Differentially Private Filtering

Differentially Private Filtering

Emerging systems such as smart grids or intelligent transportation systems often require end-user applications to continuously send information to external data aggregators performing monitoring or control tasks. This can result in an undesirable loss of privacy for the users in exchange of the bene...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IEEE transactions on automatic control 2014-02, Vol.59 (2), p.341-354
Hauptverfasser: Le Ny, Jerome, Pappas, George J.
Format: Artikel
Sprache:eng
Schlagworte:
Context
Data privacy
Estimation
filtering
Intelligent vehicle highway systems
Kalman filtering
Monitoring
Privacy
Vectors
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 354
container_issue 2
container_start_page 341
container_title IEEE transactions on automatic control
container_volume 59
creator Le Ny, Jerome
Pappas, George J.
description Emerging systems such as smart grids or intelligent transportation systems often require end-user applications to continuously send information to external data aggregators performing monitoring or control tasks. This can result in an undesirable loss of privacy for the users in exchange of the benefits provided by the application. Motivated by this trend, this paper introduces privacy concerns in a system theoretic context, and addresses the problem of releasing filtered signals that respect the privacy of the user data streams. Our approach relies on a formal notion of privacy from the database literature, called differential privacy, which provides strong privacy guarantees against adversaries with arbitrary side information. Methods are developed to approximate a given filter by a differentially private version, so that the distortion introduced by the privacy mechanism is minimized. Two specific scenarios are considered. First, the notion of differential privacy is extended to dynamic systems with many participants contributing independent input signals. Kalman filtering is also discussed in this context, when a released output signal must preserve differential privacy for the measured signals or state trajectories of the individual participants. Second, differentially private mechanisms are described to approximate stable filters when participants contribute to a single event stream, extending previous work on differential privacy under continual observation.
doi_str_mv 10.1109/TAC.2013.2283096
format Article
fullrecord <record><control><sourceid>proquest_RIE</sourceid><recordid>TN_cdi_crossref_primary_10_1109_TAC_2013_2283096</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>6606817</ieee_id><sourcerecordid>3238050941</sourcerecordid><originalsourceid>FETCH-LOGICAL-c333t-ba97378432cd76d1c7509590ac646d89327fdaebab6272605cee000378e12f1b3</originalsourceid><addsrcrecordid>eNo9kM9Lw0AQhRdRsFbvgpeA58SZ3eyvY6m2CgU91POySSayJaZ1kwr9793S4ml48L438DF2j1Aggn1az-YFBxQF50aAVRdsglKanEsuLtkEAE1uuVHX7GYYNimqssQJy55D21Kkfgy-6w7ZRwy_fqRsEbqRYui_btlV67uB7s53yj4XL-v5a756X77NZ6u8FkKMeeWtFtqUgteNVg3WWoKVFnytStUYK7huG0-VrxTXXIGsiQAgIYS8xUpM2eNpdxe3P3saRrfZ7mOfXjqUUKYpjia14NSq43YYIrVuF8O3jweH4I4eXPLgjh7c2UNCHk5IIKL_ulKgDGrxB2rpVqw</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>1504590218</pqid></control><display><type>article</type><title>Differentially Private Filtering</title><source>IEEE Electronic Library (IEL)</source><creator>Le Ny, Jerome ; Pappas, George J.</creator><creatorcontrib>Le Ny, Jerome ; Pappas, George J.</creatorcontrib><description>Emerging systems such as smart grids or intelligent transportation systems often require end-user applications to continuously send information to external data aggregators performing monitoring or control tasks. This can result in an undesirable loss of privacy for the users in exchange of the benefits provided by the application. Motivated by this trend, this paper introduces privacy concerns in a system theoretic context, and addresses the problem of releasing filtered signals that respect the privacy of the user data streams. Our approach relies on a formal notion of privacy from the database literature, called differential privacy, which provides strong privacy guarantees against adversaries with arbitrary side information. Methods are developed to approximate a given filter by a differentially private version, so that the distortion introduced by the privacy mechanism is minimized. Two specific scenarios are considered. First, the notion of differential privacy is extended to dynamic systems with many participants contributing independent input signals. Kalman filtering is also discussed in this context, when a released output signal must preserve differential privacy for the measured signals or state trajectories of the individual participants. Second, differentially private mechanisms are described to approximate stable filters when participants contribute to a single event stream, extending previous work on differential privacy under continual observation.