A Theory of Privacy for Cyber-Physical Systems with ......2015/10/13 · Constrained...
Transcript of A Theory of Privacy for Cyber-Physical Systems with ......2015/10/13 · Constrained...
A Theory of Privacy for Cyber-Physical Systems with Applications in Energy Systems
Shuo Han
Postdoctoral ResearcherElectrical and Systems Engineering
University of Pennsylvania
Joint work with: Ufuk Topcu, George J. Pappas
Shuo HanOct 2015
Future: A Sensor-Rich World
• 5 billion people to be connected by 2015
• 7 trillion wireless devices serving 7 billion people in 2017
- 1000 wireless devices per person (!)
2
Shuo HanOct 2015
Privacy Concerns
3
Report by:
Sen. Deb Fischer (Nebraska)Sen. Cory Booker (New Jersey)Sen. Kelly Ayotte (New Hamphsire)Sen. Brian Schatz (Hawaii)
Shuo HanOct 2015
Privacy Concerns in Cyber-Physical Systems
4
Location-based
services
Intelligent transportation systems
Camera networks
Building automation
Shuo HanOct 2015
Privacy Concerns in the Smart Grid
5
he time you jump into the
shower in the morning,
the time you inally lick off that
TV at night — even the time you
set your home security alarm.
Ontario’s privacy czar wants
THEY KNOW WHEN YOU ARE SLEEPING ...
THEY KNOW WHEN YOU ARE AWAKE ...THEY KNOW WHEN YOU ARE IN THE SHOWER ...
What time you sleep,cook, shower, turn on the tv, or set the alarm system can be tracked by the province’s emerging smart grid hydro system, possibly tipping off thieves to a household’s habits. “This thing has to be protected like Fort Knox,” says Ontario’s privacy commissioner Ann Cavoukian.
Toronto Star, May 12, 2010
Tanya Talaga
Hydro meter info a boon for thieves, marketers, and must be protected, privacy czar says
to keep the information
secret. Personal privacy must
remain paramount as the “smart
grid” electricity system is built
around the province, said Ann
Cavoukian, Ontario’s information
and privacy commissioner.
As the grid collects information
on power usage and smart
meters are installed in Ontario
homes to track consumption
data, that personal information
could represent a treasure
trove for hackers, thieves or
T
[image: NIST]
Shuo HanOct 2015
How Should We Think About Privacy?
6
Users
Administrator(Google, Facebook, ...)
Adversary
The Public
Private values
Public information
Side information
Shuo HanOct 2015
The Danger of ad hoc Privacy Solutions
7
• Dataset published for an open competition (Netflix challenge)
• Contains user ratings on movies
• Privacy solution: Anonymization
• Many reviews under real names
• Strong correlation with the Netflix dataset
De-anonymization[Narayanan and Shmatikov, 2008]
• Certain users were identified with high confidence
• Movie ratings contain sensitive information
- Political preference
- Religious view
Shuo HanOct 2015
Various Approaches to Privacy
• Database: [Dwork, 2006]
• Information Theory: [Sankar, Rajagopalan, Poor, 2010]
• Game Theory: [Acemoglu et al., 2015]
• Secure Multi-Party Computation: [Lindell and Pinkas, 2009]
• Control Theory: [Wu and Lafortune, 2012]
8
Shuo HanOct 2015
A Unified View of Privacy
9
• Adversary wants to infer the private value(s) by building an estimator
estimated_private_value(public information,side information)
• Privacy guarantee:
(estimated_private_value ≠ private value)P
Probability of Preserving Privacy
Shuo HanOct 2015
Privacy Research for Cyber-Physical Systems
10
Networks
Streaming Data
Physical Constraints
Shuo HanOct 2015
• Private Distributed Charging of Electric Vehicles
- Framework: Differential privacy
- Shuo Han, Ufuk Topcu, George J. Pappas, “Differentially Private Distributed Constrained Optimization”, IEEE Trans. Automatic Control (accepted).
• Private Smart Metering Using Internal Energy Storage
- Framework: Information-theoretic privacy
- Shuo Han, Ufuk Topcu, George J. Pappas, “Event-Based Information-Theoretic Privacy: A Case Study of Smart Meters”, 2016 American Control Conference (submitted).
