Estimation de trafic routier par filtre de Kalman d'ensemble sous contrainte de confidentialité différentielle

RÉSUMÉ Le but de cette recherche est de proposer un algorithme numérique pour la publication en temps réel de certaines statistiques calculées à partir de données sensibles fournies par des utilisateurs. Afin de contrôler le gain possible d’information divulguée par ces statistiques sur les utilisateurs contributeurs, nous souhaitons que notre algorithme garantisse leur confidentialité différentielle, qui est une notion forte et formelle de la confidentialité. La confidentialité différentielle stipule que le gain d’information sur la participation d’un utilisateur individuel apporté par rapport à une connaissance préalable par la publication de données est borné. Cela signifie qu’il est impossible de savoir avec beaucoup de certitude si un utilisateur donné a participé à l’élaboration des données publiées, et cela pour tout utilisateur. L’anonymat des utilisateurs est donc garanti. Assurer un niveau de confidentialité différentielle se traduit généralement en dégradant les données, de manière maîtrisée. Le but de cette recherche est donc de proposer des mécanismes assurant la confidentialité différentielle et dégradant le moins possible les données. Nous supposons qu’un modèle dynamique stochastique expliquant la génération du jeu de données est disponible et à la disposition de tous, et nous cherchons à utiliser ses caractéristiques pour améliorer la qualité des données publiées. Nous appliquons l’estimateur développé à la problématique de l’estimation de trafic routier. Les usagers de la route envoient leurs données en franchissant des capteurs statiques sur la route ou en fournissant leurs traces GPS. Un mécanisme différentiellement privé publie l’état du trafic sous la forme d’une carte spatio-temporelle de densité. Ici la confidentialité différentielle garantit que l’étude de la carte publiée au cours du temps ne peut pas révéler des informations sensibles trop précises sur les trajets des utilisateurs de la route. Les mécanismes différentiellement confidentiels sont élaborés à base de filtres : filtre de Kalman étendu, filtre de Kalman d’ensemble, filtre à particules. Nous utilisons des jeux de données synthétiques et une certaine métrique pour comparer les différents filtres entre eux. Ensuite nous testons notre estimateur différentiellement confidentiel sur un jeu de données réelles, provenant du projet Mobile Century. Cette recherche a permis de proposer un mécanisme différentiellement confidentiel à base de filtre de Kalman d’ensemble pour l’estimation de trafic routier. De plus, le fait que cet algorithme garantisse également la confidentialité différentielle avec des mesures provenant de traces GPS permet d’étendre le champs d’application à un réseau routier beaucoup plus large puisque nous ne nous restreignons plus aux routes équipées de capteurs fixes.----------ABSTRACT Road traffic estimation systems can rely nowadays on an increasing number and variety of sensors and data sources to provide better coverage and accuracy, from standard static detectors to, more recently, location traces obtained possibly from individual drivers’ smartphones. Motivated by privacy concerns raised by such systems, this thesis discusses a methodology for estimating the macroscopic traffic state (density, velocity) along a road segment in real-time, while providing formal differential privacy guarantees to the individual drivers, a state-ofthe-art notion of privacy that protects against adversaries with arbitrary side-information. This translates to the inability for an adversary to make a better guess for the participation of a specific individual, with the use of differentially private data. Differential privacy provides formal proof that the relative information gain for the adversary, with publication of differentially private data, is bounded. Making data differentially private means randomizing in some way the data, thus making the published output less accurate. The goal of this research is to propose a numerical method to make private data differentially private for public release. Such methods are called differentially private mechanisms. The impact of the privacy constraint on estimation performance is mitigated by the use of a nonlinear model of the traffic dynamics, fused with the sensor measurements via an Ensemble Kalman Filter, a classical method for data assimilation. The differentially private mechanism is applied to a road traffic estimation problem Road users send their data when they cross static sensors (position, occupancy), and through their smartphones (position, speed). The differentially private mechanism publishes the density map that is usable by any third party app, and the privacy guarantees will follow. All the mechanisms are validated on synthetic data and tested on the Mobile Century dataset

