Remote state estimation with privacy against active eavesdroppers

IF 4.8 2区计算机科学 Q1 AUTOMATION & CONTROL SYSTEMS

Automatica Pub Date : 2024-10-02 DOI:10.1016/j.automatica.2024.111932

Matthew J. Crimson, Justin M. Kennedy, Daniel E. Quevedo

{"title":"Remote state estimation with privacy against active eavesdroppers","authors":"Matthew J. Crimson, Justin M. Kennedy, Daniel E. Quevedo","doi":"10.1016/j.automatica.2024.111932","DOIUrl":null,"url":null,"abstract":"<div><div>This paper considers a cyber–physical system under an active eavesdropping attack. A remote legitimate user estimates the state of a linear plant from the state information received from a sensor. Transmissions from the sensor occur via an insecure and unreliable network. An active eavesdropper may perform an attack during system operation. The eavesdropper intercepts transmissions from the sensor, whilst simultaneously sabotaging the data transfer from the sensor to the remote legitimate user to harm its estimation performance. To maintain state confidentiality, we propose an encoding scheme that is activated on the detection of an eavesdropper. Our scheme transmits noise based on a pseudo-random indicator, pre-arranged at the legitimate user and sensor. The transmission of noise harms the eavesdropper’s performance, more than that of the legitimate user. Using the proposed encoding scheme, we impair the eavesdropper’s expected estimation performance, whilst minimizing expected performance degradation at the legitimate user. We explore the trade-off between state confidentiality and legitimate user performance degradation by selecting the probability that the sensor transmits noise. Under certain design choices, the trace of the expected estimation error covariance of the eavesdropper is greater than that of the legitimate user. Numerical examples are provided to illustrate the proposed encoding scheme.</div></div>","PeriodicalId":55413,"journal":{"name":"Automatica","volume":null,"pages":null},"PeriodicalIF":4.8000,"publicationDate":"2024-10-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Automatica","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0005109824004266","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"AUTOMATION & CONTROL SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

This paper considers a cyber–physical system under an active eavesdropping attack. A remote legitimate user estimates the state of a linear plant from the state information received from a sensor. Transmissions from the sensor occur via an insecure and unreliable network. An active eavesdropper may perform an attack during system operation. The eavesdropper intercepts transmissions from the sensor, whilst simultaneously sabotaging the data transfer from the sensor to the remote legitimate user to harm its estimation performance. To maintain state confidentiality, we propose an encoding scheme that is activated on the detection of an eavesdropper. Our scheme transmits noise based on a pseudo-random indicator, pre-arranged at the legitimate user and sensor. The transmission of noise harms the eavesdropper’s performance, more than that of the legitimate user. Using the proposed encoding scheme, we impair the eavesdropper’s expected estimation performance, whilst minimizing expected performance degradation at the legitimate user. We explore the trade-off between state confidentiality and legitimate user performance degradation by selecting the probability that the sensor transmits noise. Under certain design choices, the trace of the expected estimation error covariance of the eavesdropper is greater than that of the legitimate user. Numerical examples are provided to illustrate the proposed encoding scheme.

查看原文本刊更多论文

针对主动窃听者的隐私远程状态估计

本文研究了一个受到主动窃听攻击的网络物理系统。远程合法用户根据从传感器接收到的状态信息估计线性工厂的状态。传感器通过不安全、不可靠的网络进行传输。主动窃听者可能会在系统运行期间实施攻击。窃听者拦截传感器的传输，同时破坏从传感器到远程合法用户的数据传输，从而损害其估算性能。为了保持状态的机密性，我们提出了一种在检测到窃听者时激活的编码方案。我们的方案基于伪随机指标传输噪声，该指标在合法用户和传感器之间预先设定。与合法用户相比，噪声的传输对窃听者的性能损害更大。利用所提出的编码方案，我们可以在最大限度地降低合法用户预期性能下降的同时，损害窃听者的预期估计性能。我们通过选择传感器传输噪声的概率来探索状态保密性与合法用户性能下降之间的权衡。在某些设计选择下，窃听者的预期估计误差协方差的迹线大于合法用户的迹线。本文提供了数值示例来说明所提出的编码方案。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Automatica 工程技术-工程：电子与电气

CiteScore

10.70

自引率

7.80%

发文量

617

审稿时长

5 months

期刊介绍： Automatica is a leading archival publication in the field of systems and control. The field encompasses today a broad set of areas and topics, and is thriving not only within itself but also in terms of its impact on other fields, such as communications, computers, biology, energy and economics. Since its inception in 1963, Automatica has kept abreast with the evolution of the field over the years, and has emerged as a leading publication driving the trends in the field. After being founded in 1963, Automatica became a journal of the International Federation of Automatic Control (IFAC) in 1969. It features a characteristic blend of theoretical and applied papers of archival, lasting value, reporting cutting edge research results by authors across the globe. It features articles in distinct categories, including regular, brief and survey papers, technical communiqués, correspondence items, as well as reviews on published books of interest to the readership. It occasionally publishes special issues on emerging new topics or established mature topics of interest to a broad audience. Automatica solicits original high-quality contributions in all the categories listed above, and in all areas of systems and control interpreted in a broad sense and evolving constantly. They may be submitted directly to a subject editor or to the Editor-in-Chief if not sure about the subject area. Editorial procedures in place assure careful, fair, and prompt handling of all submitted articles. Accepted papers appear in the journal in the shortest time feasible given production time constraints.