11
Shuo HanOct 2015
Electric Vehicle (EV) Charging
12
Central mediator
User 1
User 2
User n
...
Communication network
• User specifications may reveal private information of the users.
• Example 1: “Unable to charge my car between 8-10pm”
→ This user may not be at home from 8-10pm.
• Example 2: “Need to charge my car by a large amount at night”
→ This user may have used the car heavily during the day.
Shuo HanOct 2015
EV charging: Mathematical formulation
• Electrical vehicle (EV) charging problem [Ma, Callaway, Hiskens, 2010]
- T time steps, n vehicles (i.e., n users)
- : Charging rates (over time) of vehicle i
- : Assumed convex (e.g., minimal variance, minimal peak load, ...)
• Both and can reveal private information
13
ri ∈ RT
U
maximum rates total amount of electricity
ri Ei
min.{ri}n
i=1
U (P
n
i=1ri)
s.t. 0 ! ri ! ri, 1T ri = Ei, i = 1, 2, . . . , n.
Shuo HanOct 2015
Differential Privacy: Setup
• With side information, an adversary may learn about user information from the output of
• The goal of differential privacy: Design a mechanism that
- preserves user privacy regardless of side information
- approximates the query well
14
User 1 User i User n
Query... ...
Database D
d1 dndi
q(D)
q
q
Shuo HanOct 2015
Differentially Private Mechanisms
15
User 1 User i User nPrivate
mechanism
User 1 User i User nPrivate
mechanism
... ...
... ...
Database
Database (adjacent to )
D
D0
M(D)
M(D0)
d1
d1
dn
dn
di
d0
i
P(M(D) ∈ R) ≤ e✏
P(M(D0) ∈ R)
The mechanism M is differentially private if
- For all
- For all adjacent and
: a small number
D
D
D0
R ⊆ range(M)
✏
D D0Cannot distinguish between and from the output of M
Shuo HanOct 2015
Probability of Preserving Privacy
• Suppose an adversary wishes to know whether user i is di
• In detection theory
- Null hypothesis: “The database is D, with user i being di.”
- Alternative hypothesis: “The database is D’, with user i being di’.”
- Adversary’s rule: choose such that
• Probabilities of error
- Type I error:
- Type II error:
16
p2 = P(M(D0) ∈ R⇤)
p1 = P(M(D) /∈ R∗)
R∗
M(D) ∈ R∗ =⇒ report “user i is di ”
Shuo HanOct 2015
Probability of Preserving Privacy
17
p1
p2p1 + e
✏
p2 ≥ 1
e✏
p1 + p2 ≥ 1.
If M is differentially private, then:
1
1
e−✏
e−✏
0
feasible region of (p1, p2)
A lower bound on the probability of preserving privacy min(p1 + p2) = 2/(1 + e✏)
[Geng, 2013]
Shuo HanOct 2015
Example: Obtaining the average
• Not private under the differential privacy framework!
• An adversary can know any if he collaborates with the rest (even if user i is not willing to collaborate)
18
User 1
d1
User 2 User n
d2 dn
...
Query (computes the average)
di ∈ [0, 1]Each
D = {di}n
i=1
q(D) =1
n
nX
i=1
di
di
Shuo HanOct 2015
Solution from differential privacy
• Differentially private mechanism: Add Laplace noise to the average
19
Mechanism (approximates the average)
User 1
d1
User 2 User n
dn
...
M(D) =1
n
nX
i=1
di + Lap(λ)
d2
Shuo HanOct 2015
How large is the noise?
• Laplace distribution:
• In the Laplace mechanism, depends on two quantities:
• Level of privacy (smaller means more private)
• Sensitivity of the query
- For all adjacent and
- For computing the average:
20
✏
q
λ = ∆/✏
∆ = maxD,D0
|q(D)− q(D0)|
∆ = 1/n
D D0
X ∼ Lap(λ) ⇐⇒ pX(x) ∝ exp(−|x|/λ)
λ
P(M(D) ∈ R) ≤ e✏
P(M(D0) ∈ R)
Can be difficult to compute for a given problem!
