Guaranteeing Local Differential Privacy on Ultra-Low-Power Systems

Sensors in mobile devices and IoT systems increasingly generate data that may contain private information of individuals. Generally, users of such systems are willing to share their data for public and personal benefit as long as their private information is not revealed. A fundamental challenge lies in designing systems and data processing techniques for obtaining meaningful information from sensor data, while maintaining the privacy of the data and individuals. In this work, we explore the feasibility of providing local differential privacy on ultra-low-power systems that power many sensor and IoT applications. We show that low resolution and fixed point nature of ultra-low-power implementations prevent privacy guarantees from being provided due to low quality noising. We present techniques, resampling and thresholding, to overcome this limitation. The techniques, along with a privacy budget control algorithm, are implemented in hardware to provide privacy guarantees with high integrity. We show that our hardware implementation, DP-Box, has low overhead and provides high utility, while guaranteeing local differential privacy, for a range of sensor/IoT benchmarks.

[1]  Siani Pearson,et al.  Taking account of privacy when designing cloud computing services , 2009, 2009 ICSE Workshop on Software Engineering Challenges of Cloud Computing.

[2]  Cynthia Dwork,et al.  Calibrating Noise to Sensitivity in Private Data Analysis , 2006, TCC.

[3]  Úlfar Erlingsson,et al.  RAPPOR: Randomized Aggregatable Privacy-Preserving Ordinal Response , 2014, CCS.

[4]  Mani B. Srivastava,et al.  A framework for context-aware privacy of sensor data on mobile systems , 2013, HotMobile '13.

[5]  Wayne Luk,et al.  Hardware Generation of Arbitrary Random Number Distributions From Uniform Distributions Via the Inversion Method , 2007, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[6]  Pramod Viswanath,et al.  The Optimal Noise-Adding Mechanism in Differential Privacy , 2012, IEEE Transactions on Information Theory.

[7]  Simha Sethumadhavan,et al.  Hardware Enforced Statistical Privacy , 2016, IEEE Computer Architecture Letters.

[8]  A. Asuncion,et al.  UCI Machine Learning Repository, University of California, Irvine, School of Information and Computer Sciences , 2007 .

[9]  Kamalika Chaudhuri,et al.  Sample Complexity Bounds for Differentially Private Learning , 2011, COLT.

[10]  Michele Magno,et al.  Wearable low power dry surface wireless sensor node for healthcare monitoring application , 2013, 2013 IEEE 9th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob).

[11]  Albrecht Schmidt,et al.  Multi-Sensor Context-Awareness in Mobile Devices and Smart Artifacts , 2002, Mob. Networks Appl..

[12]  Zhen Wang,et al.  Reflex: using low-power processors in smartphones without knowing them , 2012, ASPLOS XVII.

[13]  Balachandra Reddy Kandukuri,et al.  Cloud Security Issues , 2009, 2009 IEEE International Conference on Services Computing.

[14]  Norbert Wehn,et al.  A Hardware Efficient Random Number Generator for Nonuniform Distributions with Arbitrary Precision , 2012, Int. J. Reconfigurable Comput..

[15]  Nicolai Kuntze,et al.  On the Deployment of Mobile Trusted Modules , 2007, 2008 IEEE Wireless Communications and Networking Conference.

[16]  Adolfo Martínez Usó,et al.  UJIIndoorLoc: A new multi-building and multi-floor database for WLAN fingerprint-based indoor localization problems , 2014, 2014 International Conference on Indoor Positioning and Indoor Navigation (IPIN).

[17]  C. Hierold,et al.  Implantable low power integrated pressure sensor system for minimal invasive telemetric patient monitoring , 1998, Proceedings MEMS 98. IEEE. Eleventh Annual International Workshop on Micro Electro Mechanical Systems. An Investigation of Micro Structures, Sensors, Actuators, Machines and Systems (Cat. No.98CH36176.

[18]  Jaideep Srivastava,et al.  Automatic personalization based on Web usage mining , 2000, CACM.

[19]  Dale Miller,et al.  Preserving differential privacy under finite-precision semantics , 2013, Theor. Comput. Sci..

[20]  Matjaz Gams,et al.  An Agent-Based Approach to Care in Independent Living , 2010, AmI.

[21]  Krzysztof J. Cios,et al.  Uniqueness of medical data mining , 2002, Artif. Intell. Medicine.

[22]  Pramod Viswanath,et al.  Extremal Mechanisms for Local Differential Privacy , 2014, J. Mach. Learn. Res..

[23]  Aaron Roth,et al.  The Algorithmic Foundations of Differential Privacy , 2014, Found. Trends Theor. Comput. Sci..

[24]  Salvatore J. Stolfo,et al.  Distributed data mining in credit card fraud detection , 1999, IEEE Intell. Syst..

[25]  George Danezis,et al.  Differentially Private Billing with Rebates , 2011 .

[26]  P. Hellekalek Good random number generators are (not so) easy to find , 1998 .

[27]  Hugo Fuks,et al.  Wearable Computing: Accelerometers' Data Classification of Body Postures and Movements , 2012, SBIA.

[28]  Ilya Mironov,et al.  On significance of the least significant bits for differential privacy , 2012, CCS.

[29]  Alexandre M. Bayen,et al.  Evaluation of traffic data obtained via GPS-enabled mobile phones: The Mobile Century field experiment , 2009 .

[30]  Mirco Musolesi,et al.  Anticipatory Mobile Computing , 2013, ACM Comput. Surv..

[31]  Deborah Estrin,et al.  A wireless sensor network For structural monitoring , 2004, SenSys '04.

[32]  Davide Anguita,et al.  Transition-Aware Human Activity Recognition Using Smartphones , 2016, Neurocomputing.

[33]  S L Warner,et al.  Randomized response: a survey technique for eliminating evasive answer bias. , 1965, Journal of the American Statistical Association.

[34]  Rinku Dewri,et al.  Local Differential Perturbations: Location Privacy under Approximate Knowledge Attackers , 2013, IEEE Transactions on Mobile Computing.

[35]  Cynthia Dwork,et al.  Privacy-Preserving Datamining on Vertically Partitioned Databases , 2004, CRYPTO.

[36]  Emiliano Miluzzo,et al.  A survey of mobile phone sensing , 2010, IEEE Communications Magazine.

[37]  Paul R. Cohen,et al.  Identifying qualitatively different outcomes of actions: gaining autonomy through learning , 2000, AGENTS '00.

[38]  J. Ross Quinlan,et al.  Combining Instance-Based and Model-Based Learning , 1993, ICML.

[39]  P. Cohen,et al.  Identifying Qualitatively Di erent Outcomes of Actions : Experiments with a Mobile Robot , 2000 .

[40]  Cynthia Dwork,et al.  Differential Privacy for Statistics: What we Know and What we Want to Learn , 2010, J. Priv. Confidentiality.