Design and Analysis for Multiple Sensitive Values-Oriented Personalized Randomized Response
SONG Hai-na1,2, LUO Tao1,2, HAN Xin-yu1,2, LI Jian-feng1,2
1. Beijing Laboratory of Advanced Information Networks, Beijing University of Posts and Telecommunications, Beijing 100876, China;
2. Beijing Key Laboratory of Network System Architecture and Convergence, Beijing University of Posts and Telecommunications, Beijing 100876, China
Abstract:In actual dada collection,the sensitivity of different sensitive information is different so that the concrete privacy need is different,too.However,the existing local privacy preservation model based on randomized response (RR),which is called conventional randomized response (CRR) for convenience,focuses on a universal approach that exerts the same amount of preservation for all sensitivity values,without catering for their concrete privacy needs.As a result,it may be offering insufficient protection to a subset of people with relatively higher privacy needs,while applying excessive privacy control to another subset with relatively lower privacy needs.Based on this,a new framework which is called personalized randomized response (PRR) is proposed based on the concept of CRR for multiple sensitive values-oriented personalized privacy preservation.The PRR technique considers personalized privacy needs,introduces sensitive value weights for different sensitive values,and then introduces the weights into the decision of RR for satisfying all sensitivity values' privacy needs,and thus,attains personalized privacy preservation.Both theoretical derivation and simulation experiment reveal that the estimate error of statistics of PRR mechanism is smaller than that of the CRR mechanism for a certain subjective degree of privacy leakage,that is,the quality of statistics obtained by PRR mechanism is higher than that of the CRR model while guaranteeing personalized privacy protection for a given subjective degree privacy preservation.
[1] Warner S L.Randomized response:A survey technique for eliminating evasive answer bias[J].Journal of the American Statistical Association,1965,60(309):63-69.
[2] 罗永龙,黄刘生,荆巍巍,等.一个保护私有信息的布尔关联规则挖掘算法[J].电子学报,2005,33(5):133-136. Luo Y L,Huang L S,Jing W W,et al.An algorithm for privacy-preserving boolean association rule mining[J].Acta Electronica Sinica,2005,33(5):133-136.(in Chinese)
[3] Hsieh S H,Lee S M,Tu S H.Randomized response techniques for a multi-level attribute using a single sensitive question[J].Statistical Papers,2018,59(1):291-306.
[4] Tian X,Taylor J.Selective inference with a randomized response[J].The Annals of Statistics,2018,46(2):679-710.
[5] 叶青青,孟小峰,朱敏杰,等.本地化差分隐私研究综述[J].软件学报,2018,29(7):159-183. Ye Q Q,Meng X F,Zhu M J,et al.Survey on local differential privacy[J].Journal of Software,2018,29(7):159-183.(in Chinese)
[6] Lin B C,Wu S H,Tsou Y T,et al.PPDCA:Privacy-preserving crowdsensing data collection and analysis with randomized response[A].Proceedings of IEEE Wireless Communications and Networking Conference (WCNC)[C].Barcelona,Spain:IEEE,2018.1-6.
[7] Aoki S,Iwai M,Sezaki K.Privacy-aware community sensing using randomized response[A].Proceedings of the 37th Annual Computer Software and Applications Conference Workshops[C].Japan:IEEE,2013.127-132.
[8] Xiao X K,Tao Y F,Chen M H.Optimal random perturbation at multiple privacy levels[J].Proceedings of the VLDB Endowment,2009,2(1):814-825.
[9] Kairouz P,Oh S,Viswanath P.Extremal mechanisms for local differential privacy[A].Advances in Neural Information Processing Systems (NIPS)[C].Red Hook,NY,USA:Curran Associates,Inc,2014.2879-2887.
[10] Kairouz P,Bonawitz K,Ramage D.Discrete distribution estimation under local privacy[A].Proceedings of the 33rd International Conference on Machine Learning[C].New York,NY,USA:2016.2436-2444.
[11] Dwork C.Differential privacy[A].Proceedings of the 33rd International Colloquium on Automata,Languages and Programming (ICALP)[C].Venice,Italy:Springer,2006.1-12.
[12] Wang W N,Ying L,Zhang J S.A game-theoretic approach to quality control for collecting privacy-preserving data[A].Proceedings of the 53rd Annual Allerton Conference on Communication,Control,and Computing[C].Allerton House,UIUC,lllinois,USA:IEEE,2016.474-479.
[13] Kim J W,Kim D,Jang B.Application of local differential privacy to collection of indoor positioning data[J].IEEE Access,2018,6:4276-4286.
[14] Holohan N,Leith D J,Mason O.Optimal differentially private mechanisms for randomised response[J].IEEE Transactions on Information Forensics and Security,2017,12(11):2726-2735.
[15] Ye M,Barg A.Optimal schemes for discrete distribution estimation under local differential privacy[J].IEEE Transactions on Information Theory,2018,64(8):5662-5676.
[16] Xiao X,Tao Y.Personalized privacy preservation[A].Proceedings of the ACM SIGMOD International Conference on Management of Data[C].Chicago,IL,USA:ACM,2006.229-240.
[17] Braun C,Chatzikokolakis K,Palamidessi C.Quantitative notions of leakage for one-try attacks[J].Electronic Notes in Theoretical Computer Science,2009,249:75-91.
2019, Vol. 47 
