Directed information and privacy loss in cloud-based control

We consider a cloud-based control framework in which individual clients own their local plants that must be controlled by a public authority. Individual clients desire to keep the local state information as private as possible, as long as the cloud-based controller can provide a given level of quality of service. Based on an axiomatic argument, we show that Kramer's notion of causally conditioned directed information from the state random variable to a random variable disclosed to the public authority is an appropriate measure of privacy loss. For a special case with the Linear-Quadratic-Gaussian (LQG) setting, we provide a procedure to construct a “privacy filter” that attains the optimal trade-off between privacy loss and control quality.

[1]  Tsachy Weissman,et al.  Justification of Logarithmic Loss via the Benefit of Side Information , 2014, IEEE Transactions on Information Theory.

[2]  A. Raftery,et al.  Strictly Proper Scoring Rules, Prediction, and Estimation , 2007 .

[3]  Anindya De,et al.  Lower Bounds in Differential Privacy , 2011, TCC.

[4]  H. Vincent Poor,et al.  Utility-Privacy Tradeoffs in Databases: An Information-Theoretic Approach , 2011, IEEE Transactions on Information Forensics and Security.

[5]  Amiel Feinstein,et al.  Information and information stability of random variables and processes , 1964 .

[6]  Eyal Kushilevitz,et al.  Private information retrieval , 1998, JACM.

[7]  Iman Shames,et al.  Secure and Private Cloud-Based Control Using Semi-Homomorphic Encryption* , 2016 .

[8]  Lei Ying,et al.  On the relation between identifiability, differential privacy, and mutual-information privacy , 2014, 2014 52nd Annual Allerton Conference on Communication, Control, and Computing (Allerton).

[9]  Jorge Cortés,et al.  Differentially private distributed convex optimization via objective perturbation , 2016, 2016 American Control Conference (ACC).

[10]  Henrik Sandberg,et al.  SDP-based joint sensor and controller design for information-regularized optimal LQG control , 2015, 2015 54th IEEE Conference on Decision and Control (CDC).

[11]  Takashi Tanaka,et al.  LQG Control With Minimum Directed Information: Semidefinite Programming Approach , 2015, IEEE Transactions on Automatic Control.

[12]  Frans M. J. Willems,et al.  Biometric Systems: Privacy and Secrecy Aspects , 2009, IEEE Transactions on Information Forensics and Security.

[13]  Takahiro Fujita,et al.  Cyber-security enhancement of networked control systems using homomorphic encryption , 2015, 2015 54th IEEE Conference on Decision and Control (CDC).

[14]  Karl Henrik Johansson,et al.  Cyber–Physical Control of Road Freight Transport , 2015, Proceedings of the IEEE.

[15]  Cynthia Dwork,et al.  Differential Privacy: A Survey of Results , 2008, TAMC.

[16]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[17]  Mário S. Alvim,et al.  On the Relation between Differential Privacy and Quantitative Information Flow , 2011, ICALP.

[18]  Geir E. Dullerud,et al.  Differentially private iterative synchronous consensus , 2012, WPES '12.

[19]  D. A. Bell,et al.  Information Theory and Reliable Communication , 1969 .

[20]  Tamer Basar,et al.  Privacy constrained information processing , 2015, 2015 54th IEEE Conference on Decision and Control (CDC).

[21]  Gerhard Kramer Capacity results for the discrete memoryless network , 2003, IEEE Trans. Inf. Theory.

[22]  Richard M. Murray,et al.  Privacy preserving average consensus , 2014, 53rd IEEE Conference on Decision and Control.

[23]  George J. Pappas,et al.  Differentially Private Filtering , 2012, IEEE Transactions on Automatic Control.

[24]  Paulo Tabuada,et al.  Privacy-aware quadratic optimization using partially homomorphic encryption , 2016, 2016 IEEE 55th Conference on Decision and Control (CDC).

[25]  Jay Lee,et al.  Recent advances and trends in predictive manufacturing systems in big data environment , 2013 .

[26]  H. Poor,et al.  Utility-Privacy Tradeoff in Databases : An Information-theoretic Approach , 2013 .

[27]  Henrik Sandberg,et al.  Quadratic Gaussian privacy games , 2015, 2015 54th IEEE Conference on Decision and Control (CDC).

[28]  Tamir Hegazy,et al.  Industrial Automation as a Cloud Service , 2015, IEEE Transactions on Parallel and Distributed Systems.

[29]  Geir E. Dullerud,et al.  Entropy-minimizing mechanism for differential privacy of discrete-time linear feedback systems , 2014, 53rd IEEE Conference on Decision and Control.

[30]  Flávio du Pin Calmon,et al.  Privacy against statistical inference , 2012, 2012 50th Annual Allerton Conference on Communication, Control, and Computing (Allerton).

[31]  Henrik Sandberg,et al.  Differentially private state estimation in distribution networks with smart meters , 2015, 2015 54th IEEE Conference on Decision and Control (CDC).

[32]  Maria Kihl,et al.  Resource allocation and disturbance rejection in web servers using SLAs and virtualized servers , 2009, IEEE Transactions on Network and Service Management.

[33]  Jeffrey S. Chase,et al.  Automated control in cloud computing: challenges and opportunities , 2009, ACDC '09.

[34]  ASHWIN MACHANAVAJJHALA,et al.  L-diversity: privacy beyond k-anonymity , 2006, 22nd International Conference on Data Engineering (ICDE'06).

[35]  Neri Merhav,et al.  Universal Prediction , 1998, IEEE Trans. Inf. Theory.

[36]  Silvio Micali,et al.  Computationally Private Information Retrieval with Polylogarithmic Communication , 1999, EUROCRYPT.

[37]  Gilles Barthe,et al.  Information-Theoretic Bounds for Differentially Private Mechanisms , 2011, 2011 IEEE 24th Computer Security Foundations Symposium.

[38]  Christoforos N. Hadjicostis,et al.  Privacy-preserving asymptotic average consensus , 2013, 2013 European Control Conference (ECC).

[39]  Hua Sun,et al.  The Capacity of Private Information Retrieval , 2017, IEEE Transactions on Information Theory.

[40]  Matthieu R. Bloch,et al.  Physical Layer Security , 2020, Encyclopedia of Wireless Networks.