Visible to the public Differential Privacy, 2014, Part 1

SoS Newsletter- Advanced Book Block


SoS Logo

Differential Privacy, 2014

Part 1

The theory of differential privacy is an active research area, and there are now differentially private algorithms for a wide range of problems. The work here looks at big data and cyber physical systems, as well as theoretic approaches. Citations are for articles published in 2014.  

Xiaojing Liao; Formby, D.; Day, C.; Beyah, R.A., “Towards Secure Metering Data Analysis via Distributed Differential Privacy,” Dependable Systems and Networks (DSN), 2014 44th Annual IEEE/IFIP International Conference on, vol., no., pp. 780, 785, 23-26 June 2014. doi:10.1109/DSN.2014.82
Abstract: The future electrical grid, i.e., smart grid, will utilize appliance-level control to provide sustainable power usage and flexible energy utilization. However, load trace monitoring for appliance-level control poses privacy concerns with inferring private information. In this paper, we introduce a privacy-preserving and fine-grained power load data analysis mechanism for appliance-level peak-time load balance control in the smart grid. The proposed technique provides rigorous provable privacy and an accuracy guarantee based on distributed differential privacy. We simulate the scheme as privacy modules in the smart meter and the concentrator, and evaluate its performance under a real-world power usage dataset, which validates the efficiency and accuracy of the proposed scheme.
Keywords: data analysis; data privacy; domestic appliances; load (electric); power engineering computing; smart meters; smart power grids; appliance-level control; appliance-level peak-time load balance control; concentrator; distributed differential privacy; electrical grid; fine-grained power load data analysis mechanism; flexible energy utilization; load trace monitoring; metering data analysis; performance evaluation; privacy-preserving load data analysis mechanism; smart grid; smart meter; sustainable power usage; Accuracy; Home appliances; Noise; Power demand; Privacy; Smart grids; Smart meters (ID#: 15-5909)


Ren Hongde; Wang Shuo; Li Hui, “Differential Privacy Data Aggregation Optimizing Method and Application to Data Visualization,” Electronics, Computer and Applications, 2014 IEEE Workshop on, vol, no., pp. 54, 58, 8-9 May 2014. doi:10.1109/IWECA.2014.6845555
Abstract: This article explores the challenges in data privacy within the big data era with specific focus on differential privacy of social media data and its geospatial realization within a Cloud-based research environment. By using differential privacy method, this paper achieves the distortion of the data by adding noise to protect data privacy. Furthermore, this article presents the IDP k-means Aggregation Optimizing Method to decrease the overlap and superposition of massive data visualization. Finally this paper combines IDP k-means Aggregation Optimizing Method with differential privacy method to protect data privacy. The outcome of this research is a set of underpinning formal models of differential privacy that reflect the geospatial tools challenges faced with location-based information, and the implementation of a suite of Cloud-based tools illustrating how these tools support an extensive range of data privacy demands.
Keywords: Big Data; cloud computing; data privacy; data visualisation; IDP k-means aggregation optimizing method; cloud-based research environment; differential privacy data aggregation; differential privacy method; formal models; geospatial realization; geospatial tools; location-based information; social media data; Algorithm design and analysis; Visualization; Data Visualization; aggregation optimizing; differential privacy; massive data  (ID#: 15-5910)


