Paper Info
Title
A critique and attack on “Blockchain-based privacy-preserving record linkage”
Abstract
Privacy-preserving record linkage (PPRL) is the process of identifying records in sensitive databases that refer to the same entities in applications where no private or confidential data can be shared by the owners of the databases being linked. In their paper “Blockchain-based Privacy-Preserving Record Linkage — Enhancing Data Privacy in an Untrusted Environment” (Nóbrega et al., 2021) (named BC-PPRL in the following), Nóbrega et al. (2021) proposed the use of blockchain technologies to provide accountability of the parties involved in a PPRL protocol and thereby allow the detection of misbehaving parties. While the use of blockchain techniques is an interesting and novel contribution to the research area of PPRL, as we show in this paper both theoretically and practically using a simple attack method, the BC-PPRL approach has some serious privacy weaknesses. We specifically highlight that one key aspect of the proposed approach, the exchange of Bloom filter segments between the database owners, can reveal substantially more sensitive information compared to what is stated in the paper by Nóbrega et al. (2021). Using a real-world data set we show how our attack can allow a database owner to reidentify with high accuracy a large number of the sensitive values that were encoded in the Bloom filter segments they receive from another database owner. We make the code and data sets of our attack available at: https://github.com/anushkavidanage/bc-pprlSegmentAtomAttack/.
Year
DOI
Venue
2022
10.1016/j.is.2021.101930
Information Systems
Keywords
DocType
Volume
Bloom filter,Hash encoding,Atom attack,Covert adversary model,Privacy attack,Linking sensitive data
Journal
108
ISSN
Citations 
PageRank 
0306-4379
0
0.34
References 
Authors
0
4
Name
Order
Citations
PageRank
Peter Christen11697107.21
Rainer Schnell200.68
Thilina Ranbaduge300.34
Anushka Vidanage421.39