Remote State Estimation with Privacy Against Active Eavesdroppers

Matthew J. Crimson Justin M. Kennedy Daniel E. Quevedo School of Electrical Engineering and Robotics, Queensland University of Technology, Brisbane QLD, 4000 Australia. (e-mail: {m.crimson, j12.kennedy,daniel.quevedo}@qut.edu.au)

Abstract

This paper considers a cyber-physical system under an active eavesdropping attack. A remote legitimate user estimates the state of a linear plant from the state information received from a sensor. Transmissions from the sensor occur via an insecure and unreliable network. An active eavesdropper may perform an attack during system operation. The eavesdropper intercepts transmissions from the sensor, whilst simultaneously sabotaging the data transfer from the sensor to the remote legitimate user to harm its estimation performance. To maintain state confidentiality, we propose an encoding scheme that is activated on the detection of an eavesdropper. Our scheme transmits noise based on a pseudo-random indicator, pre-arranged at the legitimate user and sensor. The transmission of noise harms the eavesdropper’s performance, more than that of the legitimate user. Using the proposed encoding scheme, we impair the eavesdropper’s expected estimation performance, whilst minimising expected performance degradation at the legitimate user. We explore the trade-off between state confidentiality and legitimate user performance degradation through selecting the probability that the sensor transmits noise. Under certain design choices, the trace of the expected estimation error covariance of the eavesdropper is greater than that of the legitimate user. Numerical examples are provided to illustrate the proposed encoding scheme.

keywords:

Network Security, Privacy, Eavesdropping Attacks, Remote Estimation.

^†^†thanks: A preliminary version of this work was presented at IFAC World Congress, 2023, Yokohama, Japan (see [5]). Corresponding author Matthew Crimson.

1 Introduction

In recent years, Cyber-Physical Systems (CPS) have grown rapidly with the ubiquitous rise of the Internet of Things. CPS integrate cyber-infrastructure and physical systems. These systems encompass large-scale, geographically dispersed systems, such as smart grids, intelligent transportation systems, critical infrastructure and wearable medical devices [12]. Due to the tight integration of cyber and physical components in such systems, CPS are vulnerable to cyber-attacks. Cyber vulnerabilities can be exploited by malicious adversaries, which seek to disrupt CPS operations. Attacks on CPS may result in performance degradation or even system failure [11].

Security of a system is defined by availability, integrity, and confidentiality. Targeting these security goals are; denial-of-service (DoS), deception attacks, and eavesdropping. DoS attacks seek to compromise the availability of information via jamming communication channels. Deception attacks seek to target the integrity of a system by manipulating transmitted information. Eavesdropping attacks seek to intercept transmitted information, targeting confidentiality, [4]. In particular, the use of shared wireless mediums makes it difficult to shield transmissions from unintended recipients. Sophisticated attacks may combine elements to achieve goals, such as active eavesdropping. Active eavesdropping is where the eavesdropper can not only intercept transmissions but also invade the communication channel to degrade the wireless performance of the system [7]. This performance degradation may trigger the sensor to transmit data packets more frequently, or with higher power which increases the packet arrival rate at the eavesdropper. Therefore, estimation accuracy at the eavesdropper is increased. This style of attack differs from a DoS attack, as jamming is utilised to improve the eavesdropper performance as well, whereas a DoS attack seeks to degrade the legitimate user’s performance, with no consideration to its own packet reception. In practical applications, active eavesdropping is achieved through pilot signal contamination [24].

There is a need to design estimation algorithms over wireless communication networks that account for the reliability of the wireless network, while also ensuring confidentiality of the transmitted information from an eavesdropper. Guaranteeing confidentiality is crucial for sensor and control data, which convey confidential information about the physical system state. This is detrimental to system operation as it violates sensor and user privacy, which may cause economic losses or even threaten human survival. For example, in smart grids an eavesdropper can infer load taxonomy from the electricity consumption data provided by smart meters. The malicious adversary can infer daily schedules, and break into premises when no inhabitants are present [20]. In addition, with knowledge of how a system operates, an adversary may perform an attack with greater sophistication.

To ensure privacy against eavesdropping attacks, cryptography-based tools [13] are at times used in practice, however, they introduce computation and communication overheads [15] and therefore are only of limited use. Several works have developed encoding schemes [17, 22] and scheduling of transmissions [16], which are lightweight and avoid significant computation. These encoding techniques require knowledge of the legitimate estimator’s performance. Performance is shared through acknowledgment of successful packet receipts to the sensor. However, utilising an acknowledgement channel is a point of vulnerability for eavesdropping and DoS attacks [7], as experimentally demonstrated with the jamming of acknowledgments utilising commodity hardware [14]. Therefore, the motivation for this work is to design a low-complexity encoding scheme in a system without acknowledgments when an eavesdropper attack is occurring, by adapting transmissions to ensure the confidentiality of the state.

In this work, we consider a sensor transmitting the state estimate of a stable, linear, dynamic system to a legitimate remote user over a random packet-dropping wireless network. A malicious adversary may perform an active eavesdropping attack during system operation and intercept the transmissions from the sensor, compromising state confidentiality. We propose an encoding scheme that is activated on the detection of an eavesdropper. We present a Quickest Change Detection (QCD) scheme to detect the presence of an eavesdropper through monitoring channel outcomes. QCD is a technique to detect an abrupt change in statistical properties of an observed process as quickly as possible after the change occurs, subject to a false alarm constraint [2]. Several formulations for QCD problems exist, which vary with respect to assumptions about the change time and optimality criteria. Bayesian formulations assume the change time is a random variable with a known geometric prior with independent and identically distributed (i.i.d.) observations [10, 23]. With these assumptions, Shiryaev established the optimal stopping, which compared the change posterior probability to a threshold.

In this work, we use QCD to detect the presence of an active eavesdropper, which activates the encoding scheme. When an eavesdropper is detected, the sensor transmits noise or its local state estimate, based on a pseudo-random Bernoulli indicator that is pre-arranged at the legitimate user and sensor. Under this encoding scheme, the eavesdropper’s estimation error covariance is made larger than that of the legitimate user. This work extends the results in [5]. We extend [5] from the scalar, first-order system to the vector case. Additionally, no method was presented in [5] for the detection of the eavesdropper.