Barthe, G.; Gaboardi, M.; Gallego Arias, E.J.; Hsu, J.; Kunz, C.; Strub, P.-Y., “Proving Differential Privacy in Hoare Logic,” Computer Security Foundations Symposium (CSF), 2014 IEEE 27th, vol., no., pp. 411, 424, 19-22 July 2014. doi:10.1109/CSF.2014.36
Abstract: Differential privacy is a rigorous, worst-case notion of privacy-preserving computation. Informally, a probabilistic program is differentially private if the participation of a single individual in the input database has a limited effect on the program's distribution on outputs. More technically, differential privacy is a quantitative 2-safety property that bounds the distance between the output distributions of a probabilistic program on adjacent inputs. Like many 2-safety properties, differential privacy lies outside the scope of traditional verification techniques. Existing approaches to enforce privacy are based on intricate, non-conventional type systems, or customized relational logics. These approaches are difficult to implement and often cumbersome to use. We present an alternative approach that verifies differential privacy by standard, non-relational reasoning on non-probabilistic programs. Our approach transforms a probabilistic program into a non-probabilistic program which simulates two executions of the original program. We prove that if the target program is correct with respect to a Hoare specification, then the original probabilistic program is differentially private. We provide a variety of examples from the differential privacy literature to demonstrate the utility of our approach. Finally, we compare our approach with existing verification techniques for privacy.
Keywords: data privacy; formal logic; Hoare logic; Hoare specification; differential privacy literature; many 2-safety properties; nonprobabilistic programs; nonrelational reasoning; privacy-preserving computation; quantitative 2-safety property; verification techniques; worst-case notion; Data privacy; Databases; Privacy; Probabilistic logic; Safety; Standards; Synchronization; differential privacy; hoare logic; privacy; probabilistic hoare logic; relational hoare logic; verification (ID#: 15-5911)


Yilin Shen; Hongxia Jin, “Privacy-Preserving Personalized Recommendation: An Instance-Based Approach via Differential Privacy,” Data Mining (ICDM), 2014 IEEE International Conference on, vol., on., pp. 540, 549, 14-17 Dec. 2014. doi:10.1109/ICDM.2014.140
Abstract: Recommender systems become increasingly popular and widely applied nowadays. The release of users' private data is required to provide users accurate recommendations, yet this has been shown to put users at risk. Unfortunately, existing privacy-preserving methods are either developed under trusted server settings with impractical private recommender systems or lack of strong privacy guarantees. In this paper, we develop the first lightweight and provably private solution for personalized recommendation, under untrusted server settings. In this novel setting, users' private data is obfuscated before leaving their private devices, giving users greater control on their data and service providers less responsibility on privacy protections. More importantly, our approach enables the existing recommender systems (with no changes needed) to directly use perturbed data, rendering our solution very desirable in practice. We develop our data perturbation approach on differential privacy, the state-of-the-art privacy model with lightweight computation and strong but provable privacy guarantees. In order to achieve useful and feasible perturbations, we first design a novel relaxed admissible mechanism enabling the injection of flexible instance-based noises. Using this novel mechanism, our data perturbation approach, incorporating the noise calibration and learning techniques, obtains perturbed user data with both theoretical privacy and utility guarantees. Our empirical evaluation on large-scale real-world datasets not only shows its high recommendation accuracy but also illustrates the negligible computational overhead on both personal computers and smart phones. As such, we are able to meet two contradictory goals, privacy preservation and recommendation accuracy. This practical technology helps to gain user adoption with strong privacy protection and benefit companies with high-quality personalized services on perturbed user data.
Keywords: calibration; data privacy; personal computing; recommender systems; trusted computing; computational overhead; data perturbation; differential privacy; high quality personalized services; noise calibration; perturbed user data; privacy preservation; privacy protections; privacy-preserving methods; privacy-preserving personalized recommendation; private recommender systems; provable privacy guarantees; recommendation accuracy; smart phones; strong privacy protection; theoretical privacy; untrusted server settings; user adoption; user private data; utility guarantees; Aggregates; Data privacy; Noise; Privacy; Sensitivity; Servers; Vectors; Data Perturbation; Differential Privacy; Learning and Optimization; Probabilistic Analysis; Recommender System (ID#: 15-5912)


