A Volumetric Privacy Measure for Dynamical Systems With Bounded Disturbance

TL;DR

This paper introduces a volumetric privacy measure for dynamical systems with bounded disturbances, analyzing how uncertainty about private states evolves and proposing an optimization-based privacy filter to enhance privacy against inference attacks.

Contribution

It develops a novel privacy measure based on the volume of the adversary's uncertainty set and designs an optimization-based privacy filter to improve privacy protection.

Findings

The privacy measure's evolution is characterized and bounded by information gain.

The proposed privacy filter significantly enhances robustness against inference attacks.

The approach outperforms baseline mechanisms like noise addition and quantization.

Abstract

In this paper, we first present a volumetric privacy measure for dynamical systems with bounded disturbances, wherein the states of the system contain private information and an adversary with access to sensor measurements attempts to infer the set of potential values of the private information. Under the proposed privacy measure, the volume of the uncertainty set of the adversary given the sensor measurements is considered as the privacy level of the system. We next characteristic the time evolution of the proposed privacy measure and study its properties for a particular system with both public and private states, where a set containing the public state is shared as the observation. Approximate set-membership estimation techniques are developed to compute the private-state uncertainty set, and the properties of the privacy measure are analyzed, demonstrating that the uncertainty reduction of the adversary is bounded by the information gain from the observation set. Furthermore, an optimization-based privacy filter design problem is formulated, employing randomization and linear programming to enhance the privacy level. The effectiveness of the proposed approach is validated through a production-inventory case study. Results show that the optimal privacy filter significantly improves robustness against inference attacks and outperforms two baseline mechanisms based on additive noise and quantization.