Towards a theory of free-lunch privacy in cyber-physical systems

Emerging cyber-physical systems (CPS) often require collecting end users' data to support data-informed decision making processes. There has been a long-standing argument as to the tradeoff between privacy and data utility. In this paper, we adopt a multiparametric programming approach to rigorously study conditions under which data utility has to be sacrificed to protect privacy and situations where free-lunch privacy can be achieved, i.e., data can be concealed without hurting the optimality of the decision making underlying the CPS. We formalize the concept of free-lunch privacy, and establish various results on its existence, geometry, as well as efficient computation methods. We propose the free-lunch privacy mechanism, which is a pragmatic mechanism that exploits free-lunch privacy if it exists with the constant guarantee of optimal usage of data. We study the resilience of this mechanism against attacks that attempt to infer the parameter of a user's data generating process. We close the paper by a case study on occupancy-adaptive smart home temperature control to demonstrate the efficacy of the mechanism.

[1]  Alberto Cerpa,et al.  Optimal HVAC building control with occupancy prediction , 2014, BuildSys@SenSys.

[2]  Flávio du Pin Calmon,et al.  Privacy against statistical inference , 2012, 2012 50th Annual Allerton Conference on Communication, Control, and Computing (Allerton).

[3]  Martin J. Wainwright,et al.  Local privacy and statistical minimax rates , 2013, 2013 51st Annual Allerton Conference on Communication, Control, and Computing (Allerton).

[4]  George J. Pappas,et al.  Differential privacy in control and network systems , 2016, 2016 IEEE 55th Conference on Decision and Control (CDC).

[5]  Hongbin Sun,et al.  Feasible region method based integrated heat and electricity dispatch considering building thermal inertia , 2017 .

[6]  Costas J. Spanos,et al.  Privacy-Enhanced Architecture for Occupancy-Based HVAC Control , 2016, 2017 ACM/IEEE 8th International Conference on Cyber-Physical Systems (ICCPS).

[7]  Alberto Bemporad,et al.  An algorithm for multi-parametric quadratic programming and explicit MPC solutions , 2003, Autom..

[8]  S L Warner,et al.  Randomized response: a survey technique for eliminating evasive answer bias. , 1965, Journal of the American Statistical Association.

[9]  George J. Pappas,et al.  Taxi Dispatch With Real-Time Sensing Data in Metropolitan Areas: A Receding Horizon Control Approach , 2015, IEEE Transactions on Automation Science and Engineering.

[10]  Cynthia Dwork,et al.  Differential Privacy: A Survey of Results , 2008, TAMC.

[11]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[12]  H. Vincent Poor,et al.  Smart Meter Privacy: A Theoretical Framework , 2013, IEEE Transactions on Smart Grid.

[13]  Alberto Bemporad,et al.  Predictive Control for Linear and Hybrid Systems , 2017 .

[14]  Colin Neil Jones,et al.  On the facet-to-facet property of solutions to convex parametric quadratic programs , 2006, Autom..