Attacks on Pseudonymisation

Owned by Justus Ortlepp (Unlicensed)
Last updated: Jun 13, 2024 by Laurence Reeve
1 min read

 

 

ATTENTION:

This page has been migrated to the Tazama GitHub repository and is now located at:

https://github.com/frmscoe/docs/blob/dev/Knowledge-Articles/Pseudonymisation/Attacks-On-Pseudonymisation.md

This page will no longer be maintained in Confluence.

 

 

ATTENTION:

This page has been migrated to the Tazama GitHub repository and is now located at:

https://github.com/frmscoe/docs/blob/dev/Knowledge-Articles/Pseudonymisation/Attacks-On-Pseudonymisation.md

This page will no longer be maintained in Confluence.

The primary goal of pseudonymisation is to limit the linkability between a pseudonymised dataset and the holders of the pseudonyms and to thereby protect the identity of the data subjects. This type of protection is typically intended to counter the efforts of an internal or external adversary to perform a re-identification attack.

Attacks on pseudonymisation aims to:

  • Discover the pseudonymisation secret

  • Achieve complete re-identification of the data subject

  • Re-identification or inference of part of a data subject’s data attributes

Generic attack techniques on the pseudonymisation secret include:

  • Brute force attacks (exhaustive search)

  • Dictionary search

  • (Educated) Guesswork