Privacy protection under the exposure of systems' prior information

TL;DR

The paper develops a comprehensive framework for privacy protection of discrete-time LTI Gaussian systems under adversaries with prior information by adopting Pointwise Maximal Leakage (PML) privacy. It derives a closed-form, necessary-and-sufficient PML condition for static Gaussian cases and provides LMI-based Gaussian mechanism designs that guarantee $(\varepsilon,\delta)$-PML privacy, with explicit connections to DP and MI privacy notions. It then connects PML to Kalman filtering by proving a lower bound on the steady-state estimation error covariance as a function of the PML budget, highlighting a privacy–estimation-performance trade-off. The framework is extended to distributed privacy-aware aggregation, formulating a convex SDP to optimize per-node noise while preserving privacy and aggregation accuracy, and validated through a smart-building multi-area climate-monitoring case study. Overall, the work offers tractable, information-theoretic privacy design tools for Gaussian dynamical systems and reveals how prior information shapes privacy guarantees and practical performance.

Abstract

For systems whose states implicate sensitive information, their privacy is of great concern. While notions like differential privacy have been successfully introduced to dynamical systems, it is still unclear how a system's privacy can be properly protected when facing the challenging yet frequently-encountered scenario where an adversary possesses prior knowledge, e.g., the steady state, of the system. This paper presents a new systematic approach to protect the privacy of a discrete-time linear time-invariant system against adversaries knowledgeable of the system's prior information. We employ a tailored \emph{pointwise maximal leakage (PML) privacy} criterion. PML characterizes the worst-case privacy performance, which is sharply different from that of the better-known mutual-information privacy. We derive necessary and sufficient conditions for PML privacy and construct tractable design procedures. Furthermore, our analysis leads to insight into how PML privacy, differential privacy, and mutual-information privacy are related. We then revisit Kalman filters from the perspective of PML privacy and derive a lower bound on the steady-state estimation-error covariance in terms of the PML parameters. Finally, the derived results are illustrated in a case study of privacy protection for distributed sensing in smart buildings.

Figures (3)

• Figure 1: Demonstration of PML. The plot overlays the prior density $f_X(x)$ with the posterior density $f_{X\mid Y=y}(x)$ for a scalar Gaussian model. The dashed vertical line marks the maximizer $x^\star$ of the log-density ratio $\log\!(f_{X\mid Y}(x\mid y)/f_X(x))$. At $x^\star$, the blue square and red circle indicate the posterior and prior densities, respectively. Intuitively, $\ell$ quantifies the pointwise amplification of belief induced by observing $Y=y$: large measurement noise yields a posterior close to the prior and a small $\ell$, whereas more informative measurements produce a sharper posterior and a larger $\ell$.
• Figure 2: True State and its Kalman filter estimate for each subsystem
• Figure 3: Aggregation Value Comparison

Theorems & Definitions (30)

• Definition 2.1
• Remark 2.2
• Lemma 2.3
• proof
• Definition 2.4
• Theorem 3.2
• proof
• Theorem 3.3
• proof
• Corollary 3.4