An encoding mechanism for secrecy of remote state estimation

Abstract

We consider a secure remote state estimation problem where the observations transmitted from the sensors to a remote estimator could be intercepted by an eavesdropper. To prevent the eavesdropper from acquiring the system states, we propose an encoding–decoding mechanism by combining linear transformation and artificial noise to ensure the exact values of observations unavailable to the eavesdropper but available to the estimator. Further, we propose an algorithm by which the eavesdropper may infer the approximate values of the observations and thus to further estimate the system states. We reveal how the amplitude of the artificial noise affects the accuracy of the eavesdropper inference, which helps the designing of the encoding–decoding mechanism. Simulation experiments are conducted to verify the derived results.

Introduction

Recently, the vast development of computing, control, communication and network technology has greatly expanded the scale of the interconnections among the devices and facilities in Cyber–Physical systems (CPSs) (Jin et al., 2014, Lee et al., 2015, Stankovic, 2014). Due to the distributed structure and open physical access of such systems, malicious entities are made easier to join these systems and thus to conduct a series of attacks tailored to the vulnerabilities in the perceptual layer, the network layer and the application layer (Pasqualetti et al., 2013, Qi et al., 2014, Teixeira et al., 2015). Typical attacks include denial-of-service attack, data injection attack, eavesdropping attack, etc. In denial-of-service attacks, the attacker sends a large amount of jamming data or fake requests to occupy the channel bandwidth or exhaust the node response so that the necessary data transmission is blocked or the necessary request is neglected (Ding et al., 2017, Feng and Tesi, 2017, Zhang et al., 2015, Zhang et al., 2018, Zhang and Zheng, 2018). In data injection attacks, the packets transmitted on the channel are modified by the attacker so as to violate the data integrity, which ultimately downgrades the system control performance (Guo et al., 2018, Li et al., 2018, Yang et al., 2019). In eavesdropping attacks, the attacker is a passive adversary that monitors the packets transmitted on the channel without influence on the system performance, but threatening the system security when the information intercepted is confidential (Le Ny and Pappas, 2013, Tsiamis et al., 2017, Tsiamis et al., 2018, Wiese et al., 2019, Zhang et al., 2016, Zhu and Lu, 2015).

To defend a CPS from eavesdropping attacks means to protect the privacy of the data transmitted. Many works have been done in privacy-preserving. Mo et al. in Mo and Murray (2017) proposed an algorithm to guarantee the privacy of the initial states by adding properly conceived random noises while achieving asymptotic consensus in a distributed network. Similar work has been done by Manitara et al. in Manitara and Hadjicostis (2013) where the states are transmitted with pseudo-random sequence added. Kishida in Kishida (2018) used a quantizer to convert the control signal into a discrete form to fit the Paillier cryptosystem. Due to the changing sensitivity of the quantizer, the trade-off between the cipher complexity and the closed-loop control accuracy is balanced. Lu and Zhu in Lu and Zhu (2018) introduced homomorphic encryption into a distributed projected gradient-based algorithm to reach privacy preserving distributed optimization.

In this paper, we inspect remote state estimation in the presence of an eavesdropper. The state estimation, in which the estimator gives the system states by observing the system outputs, is one of the fundamental applications in CPSs (as in Yang et al., 2014, Yang et al., 2017). Particularly, in remote state estimation (Ding et al., 2017, Ding and Shi, 2016, Guo et al., 2018, Li et al., 2018, Zhang et al., 2018), the sensors and the estimator are located apart. Hence, the system observations need to be transmitted through a channel from the sensors to the estimator. Eavesdropping attack could take place when a malicious device builds an extra link to the channel to acquire sensitive information (Wiese et al., 2019). In Wiese et al. (2019), Wiese et al. considered the secrecy of state estimation on a discrete unstable scalar system whose observations are encoded and transmitted through an uncertain wire-tap channel. The channel characteristics vary between the branch to the estimator and the branch to the eavesdropper. Based on the difference of the channel characteristics, the authors proved that there exists an encoding scheme that is both secure and reliable if the uncertain channels of the eavesdropper and the estimator have joint zero-error capacity greater than the logarithm of the system parameter. Tsiamis et al. in Tsiamis et al., 2017, Tsiamis et al., 2018 proposed a coding scheme for a packet-dropping channel where the encoder sends the difference between the current state and its prediction based on the last successful transmission. An acknowledgment (ACK) is returned from the decoder when it successfully receives a packet. In the coding scheme, the eavesdropper’s estimation error accumulates because of the mismatch between its own packet drops and ACKs, while the decoder’s estimation error is bounded.

