Error Bounds and Guidelines for Privacy Calibration in Differentially Private Kalman Filtering
Kasra Yazdani, Matthew Hale

TL;DR
This paper derives error bounds and provides guidelines for calibrating privacy levels in differentially private Kalman filtering, ensuring accurate state estimation while protecting sensitive data in control systems.
Contribution
It introduces error and entropy bounds for differentially private Kalman filtering and offers practical guidelines for privacy calibration to maintain desired accuracy.
Findings
Derived bounds on a priori and a posteriori errors.
Provided entropy bounds for privatized trajectories.
Demonstrated calibration guidelines through simulations.
Abstract
Differential privacy has emerged as a formal framework for protecting sensitive information in control systems. One key feature is that it is immune to post-processing, which means that arbitrary post-hoc computations can be performed on privatized data without weakening differential privacy. It is therefore common to filter private data streams. To characterize this setup, in this paper we present error and entropy bounds for Kalman filtering differentially private state trajectories. We consider systems in which an output trajectory is privatized in order to protect the state trajectory that produced it. We provide bounds on a priori and a posteriori error and differential entropy of a Kalman filter which is processing the privatized output trajectories. Using the error bounds we develop, we then provide guidelines to calibrate privacy levels in order to keep filter error within…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Error Bounds and Guidelines for Privacy Calibration in Differentially Private Kalman Filtering
Kasra Yazdani*∗* and Matthew Hale*∗* *∗*Kasra Yazdani and Matthew Hale are with the Department of Mechanical and Aerospace Engineering at the University of Florida, Gainesville, FL USA. Emails: {kasra.yazdani,matthewhale}@ufl.edu.
Abstract
Differential privacy has emerged as a formal framework for protecting sensitive information in control systems. One key feature is that it is immune to post-processing, which means that arbitrary post-hoc computations can be performed on privatized data without weakening differential privacy. It is therefore common to filter private data streams. To characterize this setup, in this paper we present error and entropy bounds for Kalman filtering differentially private state trajectories. We consider systems in which an output trajectory is privatized in order to protect the state trajectory that produced it. We provide bounds on a priori and a posteriori error and differential entropy of a Kalman filter which is processing the privatized output trajectories. Using the error bounds we develop, we then provide guidelines to calibrate privacy levels in order to keep filter error within pre-specified bounds. Simulation results are presented to demonstrate these developments.
I Introduction
Emerging technologies such as smart cities [1], intelligent transportation systems [2], and smart power grids [3] all promise to improve user services with a data-driven approach. A unifying theme in these applications is the reliance on user data in driving decisions about traffic routing, power generation, and other system behaviors. Simultaneously, these data streams have been shown to be quite revealing about users, potentially disclosing their daily habits [4] and their locations [5]. Thus there has arisen a need for user privacy. Given the need for data in decision making, privacy must also preserve the usefulness of privatized data to its recipient.
In recent years, differential privacy has become a common framework for privacy of this kind. Differential privacy started in the database literature [6] and is used to privatize database entries when database queries are made. More recently, differential privacy has been extended to trajectories arising in systems and control in [7], where the goal is to preserve the privacy of whole trajectories of data as they are generated.
Differential privacy is simple to implement because it merely requires adding noise to sensitive data (or functions of sensitive data). Differential privacy has several other properties that make it useful in control system applications. In particular, it is immune to post-processing and robust to side-information, which means that its privacy guarantees are invariant under post-hoc transformations and that they are not weakened by much with the availability of auxiliary information [6]. As a result, further computations can be performed once data is privatized without harming differential privacy’s guarantees. Of course, adding noise changes the accuracy of these computations relative to their noise-free counterparts, and the effects of differential privacy have been investigated in several contexts, e.g., [8, 9, 6, 10, 7, 11].
Data-driven systems must share data to run. In combination with the vulnerability of dynamic data streams, this need has stimulated the use of differential privacy along with model-based state estimators to both protect sensitive data and make useful control decisions in the presence of privacy. Differential privacy’s immunity to post-processing means that state estimation and filtering can be performed freely without threatening the privacy guarantees of a system’s data. The Kalman filter is a widely used state estimator which has been shown to improve the utility of privatized data in various settings [12, 7]. One common approach to differentially private Kalman filtering is to have systems add noise directly to system outputs; this approach is broadly termed “input perturbation,” because individual systems add noise to the inputs of the Kalman filter. This approach has the advantage of privatizing all data before it is ever shared, eliminating the need for a trusted aggregator.
