across these data sets is a challenging task. If the data sets contain private information, the problem becomes even more difficult. Existing solutions to this problem generally follow two approaches: sanitization techniques and cryptographic techniques. We propose a hybrid technique that combines these two approaches and enables users to trade off between privacy, accuracy, and cost. Our main contribution is the use of a blocking phase that operates over sanitized data to filter out in a privacy-preserving manner pairs of records that do not satisfy the matching condition. We also provide a formal definition of privacy and prove that the participants of our protocols learn nothing other than their share of the result and what can be inferred from their share of the result, their input and sanitized views of the input data sets (which are considered public information). Our method incurs considerably lower costs than cryptographic techniques and yields significantly more accurate matching results compared to sanitization techniques, even when privacy requirements are high.
| Original language | English |
|---|---|
| Article number | 6200290 |
| Pages (from-to) | 684-698 |
| Number of pages | 15 |
| Journal | IEEE Transactions on Dependable and Secure Computing |
| Volume | 9 |
| Issue number | 5 |
| DOIs | |
| Publication status | Published - 2012 |
| Externally published | Yes |
Keywords
- Privacy
- anonymization
- differential privacy
- record matching
- security