Local Differential Privacy: Tools, Challenges, and Opportunities

Local Differential Privacy (LDP), where each user perturbs her data locally before sending to an untrusted party, is a new and promising privacy-preserving model. Endorsed by both academia and industry, LDP provides strong and rigorous privacy guarantee for data collection and analysis. As such, it has been recently deployed in many real products by several major software and Internet companies, including Google, Apple and Microsoft in their mainstream products such as Chrome, iOS, and Windows 10. Besides industry, it has also attracted a lot of research attention from academia. This tutorial first introduces the rationale of LDP model behind these deployed systems to collect and analyze usage data privately, then surveys the current research landscape in LDP, and finally identifies several open problems and research directions in this community.

[1]  Xiang Cheng,et al.  Differentially private frequent subgraph mining , 2016, 2016 IEEE 32nd International Conference on Data Engineering (ICDE).

[2]  Ninghui Li,et al.  On sampling, anonymization, and differential privacy or, k-anonymization meets differential privacy , 2011, ASIACCS '12.

[3]  Tamara G. Kolda,et al.  Community structure and scale-free collections of Erdös-Rényi graphs , 2011, Physical review. E, Statistical, nonlinear, and soft matter physics.

[4]  Ninghui Li,et al.  Answering Multi-Dimensional Analytical Queries under Local Differential Privacy , 2019, SIGMOD Conference.

[5]  Ninghui Li,et al.  Mobile Data Collection and Analysis with Local Differential Privacy , 2019, 2019 20th IEEE International Conference on Mobile Data Management (MDM).

[6]  Hiroshi Nakagawa,et al.  Bayesian Differential Privacy on Correlated Data , 2015, SIGMOD Conference.

[7]  Ninghui Li,et al.  PriView: practical differentially private release of marginal contingency tables , 2014, SIGMOD Conference.

[8]  Adam D. Smith,et al.  Is Interaction Necessary for Distributed Private Learning? , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[9]  S L Warner,et al.  Randomized response: a survey technique for eliminating evasive answer bias. , 1965, Journal of the American Statistical Association.

[10]  Raef Bassily,et al.  Practical Locally Private Heavy Hitters , 2017, NIPS.

[11]  Martin J. Wainwright,et al.  Minimax Optimal Procedures for Locally Private Estimation , 2016, ArXiv.

[12]  Hongxia Jin,et al.  Private spatial data aggregation in the local setting , 2016, 2016 IEEE 32nd International Conference on Data Engineering (ICDE).

[13]  Chengfang Fang,et al.  BDPL: A Boundary Differentially Private Layer Against Machine Learning Model Extraction Attacks , 2019, ESORICS.

[14]  Pramod Viswanath,et al.  Extremal Mechanisms for Local Differential Privacy , 2014, J. Mach. Learn. Res..

[15]  Bolin Ding,et al.  Comparing Population Means under Local Differential Privacy: with Significance and Power , 2018, AAAI.

[16]  Ninghui Li,et al.  Locally Differentially Private Frequent Itemset Mining , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[17]  Úlfar Erlingsson,et al.  RAPPOR: Randomized Aggregatable Privacy-Preserving Ordinal Response , 2014, CCS.

[18]  Úlfar Erlingsson,et al.  Building a RAPPOR with the Unknown: Privacy-Preserving Learning of Associations and Data Dictionaries , 2015, Proc. Priv. Enhancing Technol..

[19]  Uri Stemmer,et al.  Heavy Hitters and the Structure of Local Privacy , 2017, PODS.

[20]  Sofya Raskhodnikova,et al.  What Can We Learn Privately? , 2008, 2008 49th Annual IEEE Symposium on Foundations of Computer Science.

[21]  Yin Yang,et al.  Generating Synthetic Decentralized Social Graphs with Local Differential Privacy , 2017, CCS.

[22]  Yin Yang,et al.  PrivTrie: Effective Frequent Term Discovery under Local Differential Privacy , 2018, 2018 IEEE 34th International Conference on Data Engineering (ICDE).

[23]  Sanjeev Khanna,et al.  Distributed Private Heavy Hitters , 2012, ICALP.

[24]  Ian Goodfellow,et al.  Deep Learning with Differential Privacy , 2016, CCS.

[25]  Svetha Venkatesh,et al.  Differentially Private Random Forest with High Utility , 2015, 2015 IEEE International Conference on Data Mining.

[26]  Janardhan Kulkarni,et al.  Collecting Telemetry Data Privately , 2017, NIPS.

[27]  Ninghui Li,et al.  Locally Differentially Private Heavy Hitter Identification , 2017, IEEE Transactions on Dependable and Secure Computing.

[28]  Nina Mishra,et al.  Privacy via pseudorandom sketches , 2006, PODS.

[29]  Ninghui Li,et al.  Locally Differentially Private Protocols for Frequency Estimation , 2017, USENIX Security Symposium.

[30]  Haipei Sun,et al.  Analyzing Subgraph Statistics from Extended Local Views with Decentralized Differential Privacy , 2019, CCS.

[31]  Raef Bassily,et al.  Local, Private, Efficient Protocols for Succinct Histograms , 2015, STOC.

[32]  Yang Cao,et al.  PriSTE: From Location Privacy to Spatiotemporal Event Privacy , 2018, 2019 IEEE 35th International Conference on Data Engineering (ICDE).

[33]  Jun Zhang,et al.  PrivBayes: private data release via bayesian networks , 2014, SIGMOD Conference.

[34]  Yin Yang,et al.  Heavy Hitter Estimation over Set-Valued Data with Local Differential Privacy , 2016, CCS.

[35]  Jiming Chen,et al.  CALM: Consistent Adaptive Local Marginal for Marginal Release under Local Differential Privacy , 2018, CCS.

[36]  Ge Yu,et al.  Collecting and Analyzing Multidimensional Data with Local Differential Privacy , 2019, 2019 IEEE 35th International Conference on Data Engineering (ICDE).

[37]  Divesh Srivastava,et al.  Marginal Release Under Local Differential Privacy , 2017, SIGMOD Conference.

[38]  Xiaofeng Meng,et al.  PrivKV: Key-Value Data Collection with Local Differential Privacy , 2019, 2019 IEEE Symposium on Security and Privacy (SP).

[39]  Jong Wook Kim,et al.  Application of Local Differential Privacy to Collection of Indoor Positioning Data , 2018, IEEE Access.

[40]  Cynthia Dwork,et al.  Calibrating Noise to Sensitivity in Private Data Analysis , 2006, TCC.

[41]  Philip S. Yu,et al.  $\textsf{LoPub}$ : High-Dimensional Crowdsourced Data Publication With Local Differential Privacy , 2016, IEEE Transactions on Information Forensics and Security.