From d40de1b4d8cc9c514fa0f7b62f22f88a89728914 Mon Sep 17 00:00:00 2001 From: Manos Katsomallos Date: Sun, 10 Oct 2021 19:47:16 +0200 Subject: [PATCH] problem: Added intro for landmark privacy --- text/problem/main.tex | 37 ++++++++++++++++++++++++++++++++++++- 1 file changed, 36 insertions(+), 1 deletion(-) diff --git a/text/problem/main.tex b/text/problem/main.tex index b352e6e..2b90772 100644 --- a/text/problem/main.tex +++ b/text/problem/main.tex @@ -1,8 +1,43 @@ \chapter{Landmark Privacy} \label{ch:lmdk-prv} +% Crowdsensing applications +The plethora of sensors currently embedded in personal devices and other infrastructures have paved the way for the development of numerous \emph{crowdsensing services} (e.g.,~Ring~\cite{ring}, TousAntiCovid~\cite{tousanticovid}, Waze~\cite{waze}, etc.) based on the collected personal, and usually geotagged and timestamped data. +% Continuously user-generated data +User--service interactions gather personal event-like data, that are data items comprised of pairs of an identifying attribute of an individual and the---possibly sensitive---information at a timestamp (including contextual information), e.g.,~(\emph{`Bob', `dining', `Canal Saint-Martin', $17{:}00$}). +When the interactions are performed in a continuous manner, we obtain ~\emph{time series} of events. +% Observation/interaction duration +Depending on the duration, we distinguish the interaction/observation into \emph{finite}, when taking place during a predefined time interval, and \emph{infinite}, when taking place in an uninterrupted fashion. +Example~\ref{ex:scenario} shows the result of user--LBS interaction while retrieving location-based information or reporting user-state at various locations. + +\begin{example} + \label{ex:scenario} + + Consider a finite sequence of spatiotemporal data generated by Bob during an interval of $8$ timestamps, as shown in Figure~\ref{fig:scenario}. + Events in a shade correspond to privacy-sensitive events that Bob has defined beforehand. For instance his home is around {\'E}lys{\'e}e, his workplace is around the Louvre, and his hangout is around Canal Saint-Martin. + + \begin{figure}[htp] + \centering + \includegraphics[width=\linewidth]{problem/lmdk-scenario} + \caption{A time series with {\thethings} (highlighted in gray). + } + \label{fig:scenario} + \end{figure} + +\end{example} + +% Privacy-preserving data processing +The services collect and further process the time series in order to give useful feedback to the involved users or to provide valuable insight to various internal/external analytical services. +The regulation regarding the processing of user-generated data sets~\cite{tankard2016gdpr} requires the provision of privacy guarantees to the users. +At the same time, it is essential to provide utility metrics to the final consumers of the privacy-preserving process output. +To accomplish this, various privacy techniques perturb the original data or the processing output at the expense of the overall utility of the final output. +A widely recognized tool that introduces probabilistic randomness to the original data, while quantifying with a parameter $\varepsilon$ (`privacy budget'~\cite{mcsherry2009privacy}) the privacy/utility ratio is \emph{$\varepsilon$-differential privacy}~\cite{dwork2006calibrating}. +Due to its \emph{composition} property, i.e.,~the combination of differentially private outputs satisfies differential privacy as well, differential privacy is suitable for privacy-preserving time series publishing. +\emph{Event}, \emph{user}~\cite{dwork2010differential, dwork2010pan}, and \emph{$w$-event}~\cite{kellaris2014differentially} comprise the possible levels of privacy protection. +Event-level limits the privacy protection to \emph{any single event}, user-level protects \emph{all the events} of any user, and $w$-event provides privacy protection to \emph{any sequence of $w$ events}. + In this chapter, we propose a novel configurable privacy scheme, \emph{\thething} privacy, which takes into account significant events (\emph{\thethings}) in the time series and allocates the available privacy budget accordingly. -We propose two privacy models that guarantee {\thething} privacy. +We propose three privacy models that guarantee {\thething} privacy. To further enhance our privacy method, and protect the {\thethings} position in the time series, we propose techniques to perturb the initial {\thethings} set (Section~\ref{sec:theotherthing}). \input{problem/thething/main}