2 Remote State Estimation with an Eavesdropper

We consider the following dynamic system that is modelled as a linear, discrete-time invariant system

x_{k+1}=Ax_{k}+w_{k},\quad y_{k}=Cx_{k}+v_{k}

(1)

where $x_{k}\in\mathbb{R}^{n}$ is the system state vector and $y_{k}\in\mathbb{R}^{m}$ is the measurement taken by the sensor at time $k\geq 0$ . The dynamics is stable with $\rho(A)<1$ , where $\rho(.)$ is the spectral radius¹¹1The spectral radius is defined as the maximum absolute eigenvalue $\rho(.)=\max|\beta_{i}(.)|$ where $\beta_{i}$ is the $i$ th eigenvalue.. The process noise $w_{k}\in\mathbb{R}^{n}$ and the measurement noise $v_{k}\in\mathbb{R}^{m}$ are zero mean i.i.d. Gaussian random processes with $\mathbb{E}[w_{k}w_{k}^{\intercal}]=Q$ with $\mathbb{E}[w_{k}w_{l}^{\intercal}]=0$ and $\mathbb{E}[v_{k}v_{k}^{\intercal}]=R$ with $\mathbb{E}[v_{k}v_{l}^{\intercal}]=0$ and $\mathbb{E}[w_{k}v_{l}^{\intercal}]=0\ \text{ for all }l\geq 0\text{ \ where\ }k\neq l$ . The initial state of the process $x_{0}$ is a Gaussian random variable with zero mean and covariance $\mathbb{E}[x_{0}x_{0}^{\intercal}]=\Sigma_{0}$ . The covariances $Q,R,\Sigma_{0}$ are positive definite. The initial state is uncorrelated with $w_{k}$ and $v_{k}$ with $\mathbb{E}[x_{0}w_{k}^{\intercal}]=0$ and $\mathbb{E}[x_{0}v_{k}^{\intercal}]=0$ . All system and noise parameters $(A,C,Q,R,\Sigma_{0})$ are assumed to be public knowledge, available to the sensor, legitimate user and eavesdropper. The pair $(A,C)$ is assumed to be observable and $(A,\sqrt{Q})$ is controllable.

2.1 Local State Estimation and Open Loop Performance

In current CPS frameworks, sensors are equipped with on-board computation and processes to improve the estimation performance of the system. Sensors process the collected measurements by executing recursive algorithms, enabled by advanced embedded systems-on-chip [6]. To emulate this sensor configuration, we consider the sensor configuration is computationally capable of optimal state estimation in real-time. The sensor locally estimates the system state $x_{k}$ , based upon all measurements it has collected up to time $k$ using standard Kalman filtering recursions. The local estimate is transmitted wirelessly to a remote legitimate user. We denote $\hat{x}_{k}^{s}$ as the sensor’s local Minimum Mean-Squared Error (MMSE) estimate of the system state, $x_{k}$ , and $P_{k}^{s}$ as the corresponding estimation error covariance

\begin{split}\hat{x}_{k}^{s}&=\mathbb{E}[x_{k}|y_{0},y_{1},...,y_{k}]\\ {P}_{k}^{s}&=\mathbb{E}[(x_{k}-\hat{x}_{k}^{s})(x_{k}-\hat{x}_{k}^{s})^{\intercal}|y_{0},y_{1},...,y_{k}].\end{split}

For any initial condition, the error covariance $P_{k}^{s}$ converges exponentially fast to some unique value $\bar{P}$ [1]. Without loss of generality, it is assumed the local state estimator has entered steady state operation and that $P_{k}^{s}=\bar{P}$ , where $\bar{P}$ is the unique solution to the discrete-time algebraic Riccati equation

\begin{split}\bar{P}=&A\bar{P}A^{\intercal}+Q-(A\bar{P}A^{\intercal}+Q)C^{\intercal}\\ &(CA\bar{P}A^{\intercal}C+CQC^{\intercal}+R)^{-1}C(A\bar{P}A^{\intercal}+Q).\end{split}

(2)

2.2 Communication Model

The legitimate user requires to reliably estimate the system state for the purposes of remote monitoring or control. To obtain this estimate, the sensor transmits an encoded packet $z_{k}\in\mathbb{R}^{n}$ of state information or noise. We define the formation of $z_{k}$ in Section 4. The packet $z_{k}$ is transmitted over a wireless network to the legitimate user. However, the transmitted packets can also be received by an eavesdropper. We utilize a standard packet-based transmission utilized in network control problems. Denote the packet reception indicator outcome at the legitimate user by $\lambda_{k}\in\{0,1\}$ , where

\lambda_{k}=\begin{cases}1,\quad\textrm{if a packet is received at the legitimate user}\\ 0,\quad\textrm{if a packet dropout occurs.}\end{cases}

Denote the packet reception indicator outcome at the eavesdropper by $\lambda_{k}^{e}\in\{0,1\}$ , where

\lambda_{k}^{e}=\begin{cases}1,\quad\textrm{if a packet is received at the eavesdropper}\\ 0,\quad\textrm{if a packet dropout occurs.}\end{cases}

The channel outcomes for the legitimate user and eavesdropper are modelled as i.i.d. Bernoulli processes, independent of the initial state of the process and of the process noise.

2.3 Attack Model and Channel Qualities

An eavesdropper seeks to compromise the confidentiality of the system state by eavesdropping on the transmitted state estimate from the sensor. At the same time, the eavesdropper invades the communication channel between the sensor and the legitimate user by attempting to block transmissions to degrade the estimation accuracy of the legitimate user. At some time $k=\Lambda$ where $\Lambda\geq 1$ the eavesdropper performs an attack.

Let the channel quality be defined as the probability of packet dropout. In the absence of an eavesdropper attack, the channel outcomes at the legitimate user $\lambda_{k}$ have a nominal packet dropout probability as $\gamma\in(0,1)$ , where

\gamma=\mathbb{P}[\lambda_{k}=0]\quad k<\Lambda.

We propose when the eavesdropper is performing an attack, the quality of the legitimate user’s channel is degraded with a probability of packet dropout as $\bar{\gamma}\in(0,1)$ , where

\bar{\gamma}=\mathbb{P}[\lambda_{k}=0]\quad k\geq\Lambda,

(3)

where $\gamma<\bar{\gamma}$ . When the eavesdropper is not performing an attack, the eavesdropper does not receive any information with $\lambda^{e}_{k}=0$ when $k<\Lambda$ , i.e., the eavesdropper does not have a communication channel. When the eavesdropper is performing an attack, the probability of packet dropout for the eavesdropper’s channel is defined as $\gamma^{e}\in(0,1)$ , where

\gamma^{e}=\mathbb{P}[\lambda_{k}^{e}=0]\quad k\geq\Lambda.

(4)

In our detection method we utilise the legitimate user’s channel quality distributions to detect when an eavesdropper attack is occuring, detailed in Section 9.

3 Problem of Interest

As packet receipt acknowledgments may be vulnerable to adversaries, our objective is to design an encoding scheme that is activated on the detection of an eavesdropper, that does not rely on acknowledgements when the eavesdropper is detected. To characterise performance bounds under the encoding scheme for the eavesdropper’s and legitimate user’s estimation error covariance, we introduce “open-loop performance”. We first define the solution to the discrete-time Lyapunov equation, which is expressed as an infinite sum in the case that $\rho(T)<1$

V=\sum_{j=0}^{\infty}T^{j}U(T^{\intercal})^{j},

(5)

where $V$ is the unique stabilising solution to

V=TVT^{\intercal}+U.

(6)

For convenience, we define the following notation to represent the solution to the Lyapunov equation

V=L(T,U).

