Optimal sensor-controller codesign for privacy in dynamical systems

We study the problem of jointly designing the sensor and controller for a dynamical system driven by a privacy-sensitive input process. This problem is motivated by the modern thermostat control example where home's occupancy is continually monitored and leveraged to tailor thermostat behaviors for better energy savings and comfort, which, however, arouses users' concern over privacy. We start by quantifying the instantaneous privacy loss in a control system under standard inference attacks. We present the closed form of privacy loss for linear Gaussian systems and propose a sampling-based method to approximate privacy loss for general dynamical systems. The optimal control and sensor query strategy for a private-input-driven system is then characterized, and we further prove the validity of separation principle for a linear system with Gaussian disturbance and quadratic cost under the privacy loss proposed in this paper. We close the paper by demonstrating the flexibility of the joint sensor-controller policy in the occupancy-based thermostat control example and providing some insights on the tradeoff among energy, comfort, and privacy.

[1]  Wei Wu,et al.  Optimal Sensor Querying: General Markovian and LQG Models With Controlled Observations , 2008, IEEE Transactions on Automatic Control.

[2]  Costas J. Spanos,et al.  Privacy-Enhanced Architecture for Occupancy-Based HVAC Control , 2016, 2017 ACM/IEEE 8th International Conference on Cyber-Physical Systems (ICCPS).

[3]  J. Peschon,et al.  Optimal control of measurement subsystems , 1967, IEEE Transactions on Automatic Control.

[4]  Dimitri P. Bertsekas,et al.  Dynamic Programming and Optimal Control, Two Volume Set , 1995 .

[5]  Henrik Sandberg,et al.  SDP-based joint sensor and controller design for information-regularized optimal LQG control , 2015, 2015 54th IEEE Conference on Decision and Control (CDC).

[6]  Flávio du Pin Calmon,et al.  Privacy against statistical inference , 2012, 2012 50th Annual Allerton Conference on Communication, Control, and Computing (Allerton).

[7]  Lorrie Faith Cranor,et al.  Necessary But Not Sufficient: Standardized Mechanisms for Privacy Notice and Choice , 2012, J. Telecommun. High Technol. Law.

[8]  Tsachy Weissman,et al.  Justification of Logarithmic Loss via the Benefit of Side Information , 2014, IEEE Transactions on Information Theory.

[9]  Parv Venkitasubramaniam,et al.  Information-Theoretic Security in Stochastic Control Systems , 2015, Proceedings of the IEEE.

[10]  Murat A. Erdogdu,et al.  Privacy-utility trade-off under continual observation , 2015, 2015 IEEE International Symposium on Information Theory (ISIT).

[11]  Cynthia Dwork,et al.  Differential Privacy , 2006, ICALP.

[12]  Sekhar Tatikonda,et al.  Stochastic linear control over a communication channel , 2004, IEEE Transactions on Automatic Control.

[13]  H. Vincent Poor,et al.  Smart Meter Privacy: A Theoretical Framework , 2013, IEEE Transactions on Smart Grid.

[14]  Nina Taft,et al.  Managing Your Private and Public Data: Bringing Down Inference Attacks Against Your Privacy , 2014, IEEE Journal of Selected Topics in Signal Processing.

[15]  B. Ripley,et al.  Pattern Recognition , 1968, Nature.

[16]  Duncan S. Callaway Tapping the energy storage potential in electric loads to deliver load following and regulation, with application to wind energy , 2009 .

[17]  George J. Pappas,et al.  Differentially Private Filtering , 2012, IEEE Transactions on Automatic Control.