-
Diffusing Private Data over Networks
Authors:
Fragkiskos Koufogiannis,
George Pappas
Abstract:
The emergence of social and technological networks has enabled rapid sharing of data and information. This has resulted in significant privacy concerns where private information can be either leaked or inferred from public data. The problem is significantly harder for social networks where we may reveal more information to our friends than to strangers. Nonetheless, our private information can sti…
▽ More
The emergence of social and technological networks has enabled rapid sharing of data and information. This has resulted in significant privacy concerns where private information can be either leaked or inferred from public data. The problem is significantly harder for social networks where we may reveal more information to our friends than to strangers. Nonetheless, our private information can still leak to strangers as our friends are their friends and so on. In order to address this important challenge, in this paper, we present a privacy-preserving mechanism that enables private data to be diffused over a network. In particular, whenever a user wants to access another users' data, the proposed mechanism returns a differentially private response that ensures that the amount of private data leaked depends on the distance between the two users in the network. While allowing global statistics to be inferred by users acting as analysts, our mechanism guarantees that no individual user, or a group of users, can harm the privacy guarantees of any other user. We illustrate our mechanism with two examples: one on synthetic data where the users share their GPS coordinates; and one on a Facebook ego-network where a user shares her infection status.
△ Less
Submitted 19 November, 2015;
originally announced November 2015.
-
Gradual Release of Sensitive Data under Differential Privacy
Authors:
Fragkiskos Koufogiannis,
Shuo Han,
George J. Pappas
Abstract:
We introduce the problem of releasing sensitive data under differential privacy when the privacy level is subject to change over time. Existing work assumes that privacy level is determined by the system designer as a fixed value before sensitive data is released. For certain applications, however, users may wish to relax the privacy level for subsequent releases of the same data after either a re…
▽ More
We introduce the problem of releasing sensitive data under differential privacy when the privacy level is subject to change over time. Existing work assumes that privacy level is determined by the system designer as a fixed value before sensitive data is released. For certain applications, however, users may wish to relax the privacy level for subsequent releases of the same data after either a re-evaluation of the privacy concerns or the need for better accuracy. Specifically, given a database containing sensitive data, we assume that a response $y_1$ that preserves $ε_{1}$-differential privacy has already been published. Then, the privacy level is relaxed to $ε_2$, with $ε_2 > ε_1$, and we wish to publish a more accurate response $y_2$ while the joint response $(y_1, y_2)$ preserves $ε_2$-differential privacy. How much accuracy is lost in the scenario of gradually releasing two responses $y_1$ and $y_2$ compared to the scenario of releasing a single response that is $ε_{2}$-differentially private? Our results show that there exists a composite mechanism that achieves \textit{no loss} in accuracy. We consider the case in which the private data lies within $\mathbb{R}^{n}$ with an adjacency relation induced by the $\ell_{1}$-norm, and we focus on mechanisms that approximate identity queries. We show that the same accuracy can be achieved in the case of gradual release through a mechanism whose outputs can be described by a \textit{lazy Markov stochastic process}. This stochastic process has a closed form expression and can be efficiently sampled. Our results are applicable beyond identity queries. To this end, we demonstrate that our results can be applied in several cases, including Google's RAPPOR project, trading of sensitive data, and controlled transmission of private data in a social network.
△ Less
Submitted 1 April, 2015;
originally announced April 2015.
-
Optimality of the Laplace Mechanism in Differential Privacy
Authors:
Fragkiskos Koufogiannis,
Shuo Han,
George J. Pappas
Abstract:
In the highly interconnected realm of Internet of Things, exchange of sensitive information raises severe privacy concerns. The Laplace mechanism -- adding Laplace-distributed artificial noise to sensitive data -- is one of the widely used methods of providing privacy guarantees within the framework of differential privacy. In this work, we present Lipschitz privacy, a slightly tighter version of…
▽ More
In the highly interconnected realm of Internet of Things, exchange of sensitive information raises severe privacy concerns. The Laplace mechanism -- adding Laplace-distributed artificial noise to sensitive data -- is one of the widely used methods of providing privacy guarantees within the framework of differential privacy. In this work, we present Lipschitz privacy, a slightly tighter version of differential privacy. We prove that the Laplace mechanism is optimal in the sense that it minimizes the mean-squared error for identity queries which provide privacy with respect to the $\ell_{1}$-norm. In addition to the $\ell_{1}$-norm which respects individuals' participation, we focus on the use of the $\ell_{2}$-norm which provides privacy of high-dimensional data. A variation of the Laplace mechanism is proven to have the optimal mean-squared error from the identity query. Finally, the optimal mechanism for the scenario in which individuals submit their high-dimensional sensitive data is derived.
△ Less
Submitted 7 April, 2015; v1 submitted 31 March, 2015;
originally announced April 2015.