TY - JOUR
T1 - Differentially Private Event-Triggered Sampling
AU - Ny, Jerome Le
AU - Hirche, Sandra
N1 - Publisher Copyright:
© 2019 IFAC-PapersOnLine. All rights reseved.
PY - 2019
Y1 - 2019
N2 - This paper describes a differentially private event-triggered sampling mechanism to select measurement samples from a data sequence whose dynamics can be modelled by a stochastic linear system. The mechanism produces subsequences that can be used to reestimate the original sequence relatively accurately and the differential privacy constraint guarantees that these subsequences are insensitive to certain variations in the input sequence. The subsampling process can be motivated by the presence of communication bandwidth constraints, but also provides an additional tool to explore achievable privacy-utility tradeoffs in privacy-preserving signal processing and control. Event-triggered sampling can offer benefits over periodic subsampling by attempting to select the most useful samples, but the fact that it leaks information when no sampling occurs must be carefully taken into account to meet the differential privacy requirement. We propose a design using a stochastic sampling threshold, leveraging the "sparse vector technique" from differential privacy to incur a privacy loss only when samples are actually released. This design includes a suboptimal but tractable recursive finite-dimensional estimator that can also be used to re-estimate the original sequence from the differentially private noisy subsequence.
AB - This paper describes a differentially private event-triggered sampling mechanism to select measurement samples from a data sequence whose dynamics can be modelled by a stochastic linear system. The mechanism produces subsequences that can be used to reestimate the original sequence relatively accurately and the differential privacy constraint guarantees that these subsequences are insensitive to certain variations in the input sequence. The subsampling process can be motivated by the presence of communication bandwidth constraints, but also provides an additional tool to explore achievable privacy-utility tradeoffs in privacy-preserving signal processing and control. Event-triggered sampling can offer benefits over periodic subsampling by attempting to select the most useful samples, but the fact that it leaks information when no sampling occurs must be carefully taken into account to meet the differential privacy requirement. We propose a design using a stochastic sampling threshold, leveraging the "sparse vector technique" from differential privacy to incur a privacy loss only when samples are actually released. This design includes a suboptimal but tractable recursive finite-dimensional estimator that can also be used to re-estimate the original sequence from the differentially private noisy subsequence.
KW - Data privacy
KW - Event-triggered sampling
KW - Recursive estimation
KW - Sampling systems
KW - State estimation
UR - http://www.scopus.com/inward/record.url?scp=85082728671&partnerID=8YFLogxK
U2 - 10.1016/j.ifacol.2019.12.172
DO - 10.1016/j.ifacol.2019.12.172
M3 - Conference article
AN - SCOPUS:85082728671
SN - 1474-6670
VL - 52
SP - 303
EP - 308
JO - IFAC Proceedings Volumes (IFAC-PapersOnline)
JF - IFAC Proceedings Volumes (IFAC-PapersOnline)
IS - 20
T2 - 8th IFAC Workshop on Distributed Estimation and Control in Networked Systems, NECSYS 2019
Y2 - 16 September 2019 through 17 September 2019
ER -