(7)

If no information is received from the sensor at the legitimate user or eavesdropper, then open loop performance occurs. It is characterised by $x^{OP}_{k}=\mathbb{E}[x_{k}]=0$ and $P^{OP}_{k}=\mathbb{E}[x_{k}x_{k}^{\intercal}]$ , where the asymptotic open loop estimate and corresponding estimation error covariance satisfy [1]

\begin{split}x^{OP}&\triangleq\lim_{k\to\infty}x_{k}^{OP}=0\\ P^{OP}&\triangleq\lim_{k\to\infty}P^{OP}_{k}=L(A,Q).\end{split}

(8)

The encoding scheme is designed with no information of the legitimate user’s current estimate, hence we aim to ensure that the trace of the legitimate user’s expected estimation error covariance is upper bounded by the trace of open loop prediction. To ensure confidentiality, we desire that the trace of the eavesdropper’s expected estimation error covariance is above the trace of open loop prediction, i.e., the trace of the expected eavesdropper’s estimation error covariance when using received packets is larger than if it had not used any packets in its estimation process. These conditions guarantee data confidentiality against an eavesdropper, whilst also ensuring the legitimate user has a reliable estimate.

4 Encoding Scheme Design

Refer to caption — Figure 1: The sensor transmits $z_{k}$ , an encoded packet formed by the indicator $u_{k}$ and alarm $\nu_{k}$ . The alarm $\nu_{k}$ is formed at the legitimate user, indicating the presence of an eavesdropper and shared to the sensor. The indication to send noise $u_{k}$ is known to the legitimate user and sensor, and unknown to the eavesdropper. The packet is transmitted over a packet dropping network. The legitimate estimator and eavesdropper compute state estimates $\hat{x}_{k}$ and $\hat{x}_{k}^{e}$ .

The considered remote estimation architecture is shown in Fig. 1 and consists of a sensor observing a dynamic system, a legitimate user, and an eavesdropper. The sensor transmits packets of information over a wireless channel. To degrade the eavesdropper’s estimation performance, we desire to limit the amount of useful information it receives. To actively harm its estimation performance, we propose to send noise intermittently.

4.1 Encoding Scheme

Our proposed strategy is to enact the encoding scheme, based upon the detection of an eavesdropper. We first introduce the decision variable $\nu_{k}\in\{0,1\}$ , where

\nu_{k}=\begin{cases}0,&\text{if eavesdropper has been detected}\\ 1,&\text{otherwise}.\\ \end{cases}

(9)

The decision variable $\nu_{k}$ is formed at the legitimate user and shared with the sensor via an emergency acknowledgment channel. Once the sensor is alerted that an active eavesdropping attack is occurring, the sensor enacts the encoding scheme. We formulate eavesdropper detection and the design of $\nu_{k}$ using QCD in Section 9.

When an eavesdropper is detected, our proposed encoding scheme is to send either the sensor’s state estimate $\hat{x}_{k}^{s}$ or noise $n_{k}$ by using a Bernoulli pseudo-random indicator $u_{k}\in\{0,1\}$ . The transmission of noise reduces transmissions of information to the legitimate user, reducing its performance. We pre-arrange the indicator $u_{k}$ between the legitimate estimator and sensor. This encoding scheme forms $z_{k}$ which is the transmitted packet from the sensor

z_{k}=\begin{cases}\hat{x}_{k}^{s},&\text{ if }\nu_{k}=1\text{ or }(\nu_{k},u_{k})=(0,1)\\ n_{k},&\text{ if }(\nu_{k},u_{k})=(0,0).\\ \end{cases}

(10)

The indicator $u_{k}$ informs what is transmitted at the sensor. In practical systems, random numbers are generated through pseudo-random algorithms. By agreeing upon an initial seed at the legitimate user and sensor, we pre-arrange the indicator sequence $u_{k}$ .

We choose the noise to have the same characteristics as the sensor’s state estimate $\hat{x}_{k}^{s}$ . The noise is designed such that a change in transmission cannot be easily detected at the eavesdropper, as it exhibits the same characteristics as the sensor’s state estimate $\hat{x}_{k}^{s}$ [18]. The noise $n_{k}$ is normally distributed, with zero mean $\mathbb{E}[n_{k}]=0$ and covariance $\mathbb{E}[n_{k}n_{k}^{\intercal}]=\bar{P}$ uncorrelated with the state $x_{k}$ where $\mathbb{E}[x_{k}n_{k}]=0$ .

We denote the probability of the sensor transmitting noise as $\mu\in(0,1)$ , where

\mu\triangleq\mathbb{P}(u_{k}=0).

(11)

This probability constitutes the main design variable. It can be adjusted based on the dropout channel probabilities and the known process noise of the dynamics to balance the impact between degrading the legitimate user’s performance and ensuring data confidentiality. We explore this trade-off in Section 7.

Under this formulation, the goal is to decide how often to send noise such that data confidentiality is protected. The indicator is designed to be pseudo-random, such that the eavesdropper cannot easily discern patterns in transmission. Moreover, we require the sensor’s state estimate to be received by the legitimate user intermittently to ensure its performance is not degraded by too many losses of state estimates from the sensor. Due to the pre-arrangement of the indicator $u_{k}$ , the need for an acknowledgment channel is omitted when an eavesdropper is performing an attack.

4.2 Remote State Estimation

We denote $\mathcal{I}_{k}$ as a collection of historical information at the legitimate user up to time $k$ , with $\mathcal{I}_{k}\triangleq\{u_{0},\lambda_{0},\lambda_{0}z_{0},...,u_{k},\lambda_{k},\lambda_{k}z_{k}\}$ , noting that the legitimate user knows the encoding scheme variable $u_{k}$ . We define the legitimate user’s own state estimate and the corresponding estimation error covariance as

\begin{split}\hat{x}_{k}&\triangleq\mathbb{E}[x_{k}|\mathcal{I}_{k}]\\ P_{k}&\triangleq\mathbb{E}[(x_{k}-\hat{x}_{k})(x_{k}-\hat{x}_{k})^{\intercal}|\mathcal{I}_{k}],\end{split}

(12)

which is based on all sensor data packets received up to time step $k$ . We denote $\mathcal{I}^{e}_{k}$ as a collection of historical information at the eavesdropper up to time $k$ with $\mathcal{I}_{k}^{e}\triangleq\{\lambda_{0}^{e},\lambda_{0}^{e}z_{0},...,\lambda_{k}^{e},\lambda_{k}^{e}z_{k}\}$ . We define the eavesdropper’s own state estimate and the corresponding estimation error covariance as

\begin{split}\hat{x}^{e}_{k}&\triangleq\mathbb{E}[x_{k}|\mathcal{I}_{k}^{e}]\\ P_{k}^{e}&\triangleq\mathbb{E}[(x_{k}-\hat{x}_{k}^{e})(x_{k}-\hat{x}_{k}^{e})^{\intercal}|\mathcal{I}_{k}^{e}],\end{split}

(13)

which is based on all sensor data packets received up to time step $k$ . Note that the eavesdropper is unaware of the indication for the sensor to send noise $u_{k}$ , Hence, the eavesdropper is deceived to incorporate noise $n_{k}$ into its state estimate.