In this paper, we are interested in privacy over long time horizons, as in smart grids and other systems that will be active for a long time. We therefore consider a Kalman filter in steady state and we analyze the accuracy of filtering private data under the input perturbation paradigm. We consider a system with discrete-time dynamics, and we protect its state trajectory by adding noise to its outputs at each point in time. We quantify the effects of privacy in two ways. First, we use differential entropy to quantify the information content of the privatized output trajectories. Second, we investigate the practical effects of privacy by bounding the mean squared error of an external observer’s estimate of the system’s states.
While the computer science literature has devised methods to calibrate privacy based on analyzing static data [13], to the best of our knowledge, no such systematic study has been undertaken in the control theory literature for trajectory-valued data. We therefore explore the relationship between privacy levels, the amount of information revealed, and the accuracy of estimates based on privatized data. We do so in terms of system properties and dynamics, thereby directly linking control theoretic information with privacy of system trajectories. Based on the bounds we derive, we provide guidelines for selecting one’s privacy level based on the downstream filtering error it induces. Through doing so, we provide the ability to calibrate one’s privacy levels based on conventional control-theoretic concerns (i.e., filtering error), thereby enabling meaningful privacy calibration without requiring in-depth knowledge of differential privacy. In addition, this paper differs from [7, 14] because those papers design private filters, whereas we characterize a common Kalman filter setup rather than designing novel filtering strategies.
The rest of the paper is organized as follows. Section II provides the necessary background for differential privacy and sets up the problem statement. In Section III, we outline the privacy implementation for our problem and briefly review Kalman filtering. Section IV presents the first main results of the paper, which are bounds on the differential entropy and MSE of state estimates based on private data. In Section V, we provide guidelines for calibrating privacy levels based on pre-specified error bounds. Next, we present numerical simulations in Section VI, and Section VII concludes the paper.
II Background on Differential Privacy and Problem Formulation
In this section we first briefly review the relevant privacy background as it pertains to private Kalman filtering specifically, and we refer the reader to [7] for a complete exposition. Then we state the problem that is the subject of the paper.
II-A Review of Differential Privacy
Differential privacy is a quantitative and statistical means of protecting data. Differential privacy makes it unlikely that an adversary or eavesdropper can make high-fidelity inferences about individuals by looking at their privatized data. It is enforced by adding noise to sensitive data (or functions thereof). Control theory provides many techniques that compensate for noise, making differential privacy a natural choice in control-theoretic settings.
Differential privacy is immune to post-processing, which means that transforming private data does not harm its privacy guarantees. In particular, filtering private trajectories does not degrade the protections of differential privacy. The guarantees of differential privacy are also robust to mechanism knowledge, which means that adversaries do not gain any advantage if they know the mechanism used to privatize data [15, 6].
In this paper, we consider a system with discrete-time dynamics. The state trajectory of the system is sensitive, and therefore it needs to be protected. Denote the system’s state trajectory by . The element of is denoted by for some . The notion of differential privacy in this paper follows the definition of differential privacy for trajectories introduced in [7]. Differential privacy can be used to ensure that an adversary is unlikely to determine either the input or state trajectory of a system, and in this paper we implement differential privacy to protect state trajectories.
In this work, we consider the so-called “input perturbation” approach to differential privacy. This means that a system will directly add noise to its own outputs before sharing them, and this has the advantage of masking sensitive data before it is shared. Formally, a system’s state trajectory will be made approximately indistinguishable from other nearby state trajectories which that system could have produced; the notions of “nearby” and “approximately indistinguishable” are formalized below in Definitions 1 and 2.
We consider vector-valued trajectories of the general form where for all . We also use the -norm where is the ordinary on . We further define the set
The state trajectory is contained in the set , which is the set of sequences of vectors in whose finite truncations are all in . Formally, we define the truncation operator over trajectories according to
[TABLE]
and we say that if and only if for all .
A differential privacy mechanism makes adjacent trajectories produce outputs which are similar in a precise sense. The choice of adjacency relation is a key part of any differential privacy implementation because it specifies which sensitive pieces of data must be made approximately indistinguishable. To formulate differential privacy for trajectories, we next define the adjacency relation over the space defined above.
Definition 1**.**
*(Adjacency) * Fix an adjacency parameter . The adjacency relation is defined for all as
[TABLE]
Two state trajectories of the system are thus adjacent if the distance between them is not more than . Differential privacy must therefore make the system’s state trajectory approximately indistinguishable from all others contained in an -ball of radius centered on its actual trajectory.
