Anonymizace videa / Video Anonymization

Mokrý, Martin

January 2019

The goal of this thesis is to design and create an automatic system for video anonymization. This system makes use of various object detectors on an image to ensure functionality, as well as active tracking of objects detected in this manner. Adjustments are later applied to these detected objects which ensure sufficient level of anonymization. The main asset of this system is speeding up the anonymization process of videos that can be published after.

Neuroinformatika a sdílení dat z lékařských zobrazovacích systémů / Neuroinformatics and sharing data from medical imaging systems

Klimek, Martin

January 2010

The presented master's thesis deals with the issue of storing and sharing data from medical imaging systems. This thesis, inter alia, consists of organizational and informatics aspects of medical imaging systems data in multicentric studies containing MRI brain images. This thesis also includes technical design of a web-based application for image data sharing including a web interface suitable for manipulation with the image data stored in a database.

Anonymizace SPZ vozidel / Car Licence Plate Anonymization

Skřivánková, Barbora

January 2016

While browsing an online map server, continuous photographs of certain places can be browsed as well. When the map service takes pictures of a public space, there are some personal data captured as well (i.e. faces, car licence plates). The goal of this thesis is the design of automated car licence plates anonymization system, optimized for the Panorama service provided by the Seznam.cz a.s. corporation. In this thesis, the process of car licence plate anonymization is divided into two parts: the first one solves a detection of cars and the second solves a car licence plate localization in the selected image. The car detection is based on the deep neural network approach, the car licence plate localization is solved by using a fully connected neural network performing a regression task. The goal of this thesis is to get over the disadvantages of commercial solution used nowadays. These are false posititive results and high computational complexity. Results of this thesis are not as good as expected. The reason could be a dataset provided by Seznam.cz a.s. corporation, which seemed to be robust enough in the beginning, but in the end it showed up to be not suffice enough to train the neural network.

Analyse verschiedener Distanzmetriken zur Messung des Anonymisierungsgrades theta

Eisoldt, Martin, Neise, Carsten, Müller, Andreas

23 August 2019

Das bereits existierende Konzept zur Bewertung der Anonymisierung von Testdaten wird in dieser Arbeit weiter untersucht. Dabei zeigen sich die Vor- und Nachteile gegenüber bereits existierenden Distanzmetriken. Weiterführend wird untersucht, welchen Einfluss Parameteränderungen auf die Ergebnisse haben.

info:eu-repo/classification/ddc/000

ddc:000

Anonymisierung ; Testdaten

Inference attacks on geolocated data / Attaques d'inférence sur des bases de données géolocalisées

Nuñez del Prado Cortez, Miguel

12 December 2013

Au cours des dernières années, nous avons observé le développement de dispositifs connectéset nomades tels que les téléphones mobiles, tablettes ou même les ordinateurs portablespermettant aux gens d’utiliser dans leur quotidien des services géolocalisés qui sont personnalisésd’après leur position. Néanmoins, les services géolocalisés présentent des risques enterme de vie privée qui ne sont pas forcément perçus par les utilisateurs. Dans cette thèse,nous nous intéressons à comprendre les risques en terme de vie privée liés à la disséminationet collection de données de localisation. Dans ce but, les attaques par inférence que nousavons développé sont l’extraction des points d’intérêts, la prédiction de la prochaine localisationainsi que la désanonymisation de traces de mobilité, grâce à un modèle de mobilité quenous avons appelé les chaînes de Markov de mobilité. Ensuite, nous avons établi un classementdes attaques d’inférence dans le contexte de la géolocalisation se basant sur les objectifsde l’adversaire. De plus, nous avons évalué l’impact de certaines mesures d’assainissement àprémunir l’efficacité de certaines attaques par inférence. En fin nous avons élaboré une plateformeappelé GEoPrivacy Enhanced TOolkit (GEPETO) qui permet de tester les attaques parinférences développées. / In recent years, we have observed the development of connected and nomad devices suchas smartphones, tablets or even laptops allowing individuals to use location-based services(LBSs), which personalize the service they offer according to the positions of users, on a dailybasis. Nonetheless, LBSs raise serious privacy issues, which are often not perceived by the endusers. In this thesis, we are interested in the understanding of the privacy risks related to thedissemination and collection of location data. To address this issue, we developed inferenceattacks such as the extraction of points of interest (POI) and their semantics, the predictionof the next location as well as the de-anonymization of mobility traces, based on a mobilitymodel that we have coined as mobility Markov chain. Afterwards, we proposed a classificationof inference attacks in the context of location data based on the objectives of the adversary.In addition, we evaluated the effectiveness of some sanitization measures in limiting the efficiencyof inference attacks. Finally, we have developed a generic platform called GEPETO (forGEoPrivacy Enhancing Toolkit) that can be used to test the developed inference attacks