Shuo HanOct 2015
Distributed EV charging
• Distributed projected gradient descent [Gan et al., 2013]
• Gradient is broadcast to all users
- May lead to privacy issues: projection operation depends on
21
min.{ri}n
i=1
U (P
n
i=1ri)
s.t. ri ∈ Ci, i = 1, 2, . . . , n.
Database:
Query:
p(k) = rU
⇣
P
n
i=1 r(k)i
⌘
Ci
q = (p(1), p(2), . . . , p(K))
p(k) := rU
⇣
P
n
i=1 r(k)i
⌘
r(k+1)i
:= ΠCi(r
(k)i
− αkp(k))
D = {Ci}n
i=1
Shuo HanOct 2015
Differentially Private Projected Gradient Descent
Initialize arbitrarily
For k = 1, 2, ..., K, repeat:
1. If k = 1, then choose wk = 0;
2. Else draw from the distribution
3. Compute
4. For i = 1, 2, ..., n, compute:
Output:
22
wk ∈ RT
exp
⇣
−
2✏kwkkK(K−1)L∆
⌘
p(k) := rU
⇣
P
n
i=1 r(k)i
⌘
+ wk
r(k+1)i
:= ΠCi(r
(k)i
− αkp(k))
{r(1)i
}ni=1
{r(K+1)i
}ni=1
wk: Noise (“vector Laplace”) : Sensitivity of projection∆
Shuo HanOct 2015
Sensitivity of Projection
23
Definition:
• In general, difficult to compute
• But can be computed for some cases
∆ := maxi2[n]
maxn
kΠCi(r)−ΠC0
i(r)k : r 2 R
T, Ci and C0
iare adjacent
o
.
ΠC0
i(r)
ΠCi(r)
r
Ci
C0
i
Shuo HanOct 2015
Computing the Sensitivity
• For EV charging, the set is given by
• Adjacency relation:
24
Ci
{ri : 0 ! ri ! ri, 1T ri = Ei}
and are adjacent ifCi C0
i
kri − r0ik1 δr, |Ei − E0
i| δE
Theorem: The sensitivity for the EV charging problem is given by
∆ = 2δr + δE
Proof based on the optimality condition.
( and are design choices that encode the private events)δr δE
Shuo HanOct 2015
Solution Sensitivity of Optimization Problems
• Projection : Constrained least-squares problem
25
min.x
kx− x0k2
s.t. 0 # x # a, 1Tx = b.
ΠCi
• Local solution sensitivity analysis
[Fiacco et al., 1976]
r2L · x+
pX
i=1
rgi · λi +
qX
i=1
rhi · νi +∂
∂θ(rL) = 0
λ∗
irgi · x+ giλi + λ∗
i
∂gi
∂θ= 0,
rhi · x+∂hi
∂θ= 0.
Local sensitivity of primal & dual variables
• For EV charging, we need:
∂x∗
∂aand
∂x∗
∂b
Local sensitivity of primal & dual variables
integration
kx⇤(a, b)− x⇤(a0, b0)k
Global sensitivity
Shuo HanOct 2015
Simulation results
• n = 100,000, T = 52
• Choose (common choice in diff. privacy)
• Objective: Minimal load variance
26
✏ = 0.1
• Optimal solution: “Valley filling”
• Fluctuation in diff. private solution due to Laplace noise
10 20 30 40 500.4
0.5
0.6
0.7
0.8
0.9
1
Time
Tota
l lo
ad (
kW
/household
)
Base load
Optimal solution
Diff. private solution
Shuo HanOct 2015
Suboptimality Analysis
• How does noise affect the optimality?
• Observation: Gradient descent becomes stochastic gradient descent
• Note:
- Under optimal choice of the number of iterations
- Same suboptimality: larger n → smaller (more privacy)
27
Theorem: The (expected) suboptimality of the differentially private distributed algorithm is given by
E
h
U⇣
Pni=1 r
(K+1)i
⌘
− U∗
i
≤ O
⇣
T 1/4(∆/n✏)1/4⌘
✏
Shuo HanOct 2015
• Private Distributed Charging of Electric Vehicles
- Framework: Differential privacy
- Shuo Han, Ufuk Topcu, George J. Pappas, “Differentially Private Distributed Constrained Optimization”, IEEE Trans. Automatic Control (accepted).