5 Remote State Estimation with an Eavesdropper

In an unreliable, insecure network, the sensor’s state estimate may not be received by the legitimate user, or the received packet may be noise due to the employed encoding scheme. To estimate the state of the system with intermittent observations, a second estimation scheme is employed at the legitimate user.

The legitimate user obtains the state estimate as follows: Once the sensor’s transmission arrives, and the sensor has not transmitted noise, the estimator synchronizes $\hat{x}_{k}$ with the optimal state estimate of the sensor $\hat{x}_{k}^{s}$ . Otherwise, the legitimate user predicts $x_{k}$ based on the previous estimate using the system model in (1). Thus, the state estimate at the legitimate user $\hat{x}_{k}$ (12) satisfies

\hat{x}_{k}=\begin{cases}\hat{x}_{k}^{s},\quad~{}~{}~{}~{}~{}\text{ if }(\lambda_{k},u_{k})=(1,1)\\ A\hat{x}_{k-1},~{}~{}~{}\text{ if }\lambda_{k}=0\text{ or }(\lambda_{k},u_{k})=(1,0).\end{cases}

The corresponding estimation error covariance $P_{k}$ satisfies

P_{k}=\begin{cases}\bar{P},\quad~{}~{}~{}~{}~{}~{}~{}~{}~{}~{}~{}~{}~{}~{}~{}\text{ if }(\lambda_{k},u_{k})=(1,1)\\ AP_{k-1}A^{\intercal}+Q,~{}\text{ if }\lambda_{k}=0\text{ or }(\lambda_{k},u_{k})=(1,0).\end{cases}

(14)

It follows from the eavesdropper’s estimation error covariance in (14) that when a packet arrives and it is the state estimate from the sensor, the legitimate user’s estimation error covariance is that of the sensor’s $\bar{P}$ (see (2)). When a packet of noise arrives, or a packet dropout occurs, the legitimate user’s estimation error covariance grows.

The goal of the eavesdropper is to construct an estimate of the state of the system $x_{k}$ based on all sensor data packets received up to time step $k$ . The eavesdropper is unaware of the detection variable $\nu_{k}$ (9). The eavesdropper is additionally unaware of the randomised indicator to send noise $u_{k}$ (10). As the noise is designed to exhibit the same statistical characteristics as the sensor’s state estimate, and the encoding scheme is unknown, the eavesdropper cannot distinguish $\hat{x}_{k}^{s}$ from $n_{k}$ . This feature can be used to deceive the eavesdropper to incorporate noise $n_{k}$ into its state estimate. The eavesdropper obtains the state estimate as follows: Once the sensor’s transmission arrives, and the sensor has not transmitted noise, the eavesdropper synchronizes $\hat{x}^{e}_{k}$ with that of the sensor. If the sensor’s transmission arrives, and the sensor has transmitted noise, the eavesdropper synchronizes $\hat{x}^{e}_{k}$ with the transmitted noise $n_{k}$ . If a packet dropout occurs, the eavesdropper predicts $x_{k}$ based on the previous estimate using the system model in (1), such that the eavesdropper’s state estimate $\hat{x}_{k}^{e}$ (13) from the sensor’s viewpoint satisfies

\hat{x}_{k}^{e}=\begin{cases}\hat{x}_{k}^{s},\quad~{}~{}\text{ if }(\lambda_{k}^{e},u_{k})=(1,1)\\ n_{k},\quad~{}~{}\text{ if }(\lambda_{k}^{e},u_{k})=(1,0)\\ A\hat{x}_{k-1}^{e},\text{ if }\lambda_{k}^{e}=0.\end{cases}

(15)

We characterise the eavesdropper’s estimation error covariance in Lemma 1.

Lemma 1.

The estimation error covariance $P_{k}^{e}$ (13) satisfies

P_{k}^{e}=\begin{cases}\bar{P},\quad~{}~{}~{}~{}~{}~{}~{}~{}~{}~{}~{}~{}~{}~{}~{}\text{ if }(\lambda_{k}^{e},u_{k})=(1,1)\\ P_{n},\quad~{}~{}~{}~{}~{}~{}~{}~{}~{}~{}~{}~{}~{}~{}\text{ if }(\lambda_{k}^{e},u_{k})=(1,0)\\ AP_{k-1}^{e}A^{\intercal}+Q,~{}\text{ if }\lambda_{k}^{e}=0,\end{cases}

(16)

where $P_{n}$ is

P_{n}=P^{OP}+\bar{P},

(17)

which is the estimation error covariance under receiving and utilising a packet of noise, as the packet is mistaken for the state estimate, with $P^{OP}$ defined in (8). {pf} Firstly, consider the scenario that the eavesdropper successfully receives the state estimate from the sensor with $(\lambda_{k}^{e},u_{k})=(1,1)$ , the eavesdropper’s estimate is $\hat{x}_{k}^{e}=\hat{x}_{k}^{s}$ and the estimation error covariance is that of the sensor’s (see (2)) with $P_{k}^{e}=\bar{P}$ . Secondly, in the scenario that a packet dropout occurs with $\lambda_{k}^{e}=0$ , the eavesdropper predicts $\hat{x}_{k}^{e}$ with that of its previous estimate, with $\hat{x}_{k}^{e}=A\hat{x}_{k-1}^{e}$ . The corresponding estimation error covariance is $P_{k}^{e}=AP_{k-1}^{e}A^{\intercal}+Q$ . Thirdly, in the scenario that the eavesdropper successfully receives a packet of noise $(\lambda_{k}^{e},u_{k})=(1,0)$ , the eavesdropper directly uses the packet as the state estimate $\hat{x}_{k}^{e}=n_{k}$ . The estimation error covariance is

\begin{split}P_{n}&=\mathbb{E}[(x_{k}-n_{k})(x_{k}-n_{k})^{\intercal}|\mathcal{I}_{k}^{e}]\\ &=\mathbb{E}[x_{k}x_{k}^{\intercal}]+2\mathbb{E}[x_{k}n_{k}]+\mathbb{E}[n_{k}n_{k}^{\intercal}].\end{split}

(18)

These cases show the eavesdropper’s estimation error covariance (16). By definition the transmitted noise is designed such that $\mathbb{E}[n_{k}n_{k}^{\intercal}]=\bar{P}$ , uncorrelated with $x_{k}$ such that $\mathbb{E}[x_{k}n_{k}]=0$ . As per (8), the open loop estimation error covariance is $\mathbb{E}[x_{k}x_{k}^{\intercal}]=P^{OP}$ . Then from (18)

P_{n}=\mathbb{E}[x_{k}x_{k}^{\intercal}]+2\mathbb{E}[x_{k}n_{k}]+\mathbb{E}[n_{k}n_{k}^{\intercal}]=P^{OP}+0+\bar{P},

which shows the estimation error covariance under receiving a packet of noise (17).