Attaque par inférence

Respect de la vie privée

Géolocalisation

Désanonymisation

Extraction des points d’intèrêts

Prédiction de la mobilité

Inference attack

Privacy

Location-based service

Extraction of points of interests

Mobility prediction

De-anonymization

621.384

Seed and Grow: An Attack Against Anonymized Social Networks

Peng, Wei

07 August 2012

Indiana University-Purdue University Indianapolis (IUPUI) / Digital traces left by a user of an on-line social networking service can be abused by a malicious party to compromise the person’s privacy. This is exacerbated by the increasing overlap in user-bases among various services. To demonstrate the feasibility of abuse and raise public awareness of this issue, I propose an algorithm, Seed and Grow, to identify users from an anonymized social graph based solely on graph structure. The algorithm first identifies a seed sub-graph either planted by an attacker or divulged by collusion of a small group of users, and then grows the seed larger based on the attacker’s existing knowledge of the users’ social relations. This work identifies and relaxes implicit assumptions taken by previous works, eliminates arbitrary parameters, and improves identification effectiveness and accuracy. Experiment results on real-world collected datasets further corroborate my expectation and claim.

social networks; anonymization; privacy

Data protection

Computer security

Internet -- Safety measures

Privacy, Right of

Computer networks -- Social aspects

Research in methods for achieving secure voice anonymization : Evaluation and improvement of voice anonymization techniques for whistleblowing / Forskning i metoder för säker röstanonymisering : Utvärdering och förbättring av röstanonymiseringstekniker för visselblåsning

Hellman, Erik, Nordstrand, Mattias

January 2022

Safe whistleblowing within companies could give a more transparent and open society, and keeping the whistleblower safe is key, this has led to a new EU Whistleblowing Directive requiring each organization with more than 249 employees to provide an internal channel for whistleblowing before 17 July 2022. A whistleblowing service within an entity should provide secure communication for the organization and its employees. One way to make whistleblowing more accessible is by providing a service for verbal reporting, for example by recording and sending voice messages. However, ensuring that the speaker is secure and can feel anonymous can be difficult since speech varies between individuals - different accents, pitch, or the speed of the voice are examples of factors that a speaker can be identified by. Common ways of voice anonymization, that you hear on the news for example, can often be backtracked or in other ways be deanonymized such that the speaker’s identity is revealed, especially for people who know the speaker. Today we have many developing technologies, such as machine learning, which could be used to greatly improve anonymity or deanonymization. However, greater anonymity is often costly with regard to the intelligibility and sometimes the naturalness of the voice content. Therefore, we studied and evaluated a number of anonymization methods with respect to anonymity, intelligibility, and overall user-friendliness. The aim of this was to map what anonymization methods are suitable for whistleblowing and implement proof of concepts of such an anonymizer. The results show differences between anonymization methods and that some perform better than others, but in different ways. Different methods should be selected depending on the perceived threat. We designed working proof of concepts that can be used in a whistleblowing service and present when respective solutions could be used. Our work shows ways for securer whistleblowing and will be a basis for future work and implementation for the host company Nebulr. / Säker visselblåsning inom företag skulle kunna ge ett mer transparent och öppet samhälle, och att hålla visselblåsaren säker är fundamentalt viktigt, varpå ett nytt EU-direktiv för visselblåsning har formats. Detta direktiv kräver att varje verksamhet med fler än 249 anställda tillhandahåller en intern kanal för visselblåsning före den 17 juli 2022. En tjänst för visselblåsning inom en verksamhet bör tillhandahålla trygg kommunikation för organisationen och dess anställda. Ett sätt att göra visselblåsning mer tillgängligt är genom att tillhandahålla en tjänst för muntligt rapportering, till exempel genom att spela in och skicka röstmeddelanden. Att se till att talaren kan känna sig anonym och trygg kan dock vara svårt eftersom tal skiljer sig mellan individer – olika dialekter, tonhöjd eller tempo är exempel på faktorer som man kan identifieras genom. Vanliga sätt att anonymisera rösten, som man till exempel hör på nyheterna, kan ofta spåras tillbaka eller på andra sätt deanonymiseras så att identiteten avslöjas, särskilt för personer som känner talaren. Idag har vi många teknologier som fortfarande utvecklas och förbättras i det växande området information och kommunikationsteknik, exempelvis maskininlärning, som kan användas för att förbättra anonymiteten. Men mer anonymitet kommer ofta på bekostnad av förståeligheten och ibland röstens naturlighet. Därför studerade och utvärderade vi olika anonymiseringsmetoder utifrån anonymitet, förståelighet och användarvänlighet överlag. Syftet med detta var att kartlägga vilka anonymiseringsmetoder som är lämpliga för visselblåsning och implementera proof of concepts av anonymiserare. Vårt resultat visar på skillnader mellan olika anonymiseringsmetoder och att vissa metoder presterar bättre än andra, men på olika sätt. Olika metoder bör användas beroende på den upplevda hotbilden och vad man eftersträvar. Vi skapade proof-of-concepts för de metoder vi undersökt och beskriver när och för vilka situationer som respektive metod skulle kunna användas. Vårt arbete visar hur man kan uppnå säkrare visselblåsning och kommer att ligga till grund för framtida utveckling och implementering för företaget Nebulr.