Jing Zhao; Taeho Jung; Yu Wang; Xiangyang Li, “Achieving Differential Privacy of Data Disclosure in the Smart Grid,” INFOCOM, 2014 Proceedings IEEE, vol., no., pp. 504, 512, April 27 2014 - May 2 2014. doi:10.1109/INFOCOM.2014.6847974
Abstract: The smart grid introduces new privacy implications to individuals and their family due to the fine-grained usage data collection. For example, smart metering data could reveal highly accurate real-time home appliance energy load, which may be used to infer the human activities inside the houses. One effective way to hide actual appliance loads from the outsiders is Battery-based Load Hiding (BLH), in which a battery is installed for each household and smartly controlled to store and supply power to the appliances. Even though such technique has been demonstrated useful and can prevent certain types of attacks, none of existing BLH works can provide probably privacy-preserving mechanisms. In this paper, we investigate the privacy of smart meters via differential privacy. We first analyze the current existing BLH methods and show that they cannot guarantee differential privacy in the BLH problem. We then propose a novel randomized BLH algorithm which successfully assures differential privacy, and further propose the Multitasking-BLH-Exp3 algorithm which adaptively updates the BLH algorithm based on the context and the constraints. Results from extensive simulations show the efficiency and effectiveness of the proposed method over existing BLH methods.
Keywords: data acquisition; domestic appliances; smart meters; smart power grids; BLH methods; battery-based load hiding; data disclosure; fine-grained usage data collection; multitasking-BLH-Exp3 algorithm; privacy-preserving mechanisms; real-time home appliance energy load; smart grid; smart metering data; smart meters via differential privacy; Batteries; Data privacy; Energy consumption; Home appliances; Noise; Privacy; Smart meters; Data Disclosure; Differential Privacy; Smart Grid; Smart Meter (ID#: 15-5913)


Hsu, J.; Gaboardi, M.; Haeberlen, A.; Khanna, S.; Narayan, A.; Pierce, B.C.; Roth, A., “Differential Privacy: An Economic Method for Choosing Epsilon,” Computer Security Foundations Symposium (CSF), 2014 IEEE 27th, vol., no., pp. 398, 410, 19-22 July 2014. doi:10.1109/CSF.2014.35
Abstract: Differential privacy is becoming a gold standard notion of privacy; it offers a guaranteed bound on loss of privacy due to release of query results, even under worst-case assumptions. The theory of differential privacy is an active research area, and there are now differentially private algorithms for a wide range of problems. However, the question of when differential privacy works in practice has received relatively little attention. In particular, there is still no rigorous method for choosing the key parameter ε, which controls the crucial tradeoff between the strength of the privacy guarantee and the accuracy of the published results. In this paper, we examine the role of these parameters in concrete applications, identifying the key considerations that must be addressed when choosing specific values. This choice requires balancing the interests of two parties with conflicting objectives: the data analyst, who wishes to learn something about the data, and the prospective participant, who must decide whether to allow their data to be included in the analysis. We propose a simple model that expresses this balance as formulas over a handful of parameters, and we use our model to choose ε on a series of simple statistical studies. We also explore a surprising insight: in some circumstances, a differentially private study can be more accurate than a non-private study for the same cost, under our model. Finally, we discuss the simplifying assumptions in our model and outline a research agenda for possible refinements.
Keywords: data analysis; data privacy; Epsilon; data analyst; differential privacy; differentially private algorithms; economic method; privacy guarantee; Accuracy; Analytical models; Cost function; Data models; Data privacy; Databases; Privacy; Differential Privacy (ID#: 15-5914)