Next is a formal definition of differential privacy for dynamical systems which specifies the probabilistic guarantees of privacy. To state it, we will use a probability space \text{(\Omega\mathcal{F}\mathbb{P}}). This definition considers outputs in the space and uses a over , denoted , construction of which can be found in [7].
Definition 2**.**
(-Differential Privacy) Let* *and be given. A mechanism is -differentially private if for all adjacent , we have
[TABLE]
At time , the system has state , with discrete-time dynamics
[TABLE]
where process noise for the system is denoted by and the matrices and are time-invariant. The probability distribution of the process noise is given by , where , and all process noise terms are assumed to have finite variance. We assume that the matrices , , and are public information, representing, e.g., that the device producing outputs is of a known type.
At each time , the system outputs the value . Absent any privacy protections, the values of could reveal those of over time, which would compromise the system’s privacy. Therefore, noise must be added to the system’s output to protect its state trajectory. That is, is what is shared, is what is sensitive, and because is a function of , we add noise to to protect . Calibrating the level of noise is done using the “sensitivity” of a system’s output map, which we define next for the input perturbation privacy we use; we emphasize that, although the system perturbs the outputs of its own dynamics, the “input perturbation” label applies because the system perturbs what will become the inputs to a Kalman filter. The following bound is adapted from [7, Section IV-A].
Definition 3**.**
(Sensitivity for Input Perturbation Privacy) The sensitivity of a system’s output map is the greatest distance between two output trajectories which correspond to adjacent state trajectories. Formally, for ,
[TABLE]
We can bound via [16], where is the maximum singular value of a matrix. Various mechanisms have been developed for enforcing differential privacy in the literature [6]. The Gaussian mechanism requires adding Gaussian noise to outputs to mask systems’ state trajectories, and it can be useful in control settings that are robust to Gaussian noise. We next provide a definition of the Gaussian mechanism in terms of the -function, defined by .
Lemma 1**.**
(Input Perturbation Gaussian Mechanism) Let and be given. Let denote the output of a system with state trajectories in , and denote its -norm sensitivity by . Then the Gaussian mechanism for -differential privacy takes the form
[TABLE]
where is a stochastic process with , is the identity matrix, and
[TABLE]
This Gaussian mechanism provides -differential privacy.
Proof: See [7, Corollary 1].
In words, the Gaussian mechanism adds i.i.d Gaussian noise point-wise in time to the output of a system to keep its state trajectory private. We will use the Gaussian mechanism to enforce differential privacy for the remainder of the paper.
II-B Problem Formulation
Having covered the relevant privacy background, we now state the problem that is the focus of the paper.
Problem 1**.**
Consider a system with publicly known mean initial condition , and let it have dynamics
[TABLE]
Keep the state trajectories of the system differentially private according to specified privacy parameters . Next, investigate the effects of privacy in the following ways:
(a) Given privacy parameters , quantify the ability of the recipients of the privatized outputs to accurately estimate the actual state trajectories of the system as a function of and .
(b) Develop guidelines for choosing the system’s privacy parameters to achieve pre-specified bounds on filter error.
We will examine Problem 1(a) by quantifying filtering error and entropy in terms of systems’ privacy parameters. Problem 1(b) will then use these error bounds to inform how systems select their privacy parameters.
The initial state of the system is denoted by , where the minus sign will be used to initialize a Kalman filter which will be defined formally later. The next section presents our privacy implementation.
III Private Filtering Implementation
We consider scenarios in which systems share their privatized outputs with a recipient, such as a utility company in a smart power grid or a traffic monitor in a smart transportation system. Abstracting away implementation details, we simply say that a system sends its outputs to an aggregator, and this aggregator will run a Kalman filter. To protect its own privacy, the system only shares its privatized outputs with the aggregator. The privatized outputs of the system may also be received by other entities e.g., other systems in a network, adversaries, an eavesdropper, and data analysts. Our results apply to these other recipients as well.
Without privacy, this transmission of data could reveal the system’s state trajectory, and, as a result, compromise the system’s privacy. Hence, the system adds privacy noise at each time to its output before sharing it, giving
[TABLE]
where the privacy noise as in Lemma 1. Introducing privacy naturally involves sacrificing a level of accuracy in the shared data, and the trade-offs and effects of privacy need to be rigorously evaluated to quantify the performance of private filtering.
