Inference attack explained

An Inference Attack is a data mining technique performed by analyzing data in order to illegitimately gain knowledge about a subject or database.[1] A subject's sensitive information can be considered as leaked if an adversary can infer its real value with a high confidence.[2] This is an example of breached information security. An Inference attack occurs when a user is able to infer from trivial information more robust information about a database without directly accessing it.[3] The object of Inference attacks is to piece together information at one security level to determine a fact that should be protected at a higher security level.[4]

While inference attacks were originally discovered as a threat in statistical databases,[5] today they also pose a major privacy threat in the domain of mobile and IoT sensor data. Data from accelerometers, which can be accessed by third-party apps without user permission in many mobile devices,[6] has been used to infer rich information about users based on the recorded motion patterns (e.g., driving behavior, level of intoxication, age, gender, touchscreen inputs, geographic location).[7] Highly sensitive inferences can also be derived, for example, from eye tracking data,[8] [9] smart meter data[10] [11] and voice recordings (e.g., smart speaker voice commands).[12]

Notes and References

  1. http://research.microsoft.com/~jckrumm/Publications%202007/inference%20attack%20refined02%20distribute.pdf "Inference Attacks on Location Tracks" by John Krumm
  2. http://www.ics.uci.edu/~chenli/pub/2007-dasfaa.pdf "Protecting Individual Information AgainstInference Attacks in Data Publishing" by Chen Li, Houtan Shirani-Mehr, and Xiaochun Yang
  3. http://andromeda.rutgers.edu/~gshafer/raman.pdf "Detecting Inference Attacks Using Association Rules" by Sangeetha Raman, 2001
  4. http://databases.about.com/od/security/l/aainference.htm "Database Security Issues: Inference" by Mike Chapple
  5. Book: V. P. Lane. Security of Computer Based Information Systems. 8 November 1985. Macmillan International Higher Education. 978-1-349-18011-0. 11–.
  6. Bai. Xiaolong. Yin. Jie. Wang. Yu-Ping. Sensor Guardian: prevent privacy inference on Android sensors. EURASIP Journal on Information Security. 2017. 1. 2017. 2510-523X. 10.1186/s13635-017-0061-8. free.
  7. Privacy implications of accelerometer data: a review of possible inferences . Kröger . Jacob Leon . Raschke . Philip . January 2019 . ACM, New York . Proceedings of the International Conference on Cryptography, Security and Privacy . 81–87 . 10.1145/3309074.3309076. free .
  8. Book: Liebling. Daniel J.. Preibusch. Sören. Proceedings of the 2014 ACM International Joint Conference on Pervasive and Ubiquitous Computing: Adjunct Publication . Privacy considerations for a pervasive eye tracking world. 2014. 1169–1177. 10.1145/2638728.2641688. 9781450330473 . 3663921 .
  9. Book: Kröger. Jacob Leon. Lutz. Otto Hans-Martin. Müller. Florian. Privacy and Identity Management. Data for Better Living: AI and Privacy . What Does Your Gaze Reveal About You? On the Privacy Implications of Eye Tracking. IFIP Advances in Information and Communication Technology . 576. 2020. 226–241. 1868-4238. 10.1007/978-3-030-42504-3_15. 978-3-030-42503-6 . free.
  10. Book: Clement. Jana. Ploennigs. Joern. Kabitzsch. Klaus. Ambient Assisted Living . Detecting Activities of Daily Living with Smart Meters. Advanced Technologies and Societal Change . 2014. 143–160. 2191-6853. 10.1007/978-3-642-37988-8_10. 978-3-642-37987-1 .
  11. Sankar. Lalitha. Rajagopalan. S.R.. Mohajer. Soheil. Poor. H.V.. Smart Meter Privacy: A Theoretical Framework. IEEE Transactions on Smart Grid. 4. 2. 2013. 837–846. 1949-3053. 10.1109/TSG.2012.2211046. 13471323 .
  12. Book: Kröger. Jacob Leon. Lutz. Otto Hans-Martin. Raschke. Philip. Privacy and Identity Management. Data for Better Living: AI and Privacy . Privacy Implications of Voice and Speech Analysis – Information Disclosure by Inference. IFIP Advances in Information and Communication Technology . 576. 2020. 242–258. 1868-4238. 10.1007/978-3-030-42504-3_16. 978-3-030-42503-6 . free.