An Improved Security Requirement for Data Perturbation with Implications for E‐Commerce
针对数值数据扰动方法,提出一种新的安全需求,在保证合法用户访问的同时不增加窥探者预测机密信息的能力,并给出实现该需求的规范,通过数值例子验证效果,讨论对电子商务的意义。
Abstract With the rapid increase in the ability to store and analyze large amounts of data, organizations are gathering extensive data regarding their customers, vendors, and other entities. There has been a concurrent increase in the demand for preserving the privacy of confidential data that may be collected. The rapid growth of e‐commerce has also increased calls for maintaining privacy and confidentiality of data. For numerical data, data perturbation methods offer an easy yet effective solution to the dilemma of providing access to legitimate users while protecting the data from snoopers (legitimate users who perform illegitimate analysis). In this study, we define a new security requirement that achieves the objective of providing access to legitimate users without an increase in the ability of a snooper to predict confidential information. We also derive the specifications under which perturbation methods can achieve this objective. Numerical examples are provided to show that the use of the new specification achieves the objective of no additional information to the snooper. Implications of the new specification for e‐commerce are discussed.