Notes - MCS
Identification, Authentication and Authorization
Notes - MCS
Identification, Authentication and Authorization
  • Identification, Authentication and Authorization
  • Access Control Models
    • Access types
    • Least privilege principle
    • Access control models
      • Access control kinds
    • Access control kinds
    • Separation of duties
    • Segregation of duties
    • Information flow models
    • Multilevel security
    • Windows mandatory integrity control
    • Clark-Wilson Integrity Model
  • OAuth 2.0 Authorization Framework
    • Goal
    • Roles (RFC 6749)
    • Communication endpoints
    • Application (client)
    • OAuth tokens
    • OAuth flows
      • Code flow
      • Implicit flow
      • Resource owner password flow
      • Client credentials flow
    • Proof Key for Code Exchange (PKCE, RFC 7636)
    • Device authorization grant (RFC 8628)
    • Actual protocol flow
  • Linux Security Mechanisms
    • Mechanisms
    • Linux management privileges
    • Privilege Elevation
    • Capabilities
    • Files extended attributes (xattr)
    • File capabilities
    • Capability transfer across exec
    • Control groups (cgroups)
    • Linux Security Modules (LSM)
    • AppArmor
    • Confinement
  • Authentication Protocols
    • Identity attributes
    • Authentication
    • Authentication interactions
    • Authentication of people
      • Biometrics
      • Token-based OTP generators
      • PAP & CHAP (RFC 1334, 1992, RFC 1994, 1996)
      • S/Key (RFC 2289, 1998)
      • GSM
    • Host authentication
    • Service/server authentication
    • TLS (Transport Layer Security, RFC 8446)
    • SSH (Secure Shell, RFC 4251)
    • Single Sign-On (SSO)
    • Authentication metaprotocols
    • Authentication services
    • Key distribution services
  • PAM (Pluggable Authentication Modules)
    • Motivation
    • PAM
    • PAM APIs
    • Orchestration of PAM actions
    • Module invocation
    • Configuration files
    • PAM orchestration files
    • Scenario 1 – Local authentication
    • Scenario 2 – LDAP auth with local backoff
    • Scenario 3 – MS AD auth with local backoff
  • FIDO and FIDO2 framework
    • FIDO (Fast Identity Online) Alliance
    • Universal 2nd Factor (U2F) protocol
    • WebAuthn
    • Client to Authenticator Protocol (CTAP)
    • Passkeys
  • Authentication with Trusted Third Parties / KDCs
    • Shared-key authentication
    • Key Distribution Center (KDC) concept
    • Kerberos
  • Identity Management
    • Digital Identity
    • Identity Manager (IdM)
    • Identity Provider (IdP)
    • Authoritative source
    • Identity claim
    • Approachs
    • Credential
    • Privacy issues
    • Verifiable credential (VC)
    • Self-Sovereign Identity (SSI)
    • Interoperability
    • eIDAS
  • Anonymity and Privacy
    • Privacy
    • IEEE Digital Privacy Model
    • Privacy with computing technology
    • Privacy and companies
    • Privacy and IAA
    • Identification
    • Authentication
    • Anonymity
    • Microdata privacy issues
    • Microdata privacy enhancing
    • L-Diversity
Powered by GitBook
On this page
  • Solution
  • l-diverse k-anonymity
  • l-diversity
  • 2-anonymity 1-diversity results
  • 2-anonymity 2-diversity results
  • k-anonymity and l-diversity have flaws
  • Attacks on k-anonymity
  • Attacks on l-diversity
  1. Anonymity and Privacy

L-Diversity

Last updated 11 months ago

K-anonymity is not enough!

Homogeneity attack

  • The attacker knows the generalized Quase-Identificiers of a target

  • A query reveals the exact same sensitive attributes

  • The attacker gets the sensitive attribute of the target

  • Issue: lack of diversity in the results

Background knowledge attack

  • The attacker can filter out query results using known information

Solution

l-diverse k-anonymity

Results from a k-anonymity result of a query must contain l different values for each sensitive attribute

l-diversity

2-anonymity 1-diversity results

2-anonymity 2-diversity results

k-anonymity and l-diversity have flaws

k-anonymity: each equivalence class has at least k records to protect against identity disclosure.

  • k-anonymity is vulnerable to homogeneity attacks and background knowledge attacks.

Attacks on k-anonymity

Homogeneity attack

  • Bob is a 27-year old man living in zip code 47678 and Bob’s record is in the table.

  • So Bob corresponds to one of the first three records and must have heart disease.

Background knowledge attack

  • Carl is a 32-year old man living in zip code 47622. Therefore he is in the last equivalence class in Table 2.

  • If you know that Carl has a low risk for heart disease then you can conclude that Carl probably has cancer.

l-diversity: distribution of a sensitive attribute in each equivalence class has at least l “well represented” values to protect against attribute disclosure.

l-diversity is vulnerable to skewness attacks and similarity attacks.

  • Skewness: keeping diverse groups may change statistical properties

  • Similarity: similar concepts are not handled

Attacks on l-diversity

Similarity Attack:

  • Table 4 anonymizes table 3. Its sensitive attributes are Salary and Disease.

  • If you know Bob has a low salary (3k-5k) then you know that he has a stomach related disease.

  • This is because l-diversity takes into account the diversity of sensitive values in the group, but does not take into account the semantical closeness of the values.

10,000 records about a virus that affects 1% of the population.

Skewness attack: with 2-diversity we have an equal number of positive and negative records.

This gives everyone in this equivalence class a 50% chance of having the virus, which is much higher than the real distribution.