Attacks on Pseudonymisation

Owned by Justus Ortlepp (Unlicensed)
Jun 03, 2021
1 min read

The primary goal of pseudonymisation is to limit the linkability between a pseudonymised dataset and the holders of the pseudonyms and to thereby protect the identity of the data subjects. This type of protection is typically intended to counter the efforts of an internal or external adversary to perform a re-identification attack.

Attacks on pseudonymisation aims to:

  • Discover the pseudonymisation secret

  • Achieve complete re-identification of the data subject

  • Re-identification or inference of part of a data subject’s data attributes

Generic attack techniques on the pseudonymisation secret include:

  • Brute force attacks (exhaustive search)

  • Dictionary search

  • (Educated) Guesswork