Lemma 1 characterises the instantaneous worst-case performance for the eavesdropper under the encoding scheme. It shows that if noise is transmitted often, we can drive the eavesdropper’s estimation error covariance above open-loop prediction. However, greater transmissions of noise degrade the legitimate user’s performance as well. Therefore, the probability of the sensor sending noise $\mu$ needs to be chosen to balance the impact between degrading the legitimate user’s performance and protecting data confidentiality.

To quantify the estimation performance of the legitimate user and eavesdropper under the encoding scheme from a sensor viewpoint, we explore the mathematical expectation of the estimation error covariance. The use of the expectation allows us to compute the expected performance over the stochastic channel and encoding scheme. Particularly, due to the absence of acknowledgments when the eavesdropper is performing an attack, the channel outcomes are unknown at the sensor. Thus we use the expected estimation performance to design the sensor’s encoding variable $\mu$ . We additionally explore the steady-state behaviour of the expected estimation error covariance to quantify long-term performance under the encoding scheme as $k\rightarrow\infty$ .

We present an analytic expression of the steady state expectation of estimation error covariance of the legitimate user in Lemma 2 and of the eavesdropper in Lemma 3. Our expressions depend on the channel qualities (3), (4), process dynamics (1), and the encoding design variable (11).

Lemma 2.

The steady-state expectation of the legitimate user’s estimation error covariance satisfies

\lim_{k\to\infty}\mathbb{E}[P_{k}]=(1-\bar{\gamma})(1-\mu){W}+(\bar{\gamma}+(1-\bar{\gamma})\mu){S},

(19)

where $W$ and $S$ are solutions to the Lyapunov equation via (6), with $W=L\left(\left(\sqrt{(\bar{\gamma}+(1-\bar{\gamma})\mu)}A\right),\bar{P}\right)$ and $S=L\left(\left(\sqrt{(\bar{\gamma}+(1-\bar{\gamma})\mu)}A\right),Q\right)$ .

{pf}

The proof is included in Section 6.

Lemma 3.

The steady-state expectation of the eavesdropper’s estimation error covariance satisfies

		$\displaystyle\lim_{k\to\infty}\mathbb{E}[P_{k}^{e}]$		(20)
		$\displaystyle=(1-\gamma^{e})(1-\mu)W^{e}+\gamma^{e}S^{e}+(1-\gamma^{e})\mu H^{e}$

where $W^{e}$ and $S^{e}$ and $H^{e}$ are solutions to the Lyapunov equation via (6), with $W^{e}=L(\sqrt{\gamma^{e}}A,\bar{P})$ , $S^{e}=L(\sqrt{\gamma^{e}}A,Q)$ , and $H^{e}=L(\sqrt{\gamma^{e}}A,P_{n})$ .

{pf}

The proof is included in Section 6.

6 Markov Chain Model

The mathematical expectation of the legitimate user’s and eavesdropper’s estimation error covariance at time $k$ can be found by taking the sum of all possible channel and sensor transmission outcomes multiplied by the corresponding probability of that channel and sensor transmission realisation occurring. To find the mathematical expectation of the eavesdropper’s and legitimate user’s estimation error covariance, we introduce the following Markov chain models.

6.1 Legitimate User’s Markov Chain Model

Let $G_{k}$ be the state of a Markov chain taking values in the countably infinite set $G_{k}\in\{0,1,\dots\}$ . We define $G_{k}=0$ as the state when the sensor’s state estimate is received, and $G_{k}=j$ for $j>0$ as the $j$ th dropout. By application of the legitimate user’s channel quality (3) and the probability of the sensor sending noise (11), the transition probabilities $p_{ij}\triangleq\mathbb{P}[G_{k+1}=i|G_{k}=j]$ is characterised by

\mathbb{P}[G_{k+1}=i|G_{k}=j]=\begin{cases}(1-\bar{\gamma})(1-\mu),&\text{ if $i=0$},\\ \bar{\gamma}+(1-\bar{\gamma})\mu,&\text{ if $i=j+1$},\\ 0,&\text{ otherwise}.\end{cases}

The Markov chain and its transitions are depicted in Fig. 2.

We define the transition matrix of the Markov chain as $\mathbf{P}=[p_{ij}]$ . Since all states communicate, the Markov chain is irreducible, aperiodic, and recurrent and has a stationary distribution $\pi$ [3]. By solving the relation $\pi=\pi\mathbf{P}$ with $\sum_{j=0}^{\infty}\pi_{j}=1$ , the stationary distribution can be found as

\displaystyle\pi_{j}

\displaystyle=(\bar{\gamma}+(1-\bar{\gamma})\mu)^{j}(1-\bar{\gamma})(1-\mu).

Following the legitimate user’s estimation error covariance in (14), the conditional expectation of the estimation error covariance $P_{k}$ at the Markov chain state $G_{k}=j$ is

\mathbb{E}[P_{k}|G_{k}=j]=A^{j}\bar{P}(A^{\intercal})^{j}+\sum_{i=0}^{j-1}A^{i}Q(A^{\intercal})^{i}.

Taking the limit as $k\rightarrow\infty$ , then the expected estimation error covariance is

\begin{split}&\lim_{k\to\infty}\mathbb{E}[P_{k}]=\lim_{k\to\infty}\sum_{j=0}^{k}\mathbb{E}[P_{k}|G_{k}=j]\pi_{j}\\ &=(1-\bar{\gamma})(1-\mu)\\ &\quad\times\left(\sum_{j=0}^{\infty}(\bar{\gamma}+(1-\bar{\gamma})\mu)^{j}(A^{j}\bar{P}(A^{\intercal})^{j}+\sum_{i=0}^{j-1}A^{i}Q(A^{\intercal})^{i}\right)\\ &=(1-\bar{\gamma})(1-\mu)\\ &\quad\times\sum_{j=0}^{\infty}(\sqrt{(\bar{\gamma}+(1-\bar{\gamma})\mu)}A)^{j}\bar{P}(A^{\intercal}\sqrt{(\bar{\gamma}+(1-\bar{\gamma})\mu)})^{j}\\ &\quad+(\bar{\gamma}+(1-\bar{\gamma})\mu)\\ &\quad\times\sum_{j=0}^{\infty}(\sqrt{(\bar{\gamma}+(1-\bar{\gamma})\mu}A)^{j}Q(A^{\intercal}\sqrt{(\bar{\gamma}+(1-\bar{\gamma})\mu})^{j}.\\ \end{split}

These infinite sums satisfy the solution to the discrete-time Lyapunov equation (see (5)) with
$\rho(\sqrt{(\bar{\gamma}+(1-\bar{\gamma})\mu}A)<1$ and therefore can be written in the form of (7), where $W=L(\sqrt{(\bar{\gamma}+(1-\bar{\gamma})\mu)}A,\bar{P})$ and $S=L(\sqrt{(\bar{\gamma}+(1-\bar{\gamma}))\mu}A,Q)$ , and can be written in the form of (19). If $\bar{\gamma}=1$ then no packets are received, or if $\mu=1$ when only noise is sent then the legitimate user receives no packets containing the state estimate, as such the Markov chain does not return to state $G_{k}=0$ and no longer has a stationary distribution, and the expected steady-state estimation error covariance satisfies

\lim_{k\to\infty}\mathbb{E}[P_{k}]=P^{OP},\text{ if $\bar{\gamma}=1$ or $\mu=1$}.

