A critique and attack on "Blockchain-based privacy-preserving record linkage". Issue 108 (September 2022)
- Record Type:
- Journal Article
- Title:
- A critique and attack on "Blockchain-based privacy-preserving record linkage". Issue 108 (September 2022)
- Main Title:
- A critique and attack on "Blockchain-based privacy-preserving record linkage"
- Authors:
- Christen, Peter
Schnell, Rainer
Ranbaduge, Thilina
Vidanage, Anushka - Abstract:
- Abstract: Privacy-preserving record linkage (PPRL) is the process of identifying records in sensitive databases that refer to the same entities in applications where no private or confidential data can be shared by the owners of the databases being linked. In their paper "Blockchain-based Privacy-Preserving Record Linkage — Enhancing Data Privacy in an Untrusted Environment" (Nóbrega et al., 2021) (named BC-PPRL in the following), Nóbrega et al. (2021) proposed the use of blockchain technologies to provide accountability of the parties involved in a PPRL protocol and thereby allow the detection of misbehaving parties. While the use of blockchain techniques is an interesting and novel contribution to the research area of PPRL, as we show in this paper both theoretically and practically using a simple attack method, the BC-PPRL approach has some serious privacy weaknesses. We specifically highlight that one key aspect of the proposed approach, the exchange of Bloom filter segments between the database owners, can reveal substantially more sensitive information compared to what is stated in the paper by Nóbrega et al. (2021). Using a real-world data set we show how our attack can allow a database owner to reidentify with high accuracy a large number of the sensitive values that were encoded in the Bloom filter segments they receive from another database owner. We make the code and data sets of our attack available at: https://github.com/anushkavidanage/bc-pprlSegmentAtomAttack/Abstract: Privacy-preserving record linkage (PPRL) is the process of identifying records in sensitive databases that refer to the same entities in applications where no private or confidential data can be shared by the owners of the databases being linked. In their paper "Blockchain-based Privacy-Preserving Record Linkage — Enhancing Data Privacy in an Untrusted Environment" (Nóbrega et al., 2021) (named BC-PPRL in the following), Nóbrega et al. (2021) proposed the use of blockchain technologies to provide accountability of the parties involved in a PPRL protocol and thereby allow the detection of misbehaving parties. While the use of blockchain techniques is an interesting and novel contribution to the research area of PPRL, as we show in this paper both theoretically and practically using a simple attack method, the BC-PPRL approach has some serious privacy weaknesses. We specifically highlight that one key aspect of the proposed approach, the exchange of Bloom filter segments between the database owners, can reveal substantially more sensitive information compared to what is stated in the paper by Nóbrega et al. (2021). Using a real-world data set we show how our attack can allow a database owner to reidentify with high accuracy a large number of the sensitive values that were encoded in the Bloom filter segments they receive from another database owner. We make the code and data sets of our attack available at: https://github.com/anushkavidanage/bc-pprlSegmentAtomAttack/ . … (more)
- Is Part Of:
- Information systems. Issue 108(2022)
- Journal:
- Information systems
- Issue:
- Issue 108(2022)
- Issue Display:
- Volume 108, Issue 108 (2022)
- Year:
- 2022
- Volume:
- 108
- Issue:
- 108
- Issue Sort Value:
- 2022-0108-0108-0000
- Page Start:
- Page End:
- Publication Date:
- 2022-09
- Subjects:
- Bloom filter -- Hash encoding -- Atom attack -- Covert adversary model -- Privacy attack -- Linking sensitive data
Database management -- Periodicals
Electronic data processing -- Periodicals
Bases de données -- Gestion -- Périodiques
Informatique -- Périodiques
Database management
Electronic data processing
Periodicals
005.7 - Journal URLs:
- http://www.sciencedirect.com/science/journal/03064379 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.is.2021.101930 ↗
- Languages:
- English
- ISSNs:
- 0306-4379
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 4496.367300
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 21544.xml