Weina Wang; Lei Ying; Junshan Zhang, “On the Relation Between Identifiability, Differential Privacy, and Mutual-Information Privacy,” Communication, Control, and Computing (Allerton), 2014 52nd Annual Allerton Conference on, vol., no., pp. 1086, 1092, Sept. 30 2014 - Oct. 3 2014. doi:10.1109/ALLERTON.2014.7028576
Abstract: This paper investigates the relation between three different notions of privacy: identifiability, differential privacy and mutual-information privacy. Under a privacy-distortion framework, where the distortion is defined to be the expected Hamming distance between the input and output databases, we establish some fundamental connections between these three privacy notions. Given a maximum distortion D, let ε*i(D) denote the smallest (best) identifiability level, and ε*d(D) the smallest differential privacy level. Then we characterize ε*i(D) and ε*d(D), and prove that ε*i(D) - εx ≤ ε*d(D) ≤ ε*i(D) for D in some range, where εx is a constant depending on the distribution of the original database X, and diminishes to zero when the distribution of X is uniform. Furthermore, we show that identifiability and mutual-information privacy are consistent in the sense that given a maximum distortion D in some range, there is a mechanism that optimizes the identifiability level and also achieves the best mutual-information privacy.
Keywords: data privacy; database management systems; Hamming distance; differential privacy level; identifiability level; input databases; maximum distortion; mutual-information privacy; output databases; privacy-distortion framework; Data analysis; Data privacy; Databases; Mutual information; Privacy; Random variables (ID#: 15-5915)


Shrivastva, K.M.P.; Rizvi, M.A.; Singh, S., “Big Data Privacy Based on Differential Privacy a Hope for Big Data,” Computational Intelligence and Communication Networks (CICN), 2014 International Conference on, vol., no., pp. 776,781, 14-16 Nov. 2014. doi:10.1109/CICN.2014.167
Abstract: In era of information age, due to different electronic, information & communication technology devices and process like sensors, cloud, individual archives, social networks, internet activities and enterprise data are growing exponentially. The most challenging issues are how to effectively manage these large and different type of data. Big data is one of the term named for this large and different type of data. Due to its extraordinary scale, privacy and security is one of the critical challenge of big data. At the every stage of managing the big data there are chances that privacy may be disclose. Many techniques have been suggested and implemented for privacy preservation of large data set like anonymization based, encryption based and others but unfortunately due to different characteristic (large volume, high speed, and unstructured data) of big data all these techniques are not fully suitable. In this paper we have deeply analyzed, discussed and suggested how an existing approach “differential privacy” is suitable for big data. Initially we have discussed about differential privacy and later analyze how it is suitable for big data.
Keywords: Big Data; cryptography; data privacy; anonymization based data set; big data privacy; big data security; differential privacy; electronic devices; encryption based data set; information age; information and communication technology devices; privacy preservation; Big data; Data privacy; Databases; Encryption; Noise; Privacy; Anonymization; Big data privacy; Differential privacy; Privacy approaches (ID#: 15-5916)


Quan Geng; Viswanath, P., “The Optimal Mechanism in Differential Privacy,” Information Theory (ISIT), 2014 IEEE International Symposium on, vol., no., pp. 2371, 2375, June 29 2014 – July 4 2014. doi:10.1109/ISIT.2014.6875258
Abstract: Differential privacy is a framework to quantify to what extent individual privacy in a statistical database is preserved while releasing useful aggregate information about the database. In this work we study the fundamental tradeoff between privacy and utility in differential privacy. We derive the optimal ε-differentially private mechanism for single real-valued query function under a very general utility-maximization (or cost-minimization) framework. The class of noise probability distributions in the optimal mechanism has staircase-shaped probability density functions, which can be viewed as a geometric mixture of uniform probability distributions. In the context of ℓ1 and ℓ2 utility functions, we show that the standard Laplacian mechanism, which has been widely used in the literature, is asymptotically optimal in the high privacy regime, while in the low privacy regime, the staircase mechanism performs exponentially better than the Laplacian mechanism. We conclude that the gains of the staircase mechanism are more pronounced in the moderate-low privacy regime.
Keywords: Laplace equations; minimisation; statistical databases; statistical distributions; ℓ1 utility functions; ℓ2 utility functions; Laplacian mechanism; aggregate information; cost-minimization framework; differential privacy; geometric mixture; high privacy regime; low privacy regime; noise probability distributions; optimal ε-differentially private mechanism; real-valued query function; staircase-shaped probability density functions; statistical database; uniform probability distributions; utility-maximization framework; Data privacy; Databases; Laplace equations; Noise; Privacy; Probability density function; Probability distribution (ID#: 15-5917)