6.2 Eavesdropper’s Markov Chain Model

Let $G_{k}^{e}$ be the state of a countably infinite Markov chain taking values in the set $G_{k}^{e}\in\{0,1,\dots\}$ . We define two key events, $G_{k}^{e}=0$ as the state when the sensor’s state estimate is received, and $G_{k}^{e}=1$ as the state when noise is received by the eavesdropper. These two events can be followed by an infinite number of packet dropouts. Let $G_{k}^{e}=j$ for $j\geq 2$ , be the dropouts after $G_{\ell}^{e}=0$ when $j$ is even, and $G_{\ell}^{e}=1$ when $j$ is odd, for some $\ell<k$ . The states $G_{k}^{e}=0$ and $G_{k}^{e}=1$ can be reached from any other state. By application of the eavesdropper’s channel quality (4) and the probability of the sensor sending noise (11), the transition probability $p_{ij}^{e}\triangleq\mathbb{P}[G_{k+1}^{e}=i|G_{k}^{e}=j]$ is characterised by

\mathbb{P}[G_{k+1}^{e}=i|G_{k}^{e}=j]=\begin{cases}(1-\gamma^{e})(1-\mu),&\text{ if $i=0$,}\\ (1-\gamma^{e})\mu,&\text{ if $i=1$,}\\ \gamma^{e},&\text{ if $i=j+2$},\\ 0,&\text{ otherwise .}\end{cases}

The Markov chain and its transitions are depicted in Fig. 3. We define the transition matrix of the Markov chain as $\mathbf{P}^{e}=[p_{ij}^{e}]$ . Since all states communicate, the Markov chain is irreducible, aperiodic, and recurrent and has a stationary distribution $\pi^{e}$ [3]. By solving the relation $\pi^{e}=\pi^{e}\mathbf{P}^{e}$ with $\sum_{j=0}^{\infty}\pi_{j}^{e}=1$ , the stationary distribution for all states are as follows

	$\displaystyle\pi_{0}^{e}$	$\displaystyle=(1-\gamma^{e})(1-\mu),$
	$\displaystyle\pi_{1}^{e}$	$\displaystyle=(1-\gamma^{e})\mu,$
	$\displaystyle\pi_{j+2}^{e}$	$\displaystyle=(\gamma^{e})\pi_{j}^{e}.$

Following the eavesdropper’s estimation error covariance (16), the conditional expectation of the estimation error covariance $P_{k}^{e}$ at the Markov chain state $G_{k}^{e}=j$ is

	$\displaystyle\mathcal{P}_{j}^{e}=\mathbb{E}[P_{k}^{e}\|G_{k}^{e}=j]$
	$\displaystyle=\begin{cases}A^{\frac{1}{2}j}\bar{P}(A^{\intercal})^{\frac{1}{2}j}+\sum_{i=0}^{\frac{1}{2}j-1}A^{i}Q(A^{\intercal})^{i},&\text{ if $j$ even},\\ A^{\frac{1}{2}(j-1)}P_{n}(A^{\intercal})^{\frac{1}{2}(j-1)}\\ +\sum_{i=0}^{\frac{1}{2}(j-1)-1}A^{i}Q(A^{\intercal})^{i},&\text{ if $j$ odd}.\end{cases}$

Taking the limit as time $k\rightarrow\infty$ , then the expected estimation error covariance is

	$\displaystyle\lim_{k\to\infty}\mathbb{E}[P_{k}^{e}]=\lim_{k\to\infty}\sum_{j=0}^{k}\mathbb{E}[P_{k}^{e}\|G_{k}^{e}=j]\pi_{j}^{e}$
	$\displaystyle=\sum_{j=0}^{\infty}(\gamma^{e})^{j}\pi_{0}^{e}\mathcal{P}_{2j}^{e}+\sum_{j=0}^{\infty}(\gamma^{e})^{j}\pi_{1}^{e}\mathcal{P}_{2j+1}^{e}$

	$\displaystyle=(1-\gamma^{e})(1-\mu)\sum_{j=0}^{\infty}(\gamma^{e})^{j}\left(A^{j}\bar{P}(A^{\intercal})^{j}+\sum_{i=0}^{j-1}A^{i}Q(A^{\intercal})^{i}\right)$
	$\displaystyle\quad+(1-\gamma^{e})\mu\sum_{j=0}^{\infty}(\gamma^{e})^{j}\left(A^{j}P_{n}(A^{\intercal})^{j}+\sum_{i=0}^{j-1}A^{i}Q(A^{\intercal})^{i}\right)$
	$\displaystyle=(1-\gamma^{e})(1-\mu)\sum_{j=0}^{\infty}(\sqrt{\gamma^{e}}A)^{j}\bar{P}(A^{\intercal}\sqrt{\gamma^{e}})^{j}$
	$\displaystyle\quad+(1-\mu)\gamma^{e}\sum_{j=0}^{\infty}(\sqrt{\gamma^{e}}A)^{j}Q(A^{\intercal}\sqrt{\gamma^{e}})^{j}$
	$\displaystyle\quad+(1-\gamma^{e})\mu\sum_{j=0}^{\infty}(\sqrt{\gamma^{e}}A)^{j}P_{n}(A^{\intercal}\sqrt{\gamma^{e}})^{j}$
	$\displaystyle\quad+\mu\gamma^{e}\sum_{j=0}^{\infty}(\sqrt{\gamma^{e}}A)^{j}Q(A^{\intercal}\sqrt{\gamma^{e}})^{j}.$

These infinite sums satisfy the solution to the discrete-time Lyapunov equation (see (5)), with $\rho(\sqrt{\gamma^{e}}A)<1$ and therefore can be written in the form of (7), where $W^{e}=L(\sqrt{\gamma^{e}}A,\bar{P})$ , $S^{e}=L(\sqrt{\gamma^{e}}A,Q)$ , and $H^{e}=L(\sqrt{\gamma^{e}}A,P_{n})$ . and can be written in the form of (20). If $\gamma^{e}=1$ , then there are only dropouts and the Markov chain cannot return to state $G_{k}^{e}=0$ or $G_{k}^{e}=1$ for any $k>0$ and no longer has a stationary distribution, and the expected steady-state estimation error covariance satisfies

\lim_{k\to\infty}\mathbb{E}[P_{k}^{e}]=P^{OP}\text{ if $\gamma^{e}=1$}.

