BES: Differentially private event aggregation for large-scale IoT-based systems

摘要

The emergence of Internet of Things (IoT) offers many advantages, but it also raises significant challenges with respect to efficient and distributed processing of large data and also privacy concerns related to large data disclosure. We investigate the above problems from a system-perspective and study how differential privacy can be used to complement other privacy-enhancing technologies to allow for controlled large data disclosure. We present a streaming-based framework, Bes, where we leverage the often distributed nature of typical IoT systems for efficient computation of differentially private aggregates. We also propose methods to limit the noise that is commonly introduced for differential privacy in real-world applications, by bounding the outliers based on (differentially private) parameters of the actual system at hand or data from other similar systems. We also provide a thorough evaluation based on a fully implemented Bes prototype using real-world data from of a concrete IoT system, namely an Advanced Metering Infrastructure (AMI). We show how a large number of events can be aggregated in a private fashion with low processing latency, even when the processing is made by a single-board device, with similar capabilities to the devices deployed in AMIs. Moreover, by implementing a de-pseudonymization attack known from the literature, we also show the strong complementary protection offered by Bes' differentially private aggregation, compared to other privacy-enhancing technologies.