Inspired by the works in Tsiamis et al., 2017, Tsiamis et al., 2018 and Wiese et al. (2019), we introduce an encoding–decoding mechanism into remote state estimation. We consider a linear dynamic system whose states are observed by a bunch of sensors. The observation data is uploaded to a channel which is monitored by an eavesdropper. At the other end of the channel, an estimator receives the observations and conducts the state estimation by Kalman filtering. Different from the works in Tsiamis et al., 2017, Tsiamis et al., 2018 and Wiese et al. (2019), we assume that the channel is a noise-free channel without multi-path effects, namely without packet drops, delays or any disturbance. Besides, the encoding mechanism we propose is engaged with artificial noise. The artificial noise method, which adds intentionally generated noise to the original data, has been used in He, Cai, and Guan (2018) and Mo and Murray (2017) for distributed private-preserving. The difference is that He et al. (2018) focus on the probability density function of the error of estimation by the eavesdropper, while Mo and Murray (2017) concentrate on the consensus convergence rate. Note that, the artificial noise aforementioned and to be inspected in this paper is the noise compared with data, which is different with the ‘artificial noise’ in Goel and Negi (2008) where the noise is of physical layer characteristics compared with signals. The main contribution of our work is summarized in the following:

• We propose an encoding mechanism, which is a combination of linear transformation and artificial noise. This mechanism pre-process the sensor observations of a linear dynamic system to prevent the eavesdropper from obtaining the exact value of the observations. The linear transformation only involves the multiplication of a 2 × 2 matrix and the artificial noise is generated by analog devices. Hence, the method does not require high computational cost. Besides, unlike the encryptions in Kishida (2018) and Lu and Zhu (2018), the observations do not have to be quantized from real numbers to integers before encoding, thus the encoding mechanism we propose does not cause any loss in accuracy. The corresponding decoding method is also developed so that the supposed receiver can extract the observations without error.

• We consider a possible situation where the eavesdropper can infer the approximate value of the observations under the encoding mechanism. We show the relationship between the amplitude of the artificial noise and the accuracy of the approximation of the eavesdropper, which can be a guideline when deploying the secrecy state estimation facilities.

This paper is structured as follows. In Section 2, we set up the background of our study, including the system dynamics, the explanations of terminologies concerned, the recursion of the filter used by the estimator, and the topology of communication. In Section 3, we propose the encoding–decoding mechanism and give a modified version of the mechanism to reduce the number of the artificial noise generators used. In Section 4, we calculate the lower bound of the amplitude of the artificial noises satisfying certain signal-to-noise ratio (SNR) requirement. We also present the deduction algorithm by which the eavesdropper can approximate the system observations. We reveal how the amplitude of the artificial noise has an influence on the accuracy of the approximation. Section 5 gives the simulation results to verify our derived results and Section 6 concludes this article.

Notations: ${\mathbb{R}}^n$ is the set of $n$ dimensional vectors. $E\left(\cdot \right)$ denotes the mathematical expectation. $A^T$ and $A^{-1}$ refer to the transposition and inverse of matrix $A$, respectively. The trace of matrix $A$ (i.e., the sum of the diagonal entries) is denoted by $\mathrm{tr}\left(A\right)$. The eigenvalue with the greatest absolute value among all the eigenvalues of matrix $A$ is called the spectral radius of $A$, denoted by $\rho \left(A\right)$. The double-vertical-line bracket $\Vert \cdot \Vert$ refers to the Euclidean norm of the vector it includes.