Voice anonymization

voice deanonymization

data privacy

machine learning

neural networks

whistleblowing

röstanonymisering

röstdeanonymisering

datasäkerhet

maskininlärning

neurala nätverk

visselblåsning

Computer Sciences

Datavetenskap (datalogi)

Computer Engineering

Datorteknik

Bluetooth-enheter i offentliga rummet och anonymisering av data

Nilsson, Mattias, Olsson, Sebastian

January 2015

Internet of Things (IoT) ger stora möjligheter att samla in data för olika syfte som till exempel att estimera antalet personer för att styra värmen i ett rum. Vidare så kan IoT-system automatisera uppgifter som kan hjälpa oss människor. Den här studien syftar till vilken typ av data som kan vara intressant att samla in för att kunna estimera antalet personer på en offentlig plats. Det handlar även om hur känslig data som samlas in kan anonymiseras. För att göra detta så valdes det att undersöka hur MAC-adresser från Bluetooth-enheter skulle fungerar för att uppskatta antalet personer. För att samla in MAC-adresser så utvecklades ett proof of concept-system där en Android-applikation samlade in MAC-adresser som anonymiserades innan de lagrades i en databas. Applikationen anonymiserar den unika MAC-adressen enligt tre nivåer med olika säkerhet. Fältstudier gjordes där antalet personer räknades visuellt sedan gjordes anonymiserade insamlingar av MAC-adresser. Slutsatsen var att Bluetooth blir svårt att använda för att estimera antal personer eftersom alla inte har Bluetooth på. Applikationen som utvecklats påvisar att data kan samlas in säkert och på så sätt inte kränka integritet. / Internet of Things (IoT) provides great opportunities to collect data for different purposes such as to estimate the number of people to control the heat in a room. Furthermore, IoT systems can automate tasks that can help us humans. This study is aimed at the type of data that can be interesting to gather in order to estimate the number of people in a public place. It is also about how sensitive data can be anonymized when gathered. To do this, Bluetooth devices was chosen for investigating how the MAC addresses would work to estimate the number of people. For collecting MAC addresses a proof of concept system was developed, where an Android application was used to collect MAC addresses. These MAC addresses were anonymized before being stored in a database. The application anonymize the unique MAC address according to three levels of security. Field studies were conducted as the number of people were counted visually then anonymous collection of MAC addresses were made. The conclusion was that Bluetooth will be difficult to use for estimating the number of people because not everyone has Bluetooth on. The application developed demonstrates that data can be collected safely and thus does not violate privacy.

Android

Anonymisering

Anonymization

Bluetooth

Data storage

Datalagring

Information gathering

Informationsinsamling

Integritet

Integrity

MAC address

MAC-adress

Privacy

Security

Säkerhet

Engineering and Technology

Teknik och teknologier

Anonymization Techniques for Privacy-preserving Process Mining

Fahrenkrog-Petersen, Stephan A.

