On differentially private filtering for event streams

Rigorous privacy mechanisms that can cope with dynamic data are required to encourage a wider adoption of large-scale monitoring and decision systems relying on end user information. A promising approach to develop these mechanisms is to specify quantitative privacy requirements at design time rather than as an afterthought, and to rely on signal processing techniques to achieve satisfying trade-offs between privacy and performance specifications. This paper discusses, from the signal processing point of view, an event stream analysis problem introduced in the database and cryptography literature. A discrete-valued input signal describes the occurrence of events contributed by end users, and a system is supposed to provide some output signal based on this information, while preserving the privacy of the participants. The notion of privacy adopted here is that of event-level differential privacy, which provides strong privacy guarantees and has important operational advantages. Several mechanisms are described to provide differentially private output signals while minimizing the impact on performance. These mechanisms demonstrate the benefits of leveraging system theoretic techniques to provide privacy guarantees for dynamic systems.

[1]  Monson H. Hayes,et al.  Statistical Digital Signal Processing and Modeling , 1996 .

[2]  Vitaly Shmatikov,et al.  2011 IEEE Symposium on Security and Privacy “You Might Also Like:” Privacy Risks of Collaborative Filtering , 2022 .

[3]  Cynthia Dwork,et al.  Calibrating Noise to Sensitivity in Private Data Analysis , 2006, TCC.

[4]  Suman Nath,et al.  Differentially private aggregation of distributed time-series with transformation and encryption , 2010, SIGMOD Conference.

[5]  George T. Duncan,et al.  Disclosure-Limited Data Dissemination , 1986 .

[6]  Elaine Shi,et al.  Private and Continual Release of Statistics , 2010, TSEC.

[7]  Inkyu Lee,et al.  The effect of decision delay in finite-length decision feedback equalization , 1996, IEEE Trans. Inf. Theory.

[8]  H. Vincent Poor,et al.  A Theory of Privacy and Utility in Databases , 2011, ArXiv.

[9]  George J. Pappas,et al.  Differentially Private Filtering , 2012, IEEE Transactions on Automatic Control.

[10]  Cynthia Dwork,et al.  Differential Privacy , 2006, ICALP.

[11]  Moni Naor,et al.  Our Data, Ourselves: Privacy Via Distributed Noise Generation , 2006, EUROCRYPT.

[12]  H. Vincent Poor,et al.  An Introduction to Signal Detection and Estimation , 1994, Springer Texts in Electrical Engineering.

[13]  H. Vincent Poor,et al.  An introduction to signal detection and estimation (2nd ed.) , 1994 .

[14]  Bo Wahlberg,et al.  Input design using Markov chains for system identification , 2009, Proceedings of the 48h IEEE Conference on Decision and Control (CDC) held jointly with 2009 28th Chinese Control Conference.

[15]  Yin Yang,et al.  Compressive mechanism: utilizing sparse representation in differential privacy , 2011, WPES.

[16]  J.E. Mazo,et al.  Digital communications , 1985, Proceedings of the IEEE.

[17]  Moni Naor,et al.  Differential privacy under continual observation , 2010, STOC '10.