</description><identifier>ISSN: 0018-9286</identifier><identifier>EISSN: 1558-2523</identifier><identifier>DOI: 10.1109/TAC.2013.2283096</identifier><identifier>CODEN: IETAA9</identifier><language>eng</language><publisher>New York: IEEE</publisher><subject>Context ; Data privacy ; Estimation ; filtering ; Intelligent vehicle highway systems ; Kalman filtering ; Monitoring ; Privacy ; Vectors</subject><ispartof>IEEE transactions on automatic control, 2014-02, Vol.59 (2), p.341-354</ispartof><rights>Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) Feb 2014</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c333t-ba97378432cd76d1c7509590ac646d89327fdaebab6272605cee000378e12f1b3</citedby><cites>FETCH-LOGICAL-c333t-ba97378432cd76d1c7509590ac646d89327fdaebab6272605cee000378e12f1b3</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/6606817$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>314,780,784,796,27924,27925,54758</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/6606817$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Le Ny, Jerome</creatorcontrib><creatorcontrib>Pappas, George J.</creatorcontrib><title>Differentially Private Filtering</title><title>IEEE transactions on automatic control</title><addtitle>TAC</addtitle><description>Emerging systems such as smart grids or intelligent transportation systems often require end-user applications to continuously send information to external data aggregators performing monitoring or control tasks. This can result in an undesirable loss of privacy for the users in exchange of the benefits provided by the application. Motivated by this trend, this paper introduces privacy concerns in a system theoretic context, and addresses the problem of releasing filtered signals that respect the privacy of the user data streams. Our approach relies on a formal notion of privacy from the database literature, called differential privacy, which provides strong privacy guarantees against adversaries with arbitrary side information. Methods are developed to approximate a given filter by a differentially private version, so that the distortion introduced by the privacy mechanism is minimized. Two specific scenarios are considered. First, the notion of differential privacy is extended to dynamic systems with many participants contributing independent input signals. Kalman filtering is also discussed in this context, when a released output signal must preserve differential privacy for the measured signals or state trajectories of the individual participants. Second, differentially private mechanisms are described to approximate stable filters when participants contribute to a single event stream, extending previous work on differential privacy under continual observation.</description><subject>Context</subject><subject>Data privacy</subject><subject>Estimation</subject><subject>filtering</subject><subject>Intelligent vehicle highway systems</subject><subject>Kalman filtering</subject><subject>Monitoring</subject><subject>Privacy</subject><subject>Vectors</subject><issn>0018-9286</issn><issn>1558-2523</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2014</creationdate><recordtype>article</recordtype><sourceid>RIE</sourceid><recordid>eNo9kM9Lw0AQhRdRsFbvgpeA58SZ3eyvY6m2CgU91POySSayJaZ1kwr9793S4ml48L438DF2j1Aggn1az-YFBxQF50aAVRdsglKanEsuLtkEAE1uuVHX7GYYNimqssQJy55D21Kkfgy-6w7ZRwy_fqRsEbqRYui_btlV67uB7s53yj4XL-v5a756X77NZ6u8FkKMeeWtFtqUgteNVg3WWoKVFnytStUYK7huG0-VrxTXXIGsiQAgIYS8xUpM2eNpdxe3P3saRrfZ7mOfXjqUUKYpjia14NSq43YYIrVuF8O3jweH4I4eXPLgjh7c2UNCHk5IIKL_ulKgDGrxB2rpVqw</recordid><startdate>20140201</startdate><enddate>20140201</enddate><creator>Le Ny, Jerome</creator><creator>Pappas, George J.