Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Privacy Leakage in Discrete Time Updating Systems

Nitya Sathyavageeswaran, Roy D. Yates, Anand D. Sarwate, Narayan Mandayam

TL;DR

This work studies the privacy-utility trade-off in discrete-time status-update systems under maximal leakage, with updates arriving as a rate-$λ$ Bernoulli process. It analyzes three server policies—MBT, DAD, and RAD—deriving both the maximal leakage and AoI for each, including closed-form expressions and asymptotic leakage rates, e.g., $\mathcal{L}(X^n\to Y^n)= n\log(1+\mu)$ for MBT/RAD and $\lim_{n\to\infty} \mathcal{L}(X^n\to Y^n)/n= \frac{\log 2}{\tau}$ for DAD. The results show that DAD yields the best AoI at a given leakage but operates at discrete age-leakage points, while MBT and RAD provide continuous trade-offs through $\mu$ and arrival thinning $\alpha$, offering flexible privacy-timeliness tuning. These insights guide privacy-preserving design of status-update networks and extend prior continuous-time analyses to a discrete-time setting with a random accumulate-and-dump variant. Overall, the paper clarifies how different service policies shape the interplay between timeliness and information leakage in practical update systems.

Abstract

A source generates time-stamped update packets that are sent to a server and then forwarded to a monitor. This occurs in the presence of an adversary that can infer information about the source by observing the output process of the server. The server wishes to release updates in a timely way to the monitor but also wishes to minimize the information leaked to the adversary. We analyze the trade-off between the age of information (AoI) and the maximal leakage for systems in which the source generates updates as a Bernoulli process. For a time slotted system in which sending an update requires one slot, we consider three server policies: (1) Memoryless with Bernoulli Thinning (MBT): arriving updates are queued with some probability and head-of-line update is released after a geometric holding time; (2) Deterministic Accumulate-and-Dump (DAD): the most recently generated update (if any) is released after a fixed time; (3) Random Accumulate-and-Dump (RAD): the most recently generated update (if any) is released after a geometric waiting time. We show that for the same maximal leakage rate, the DAD policy achieves lower age compared to the other two policies but is restricted to discrete age-leakage operating points.

Privacy Leakage in Discrete Time Updating Systems

TL;DR

This work studies the privacy-utility trade-off in discrete-time status-update systems under maximal leakage, with updates arriving as a rate- Bernoulli process. It analyzes three server policies—MBT, DAD, and RAD—deriving both the maximal leakage and AoI for each, including closed-form expressions and asymptotic leakage rates, e.g., for MBT/RAD and for DAD. The results show that DAD yields the best AoI at a given leakage but operates at discrete age-leakage points, while MBT and RAD provide continuous trade-offs through and arrival thinning , offering flexible privacy-timeliness tuning. These insights guide privacy-preserving design of status-update networks and extend prior continuous-time analyses to a discrete-time setting with a random accumulate-and-dump variant. Overall, the paper clarifies how different service policies shape the interplay between timeliness and information leakage in practical update systems.

Abstract

A source generates time-stamped update packets that are sent to a server and then forwarded to a monitor. This occurs in the presence of an adversary that can infer information about the source by observing the output process of the server. The server wishes to release updates in a timely way to the monitor but also wishes to minimize the information leaked to the adversary. We analyze the trade-off between the age of information (AoI) and the maximal leakage for systems in which the source generates updates as a Bernoulli process. For a time slotted system in which sending an update requires one slot, we consider three server policies: (1) Memoryless with Bernoulli Thinning (MBT): arriving updates are queued with some probability and head-of-line update is released after a geometric holding time; (2) Deterministic Accumulate-and-Dump (DAD): the most recently generated update (if any) is released after a fixed time; (3) Random Accumulate-and-Dump (RAD): the most recently generated update (if any) is released after a geometric waiting time. We show that for the same maximal leakage rate, the DAD policy achieves lower age compared to the other two policies but is restricted to discrete age-leakage operating points.
Paper Structure (12 sections, 5 theorems, 36 equations, 5 figures)

This paper contains 12 sections, 5 theorems, 36 equations, 5 figures.

Table of Contents

  1. Introduction
  2. System Model and Paper Overview
  3. Information Leakage
  4. Age of Information
  5. Server Policies
  6. Maximal Leakage
  7. Age of Information
  8. Sampling the Source: The Age of Fresh Updates
  9. Sampling the Server: The Age at the Monitor
  10. Maximal Leakage vs Average AoI
  11. Conclusions and Future Work
  12. Appendix

Key Result

Lemma 1

For the MBT and RAD servers with full support arrival processes, and this maximum is achieved when $x^n=y^n$.

Figures (5)

  • Figure 1: A source sends status updates through a server to a monitor. An adversary (Adv) observes transmissions from the server to the monitor.
  • Figure 2: The source sends fresh updates to the server in slots $N_k=n_k$, inducing the age process $A_i(n)$ at the input to the server. The server sends samples of the most recent update to the monitor in time slots $S_k=s_k$, inducing the age process $A_m(n)$ at the monitor.
  • Figure 3: The age vs. maximal leakage rate for the MBT $(\alpha=1)$, DAD, and RAD servers with arrival rate $\lambda=0.5$. The service rate $\mu$ varies over $[0.524,1]$ for Geo/Geo/1 and over $[0.05,1]$ for RAD. For DAD, $\tau$ varies from 1 to 39.
  • Figure 4: The age vs. maximal leakage rate for the RAD and DAD policies for $\lambda=0.1$, $\lambda=0.5$ and $\lambda=0.9$.
  • Figure 5: The age vs. maximal leakage rate for the MBT system: for $\alpha=1$, the $\lambda=0.1$, $\lambda=0.5$ and $\lambda=0.9$ age-leakage trade-off curves are obtained by varying $\mu$ over the interval $[\lambda+\epsilon,1]$. With $\lambda$ fixed, for each $\mu$ (which specifies the leakage), the $\alpha\in(0,1]$ that minimizes $\mathop{\mathrm{E}}\nolimits[*]{A_{\text{MBT}}}$ in (\ref{['eqn:GeoAge']}) is also calculated. This yields the solid blue-orange-green trade-off curve. The blue segment shows $\alpha\lambda\in [0.054,0.1]$ and is achievable for $\lambda\ge 0.1$. The orange segment shows $\alpha\lambda\in [0.1,0.5]$ and the green segment shows $\alpha\lambda\in [0.5,0.9]$; these segments are achievable for $\lambda\ge 0.5$ and $\lambda\ge 0.9$ respectively.

Theorems & Definitions (10)

  • Definition 1: Issa et al. 8943950
  • Definition 2: Kaul et al. kaul2012real
  • Lemma 1
  • Theorem 1
  • proof
  • Lemma 2
  • proof
  • Theorem 2
  • proof
  • Theorem 3