Privacy-Preserving Data Analytics

Abstract

Real-time processing of user data streams in online services inadvertently creates tension between the users and analysts: users are looking for stronger privacy, while analysts desire for higher utility data analytics in real time. To resolve this tension, this paper describes the design, implementation and evaluation of PRIVAPPROX, a data analytics system for privacy-preserving stream processing. PRIVAPPROX provides three important properties: (i) Privacy: zero-knowledge privacy guarantee for users, a privacy bound tighter than the state-of-the-art differential privacy; (ii) Utility: an interface for data analysts to systematically explore the trade-offs between the output accuracy (with error estimation) and the query execution budget; (iii) Latency: near real-time stream processing based on a scalable “synchronization-free” distributed architecture. The key idea behind PRIVAPPROX is to combine two techniques together, namely, sampling (used for approximate computation) and randomized response (used for privacy-preserving analytics). The resulting combination is complementary — it achieves stronger privacy guarantees, and also improves the performance for stream analytics. Do Le Quoc TU Dresden, e-mail: [email protected] Martin Beck TU Dresden, e-mail: [email protected] Pramod Bhatotia University of Edinburgh and Alan Turing Institute, e-mail: [email protected] Ruichuan Chen Nokia Bell Labs, e-mail: [email protected] Christof Fetzer TU Dresden, e-mail: [email protected] Thorsten Strufe TU Dresden, e-mail: [email protected]