Privacy Loss in Distributed Constraint Reasoning: A Quantitative Framework for Analysis and its Applications

It is critical that agents deployed in real-world settings, such as businesses, offices, universities and research laboratories, protect their individual users’ privacy when interacting with other entities. Indeed, privacy is recognized as a key motivating factor in the design of several multiagent algorithms, such as in distributed constraint reasoning (including both algorithms for distributed constraint optimization (DCOP) and distributed constraint satisfaction (DisCSPs)), and researchers have begun to propose metrics for analysis of privacy loss in such multiagent algorithms. Unfortunately, a general quantitative framework to compare these existing metrics for privacy loss or to identify dimensions along which to construct new metrics is currently lacking. This paper presents three key contributions to address this shortcoming. First, the paper presents VPS (Valuations of Possible States), a general quantitative framework to express, analyze and compare existing metrics of privacy loss. Based on a state-space model, VPS is shown to capture various existing measures of privacy created for specific domains of DisCSPs. The utility of VPS is further illustrated through analysis of privacy loss in DCOP algorithms, when such algorithms are used by personal assistant agents to schedule meetings among users. In addition, VPS helps identify dimensions along which to classify and construct new privacy metrics and it also supports their quantitative comparison. Second, the article presents key inference rules that may be used in analysis of privacy loss in DCOP algorithms under different assumptions. Third, detailed experiments based on the VPS-driven analysis lead to the following key results: (i) decentralization by itself does not provide superior protection of privacy in DisCSP/DCOP algorithms when compared with centralization; instead, privacy protection also requires the presence of uncertainty about agents’ knowledge of the constraint graph. (ii) one needs to carefully examine the metrics chosen to measure privacy loss; the qualitative properties of privacy loss and hence the conclusions that can be drawn about an algorithm can vary widely based on the metric chosen. This paper should thus serve as a call to arms for further privacy research, particularly within the DisCSP/DCOP arena.

[1]  Marius-Calin Silaghi Meeting Scheduling Guaranteeing n/2-Privacy and Resistant to Statistical Analysis (Applicable to any DisCSP) , 2004, IEEE/WIC/ACM International Conference on Web Intelligence (WI'04).

[2]  Amnon Meisels,et al.  Using additional information in DisCSPs search , 2004 .

[3]  Milind Tambe,et al.  Taking DCOP to the real world: efficient complete solutions for distributed multi-event scheduling , 2004, Proceedings of the Third International Joint Conference on Autonomous Agents and Multiagent Systems, 2004. AAMAS 2004..

[4]  Katia Sycara,et al.  Multi-Agent Meeting Scheduling: Preliminary Experimental Results , 1996 .

[5]  Makoto Yokoo,et al.  Distributed Partial Constraint Satisfaction Problem , 1997, CP.

[6]  N. Sadeh,et al.  Variable and Value Ordering Heuristics for Hard Constraint Satisfaction Problems: An Application to Job Shop Scheduling , 1991 .

[7]  Sarit Kraus,et al.  Security in multiagent systems by policy randomization , 2006, AAMAS '06.

[8]  Norman M. Sadeh,et al.  Variable and Value Ordering Heuristics for the Job Shop Scheduling Constraint Satisfaction Problem , 1996, Artif. Intell..

[9]  Felix Brandt,et al.  Cryptographic Protocols for Secure Second-Price Auctions , 2001, CIA.

[10]  Manuela M. Veloso,et al.  Bumping strategies for the multiagent agreement problem , 2005, AAMAS '05.

[11]  Victor R. Lesser,et al.  Solving distributed constraint optimization problems using cooperative mediation , 2004, Proceedings of the Third International Joint Conference on Autonomous Agents and Multiagent Systems, 2004. AAMAS 2004..

[12]  Felix Brandt,et al.  Fully Private Auctions in a Constant Number of Rounds , 2003, Financial Cryptography.

[13]  Francesca Rossi,et al.  Multi‐Agent Constraint Systems with Preferences: Efficiency, Solution Quality, and Privacy Loss , 2004, Comput. Intell..

[14]  Sieuwert van Otterloo,et al.  The value of privacy: optimal strategies for privacy minded agents , 2005, AAMAS '05.

[15]  Makoto Yokoo,et al.  Secure Distributed Constraint Satisfaction: Reaching Agreement without Revealing Private Information , 2002, CP.

[16]  Jeffrey S. Rosenschein,et al.  A Non-manipulable Meeting Scheduling System , 1994 .

[17]  Milind Tambe,et al.  Towards Adjustable Autonomy for the Real World , 2002, J. Artif. Intell. Res..

[18]  Marius-Calin Silaghi,et al.  Distributed constraint satisfaction and optimization with privacy enforcement , 2004 .

[19]  Katia Sycara,et al.  Multiagent coordination in tightly coupled task scheduling , 1997 .

[20]  Francesca Rossi,et al.  Multi-agent meeting scheduling with preferences: efficiency, privacy loss, and solution quality , 2002 .

[21]  Makoto Yokoo,et al.  An asynchronous complete method for distributed constraint optimization , 2003, AAMAS '03.

[22]  Makoto Yokoo,et al.  The Distributed Constraint Satisfaction Problem: Formalization and Algorithms , 1998, IEEE Trans. Knowl. Data Eng..

[23]  Karen L. Myers,et al.  A Personalized Calendar Assistant , 2004 .

[24]  M. Yokoo,et al.  Distributed Breakout Algorithm for Solving Distributed Constraint Satisfaction Problems , 1996 .

[25]  Sandip Sen,et al.  Developing an Automated Distributed Meeting Scheduler , 1997, IEEE Expert.

[26]  Milind Tambe,et al.  Valuations of Possible States (VPS): a quantitative framework for analysis of privacy loss among collaborative personal assistant agents , 2005, AAMAS '05.

[27]  Makoto Yokoo,et al.  Optimize My Schedule but Keep It Flexible: Distributed Multi-Criteria Coordination for Personal Assistants , 2005, AAAI Spring Symposium: Persistent Assistants: Living and Working with AI.

[28]  Jean Oh,et al.  Electric Elves: Applying Agent Technology to Support Human Organizations , 2001, IAAI.

[29]  Boi Faltings,et al.  ABT with Asynchronous Reordering , 2001 .

[30]  Moni Naor,et al.  Privacy preserving auctions and mechanism design , 1999, EC '99.

[31]  Xavier Défago,et al.  Agent-based approach to dynamic meeting scheduling problems , 2004, Proceedings of the Third International Joint Conference on Autonomous Agents and Multiagent Systems, 2004. AAMAS 2004..