Zuxing Li; Oechtering, T.J., “Differential Privacy in Parallel Distributed Bayesian Detections,” Information Fusion (FUSION), 2014 17th International Conference on, vol., no., pp. 1, 7, 7-10 July 2014. doi:(not provided)
Abstract: In this paper, the differential privacy problem in parallel distributed detections is studied in the Bayesian formulation. The privacy risk is evaluated by the minimum detection cost for the fusion node to infer the private random phenomenon. Different from the privacy-unconstrained distributed Bayesian detection problem, the optimal operation point of a remote decision maker can be on the boundary of the privacy-unconstrained operation region or in the intersection of privacy constraint hyperplanes. Therefore, for a remote decision maker in the optimal privacy-constrained distributed detection design, it is sufficient to consider a deterministic linear likelihood combination test or a randomized decision strategy of two linear likelihood combination tests which achieves the optimal operation point in each case. Such an insight indicates that the existing algorithm can be reused by incorporating the privacy constraint. The trade-off between detection and privacy metrics will be illustrated in a numerical example.
Keywords: Bayes methods; data privacy; decision making; deterministic algorithms; parallel algorithms; random processes; Bayesian formulation; deterministic linear likelihood combination test; differential privacy problem; fusion node; minimum detection cost; optimal privacy-constrained distributed detection design; parallel distributed detections; privacy constraint hyperplanes; privacy risk; privacy-unconstrained distributed Bayesian detection problem; privacy-unconstrained operation region; private random phenomenon; randomized decision strategy; remote decision maker; Data privacy; Integrated circuits; Measurement; Optimization; Phase frequency detector; Privacy (ID#: 15-5918)


Yu Wang; Zhenqi Huang; Mitra, S.; Dullerud, G.E., “Entropy-Minimizing Mechanism for Differential Privacy of Discrete-Time Linear Feedback Systems,” Decision and Control (CDC), 2014 IEEE 53rd Annual Conference on, vol., no., pp. 2130, 2135, 15-17 Dec. 2014. doi:10.1109/CDC.2014.7039713
Abstract: The concept of differential privacy stems from the study of private query of datasets. In this work, we apply this concept to metric spaces to study a mechanism that randomizes a deterministic query by adding mean-zero noise to keep differential privacy. For one-shot queries, we show that ∈-differential privacy of an n-dimensional input implies a lower bound n - n ln(∈/2) on the entropy of the randomized output, and this lower bound is achieved by adding Laplacian noise. We then consider the ∈-differential privacy of a discrete-time linear feedback system in which noise is added to the system output at each time. The adversary estimates the system states from the output history. We show that, to keep the system ∈-differentially private, the output entropy is bounded below, and this lower bound is achieves by an explicit mechanism.
Keywords: discrete time systems; feedback; linear systems; ∈-differential privacy; Laplacian noise; deterministic query; discrete-time linear feedback systems; entropy-minimizing mechanism; mean-zero noise; metric space; n-dimensional input; one-shot query; private query; randomized output; system output; system states; Entropy; History; Measurement; Noise; Privacy; Probability distribution; Random variables (ID#: 15-5919)


Shang Shang; Wang, T.; Cuff, P.; Kulkarni, S., “The Application of Differential Privacy for Rank Aggregation: Privacy and Accuracy,” Information Fusion (FUSION), 2014 17th International Conference on, vol, no., pp. 1, 7, 7-10 July 2014. doi:(not provided)
Abstract: The potential risk of privacy leakage prevents users from sharing their honest opinions on social platforms. This paper addresses the problem of privacy preservation if the query returns the histogram of rankings. The framework of differential privacy is applied to rank aggregation. The error probability of the aggregated ranking is analyzed as a result of noise added in order to achieve differential privacy. Upper bounds on the error rates for any positional ranking rule are derived under the assumption that profiles are uniformly distributed. Simulation results are provided to validate the probabilistic analysis.
Keywords: data privacy; probability; social networking (online); differential privacy; error probability; honest opinions; positional ranking rule; privacy leakage; privacy preservation; probabilistic analysis; rank aggregation; ranking histogram; social platforms; Algorithm design and analysis; Error analysis; Histograms; Noise; Privacy; Upper bound; Vectors; Accuracy; Privacy; Rank Aggregation (ID#: 15-5920)