The aggregator receives the privatized outputs of the system and implements a Kalman filter. The Kalman filter minimizes the mean squared error (MSE) of both prediction and estimation for the systems studied in this paper, which are linear systems with Gaussian noise. Mathematically, the Kalman filter minimizes both
[TABLE]
where and respectively denote the a priori state prediction and a posteriori state estimate of the Kalman filter at time . As noted in Problem 1, the term is assumed to be publicly known. We consider a steady-state Kalman filter because we are interested in systems over long time horizons.
The update equation for the prediction step of the Kalman filter is evaluated as [17]
[TABLE]
and the a posteriori state estimate is updated as
[TABLE]
Assuming the observability of the pair and controllability of the pair , where , the a posteriori error covariance matrix is computed as
[TABLE]
Here, the a priori error covariance matrix is the unique positive semidefinite solution to the discrete algebraic Riccati equation
[TABLE]
Under differential privacy, it is provably unlikely for the recipients of to distinguish a system’s actual state trajectory from an adjacent one. In this setting, the Kalman filter minimizes the error in state prediction and estimation in the mean square sense, which means it provides the optimal estimate of a private state trajectory. Therefore, studying the connection between the Kalman filter and data privacy can elucidate fundamental limits of information accuracy when dealing with private trajectories.
IV Quantifying the Effects of Privacy
In this section, we explicitly quantify the ability of the aggregator or any potential recipient of private data, e.g., an adversary or an eavesdropper, to uncover the state trajectory of a system using its privatized outputs. One natural way to do so is to bound the MSE of the prediction and estimation steps of a Kalman filter that processes private data. Bounding these errors as functions of the system’s privacy parameters will directly connect the system’s privacy levels to the accuracy with which the aggregator can estimate its state values. We proceed by developing trace bounds for the a priori error covariance matrix and the a posteriori error covariance matrix , which are equal to the MSE of the prediction and MSE of the estimate in the Kalman filter, respectively. Because the Kalman filter in steady state minimizes both of these quantities, lower bounds on them are lower bounds on MSE for any filtering strategy across long time horizons.
Toward doing so, the following lemma upper and lower bounds the trace of a matrix product. In it, we use to denote the eigenvalues of the matrix .
Lemma 2**.**
Let and be matrices. If and is symmetric, then
[TABLE]
Proof:
See [18, Fact 5.12.4]. ∎
We next have an analogous lemma for matrix sums.
Lemma 3**.**
Let and be Hermitian matrices. Then
[TABLE]
Proof:
See [18, Theorem 8.4.11.]. ∎
To ease the presentation of the forthcoming results, we impose the following assumption.
Assumption 1**.**
The matrix is diagonal.
Below, we will repeatedly encounter the term , and we present bounds that we will use below. First observe that
[TABLE]
and we define
[TABLE]
and then
[TABLE]
Next, we present lower and upper bounds for the a priori error covariance of the Kalman filter as functions of system’s privacy noise.
Theorem 1**.**
The steady state a priori error covariance of the Kalman filter, equal to , is bounded via
[TABLE]
Proof:
The steady state MSE of the predictions of the Kalman filter is equal to the trace of the a priori error covariance of the Kalman filter as given in Equation (III). Taking the trace of Equation (III), we obtain
[TABLE]
where we have used the cyclic permutation property of the trace. Next, we use Lemma 2 to write
[TABLE]
where we apply Lemma 3 on the third line to split up the eigenvalues and use the fact that in the final step. It is shown in [19, Theorem 3.1] that , and therefore . Using this fact and Equation (19), we find
[TABLE]
which completes the first part of the proof. Similarly, by applying Lemmas 2 and 3 consecutively to Equation (III), can be upper-bounded as
[TABLE]
where in the second step we have used and the third step uses Lemma 3 to split the eigenvalues. This completes the proof. ∎
Theorem 1 bounds the MSE of the aggregator’s prediction of a system, which quantifies the ability of the aggregator to infer future states of the system. The following theorem presents similar bounds for , which represent the aggregator’s ability to determine the system’s current state.
Theorem 2**.**
Suppose a system shares its privatized output trajectory, and the aggregator has all public information. Then, the steady-state MSE of the a posteriori estimate of the system’s states is bounded by
[TABLE]
Proof:
The steady-state mean-squared estimation error E\big{[}\|x(k)-\hat{x}(k)\|^{2}\big{]} is equivalent to the trace of the a posteriori error covariance matrix in Equation (III). Using Lemma 2, a lower bound for the trace of can derived as
[TABLE]
where in the second line we have used Lemma 3 to split the eigenvalues. In the second-to-last line, we use based on [19, Theorem 3.1] to use . Similarly, using Lemma 2, an upper bound for the trace of can be derived as
[TABLE]
where in the last line is eliminated. ∎
Together, the upper and lower bounds on give MSE bounds which elucidate the balance between privacy and accuracy of information shared with the aggregator.