• Private Smart Metering Using Internal Energy Storage
- Framework: Information-theoretic privacy
- Shuo Han, Ufuk Topcu, George J. Pappas, “Event-Based Information-Theoretic Privacy: A Case Study of Smart Meters”, 2016 American Control Conference (submitted).
28
Shuo HanOct 2015
Advanced Metering Infrastructure (Smart Meters)
29
Smart MeterUser
Power consumption
Difference from conventional meters:Very high time resolution!
Shuo HanOct 2015
Privacy Concerns in Smart Meters
30
00:00 06:00 12:00 18:00 00:000
1000
2000
3000
4000
5000
6000
7000
Time of Day
Watts
Lighting
Electronics
Refrigerator
Bathroom GFI
Dishwaser
Microwave
Kitchen Outlets
Washer Dryer
Non-Intrusive Load Monitoring
• Other names: Energy/load disaggregation
• Based on the “signatures” of different appliances
• The types of appliances are related to life patterns
[Kolter and Johnson, 2011]
Shuo HanOct 2015
Smart Meter with Internal Energy Storage
31
Smart MeterUser
Power consumption
Charging/Discharging
Energy Storage Device (e.g., rechargeable battery)
Goal:
Use internal energy storage to hide patterns in power consumption
[McDaniel and McLaughlin, 2009]
Shuo HanOct 2015
Model Description
32
Battery control policy
∆Bt = Bt −Bt−1
Energy usageYt
Reported energy usage
Σ
Yt = Xt +Bt −Bt−1Output equation:
Bt = Bt(X1:t, Y0:t−1, B0:t−1)Battery control policy:
Xt ∈ {0, 1, . . . , n}
(random process)
Bt ∈ {0, 1, . . . ,m}
Shuo HanOct 2015
Why Not Differential Privacy?
• Physical constraints
- Battery has maximum capacity
- Noise perturbation required by DP may not be feasible
- Privacy guarantee is lost in the presence of constraints: [Backes and Meiser, 2014]
• Information-theoretic privacy
- Algorithm first, then privacy analysis
- Allows a wider class of private algorithms
33
Shuo HanOct 2015
Probability of Preserving Privacy
• Mutual information as a metric of privacy:
34
Fano’s inequality: For any random variables X and Y, suppose one would like to estimate X from Y by constructing an estimator . Then we have:
Private Mechanism
Probability of the attacker making an error
: alphabet of XX
P(X(Y ) 6= X) ≥H(X)− I(X;Y )− 1
log2|X |
X Y
X(Y )
“Less mutual information => higher probability of preserving privacy”
I(X;Y )
Shuo HanOct 2015
Information-Theoretic Metric of Privacy
35
I(X;Y ) , supt
I(Xt;Y )
= supt
limT→∞
I(Xt;Y1, Y2, . . . , YT ),
Mutual information between:Xt and “observations up to T”
All possible observations
For any given time slot
“Energy consumption within any single time slot”
Shuo HanOct 2015
Comparison with Previous Work
• Previous work on information-theoretic privacy:
- [Kalogridis et al., 2010]
- [Varodayan and Khisti, 2011]
- [Tan et al., 2013]
- [Yao and Venkitasubramaniam, 2014]
• Our information-theoretic metric of privacy
36
I(X;Y ) , limt→∞
1
tI(X1, X2, . . . , Xt;Y1, Y2, . . . , Yt)
(mutual information rate)
“Probability of error for estimating the entire input sequence”
I(X;Y ) = supt
limT→∞
I(Xt;Y1, Y2, . . . , YT ),
“Probability of error for estimating any single entry in the sequence” (stronger)
Shuo HanOct 2015
Evaluation of Information-Theoretic Privacy
• This talk: Focus on the evaluation problem
- For a given control policy, evaluate its level of privacy
- The problem of designing the optimal control policy is more difficult!
