The linkage of records to identify common entities across multiple data sources has gained increasing interest over the last few decades. In the absence of unique entity identifiers, quasi-identifying attributes such as personal names and addresses are generally used to link records. Due to privacy concerns that arise when such sensitive information is used, privacy-preserving record linkage (PPRL) methods have been proposed to link records without revealing any sensitive or confidential information about these records. Popular PPRL methods such as Bloom filter encoding, however, are known to be susceptible to various privacy attacks. Therefore, a systematic analysis of the privacy risks associated with sensitive databases as well as PPRL methods used in linkage projects is of great importance. In this article we present a novel framework to assess the vulnerabilities of sensitive databases and existing PPRL encoding methods. We discuss five types of vulnerabilities: frequency, length, co-occurrence, similarity, and similarity neighborhood, of both plaintext and encoded values that an adversary can exploit in order to reidentify sensitive plaintext values from encoded data. In an experimental evaluation we assess the vulnerabilities of two databases using five existing PPRL encoding methods. This evaluation shows that our proposed framework can be used in real-world linkage applications to assess the vulnerabilities associated with sensitive databases to be linked, as well as with PPRL encoding methods.

在过去的几十年里，通过记录链接来识别多个数据源中的共同实体引起了越来越多的兴趣。在缺乏唯一实体标识符的情况下，通常使用个人姓名和地址等准识别属性来链接记录。由于使用此类敏感信息时会出现隐私问题，因此提出了隐私保护记录链接（PPRL）方法来链接记录，而不会泄露有关这些记录的任何敏感或机密信息。然而，众所周知，流行的 PPRL 方法（例如布隆过滤器编码）容易受到各种隐私攻击。因此，系统分析与敏感数据库相关的隐私风险以及链接项目中使用的 PPRL 方法非常重要。在本文中，我们提出了一种新颖的框架来评估敏感数据库和现有 PPRL 编码方法的漏洞。我们讨论明文和编码值的五种类型的漏洞：频率、长度、共现、相似性和相似邻域，攻击者可以利用这些漏洞从编码数据中重新识别敏感的明文值。在实验评估中，我们使用五种现有的 PPRL 编码方法评估两个数据库的漏洞。该评估表明，我们提出的框架可用于现实世界的链接应用程序，以评估与要链接的敏感数据库以及 PPRL 编码方法相关的漏洞。明文和编码值的长度、共现、相似性和相似性邻域，攻击者可以利用这些信息从编码数据中重新识别敏感的明文值。在实验评估中，我们使用五种现有的 PPRL 编码方法评估两个数据库的漏洞。该评估表明，我们提出的框架可用于现实世界的链接应用程序，以评估与要链接的敏感数据库以及 PPRL 编码方法相关的漏洞。明文和编码值的长度、共现、相似性和相似性邻域，攻击者可以利用这些信息从编码数据中重新识别敏感的明文值。在实验评估中，我们使用五种现有的 PPRL 编码方法评估两个数据库的漏洞。该评估表明，我们提出的框架可用于现实世界的链接应用程序，以评估与要链接的敏感数据库以及 PPRL 编码方法相关的漏洞。