Differentially Private Kalman Filtering With Signal Aggregation

Large-scale monitoring and control systems increasingly rely on sensitive data obtained from private agents, e.g., location traces collected from the users of intelligent transportation systems. To encourage the participation of these agents, algorithms that process information in a privacy-preserving way are thus needed. This note revisits the Kalman filtering problem, subject to privacy constraints. We aim to enforce differential privacy, a formal state-of-the-art definition of privacy ensuring that the output of an algorithm is not too sensitive to the data collected from any single participating agent. A two-stage architecture is proposed that aggregates and combines individual signals before adding privacy-preserving noise and postfiltering the result to be published. We show how an optimal static aggregation stage can be computed by solving a semidefinite program and illustrate the significant performance improvement offered by this architecture over input perturbation schemes.

Automated summary

This note discusses the Kalman filtering problem under privacy constraints. A two-stage architecture is proposed to enforce differential privacy and handle sensitive data collected from multiple agents. The optimal aggregation stage is computed by solving a semidefinite program, and significant performance improvement is demonstrated compared to input perturbation schemes.