Smart Meter Privacy: A Utility-Privacy Framework

End-user privacy in smart meter measurements is a well-known challenge in the smart grid. The solutions offered thus far have been tied to specific technologies such as batteries or assumptions on data usage. Existing solutions have also not quantified the loss of benefit (utility) that results from any such privacy-preserving approach. Using tools from information theory, a new framework is presented that abstracts both the privacy and the utility requirements of smart meter data. This leads to a novel privacy-utility tradeoff problem with minimal assumptions that is tractable. Specifically for a stationary Gaussian Markov model of the electricity load, it is shown that the optimal utility-and-privacy preserving solution requires filtering out frequency components that are low in power, and this approach appears to encompass most of the proposed privacy approaches.Comment: Accepted for publication and presentation at the IEEE SmartGridComm. 201

Lossy Compression with Privacy Constraints: Optimality of Polar Codes

A lossy source coding problem with privacy constraint is studied in which two correlated discrete sources $X$ and $Y$ are compressed into a reconstruction $\hat{X}$ with some prescribed distortion $D$. In addition, a privacy constraint is specified as the equivocation between the lossy reconstruction $\hat{X}$ and $Y$. This models the situation where a certain amount of source information from one user is provided as utility (given by the fidelity of its reconstruction) to another user or the public, while some other correlated part of the source information $Y$ must be kept private. In this work, we show that polar codes are able, possibly with the aid of time sharing, to achieve any point in the optimal rate-distortion-equivocation region identified by Yamamoto, thus providing a constructive scheme that obtains the optimal tradeoff between utility and privacy in this framework.Comment: Submitted for publicatio

Dynamic Enforcement of Differential Privacy

With recent privacy failures in the release of personal data, differential privacy received considerable attention in the research community.This mathematical concept, despite its young age (Dwork et al., 2006), has grabbed the attention of many researchers for its robustness against identification of individuals even in presence of background information.Besides that, its flexible definition makes it compatible with different data sources, data mining algorithms and data release models.Its compositionality properties facilitate design of differential privacy aware programming languages and frameworks that empower non-experts to construct complex data mining analyses with proven differential privacy guarantees.The goal of this research is to introduce new (and improve the current) differential privacy backed frameworks, prominent both in utility and flexibility of use.We study dynamic enforcement of differential privacy both in the centralised model in which a trusted curator process data stored in a centralised database and the local model with no trust on the third party.For the centralised model the thesis mostly focuses on the privacy impact of the basic building blocks used in these frameworks, proving correctness of the system built upon them.%The correctness is important since some frameworks (in this case PINQ) derivate from theory without proper justification.With respect to accuracy, we present personalised differential privacy as an improved method of enforcing privacy that provides better data utilisation and other benefits. In this setting, individuals take control of their privacy requirements rather than being seen as a part of a database. As a result, they can opt-in to a database with their expected privacy level and optionally opt-out later. We further study the privacy implication of other building blocks such as different kinds of sampling and partitioning.For the local model we propose a general framework in which the users can verify the recieved analyses and with a flexible policy express their privacy preference in different forms such as enforcing their personalised privacy budget