Asymptotic Privacy Loss due to Time Series Matching of Dependent Users

TL;DR

This paper analyzes how limited training data and user dependencies in IoT time series can lead to privacy loss, providing asymptotic bounds on privacy risks under realistic adversarial assumptions.

Contribution

It introduces an analysis of privacy loss in dependent user time series with limited training data, extending prior work to more practical scenarios.

Findings

Privacy loss increases with longer data sequences.

Dependencies between users affect privacy vulnerability.

Asymptotic bounds on privacy loss are established.

Abstract

The Internet of Things (IoT) promises to improve user utility by tuning applications to user behavior, but revealing the characteristics of a user's behavior presents a significant privacy risk. Our previous work has established the challenging requirements for anonymization to protect users' privacy in a Bayesian setting in which we assume a powerful adversary who has perfect knowledge of the prior distribution for each user's behavior. However, even sophisticated adversaries do not often have such perfect knowledge; hence, in this paper, we turn our attention to an adversary who must learn user behavior from past data traces of limited length. We also assume there exists dependency between data traces of different users, and the data points of each user are drawn from a normal distribution. Results on the lengths of training sequences and data sequences that result in a loss of user privacy are presented.