Privacy-Enhanced Architecture for Occupancy-based HVAC Control
This addresses privacy concerns for building occupants in smart infrastructure, but it is incremental as it builds on existing methods for privacy-preserving control.
The paper tackles the problem of balancing energy savings from occupancy-based HVAC control with privacy risks from location inference, by designing an architecture that distorts occupancy data to hide individual location traces while maintaining HVAC performance, as validated with real-world data and simulations.
Large-scale sensing and actuation infrastructures have allowed buildings to achieve significant energy savings; at the same time, these technologies introduce significant privacy risks that must be addressed. In this paper, we present a framework for modeling the trade-off between improved control performance and increased privacy risks due to occupancy sensing. More specifically, we consider occupancy-based HVAC control as the control objective and the location traces of individual occupants as the private variables. Previous studies have shown that individual location information can be inferred from occupancy measurements. To ensure privacy, we design an architecture that distorts the occupancy data in order to hide individual occupant location information while maintaining HVAC performance. Using mutual information between the individual's location trace and the reported occupancy measurement as a privacy metric, we are able to optimally design a scheme to minimize privacy risk subject to a control performance guarantee. We evaluate our framework using real-world occupancy data: first, we verify that our privacy metric accurately assesses the adversary's ability to infer private variables from the distorted sensor measurements; then, we show that control performance is maintained through simulations of building operations using these distorted occupancy readings.