7 Encoding Design

To provide a range of the encoding design variable $\mu$ (11), we write the expectations of the estimation error covariances as a function of the encoding design variable. The expectation of the steady-state estimation error covariance of the legitimate user from Lemma 2 can be written as

\begin{split}J(\mu)&=\operatorname{trace}\lim_{k\to\infty}\mathbb{E}[P_{k}]\\ &=(1-\bar{\gamma})(1-\mu)\operatorname{trace}{W}\\ &\ +(\bar{\gamma}+(1-\bar{\gamma})\mu)\operatorname{trace}{S},\end{split}

(21)

where $W$ and $S$ are functions of the encoding design variable $\mu$ . Similarly, the expectation of the steady-state estimation error covariance of the eavesdropper from Lemma 3 can be written as

\begin{split}J^{e}(\mu)&=\operatorname{trace}\lim_{k\to\infty}\mathbb{E}[P_{k}^{e}]\\ &=(1-\gamma^{e})(1-\mu)\operatorname{trace}W^{e}\\ &\ +\gamma^{e}\operatorname{trace}S^{e}+(1-\gamma^{e})\mu\operatorname{trace}H^{e}\end{split}

(22)

Before providing a method to select the encoding design variable $\mu$ , we observe the following monotonicity result.

Lemma 4.

Consider any eavesdropper channel quality $\gamma^{e}$ in $0<\gamma^{e}<1$ and consider the encoding design variable (11) in $0<\mu^{\star}<\mu<1$ . The trace of the expected steady-state estimation error covariance of the eavesdropper (22) is monotonically increasing in $\mu$ such that $J^{e}(\mu^{\star})<J^{e}(\mu)$ .

{pf}

Consider $0<\mu^{\star}<\mu<1$ . From the trace of the eavesdropper’s expected steady-state estimation error covariance (see (21)), the inequality $J^{e}(\mu^{\star})<J^{e}(\mu)$ is written as

		$\displaystyle(1-\gamma^{e})(1-\mu^{*})\operatorname{trace}W^{e}+$
		$\displaystyle\quad\gamma^{e}\operatorname{trace}S^{e}+(1-\gamma^{e})\mu^{*}\operatorname{trace}H^{e}$
	$\displaystyle<$	$\displaystyle(1-\gamma^{e})(1-\mu)\operatorname{trace}W^{e}+$
		$\displaystyle\quad\gamma^{e}\operatorname{trace}S^{e}+(1-\gamma^{e})\mu\operatorname{trace}H^{e}.$

By algebraic manipulation

\begin{split}&\mu^{*}(1-\gamma^{e})(\operatorname{trace}H^{e}-\operatorname{trace}W^{e})\\ <&\mu(1-\gamma^{e})(\operatorname{trace}H^{e}-\operatorname{trace}W^{e}).\end{split}

(23)

From [19, Lemma 1], let $P^{*}=W^{e}$ , $\hat{P}=H^{e}$ with $Q^{*}=\bar{P}$ and $\hat{Q}=P_{n}$ . As $P_{n}=P^{OP}+\bar{P}$ , it shows that $P_{n}>\bar{P}$ . Therefore $H^{e}>W^{e}$ . As $\operatorname{trace}H^{e}>\operatorname{trace}W^{e}$ , it shows that $\operatorname{trace}H^{e}-\operatorname{trace}W^{e}>0$ . Therefore from the inequality (23), it is shown that

\mu^{\star}<\mu,

which completes the proof. Considering the choice of $\mu$ in our encoding scheme, we desire to meet two conditions. Firstly, the trace of the legitimate user’s expected steady-state estimation error covariance should be upper bounded by that of the trace of open-loop prediction, with $J(\mu)<\operatorname{trace}P^{OP}$ . This condition ensures that transmissions from the sensor remain informative to the legitimate user.

Secondly, the trace of the eavesdropper’s expected steady-state estimation error covariance should be greater than the trace of open loop prediction, with $J^{e}(\mu)>\operatorname{trace}P^{OP}$ . This condition ensures that the confidentiality of the state is protected. The following Lemma provides an upper bound for the trace of the legitimate user’s steady-state estimation error covariance.

Lemma 5.

Consider the encoding design variable $\mu<1$ (11) and the legitimate user’s channel quality $\bar{\gamma}<1$ (3). The trace of the expected steady-state estimation error covariance for the legitimate user (21) is less than the trace of open-loop performance, with $J(\mu)<\operatorname{trace}P^{OP}$ .

{pf}

Consider the encoding design variable $\mu<1$ and legitimate user’s channel quality $\bar{\gamma}<1$ , and the eavesdropper has been detected with $\nu_{k}=1$ . Suppose that there is a non-zero probability that the sensor’s state estimate is received at the legitimate user $\mathbb{P}[\lambda_{k}=1,\nu_{k}=1,u_{k}=0]>0$ . Then, from the Borel–Cantelli Lemma [8], a packet containing the state estimate from the sensor will arrive at the legitimate user with probability one for some time $k>0$ , that is, $\mathbb{P}[\lambda_{k}=1,\nu_{k}=1,u_{k}=0,\text{ for some }k>0]=1$ . The estimation error covariance of the legitimate user when the state estimate is received is $\bar{P}$ , noting that $\bar{P}<P^{OP}$ . Therefore, $\lim_{k\to\infty}\mathbb{E}[P_{k}]<P^{OP}$ if $\mu<1$ and $\bar{\gamma}<1$ which shows $J(\mu)<\operatorname{trace}P^{OP}$ . This completes the proof. The following theorem provides a range for $\mu$ that protects data confidentiality, whilst keeping transmissions informative to the legitimate user.

Theorem 6.

Consider the encoding design variable in (11) is chosen in the range $\mu^{OP}<\mu<1$ , with $0\leq(\bar{\gamma},\gamma^{e})<1$ , given that

\mu^{OP}=\frac{\gamma^{e}(\operatorname{trace}S^{e}-\operatorname{trace}W^{e})+\operatorname{trace}W^{e}-\operatorname{trace}P^{OP}}{(\gamma^{e}-1)(\operatorname{trace}H^{e}-\operatorname{trace}W^{e})}.,

then the following conditions hold

\begin{split}J(\mu)&<\operatorname{trace}P^{OP}\textrm{ and}\\ \operatorname{trace}P^{OP}&<J^{e}(\mu).\end{split}

{pf}

To show the first case, consider the encoding design variable $\mu<1$ , then by Lemma 5, $J(\mu)<\operatorname{trace}P^{OP}$ .

To show the second case, consider $\mu^{OP}$ as the probability of the sensor sending noise that ensures that $J^{e}(\mu^{OP})=\operatorname{trace}P^{OP}$ . Then from the trace of the eavesdropper’s steady-state estimation error covariance in (22),

\begin{split}\operatorname{trace}P^{OP}&=(1-\gamma^{e})(1-\mu^{OP})\operatorname{trace}W^{e}\\ &+\gamma^{e}\operatorname{trace}S^{e}+(1-\gamma^{e})\mu^{OP}\operatorname{trace}H^{e}.\end{split}

(24)

where $\mu^{OP}$ is found by re-arranging (24) in terms of $\mu^{OP}$ . Consider the monotonicty result in Lemma 4, and let $\mu^{OP}=\mu^{\star}$ , then for any $\mu>\mu^{OP}$ , $J^{e}(\mu)>J^{e}(\mu^{OP})$ , which shows that $J^{e}(\mu)>\operatorname{trace}P^{OP}$ . This completes the proof.

