Optimal User-Centric Data Obfuscation

Data obfuscating is a prevalent approach to protecting users' privacy in data sharing systems where a user shares her data (e.g., location) to obtain a personalized (e.g., location-based) service. Obfuscating data before sharing it, however, puts the user's privacy and utility (service quality) experiences in conflict. The challenge is designing data obfuscation mechanisms that achieve the optimal balance in the utility-privacy tradeoff. We propose a novel methodology to design optimal obfuscation mechanisms that (a) minimize the utility cost of obfuscation, and (b) guarantee the user's desired level of privacy to the ultimate extent that is theoretically possible. We preserve utility and privacy with respect to the user-specified utility requirements and data leakage sensitivities, respectively. We protect privacy by (1) minimizing the information leakage through the obfuscation mechanism, and (2) minimizing the user's privacy risk of sharing her data, e.g., considering her exposed data in the past. We achieve the former through optimizing a differential privacy bound on the obfuscation mechanism that minimizes the utility loss. We achieve the latter through formulating the problem as a non zero-sum Stackelberg game between user against information inference algorithms. Our obfuscation mechanism is the best response against optimal adaptive inference attacks. Thus, it is robust against any inference attack, i.e., no adversary can design an inference attack algorithm that is more effective than what the user is already anticipated and protected against. On real datasets, we illustrate the effects of privacy guarantees on utility and different attacks on the optimal obfuscation mechanisms.