Differentially Private Filtering

TL;DR

This paper develops methods to release filtered signals from dynamic systems while ensuring differential privacy, balancing data utility and privacy in applications like smart grids and transportation.

Contribution

It introduces a formal framework for applying differential privacy to dynamic systems and proposes algorithms to approximate filters with privacy guarantees.

Findings

Extended differential privacy to multi-participant dynamic systems.

Developed mechanisms for private filtering in continual observation scenarios.

Analyzed trade-offs between privacy and signal distortion.

Abstract

Emerging systems such as smart grids or intelligent transportation systems often require end-user applications to continuously send information to external data aggregators performing monitoring or control tasks. This can result in an undesirable loss of privacy for the users in exchange of the benefits provided by the application. Motivated by this trend, this paper introduces privacy concerns in a system theoretic context, and addresses the problem of releasing filtered signals that respect the privacy of the user data streams. Our approach relies on a formal notion of privacy from the database literature, called differential privacy, which provides strong privacy guarantees against adversaries with arbitrary side information. Methods are developed to approximate a given filter by a differentially private version, so that the distortion introduced by the privacy mechanism is minimized. Two specific scenarios are considered. First, the notion of differential privacy is extended to dynamic systems with many participants contributing independent input signals. Kalman filtering is also discussed in this context, when a released output signal must preserve differential privacy for the measured signals or state trajectories of the individual participants. Second, differentially private mechanisms are described to approximate stable filters when participants contribute to a single event stream, extending previous work on differential privacy under continual observation.