Decision Sciences Journal
Volume 32, Number 4
Fall 2001
An Improved Security Requirement for Data Perturbation with
Implications for E-Commerce
Krishnamurty Muralidhar
School of Management, Gatton College of Business & Economics,
University of Kentucky, Lexington, KY 40515, email: kmura0@uky.edu
Rathindra Sarathy
Department of Management, College of Business Administration,
Oklahoma State University, Stillwater, OK 74078, email: sarathy@okstate.edu
Rahul Parsa
College of Business & Public Administration, Drake University,
Des Moines, IA 50311, email: rahul.parsa@drake.edu
ABSTRACT. With the rapid increase in the ability to
store and analyze large amounts of data, organizations are gathering
extensive data regarding their customers, vendors, and other
entities. There has been a concurrent increase in the demand
for preserving the privacy of confidential data that may be collected.
The rapid growth of e-commerce has also increased calls for maintaining
privacy and confidentiality of data. For numerical data, data
perturbation methods offer an easy yet effective solution to
the dilemma of providing access to legitimate users while protecting
the data from snoopers (legitimate users who perform illegitimate
analysis). In this study, we define a new security requirement
that achieves the objective of providing access to legitimate
users without an increase in the ability of a snooper to predict
confidential information. We also derive the specifications under
which perturbation methods can achieve this objective. Numerical
examples are provided to show that the use of the new specification
achieves the objective of no additional information to the snooper.
Implications of the new specification for e-commerce are discussed.
Subject Areas: Data Confidentiality, Database Security,
E-Commerce, Inferential Security, IS Implementation, Privacy,
Random Data Perturbation, and Systems Development Methodologies. |