Balancing Timeliness and Privacy in Discrete-Time Updating Systems

We study the trade-off between Age of Information (AoI) and maximal leakage (MaxL) in discrete-time status updating systems. A source generates time-stamped update packets that are processed by a server that delivers them to a monitor. An adversary, who eavesdrops on the server-monitor link, wishes to infer the timing of the underlying source update sequence. The server must balance the timeliness of the status information at the monitor against the timing information leaked to the adversary. We consider a model with Bernoulli source updates under two classes of Last-Come-First-Served (LCFS) service policies: (1) Coupled policies that tie the server’s deliveries to the update arrival process in a preemptive queue; (2) Decoupled (dumping) policies in which the server transmits its freshest update according to a schedule that is independent of the update arrivals. For each class, we characterize the structure of the optimal policy that minimizes AoI for a given MaxL rate. Our analysis reveals that decoupled dumping policies offer a superior age-leakage trade-off to coupled policies. When subject to a MaxL constraint, we prove that the optimal dumping strategy is achieved by dithering between two adjacent deterministic dump periods.

💡 Research Summary

This paper investigates the fundamental trade‑off between information freshness, measured by the Age of Information (AoI), and privacy leakage, quantified by Maximal Leakage (MaxL), in a discrete‑time status‑updating system. A source generates time‑stamped updates according to a Bernoulli process with rate λ. Each update requires one time slot to reach a single‑slot server, which then decides whether and when to forward the freshest stored packet to a monitor. The monitor’s observation stream Yⁿ is also visible to an eavesdropping adversary; MaxL captures the worst‑case advantage the adversary gains in guessing any function of the original update sequence Xⁿ from Yⁿ.

Two classes of Last‑Come‑First‑Served (LCFS) policies are studied. Coupled LCFS behaves like a Ber/G/1/1 preemptive queue: a newly arriving update instantly replaces any packet in service and the service (i.e., transmission) starts immediately. Because transmission times are tightly coupled to arrivals, the output Yⁿ retains a strong statistical dependence on Xⁿ, leading to high MaxL. The authors prove that, under a MaxL constraint, the AoI‑optimal coupled policy is “greedy”: it always chooses the shortest possible service time (essentially transmitting immediately whenever a packet is present). This policy minimizes AoI but offers little privacy protection.

Decoupled (dumping) LCFS separates the transmission schedule from the arrival process. The server maintains at most one fresh packet and transmits it only at predetermined dump epochs determined by an independent timer. Consequently, Yⁿ is a deterministic function of the timer, largely independent of Xⁿ, which dramatically reduces MaxL. The paper shows that random service‑time distributions are sub‑optimal in this class. Instead, the optimal privacy‑constrained policy is a dithering strategy: the server alternates probabilistically between two adjacent deterministic dump periods, T and T + 1. By selecting the mixing probability p so that the resulting MaxL exactly meets the imposed privacy budget, the average AoI is minimized. This deterministic‑plus‑randomization structure is proved optimal via a Dinkelbach‑type fractional programming transformation and explicit MaxL calculations for Bernoulli inputs.

Analytical results are complemented by simulations across a range of λ and MaxL budgets. The simulations confirm that (i) for low update rates, infrequent dumping already yields low AoI while keeping MaxL minimal; (ii) for high λ, coupled policies incur near‑maximum leakage because they transmit almost every slot, whereas decoupled dumping maintains a modest AoI with substantially lower MaxL; and (iii) the dithering policy achieves AoI values essentially identical to the theoretical optimum, outperforming any single deterministic dump period.

Key contributions include: (1) introducing a unified AoI‑MaxL framework for discrete‑time status‑updating systems; (2) characterizing the structural optimality of greedy service for coupled policies and deterministic dithering for decoupled policies; (3) demonstrating that decoupled dumping policies dominate coupled ones in the age‑leakage plane; and (4) providing a practically implementable privacy‑aware scheduling rule that requires only a simple timer and a Bernoulli coin flip.

The findings have immediate relevance for smart‑home sensing, remote health monitoring, and other IoT scenarios where timely information is essential but packet‑timing side‑channels can reveal sensitive user behavior. By tuning the dump period and dithering probability to a desired MaxL budget, system designers can systematically balance freshness against privacy without complex cryptographic mechanisms. Future work suggested by the authors includes extending the analysis to multi‑source/multi‑server networks, incorporating energy‑harvesting constraints, and comparing MaxL‑based designs with alternative privacy metrics such as α‑leakage or differential privacy.