Signal Processing - January 2017 - 95

highly coordinated control of information. PP protocols allow the data owner
to control the fate of the data, instead
of chancing with the protection promised by the cloud severs. To this end,
the Defense Advanced Research Projects Agency (DARPA) has championed
a major Brandeis Program to develop
novel communication protocols so that
the uploaded data are useful only for the
intended utility but not easily repurposed
into privacy intrusion.

Utility Space

I(u;y)
Query (y)

Alice (x)

I(p;y)

Feature Space
Eve (p)
Privacy Space

Privacy communication paradigm
Note that, as depicted in Figure 2, both
Bob and Eve will receive the same data
(denoted by y), i.e., there is no key
required. Ideally, in this paradigm, the
query y should be useful to (friendly)
Bob but useless to (malicious) Eve.
More realistically, we would like to see
to it that the query may retain information as lossless as possible to Bob and,
at the same time, be as lossy as possible
against Eve.
In short, it should also be recognized
that the security protocols for data sharing are neither necessary nor sufficient
for data privacy protection. Therefore, it
is worth installing both the security and
privacy protocols for maximal protection of Internet data.

Differential privacy and
compressive privacy
Differential privacy
In the differential privacy (DP) theory
[1], a desensitizing function K is
said to provide e-DP of the data if
Pr [K (D) ! S] # e e Pr [K (Dl ) ! S ] for
all S ! Range (K) and all data sets D
and Dl differing by one entry. Note also
that the DP sensitization does not necessarily require the utility function to be
known in advance, and DP guarantees
that the distribution of the search result
should be indistinguishable (modulo a
factor of e e) with or without the missing
entry. Two types of "differential-log-likelihood" criteria, e-DP versus e-information privacy (a stronger privacy metric),
are analyzed and compared in the study
of the so-called privacy funnel in [2].
Due to the absence of systematical methods for the derivation of optimal que-

Bob (u)

Figure 2. Our study on privacy preservation involves joint optimization over three design spaces:
1) the feature space (Alice), 2) the utility space (Bob), and 3) the privacy space (Eve). Alice (the
data owner) wants to convey certain information relevant to Bob (the intended user/utilizer) while
preventing it from being eavesdropped by Eve (the intruder). In the CP paradigm, both Bob and Eve
will receive the same data (denoted by y), i.e., there is no key required. We propose a query encoding scheme which is 1) information preserving from the utility's perspective but 2) information lossy
from the perspective of privacy. Collectively, such a scheme is called CP. This article explores the
utility-privacy tradeoff analysis via comparing the I (u; y) and I (p; y).

ries, however, the DP approach remains
somewhat unwieldy for many real-world
applications. This prompts us to explore
other desensitizing methods for privacy
preservation.

Compressive privacy

The query, denoted by y, is represented
by y = f (x, f) where x denotes the feature vector representing the original data
and f is an independent random noise.
Unlike DP, the CP approach allows the
query to be tailor-designed according
to the known utility and privacy models. As depicted in Figure 2, we propose
a query encoding scheme that is 1)
information preserving from the utility's perspective but 2) information lossy
from the privacy's perspective. Collectively, such a scheme is called CP. This
article explores the tradeoff analysis
between the utility mutual information
(between y and Bob) and its privacy
counterpart (between y and Eve). This
is in a sharp contrast to most machinelearning problems, where the design
goal is exclusively focused only on the
utility information.

Scope and prerequisite of the article
This article explores the rich synergy
between information theory, estimation
theory, and machine learning and, ultimately, develops a PP methodology-CP.
IEEE Signal Processing Magazine

|

January 2017

|

While formal courses on information
theory, estimation theory, and machine
learning are highly recommended for
advanced and serious researchers, we
shall nevertheless review the basic materials for novice readers, hopefully making the article somewhat self-contained.

Information and estimation theory
Let the original data (owned by Alice)
be represented by a vector space containing M-dimensional random vectors
x = [x 1, x 2, f, x M] T .
To convey information concerning x,
the design of PP query y must be based
on joint consideration of both the utility
maximization (for Bob) and the privacy
protection (against Eve). Mathematically,
■■ Utility function: The utility function is denoted by u (x).
■■ Privacy function: The privacy function (i.e., cost function) is denoted by
p (x).

Prior work on non-Gaussian models
A natural formulation for the utility-privacy tradeoff analysis involves optimizing I (u; y) [respectively, I (p; y)] while
setting a bound on I (p; y) [respectively,
I (u; y)] . More specifically:
■■ Information bottleneck (IB) [4]. In
the IB scenarios, it is assumed that
95