• The policy under consideration: [McDaniel and McLaughlin, 2009]
37
Bt = [Yt−1 −Xt +Bt−1]m
0
[x]m0
=
x, 0 ≤ x ≤ m,
0, x < 0,
m, x > m.
Truncation operation:
Best-effort policy:
What the policy does: Try to make .Yt = Yt−1
Shuo HanOct 2015
Illustration of the Best-Effort Policy
38
True energy consumption Smart meter output
0 5 10 15 20−1
−0.5
0
0.5
1
1.5
2
2.5
3
t
Xt
0 5 10 15 20−1
−0.5
0
0.5
1
1.5
2
2.5
3
t
Yt
Shuo HanOct 2015
Is the New Privacy Metric Well-Defined?
39
I(X;Y ) = supt
limT→∞
I(Xt;Y1, Y2, . . . , YT ),
Proposition (Monotonicity): For any t and T1 < T2, we have
I(Xt;Y1, Y2, . . . , YT1) ≤ I(Xt;Y1, Y2, . . . , YT2
).
Proposition (Boundedness): For any t and T, we have
• Supremum exists: Follows from boundedness
• Limit exists: Follows from the monotone convergence theorem
I(Xt;Y1, Y2, . . . , YT ) ≤ H(Xt) < ∞
Shuo HanOct 2015
Numerical Results
40
0 5 10 15
0.2
0.25
0.3
0.35
0.4
0.45
0.5
Number of observations T
I(X
t; Y
1,
Y2,
...,
YT)
t = 1
t = 2
t = 6
t = 9
I(Xt;Y1, Y2, . . . , YT ) grows monotonically with T and is upper bounded
Shuo HanOct 2015
Computing the Privacy Metric
• We know
• Need to compute the metric:
• For the smart meter problem, this can be computed when:
- Xt is an i.i.d. random process => (Bt, Yt) is a Markov chain
- The initial state (B0, Y0) follows the stationary distribution
41
I(X;Y ) = supt
limT→∞
I(Xt;Y1, Y2, . . . , YT ),
Hard to compute in general
Can be approximated by making T large enough
I(Xt;Y1, Y2, . . . , YT ) ≤ H(Xt)
equality: trivial privacy guarantee (zero probability of error from Fano’s ineq.)
Shuo HanOct 2015
Computing the Privacy Metric
42
Proposition: If the distribution of (B0, Y0) is the stationary distribution, then we have
supt
I(Xt;Y ) = limt→∞
I(Xt;Y )
Hard to compute Can be approximated by making t large enough
0 2 4 6 8 100.25
0.3
0.35
0.4
0.45
0.5
t
I(X
t; Y
)
I(X;Y ) ≈ 0.460
Shuo HanOct 2015
Numerical Results
43
0 2 4 6 8 10
0.1
0.2
0.3
0.4
0.5
0.6
t
I(X
t; Y
)
m = 1
m = 2
m = 3
Probability of error in the best case:
n: maximum consumption (within 1 slot)m: battery capacity
m n I(X;Y ) P(Xt(Y ) 6= Xt)
1 1 0.460 0.1242 1 0.303 0.1883 1 0.224 0.229
• m = 3 large or small in practice?
- Depends on the duration of time slots
- Microwave: 5 mins
- Laundry machine: 30 mins
P(Xt(Y ) 6= Xt) = 0.5
Shuo HanOct 2015
Summary
• Unified view of privacy from probability of preserving privacy
• Part 1: Differential privacy
- Privacy: Defined via the adjacency relation
- Conversion to prob. of preserving privacy: Hypothesis testing
• Example application 1: Private distributed EV charging
- Noise in the gradients
- Magnitude of noise determined from sensitivity analysis
- Quantification on the trade-off between privacy and utility
• Part 2: Information-theoretic privacy
- Privacy: Defined via involved variables (e.g., Xt and Y1:T)
- Conversion to prob. of preserving privacy: Fano’s inequality
• Example application 2: Private smart meters using energy storage
- Numerical evaluation of the privacy metric
- Nontrivial privacy guarantees
44
Adj(·, ·)