30 August 2023

Process Mining ermöglicht die Analyse von Event Logs. Jede Aktivität ist durch ein Event in einem Trace recorded, welcher jeweils einer Prozessinstanz entspricht. Traces können sensible Daten, z.B. über Patienten enthalten. Diese Dissertation adressiert Datenschutzrisiken für Trace Daten und Process Mining. Durch eine empirische Studie zum Re-Identifikations Risiko in öffentlichen Event Logs wird die hohe Gefahr aufgezeigt, aber auch weitere Risiken sind von Bedeutung. Anonymisierung ist entscheidend um Risiken zu adressieren, aber schwierig weil gleichzeitig die Verhaltensaspekte des Event Logs erhalten werden sollen. Dies führt zu einem Privacy-Utility-Trade-Off. Dieser wird durch neue Algorithmen wie SaCoFa und SaPa angegangen, die Differential Privacy garantieren und gleichzeitig Utility erhalten. PRIPEL ergänzt die anonymiserten Control-flows um Kontextinformationen und ermöglich so die Veröffentlichung von vollständigen, geschützten Logs. Mit PRETSA wird eine Algorithmenfamilie vorgestellt, die k-anonymity garantiert. Dafür werden privacy-verletztende Traces miteinander vereint, mit dem Ziel ein möglichst syntaktisch ähnliches Log zu erzeugen. Durch Experimente kann eine bessere Utility-Erhaltung gegenüber existierenden Lösungen aufgezeigt werden. / Process mining analyzes business processes using event logs. Each activity execution is recorded as an event in a trace, representing a process instance's behavior. Traces often hold sensitive info like patient data. This thesis addresses privacy concerns arising from trace data and process mining. A re-identification risk study on public event logs reveals high risk, but other threats exist. Anonymization is vital to address these issues, yet challenging due to preserving behavioral aspects for analysis, leading to a privacy-utility trade-off. New algorithms, SaCoFa and SaPa, are introduced for trace anonymization using noise for differential privacy while maintaining utility. PRIPEL supplements anonymized control flows with trace contextual info for complete protected logs. For k-anonymity, the PRETSA algorithm family merges privacy-violating traces based on a prefix representation of the event log, maintaining syntactic similarity. Empirical evaluations demonstrate utility improvements over existing techniques.

Process Mining

Datenschutz

Anonymisierung

Responsible Data Science

Process Mining

Privacy

Anonymization

Responsible Data Science

004 Informatik

ST 530

ddc:004

ddc:005

Der Schutz der Privatsphäre bei der Anfragebearbeitung in Datenbanksystemen

Dölle, Lukas

13 June 2016

In den letzten Jahren wurden viele Methoden entwickelt, um den Schutz der Privatsphäre bei der Veröffentlichung von Daten zu gewährleisten. Die meisten Verfahren anonymisieren eine gesamte Datentabelle, sodass sensible Werte einzelnen Individuen nicht mehr eindeutig zugeordnet werden können. Deren Privatsphäre gilt als ausreichend geschützt, wenn eine Menge von mindestens k sensiblen Werten existiert, aus der potentielle Angreifer den tatsächlichen Wert nicht herausfinden können. Ausgangspunkt für die vorliegende Arbeit ist eine Sequenz von Anfragen auf personenbezogene Daten, die durch ein Datenbankmanagementsystem mit der Rückgabe einer Menge von Tupeln beantwortet werden. Das Ziel besteht darin herauszufinden, ob Angreifer durch die Kenntnis aller Ergebnisse in der Lage sind, Individuen eindeutig ihre sensiblen Werte zuzuordnen, selbst wenn alle Ergebnismengen anonymisiert sind. Bisher sind Verfahren nur für aggregierte Anfragen wie Summen- oder Durchschnittsbildung bekannt. Daher werden in dieser Arbeit Ansätze entwickelt, die den Schutz auch für beliebige Anfragen gewährleisten. Es wird gezeigt, dass die Lösungsansätze auf Matchingprobleme in speziellen Graphen zurückgeführt werden können. Allerdings ist das Bestimmen größter Matchings in diesen Graphen NP-vollständig. Aus diesem Grund werden Approximationsalgorithmen vorgestellt, die in Polynomialzeit eine Teilmenge aller Matchings konstruieren, ohne die Privatsphäre zu kompromittieren. / Over the last ten years many techniques for privacy-preserving data publishing have been proposed. Most of them anonymize a complete data table such that sensitive values cannot clearly be assigned to individuals. Their privacy is considered to be adequately protected, if an adversary cannot discover the actual value from a given set of at least k values. For this thesis we assume that users interact with a data base by issuing a sequence of queries against one table. The system returns a sequence of results that contains sensitive values. The goal of this thesis is to check if adversaries are able to link uniquely sensitive values to individuals despite anonymized result sets. So far, there exist algorithms to prevent deanonymization for aggregate queries. Our novel approach prevents deanonymization for arbitrary queries. We show that our approach can be transformed to matching problems in special graphs. However, finding maximum matchings in these graphs is NP-complete. Therefore, we develop several approximation algorithms, which compute specific matchings in polynomial time, that still maintaining privacy.

Datenbanken

Datenschutz

Anfragebearbeitung

Schutz der Privatsphäre

Anonymisierung

privacy

databases

data protection

query processing

anonymization

004 Informatik

28 Informatik, Datenverarbeitung

ST 277

RW 60447

RW 60501

ST 270

ddc:004