Planning considerations for smart meter implementations in South Africa

Smart meter implementations are still in their infancy in many African countries. This is evident by the lack of research on the subject in the African context. Most of the research studies are either Eurocentric or US-centric. Although these studies are important and informative, they might not address the African challenges in context. Hence, South Africa was chosen as the testbed for an investigation that addresses the apparent knowledge gap. This study set out to formulate a framework for planning considerations in the implementation of smart meter technology within South Africa. Through extensive literature review and analysis, the technology acceptance model (TAM) was chosen as a foundational framework for this study. Although TAM is widely used for researching technology acceptance and use, its applicability was found to be inadequate in explaining customer centric factors in smart metering. Therefore, it was supplemented with factors from the theory of reasoned action (TRA), the theory of planned behavior (TPB), privacy calculus theory (PCT), as well as the unified theory of acceptance and use of technology (UTAUT). A total of 11 consumer-centric factors were identified, and these were statistically analysed using the structural equation modelling technique (SEM). Ten (10) consumer-centric factors was found to be significant. These were attitude, perceived value, monetary cost, privacy risk, perceived ease of use, perceived usefulness, facilitating conditions, social norms, trust in technology and behavioral intention. Hypothesis testing confirmed that, not one acceptance model could adequately be used to identify and explain the consumer-centric factors that can be incorporated for planning considerations for smart meter implementation in South Africa. It was further observed that the consumer-centric factors such as environmental issues, security, reliability and health issues that were important in developed countries were not deemed so in South Africa. From a methodological perspective, the study attests to contextual localised application as opposed to universal meaning and measurement invariance when incorporating planning consideration for smart meter implementation in South Africa as compared to European countries and the United States of America. Finally, the findings hold some practical implications, as they showed the practical utility of the model in predicting the consumer-centric factors that can be incorporated for planning considerations. In support, the Business Model Canvas (BMC) was found to be a useful tool in deriving and reporting on the formulation of planning consideration guidelines. Using the BMC, five planning consideration guidelines were derived: customer segmentation, partnerships, benefits communication, value identification and customer attitude. These planning considerations will allow smart meter providers to identify their customers, partners and value propositions they might need to offer consumers to facilitate a higher smart meter acceptance and use. The proposed planning consideration guidelines can practically be used by policymakers and regulators for several aspects for future pervasive technology acceptance studies. This research has, therefore, created a platform for further research in the smart technology domain while providing a usable predictive framework for the identification of consumer-centric factors and formulation of planning considerations guidelines for smart meter implementation within the South African context

Privacy and customer segmentation in the smart grid

In the electricity grid, networked sensors which record and transmit increasingly high-granularity data are being deployed. In such a setting, privacy concerns are a natural consideration. We present an attack model for privacy breaches, and, using results from estimation theory, derive theoretical results ensuring that an adversary will fail to infer private information with a certain probability, independent of the algorithm used. We show utility companies would benefit from less noisy, higher frequency data, as it would improve various smart grid operations such as load prediction. We provide a method to quantify how smart grid operations improve as a function of higher frequency data. In order to obtain the consumer's valuation of privacy, we design a screening mechanism consisting of a menu of contracts to the energy consumer with varying guarantees of privacy. The screening process is a means to segment customers. Finally, we design insurance contracts using the probability of a privacy breach to be offered by third-party insurance companies

Privacy and customer segmentation in the smart grid

In the electricity grid, networked sensors which record and transmit increasingly high-granularity data are being deployed. In such a setting, privacy concerns are a natural consideration. In order to obtain the consumer's valuation of privacy, we design a screening mechanism consisting of a menu of contracts offered to the energy consumer with varying guarantees of privacy. The screening process is a means to segment customers. Finally, we design insurance contracts using the probability of a privacy breach to be offered by third-party insurance companies