Sarwate, A.D.; Sankar, L., “A Rate-Distortion Perspective on Local Differential Privacy,” Communication, Control, and Computing (Allerton), 2014 52nd Annual Allerton Conference on, vol, no., pp. 903, 908, Sept. 30 2014 - Oct. 3 2014. doi:10.1109/ALLERTON.2014.7028550
Abstract: Local differential privacy is a model for privacy in which an untrusted statistician collects data from individuals who mask their data before revealing it. While randomized response has shown to be a good strategy when the statistician's goal is to estimate a parameter of the population, we consider instead the problem of locally private data publishing, in which the data collector must publish a version of the data it has collected. We model utility by a distortion measure and consider privacy mechanisms that act via a memoryless channel operating on the data. If we consider a the source distribution to be unknown but in a class of distributions, we arrive at a robust-rate distortion model for the privacy-distortion tradeoff. We show that under Hamming distortions, the differential privacy risk is lower bounded for all nontrivial distortions, and that the lower bound grows logarithmically in the alphabet size.
Keywords: data privacy; statistical analysis; Hamming distortion; local differential privacy risk; locally private data publishing; memoryless channnel; privacy mechanism; privacy-distortion tradeoff; rate-distortion; Data models; Data privacy; Databases; Distortion measurement; Mutual information; Privacy; Rate-distortion (ID#: 15-5921)


Qihong Yu; Ruonan Rao, “An Improved Approach of Data Integration Based on Differential Privacy,” Progress in Informatics and Computing (PIC), 2014 International Conference on, vol., no., pp. 395, 399, 16-18 May 2014. doi:10.1109/PIC.2014.6972364
Abstract: Multiset operation and data transmission are the key operations for privacy preserving data integration because they involve the interaction of participants. This paper proposes an approach which contains anonymous multiset operation and distributed noise generation based on the existing researches and we apply it in data integration. Analysis shows that the improved approach provides security for data integration and has lower overhead than the existing researches.
Keywords: data integration; data privacy; anonymous multiset operation; data integration approach; data transmission; differential privacy; distributed noise generation; privacy preserving; Data integration; Data privacy; Data warehouses; Distributed databases; Encryption; Noise; data integration; multiset operation; noise generation (ID#: 15-5922)