Table of Contents for the Digital Edition of Signal Processing - January 2017

Signal Processing - January 2017 - Cover1
Signal Processing - January 2017 - Cover2
Signal Processing - January 2017 - 1
Signal Processing - January 2017 - 2
Signal Processing - January 2017 - 3
Signal Processing - January 2017 - 4
Signal Processing - January 2017 - 5
Signal Processing - January 2017 - 6
Signal Processing - January 2017 - 7
Signal Processing - January 2017 - 8
Signal Processing - January 2017 - 9
Signal Processing - January 2017 - 10
Signal Processing - January 2017 - 11
Signal Processing - January 2017 - 12
Signal Processing - January 2017 - 13
Signal Processing - January 2017 - 14
Signal Processing - January 2017 - 15
Signal Processing - January 2017 - 16
Signal Processing - January 2017 - 17
Signal Processing - January 2017 - 18
Signal Processing - January 2017 - 19
Signal Processing - January 2017 - 20
Signal Processing - January 2017 - 21
Signal Processing - January 2017 - 22
Signal Processing - January 2017 - 23
Signal Processing - January 2017 - 24
Signal Processing - January 2017 - 25
Signal Processing - January 2017 - 26
Signal Processing - January 2017 - 27
Signal Processing - January 2017 - 28
Signal Processing - January 2017 - 29
Signal Processing - January 2017 - 30
Signal Processing - January 2017 - 31
Signal Processing - January 2017 - 32
Signal Processing - January 2017 - 33
Signal Processing - January 2017 - 34
Signal Processing - January 2017 - 35
Signal Processing - January 2017 - 36
Signal Processing - January 2017 - 37
Signal Processing - January 2017 - 38
Signal Processing - January 2017 - 39
Signal Processing - January 2017 - 40
Signal Processing - January 2017 - 41
Signal Processing - January 2017 - 42
Signal Processing - January 2017 - 43
Signal Processing - January 2017 - 44
Signal Processing - January 2017 - 45
Signal Processing - January 2017 - 46
Signal Processing - January 2017 - 47
Signal Processing - January 2017 - 48
Signal Processing - January 2017 - 49
Signal Processing - January 2017 - 50
Signal Processing - January 2017 - 51
Signal Processing - January 2017 - 52
Signal Processing - January 2017 - 53
Signal Processing - January 2017 - 54
Signal Processing - January 2017 - 55
Signal Processing - January 2017 - 56
Signal Processing - January 2017 - 57
Signal Processing - January 2017 - 58
Signal Processing - January 2017 - 59
Signal Processing - January 2017 - 60
Signal Processing - January 2017 - 61
Signal Processing - January 2017 - 62
Signal Processing - January 2017 - 63
Signal Processing - January 2017 - 64
Signal Processing - January 2017 - 65
Signal Processing - January 2017 - 66
Signal Processing - January 2017 - 67
Signal Processing - January 2017 - 68
Signal Processing - January 2017 - 69
Signal Processing - January 2017 - 70
Signal Processing - January 2017 - 71
Signal Processing - January 2017 - 72
Signal Processing - January 2017 - 73
Signal Processing - January 2017 - 74
Signal Processing - January 2017 - 75
Signal Processing - January 2017 - 76
Signal Processing - January 2017 - 77
Signal Processing - January 2017 - 78
Signal Processing - January 2017 - 79
Signal Processing - January 2017 - 80
Signal Processing - January 2017 - 81
Signal Processing - January 2017 - 82
Signal Processing - January 2017 - 83
Signal Processing - January 2017 - 84
Signal Processing - January 2017 - 85
Signal Processing - January 2017 - 86
Signal Processing - January 2017 - 87
Signal Processing - January 2017 - 88
Signal Processing - January 2017 - 89
Signal Processing - January 2017 - 90
Signal Processing - January 2017 - 91
Signal Processing - January 2017 - 92
Signal Processing - January 2017 - 93
Signal Processing - January 2017 - 94
Signal Processing - January 2017 - 95
Signal Processing - January 2017 - 96
Signal Processing - January 2017 - 97
Signal Processing - January 2017 - 98
Signal Processing - January 2017 - 99
Signal Processing - January 2017 - 100
Signal Processing - January 2017 - 101
Signal Processing - January 2017 - 102
Signal Processing - January 2017 - 103
Signal Processing - January 2017 - 104
Signal Processing - January 2017 - 105
Signal Processing - January 2017 - 106
Signal Processing - January 2017 - 107
Signal Processing - January 2017 - 108
Signal Processing - January 2017 - 109
Signal Processing - January 2017 - 110
Signal Processing - January 2017 - 111
Signal Processing - January 2017 - 112
Signal Processing - January 2017 - 113
Signal Processing - January 2017 - 114
Signal Processing - January 2017 - 115
Signal Processing - January 2017 - 116
Signal Processing - January 2017 - Cover3
Signal Processing - January 2017 - Cover4
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_201809
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_201807
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_201805
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_201803
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_201801
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_1117
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0917
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0717
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0517
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0317
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0117
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_1116
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0916
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0716
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0516
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0316
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0116
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_1115
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0915
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0715
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0515
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0315
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0115
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_1114
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0914
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0714
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0514
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0314
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0114
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_1113
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0913
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0713
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0513
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0313
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0113
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_1112
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0912
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0712
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0512
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0312
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0112
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_1111
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0911
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0711
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0511
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0311
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0111
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_1110
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0910
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0710
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0510
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0310
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0110
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_1109
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0909
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0709
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0509
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0309
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0109
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_1108
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0908
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0708
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0508
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0308
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0108
https://www.nxtbookmedia.com