Cultural advice

The Australian National University acknowledges, celebrates and pays our respects to the Ngunnawal and Ngambri people of the Canberra region and to all First Nations Australians on whose traditional lands we meet and work, and whose cultures are among the oldest continuing cultures in human history.

Aboriginal and Torres Strait Islander peoples are advised that ANU Library collections may include images, names, voices, and other representations of deceased persons.

Material in the collection may contain terms, language or views that reflect the period in which the item was created and may be considered inappropriate today.

A critique and attack on "Blockchain-based privacy-preserving record linkage"

Loading...
Thumbnail Image

Date

Authors

Christen, Peter
Schnell, Rainer
Ranbaduge, Thilina
Vidanage, Anushka

Journal Title

Journal ISSN

Volume Title

Publisher

Elsevier Ltd

Abstract

Privacy-preserving record linkage (PPRL) is the process of identifying records in sensitive databases that refer to the same entities in applications where no private or confidential data can be shared by the owners of the databases being linked. In their paper “Blockchain-based Privacy-Preserving Record Linkage — Enhancing Data Privacy in an Untrusted Environment” (Nóbrega et al., 2021) (named BC-PPRL in the following), Nóbrega et al. (2021) proposed the use of blockchain technologies to provide accountability of the parties involved in a PPRL protocol and thereby allow the detection of misbehaving parties. While the use of blockchain techniques is an interesting and novel contribution to the research area of PPRL, as we show in this paper both theoretically and practically using a simple attack method, the BC-PPRL approach has some serious privacy weaknesses. We specifically highlight that one key aspect of the proposed approach, the exchange of Bloom filter segments between the database owners, can reveal substantially more sensitive information compared to what is stated in the paper by Nóbrega et al. (2021). Using a real-world data set we show how our attack can allow a database owner to reidentify with high accuracy a large number of the sensitive values that were encoded in the Bloom filter segments they receive from another database owner. We make the code and data sets of our attack available at: https://github.com/anushkavidanage/bc-pprlSegmentAtomAttack/.

Description

Citation

Source

Information Systems

Book Title

Entity type

Access Statement

License Rights

Restricted until

2099-12-31