| NSF Org: |
CNS Division Of Computer and Network Systems |
| Recipient: |
|
| Initial Amendment Date: | August 15, 2017 |
| Latest Amendment Date: | August 15, 2017 |
| Award Number: | 1739966 |
| Award Instrument: | Standard Grant |
| Program Manager: |
Sandip Roy
CNS Division Of Computer and Network Systems CSE Directorate for Computer and Information Science and Engineering |
| Start Date: | October 1, 2017 |
| End Date: | September 30, 2021 (Estimated) |
| Total Intended Award Amount: | $500,000.00 |
| Total Awarded Amount to Date: | $500,000.00 |
| Funds Obligated to Date: |
|
| History of Investigator: |
|
| Recipient Sponsored Research Office: |
506 S WRIGHT ST URBANA IL US 61801-3620 (217)333-2187 |
| Sponsor Congressional District: |
|
| Primary Place of Performance: |
506 S Wright Street Urbana IL US 61820-7473 |
| Primary Place of
Performance Congressional District: |
|
| Unique Entity Identifier (UEI): |
|
| Parent UEI: |
|
| NSF Program(s): | CPS-Cyber-Physical Systems |
| Primary Program Source: |
|
| Program Reference Code(s): |
|
| Program Element Code(s): |
|
| Award Agency Code: | 4900 |
| Fund Agency Code: | 4900 |
| Assistance Listing Number(s): | 47.070 |
ABSTRACT
The goal of this project is to enable greater sharing of crowd-sensed data, while achieving provable privacy guarantees. Our approach is to limit knowledge of the location traces of crowd-sensed data to exclude the origin and destination, and then consider the system using techniques from distributed control and differential privacy: this enables exploration of the theoretical bounds on the cost of privacy. The achieved results will create a new approach for building and analyzing networked cyber-physical systems (CPS) that permits users to make decisions on crowd-sensed data, and at the same time protects their privacy in a rigorous sense. The project has focused outreach activities in developing a software environment for students to explore privacy-performance trade-offs in transportation operations and an advanced course on security and privacy of CPS.
In our technical approach, we focus on the privacy of user inputs, such as the origin (initial state), destination (preference), and utility functions. This enables us to model and analyze how the crowd-sensed data can be used to infer these sensitive inputs, using techniques adapted from the fields of distributed control and differential privacy. The various notions of privacy will support a broad research program, including performance limits of private network control, design principles for different classes of cyber-physical systems, and new location privacy metrics that take into account location popularity. These contributions advance the field of formal analysis of probabilistic models, and the burgeoning subfield of privacy in control and optimization. The theoretical research will be motivated by and evaluated on simulations and proof-of-concept implementations in the context of crowd-sourced congestion detection.
PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH
Note:
When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external
site maintained by the publisher. Some full text articles may not yet be available without a
charge during the embargo (administrative interval).
Some links on this page may take you to non-federal websites. Their policies may differ from
this site.
PROJECT OUTCOMES REPORT
Disclaimer
This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.
The project developed the foundations, algorithms, and experimental systems for studying the trade-off between privacy and efficiency in different types of real-world networks with a focus on Tor. Tor is a system for preserving online privacy and circumventing Internet censorship, with several million estimated daily users. Tor operates by using a network of volunteer relays to forward an encrypted version of users’ traffic, thus obscuring the source and/or the destination of network traffic. These relays have highly heterogeneous capacities, thus load balancing is essential to ensure consistent service to the users. Currently the Tor network uses a randomized assignment of flows circuits to relays, where each user chooses the relays for their circuits randomly weighted by their measured capacity.
Our work first shows that current assignment method can create significant imbalances at the relays at any given point in time. The methods also fall short in providing accurate estimates leaving the network underutilized and its capacities unfairly distributed between the users’ paths. Our theoretical analysis sheds light on how the capacity estimates converge with changes in the network.
We have also developed MLEFlow, a maximum likelihood approach for estimating relay capacities for optimal load balancing in Tor. We show that MLEFlow generalizes an existing version of Tor capacity estimation, TorFlow-P, by making better use of measurement history. We prove that the mean of MLEFlow converges to a small interval around the actual capacities, while the variance converges to zero. We present two versions of MLEFlow: MLEFlow-CF, a closed-form approximation of the MLE and MLEFlow-Q, a discretization and iterative approximation of the MLE which can account for noisy observations.
We demonstrate the practical benefits of MLEFlow by simulating it both a flow-based Python simulator of a full Tor network and a more detailed packet-based Shadow simulation of a scaled down version of the Tor network. In our simulations MLEFlow provides significantly more accurate estimates, which result in improved user performance, with median download speeds increasing by 30%.
Last Modified: 01/31/2022
Modified by: Geir E Dullerud
Please report errors in award information by writing to: awardsearch@nsf.gov.
