Improving privacy in distributed constraint optimization

Multi-agent systems that work with people to accomplish tasks require access to information that their users consider private. Mechanisms that protect this private information from the other participants and accurate characterizations of the extent to which these mechanisms do so are essential for the adoption of such systems. This thesis examines these issues in the context of algorithms for distributed constraint optimization (DCOP), a prominent technique for multi-agent coordination. Prior research on DCOP algorithms has focused on the tradeoffs between efficiency and optimality and largely ignored privacy questions. To characterize the level of privacy protection in DCOP algorithms, this thesis defines four privacy properties: the Global Loss Property, the Maximum Adversary Property, the Maximum Victim Property and the Cost-For-Loss Property. These properties provide a global view of the amount of private information lost during optimization as well as a more local view of the way that the leakage of private information affects individual participants. The thesis analyzes the extent to which existing metrics assess privacy loss as defined by these properties and introduces new methods for measuring those properties not assessed by existing metrics. An experimental analysis of DCOP algorithms shows that the privacy loss of distributed algorithms varies widely and is affected by a range of design decisions, including the topology the agents use for communication, whether the algorithm is asynchronous, and the computational resources of the participants. The thesis establishes that some distributed algorithms, particularly Adopt and DPOP, outperform centralized algorithms on most privacy properties, but not all. However, for all the algorithms studied, some participants suffer unacceptable levels of privacy loss, indicating a need for algorithms with improved privacy-protection properties. This privacy loss is the result of four identified vulnerabilities: initial, intersection, domain and solution. This thesis presents a new algorithm, SSDPOP, that uses the cryptographic technique of secret sharing to eliminate initial vulnerabily, a major source of privacy loss in DCOP. Overall, SSDPOP significantly reduces both global privacy loss and the maximal privacy loss of any individual agent, while introducing only small computational overhead.

[1]  Victor R. Lesser,et al.  Solving distributed constraint optimization problems using cooperative mediation , 2004, Proceedings of the Third International Joint Conference on Autonomous Agents and Multiagent Systems, 2004. AAMAS 2004..

[2]  Marius-Calin Silaghi Meeting Scheduling Guaranteeing n/2-Privacy and Resistant to Statistical Analysis (Applicable to any DisCSP) , 2004, IEEE/WIC/ACM International Conference on Web Intelligence (WI'04).

[3]  G Danezis,et al.  Statistical disclosure attacks: Traffic confirmation in open environments , 2003 .

[4]  Milind Tambe,et al.  Privacy Loss in Distributed Constraint Reasoning: A Quantitative Framework for Analysis and its Applications , 2006, Autonomous Agents and Multi-Agent Systems.

[5]  Makoto Yokoo,et al.  Secure Distributed Constraint Satisfaction: Reaching Agreement without Revealing Private Information , 2002, CP.

[6]  Wei-Min Shen,et al.  Distributed constraint optimization for multiagent systems , 2003 .

[7]  Milind Tambe,et al.  Valuations of Possible States (VPS): a quantitative framework for analysis of privacy loss among collaborative personal assistant agents , 2005, AAMAS '05.

[8]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[9]  Makoto Yokoo,et al.  Distributed Partial Constraint Satisfaction Problem , 1997, CP.

[10]  Makoto Yokoo,et al.  An approach to over-constrained distributed constraint satisfaction problems: distributed hierarchical constraint satisfaction , 2000, Proceedings Fourth International Conference on MultiAgent Systems.

[11]  Michael D. Smith,et al.  Trusted Computing, Peer-to-Peer Distribution, and The Economics of Pirated Entertainment , 2004, Economics of Information Security.

[12]  Boi Faltings,et al.  ODPOP: An Algorithm for Open/Distributed Constraint Optimization , 2006, AAAI.

[13]  Benny Pinkas,et al.  Fairplay - Secure Two-Party Computation System , 2004, USENIX Security Symposium.

[14]  Milind Tambe,et al.  Analysis of Privacy Loss in Distributed Constraint Optimization , 2006, AAAI.

[15]  Amnon Meisels,et al.  Using additional information in DisCSPs search , 2004 .

[16]  Jean Oh,et al.  Electric Elves: Applying Agent Technology to Support Human Organizations , 2001, IAAI.

[17]  Milind Tambe,et al.  A prototype infrastructure for distributed robot-agent-person teams , 2003, AAMAS '03.

[18]  Francesca Rossi,et al.  Multi-agent meeting scheduling with preferences: efficiency, privacy loss, and solution quality , 2002 .

[19]  Michael O. Rabin,et al.  How To Exchange Secrets with Oblivious Transfer , 2005, IACR Cryptol. ePrint Arch..

[20]  Michael D. Smith,et al.  SSDPOP: improving the privacy of DCOP with secret sharing , 2007, AAMAS '07.

[21]  Boi Faltings,et al.  A Scalable Method for Multiagent Constraint Optimization , 2005, IJCAI.

[22]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[23]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[24]  Milind Tambe,et al.  Quality Guarantees on k-Optimal Solutions for Distributed Constraint Optimization Problems , 2007, IJCAI.

[25]  Makoto Yokoo,et al.  The Distributed Constraint Satisfaction Problem: Formalization and Algorithms , 1998, IEEE Trans. Knowl. Data Eng..

[26]  D. Ellsberg Decision, probability, and utility: Risk, ambiguity, and the Savage axioms , 1961 .

[27]  Milind Tambe,et al.  Taking DCOP to the real world: efficient complete solutions for distributed multi-event scheduling , 2004, Proceedings of the Third International Joint Conference on Autonomous Agents and Multiagent Systems, 2004. AAMAS 2004..

[28]  Michael D. Smith,et al.  Computer security strength and risk: a quantitative approach , 2004 .

[29]  Tomás E. Uribe,et al.  A Personalized Time Management Assistant: Research Directions , 2005, AAAI Spring Symposium: Persistent Assistants: Living and Working with AI.

[30]  Eugene C. Freuder,et al.  Constraint-based reasoning and privacy/efficiency tradeoffs in multi-agent problem solving , 2005, Artif. Intell..

[31]  Michael D. Smith,et al.  Protecting Personal Information: Obstacles and Directions , 2005, WEIS.

[32]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[33]  Rina Dechter,et al.  Constraint Processing , 1995, Lecture Notes in Computer Science.

[34]  Milind Tambe,et al.  Experimental analysis of privacy loss in DCOP algorithms , 2006, AAMAS '06.

[35]  Marius-Calin Silaghi,et al.  Distributed constraint satisfaction and optimization with privacy enforcement , 2004 .

[36]  Katia Sycara,et al.  Multiagent coordination in tightly coupled task scheduling , 1997 .

[37]  Xavier Défago,et al.  Agent-based approach to dynamic meeting scheduling problems , 2004, Proceedings of the Third International Joint Conference on Autonomous Agents and Multiagent Systems, 2004. AAMAS 2004..

[38]  Michael D. Smith,et al.  Collaborative Scheduling: Threats and Promises , 2006, WEIS.

[39]  Makoto Yokoo,et al.  Adopt: asynchronous distributed constraint optimization with quality guarantees , 2005, Artif. Intell..

[40]  Manuela M. Veloso,et al.  Bumping strategies for the multiagent agreement problem , 2005, AAMAS '05.