Niknami, N.; Abadi, M.; Deldar, F., “SpatialPDP: A Personalized Differentially Private Mechanism for Range Counting Queries over Spatial Databases,” Computer and Knowledge Engineering (ICCKE), 2014 4th International eConference on, vol, no., pp. 709, 715, 29-30 Oct. 2014. doi:10.1109/ICCKE.2014.6993414
Abstract: Spatial databases are rapidly growing due to the large amount of geometric data obtained from geographic information systems, geomarketing, traffic control, and so on. Range counting queries are among the most common queries over spatial databases. They allow us to describe a region in a geometric space and then retrieve some statistics about geometric objects falling within it. Quadtree-based spatial indices are usually used by spatial databases to speed up range counting queries. Privacy protection is a major concern when answering these queries. The reason is that an adversary observing changes in query answers could induce the presence or absence of a particular geometric object in a spatial database. Differential privacy addresses this problem by guaranteeing that the presence or absence of a geometric object has little effect on the query answers. However, the existing differentially private algorithms for spatial databases ignore the fact that different subregions of a geometric space may require different amounts of privacy protection. This causes that the same privacy budget is considered for different subregions, resulting in a significant increase in error measure for subregions with low privacy protection requirements or a major reduction in privacy measure for subregions with high privacy protection requirements. In this paper, we address these shortcomings by presenting SpatialPDP, a personalized differentially private mechanism for range counting queries over spatial databases. It uses a so-called personalized geometric budgeting strategy to allocate different privacy budgets to subregions with different privacy protection requirements. Our experimental results show that SpatialPDP can achieve a reasonable trade-off between error measure and differential privacy, in accordance with the privacy requirements of different subregions.
Keywords: data privacy; quadtrees; question answering (information retrieval); visual databases; SpatialPDP; differential privacy; error measure; geographic information system; geomarketing; geometric data; geometric objects; personalized differentially private mechanism; personalized geometric budgeting strategy; privacy budget; privacy protection requirement; private algorithms; quadtree-based spatial indices; query answers; range counting query; spatial databases; traffic control; Data privacy; Measurement uncertainty; Noise; Noise measurement; Privacy; Spatial databases; personalized geometric budgeting; personalized privacy; spatial database (ID#: 15-5923)


Hill, R.; Hansen, M.; Janssen, E.; Sanders, S.A.; Heiman, J.R.; Li Xiong, “A Quantitative Approach for Evaluating the Utility of a Differentially Private Behavioral Science Dataset,” Healthcare Informatics (ICHI), 2014 IEEE International Conference on, vol., no., pp. 276, 284, 15-17 Sept. 2014. doi:10.1109/ICHI.2014.45
Abstract: Social scientists who collect large amounts of medical data value the privacy of their survey participants. As they follow participants through longitudinal studies, they develop unique profiles of these individuals. A growing challenge for these researchers is to maintain the privacy of their study participants, while sharing their data to facilitate research. Differential privacy is a new mechanism which promises improved privacy guarantees for statistical databases. We evaluate the utility of a differentially private dataset. Our results align with the theory of differential privacy and show when the number of records in the database is sufficiently larger than the number of cells covered by a database query, the number of statistical tests with results close to those performed on original data increases.
Keywords: data privacy; medical information systems; statistical analysis; database query; differential privacy; medical data; private behavioral science dataset; statistical database; statistical test; Data privacy; Databases; Histograms;Logistics; Noise; Privacy; Sensitivity; Behavioral Science; Data Privacy; Differential Privacy


Le Ny, J.; Touati, A.; Pappas, G.J., “Real-Time Privacy-Preserving Model-Based Estimation of Traffic Flows,” Cyber-Physical Systems (ICCPS), 2014 ACM/IEEE International Conference on, vol, no., pp. 92, 102, 14-17 April 2014. doi:10.1109/ICCPS.2014.6843714
Abstract: Road traffic information systems rely on data streams provided by various sensors, e.g., loop detectors, cameras, or GPS, containing potentially sensitive location information about private users. This paper presents an approach to enhance real-time traffic state estimators using fixed sensors with a privacy-preserving scheme providing formal guarantees to the individuals traveling on the road network. Namely, our system implements differential privacy, a strong notion of privacy that protects users against adversaries with arbitrary side information. In contrast to previous privacy-preserving schemes for trajectory data and location-based services, our procedure relies heavily on a macroscopic hydrodynamic model of the aggregated traffic in order to limit the impact on estimation performance of the privacy-preserving mechanism. The practicality of the approach is illustrated with a differentially private reconstruction of a day of traffic on a section of I-880 North in California from raw single-loop detector data.
Keywords: data privacy; real-time systems; road traffic; state estimation; traffic information systems; data streams; real-time privacy-preserving model real-time traffic state estimators; road network; road traffic information systems; traffic flow estimation; Data privacy; Density measurement; Detectors; Privacy; Roads; Vehicles; Differential privacy; intelligent transportation systems; privacy-preserving data assimilation (ID#: 15-5924)


Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.