</creator><general>IEEE</general><general>The Institute of Electrical and Electronics Engineers, Inc. (IEEE)</general><scope>97E</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>7SP</scope><scope>7TB</scope><scope>8FD</scope><scope>FR3</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope></search><sort><creationdate>20140201</creationdate><title>Differentially Private Filtering</title><author>Le Ny, Jerome ; Pappas, George J.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c333t-ba97378432cd76d1c7509590ac646d89327fdaebab6272605cee000378e12f1b3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2014</creationdate><topic>Context</topic><topic>Data privacy</topic><topic>Estimation</topic><topic>filtering</topic><topic>Intelligent vehicle highway systems</topic><topic>Kalman filtering</topic><topic>Monitoring</topic><topic>Privacy</topic><topic>Vectors</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Le Ny, Jerome</creatorcontrib><creatorcontrib>Pappas, George J.</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Electronic Library (IEL)</collection><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Electronics &amp; Communications Abstracts</collection><collection>Mechanical &amp; Transportation Engineering Abstracts</collection><collection>Technology Research Database</collection><collection>Engineering Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>IEEE transactions on automatic control</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Le Ny, Jerome</au><au>Pappas, George J.</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Differentially Private Filtering</atitle><jtitle>IEEE transactions on automatic control</jtitle><stitle>TAC</stitle><date>2014-02-01</date><risdate>2014</risdate><volume>59</volume><issue>2</issue><spage>341</spage><epage>354</epage><pages>341-354</pages><issn>0018-9286</issn><eissn>1558-2523</eissn><coden>IETAA9</coden><abstract>Emerging systems such as smart grids or intelligent transportation systems often require end-user applications to continuously send information to external data aggregators performing monitoring or control tasks. This can result in an undesirable loss of privacy for the users in exchange of the benefits provided by the application. Motivated by this trend, this paper introduces privacy concerns in a system theoretic context, and addresses the problem of releasing filtered signals that respect the privacy of the user data streams. Our approach relies on a formal notion of privacy from the database literature, called differential privacy, which provides strong privacy guarantees against adversaries with arbitrary side information. Methods are developed to approximate a given filter by a differentially private version, so that the distortion introduced by the privacy mechanism is minimized. Two specific scenarios are considered. First, the notion of differential privacy is extended to dynamic systems with many participants contributing independent input signals. Kalman filtering is also discussed in this context, when a released output signal must preserve differential privacy for the measured signals or state trajectories of the individual participants. Second, differentially private mechanisms are described to approximate stable filters when participants contribute to a single event stream, extending previous work on differential privacy under continual observation.</abstract><cop>New York</cop><pub>IEEE</pub><doi>10.1109/TAC.2013.2283096</doi><tpages>14</tpages><oa>free_for_read</oa></addata></record>
fulltext fulltext_linktorsrc
identifier ISSN: 0018-9286
ispartof IEEE transactions on automatic control, 2014-02, Vol.59 (2), p.341-354
issn 0018-9286
1558-2523
language eng
recordid cdi_crossref_primary_10_1109_TAC_2013_2283096
source IEEE Electronic Library (IEL)
subjects Context
Data privacy
Estimation
filtering
Intelligent vehicle highway systems
Kalman filtering
Monitoring
Privacy
Vectors
title Differentially Private Filtering
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-06T10%3A28%3A57IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_RIE&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Differentially%20Private%20Filtering&rft.jtitle=IEEE%20transactions%20on%20automatic%20control&rft.au=Le%20Ny,%20Jerome&rft.date=2014-02-01&rft.volume=59&rft.issue=2&rft.spage=341&rft.epage=354&rft.pages=341-354&rft.issn=0018-9286&rft.eissn=1558-2523&rft.coden=IETAA9&rft_id=info:doi/10.1109/TAC.2013.2283096&rft_dat=%3Cproquest_RIE%3E3238050941%3C/proquest_RIE%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=1504590218&rft_id=info:pmid/&rft_ieee_id=6606817&rfr_iscdi=true