Privacy and utility can be inherently conflicting goals, in the sense that the greater the level of privacy is, the less useful information will generally be. To study this relationship, we use an information theoretic tool to investigate the effects of the privacy noise . In particular, we consider the differential entropy in the a posteriori estimates and a priori predictions , which were defined in Section III. Shannon entropy has been used to investigate the leakage of information while using differential privacy in other settings, for example in [8] and in distributed linear control systems [20]. Differential entropy is useful for Gaussian distributions because it bounds the sub-level sets of , where , which is the volume of a covariance ellipsoid. Therefore, we will quantify the effects of privacy noise upon the aggregator by studying how privacy noise affects and , which are within an additive and multiplicative factor of the differential entropy of error in and , respectively. Next, we present log-determinant bounds for the a priori error covariance of the Kalman filter.
Theorem 3**.**
Suppose that
[TABLE]
where , and denote the singular values of a matrix. The log-determinant of the a priori error covariance of the Kalman filter can be upper-bounded as
[TABLE]
where Furthermore, the log-determinant of the a priori error covariance of the Kalman filter can be lower-bounded as
[TABLE]
Proof:
See [16]. ∎
Next, we derive bounds on the log-determinant of the a posteriori error covariance of the Kalman filter. To facilitate the following analysis let us define the function
[TABLE]
where is a variable and the matrices and were defined in Section II. We state the following elementary lemmas that we will use below.
Lemma 4**.**
If and then there exists such that .
Proof:
See [21, Lemma 3]. ∎
Lemma 5**.**
For every we have .
Proof: Inspired by the work in [21], let . Then,
[TABLE]
Lemma 6**.**
Let be an Hermitian matrix. Then,
[TABLE]
Proof:
See [18, Corollary 8.4.2]. ∎
We now present our log-determinant bounds for .
Theorem 4**.**
The log-determinant of the a posteriori error covariance of the Kalman filter is bounded via
[TABLE]
Proof:
Computing in Equation (35), we get
[TABLE]
By Lemma 4, there exists a such that because by definition and . Since is a monotonic function [21], we have , and therefore by Lemma 2,
[TABLE]
Taking the log-determinant of both sides, we find
[TABLE]
Next, using Lemma 6, Equation (III) implies that
[TABLE]
where, due to the similarity of the steps of this proof to the proof for Theorem 2, we have omitted the explanations for each step. Using Equation (19) and taking the log-determinant of the both sides of the Equation (IV), we can write
[TABLE]
and the theorem follows. ∎
Of course, beyond merely studying the impacts of privacy, one can leverage these bounds to enable better privacy parameter selection by tailoring privacy levels to attain a certain quality of information downstream. That is the subject of the next section.
V Guidelines for Selecting Privacy Parameters
In this section, we develop new guidelines for selecting privacy parameters, which will allow us to achieve specified filtering error bounds. These bounds enable the calibration of privacy levels based on the desired accuracy of those making decisions with private data, as well as individuals’ privacy desires. The value of the privacy parameter is typically chosen to be small and fixed. The value of can be understood as the probability of differential privacy failing to protect sensitive data, and it is therefore often [7] chosen in and we adopt this for range for the rest of the paper.
Theorem 5**.**
Suppose a system shares its privatized output trajectory and the aggregator has access to all public information. Take and choose . Suppose we want the steady state MSE of predictions of the system’s next states, i.e., the a priori state predictions, to be in for some bounds and . A sufficient condition to do so is to bound via
[TABLE]
where
[TABLE]
and
[TABLE]
Proof:
First, choose and solve for to get . Taking implies . As a result, we can write to get
[TABLE]
Using the fact that , substituting for , squaring both sides and rearranging, we have
[TABLE]
which implies that . It then follows that
[TABLE]
which, by comparing to Theorem 1, implies that .
Next, choose . Given , we can write , and, rearranging the terms, we find Substitute for , square, and rearrange to get
[TABLE]
Now, and therefore
,
which implies
[TABLE]
Therefore,
[TABLE]
and by Theorem 1, choosing as above is sufficient to guarantee . ∎
Theorem 5 presents upper and lower bounds for the privacy parameter which ensure that steady-state a priori filtering error remains within acceptable bounds. Next, we provide analogous bounds on for a posteriori error.
Theorem 6**.**
Suppose a system shares its privatized output trajectory and the aggregator has access to all public information. Take and set . Suppose we want the steady-state MSE of the estimated states of the system, i.e., the a posteriori state estimates, to be contained in the interval for some bounds and . To do so, it is sufficient to choose the privacy parameter according to
[TABLE]
where
[TABLE]
Proof:
Choose and solve for to get . Choosing gives . As a result, similar to the proof of Theorem 5, we can write to get
[TABLE]
Because , we can lower-bound the left-hand-side to write
[TABLE]
Squaring, substituting in , and rearranging we get
[TABLE]
which is equivalent to which implies Comparing this result to Theorem 2, we see that this is sufficient for .
Next, choose . Given , we may write We substitute for and square both sides to write
[TABLE]
and therefore, by upper-bounding the right-hand-side and rearranging we write
[TABLE]
This in turn implies Isolating gives which, in light of Theorem 2, is a sufficient condition to get . ∎
Theorem 6 provides guidelines for choosing the privacy parameters , which allows a user to make informed decisions for its level of privacy. We next demonstrate these bounds in practice.
VI Case Study
In this section, we simulate a system with state for all and dynamics
[TABLE]
We proceed to enforce input perturbation differential privacy as discussed in Section III. We choose , which gives . The privacy noise is added to the outputs at each time . The aggregator receives the private outputs pointwise in time and runs a Kalman filter, and we simulate this setup for timesteps.
The results of this simulation are presented in Figures 1 and 2. In Figure 1, we present the MSE bounds derived in Theorem 1, and we compare them with the actual instantaneous a priori error. On average, the a priori error in predictions of the system’s states remains within the given bounds; ephemeral bound violations are expected as these bounds pertain to mean-square error. In Figure 2, we demonstrate the instantaneous error of the estimated states of the system and we compare that with the upper and lower bounds derived in Theorem 2. As expected, the instantaneous a posteriori error typically lies within the bounds derived in Theorem 2. Both plots illustrate our bounds on the ability of an aggregator to predict or estimate the states of a system sharing privatized information.
VII Conclusions
In this paper, we have proposed new guidelines for calibrating the levels of privacy when enforcing differential privacy in linear systems with Gaussian noise. These guidelines were chosen to attain desired filtering error bounds, and novel bounds were presented for both filter entropy and filter error in terms of a system’s privacy levels. Future work includes investigating general filtering techniques in which nonlinear systems are considered, with potential applications in smart power grids and autonomous systems.
The reference list from the paper itself. Each links out to its DOI / PubMed record.
- 1[1] D. Eckhoff and I. Wagner, “Privacy in the smart city—applications, technologies, challenges, and solutions,” IEEE Communications Surveys Tutorials , vol. 20, no. 1, pp. 489–516, 2018.
- 2[2] F. Kargl, A. Friedman, and R. Boreli, “Differential privacy in intelligent transportation systems,” in Proceedings of the Sixth ACM Conference on Security and Privacy in Wireless and Mobile Networks , ser. Wi Sec ’13. New York, NY, USA: ACM, 2013, pp. 107–112.
- 3[3] P. Mc Daniel and S. Mc Laughlin, “Security and privacy challenges in the smart grid,” IEEE Security Privacy , vol. 7, no. 3, pp. 75–77, May 2009.
- 4[4] M. A. Lisovich and S. B. Wicker, “Privacy concerns in upcoming residential and commercial demand-response systems,” IEEE Proceedings on Power Systems , vol. 1, no. 1, March 2008.
- 5[5] K. Zhang, J. Ni, K. Yang, X. Liang, J. Ren, and X. S. Shen, “Security and privacy in smart city applications: Challenges and solutions,” IEEE Communications Magazine , vol. 55, no. 1, pp. 122–129, 2017.
- 6[6] C. Dwork, A. Roth et al. , “The algorithmic foundations of differential privacy,” Foundations and Trends® in Theoretical Computer Science , vol. 9, no. 3–4, pp. 211–407, 2014.
- 7[7] J. L. Ny and G. J. Pappas, “Differentially private filtering,” IEEE Transactions on Automatic Control , vol. 59, no. 2, pp. 341–354, Feb 2014.
- 8[8] M. S. Alvim, M. E. Andres, K. Chatzikokolakis, P. Degano, and C. Palamidessi, “Differential privacy: On the trade-off between utility and information leakage,” in Formal Aspects of Security and Trust . Berlin, Heidelberg: Springer Berlin Heidelberg, 2012, pp. 39–54.