In comparison with the state secrecy codes developed for stable systems [22], the current method allows one to drive the eavesdropper’s estimation error covariance above open-loop prediction through transmitting noise with $\mu>\mu^{OP}$ . Thus, interceptions of packets are not informative to the eavesdropper’s estimation process. Moreover, the eavesdropper intercepting packets is actively harming its own estimation performance. With the eavesdropper’s expected estimation error covariance above open-loop prediction, the eavesdropper’s performance is worse than if it did not utilise any packets at all from the sensor in its estimation process, i.e., if the eavesdropper only predicted the state estimate using the system model in (1). Since sending noise harms the legitimate user’s performance as well, we choose $\mu<1$ so the performance of the legitimate user remains upper-bounded by open loop prediction. This ensures that transmitted packets from the sensor remain informative to the legitimate user for use in estimation.

8 Relative Performance Simulation

In this section, we illustrate the performance of the encoding scheme using some examples. Consider the following second-order system (1) with parameters $A=\begin{bmatrix}0.5&0.1\\ 0.4&0.6\end{bmatrix}$ , $C=I_{2}$ , $Q=R=10^{-2}I_{2}$ , where $I$ is the identity, and $\rho(A)=0.7562<1$ . This gives $\operatorname{trace}\bar{P}=0.0114$ , $\operatorname{trace}P_{n}=0.0502$ and $\operatorname{trace}P^{OP}=0.0388$ . Consider a legitimate user channel quality of $\bar{\gamma}=0.5$ and four cases of eavesdropper channel qualities, with $\gamma^{e}_{1}=0.7$ , $\gamma^{e}_{2}=\bar{\gamma}$ $\gamma^{e}_{3}=0.3$ . We also consider the case that $\gamma^{e}=0,\bar{\gamma}=1$ . Fig. 4 shows the difference of the traces of the steady-state expected estimation error covariance between the eavesdropper and legitimate user $(J^{e}(\mu)-J(\mu))/J(\mu)$ against the encoding design variable $\mu$ for these four cases.

In the case that the eavesdropper’s channel is worse than the legitimate user’s, with $\bar{\gamma}<\gamma^{e}_{1}$ then the trace of the eavesdropper’s estimation covariance is greater than the legitimate user’s for $\mu\geq 0$ with $(J^{e}(\mu)-J(\mu))/J(\mu)>0$ . Using Theorem 6, $\mu$ is chosen in the range $0.7178<\mu<1$ . In the case that the eavesdropper’s channel is equal to the legitimate user’s with $\bar{\gamma}=\gamma^{e}_{2}$ , then the trace of the eavesdropper’s estimation covariance is greater than the legitimate user’s for $\mu>0$ , with $(J^{e}(\mu)-J(\mu))/J(\mu)>0$ if $\mu>0$ , and $(J^{e}(\mu)-J(\mu))/J(\mu)=0$ if $\mu=0$ . Using Theorem 6, $\mu$ is chosen in the range $0.7125<\mu<1$ . In the case that the legitimate user’s channel is worse than the eavesdropper’s with $\gamma^{e}_{3}<\bar{\gamma}$ , then the trace of the eavesdropper’s estimation covariance is greater than the legitimate user’s for $\mu>0.14$ . For $\mu\leq 0.14$ , the trace of the legitimate user’s expected estimation error covariance is greater than that of the eavesdropper’s. Using Theorem 6, $\mu$ is chosen in the range $0.7074<\mu<1$ .

We also present the case that $\bar{\gamma}=1$ and $\gamma^{e}=0$ , with the legitimate user not receiving any packets from the sensor, and the eavesdropper receives all packets transmitted from the sensor. If $\mu$ is chosen $\mu>0.705$ , then the trace of the eavesdropper’s expected estimation error covariance is greater than the legitimate user’s and above open loop prediction, even when the legitimate user is not receiving any transmissions from the sensor.

9 Quickest Change Detection Formulation

To enact the proposed encoding scheme, the problem is to quickly detect the presence of an eavesdropper, utilising the channel outcomes $\lambda_{k}$ at the legitimate user. We present a Bayesian Quickest Change Detection (QCD) statistical test and a corresponding efficient computation method.

Let $\lambda_{[0,k]}\triangleq\{\lambda_{0},...,\lambda_{k}\}$ be shorthand for the legitimate user’s channel outcome sequence. We model the instance of intrusion with a geometric distribution with $\epsilon_{k}=\mathbb{P}[\Lambda=k]=(1-\kappa)^{k-1}\kappa$ with $\kappa\in(0,1)$ , where $\kappa$ is the probability that an eavesdropper attack can occur. This formulation is amenable in the framework of a standard QCD problem, where the goal is to detect a time in which the statistical properties of an observed process change [18], which are the legitimate user’s channel outcomes $\lambda_{k}$ . Under the change description of the legitimate user’s channel outcomes given in Section 2.3, the joint probability mass function of the observed legitimate user packet outcomes is given by $p_{\Lambda}(\lambda_{[0,k]})=\Pi_{i=1}^{\Lambda-1}(1-\gamma)\Pi_{j=\Lambda}^{k}(1-\bar{\gamma})$ , given that $\Pi_{j=\Lambda}^{k}(1-\bar{\gamma})=1$ when $k<\Lambda$ .

Let $\mathcal{F}_{k}$ denote the filtration generated by $\lambda_{[0,k]}$ for $k\geq 0$ . We consider the probability space $(\Omega,\mathcal{F},\mathbb{P}_{\Lambda})$ , where $\Omega$ is the sample space of infinite sequences $\{\mathcal{F}_{k}:k\geq 0\}$ and $\mathcal{F}\triangleq\cup_{k=0}^{\infty}\mathcal{F}_{k}$ with the convention that $\mathcal{F}_{0}=\{0,\Omega\}$ and $\mathbb{P}_{\Lambda}$ is the probability measure constructed from the joint probability density $p_{\Lambda}(\lambda_{[0,k]})$ using Kolmogorov’s extension theorem [9]. Let us now construct a new probability measure $\mathbb{P}_{\epsilon}(G)=\sum_{k=1}^{\infty}\epsilon_{k}\mathbb{P}_{k}(G)$ , for all $G\in\mathcal{F}$ . We will denote the expectation operator associated with $\mathbb{P}_{\epsilon}$ as $\mathbb{E}_{\epsilon}$ . Our QCD problem is to quickly detect a change in the statistical properties of $\lambda_{k}$ , which indicates that an active eavesdropper attack is occurring by designing a stopping time $\tau>0$ with respect to the filtration $\mathcal{F}_{k}$ . The stopping time minimises the following unconstrained (Bayes risk) optimisation problem of [21], to trade-off average detection delay with a probability of false alarm as

J(\tau)\triangleq c\mathbb{E}_{\epsilon}[(\tau-\Lambda)^{+}]+\mathbb{P}_{\epsilon}[\tau<\Lambda],

(25)

where $(\tau-\Lambda)^{+}\triangleq\max(0,\tau-\Lambda)$ and $c$ is the penalty of each time step that alert is not declared after $\Lambda$ .

9.1 Eavesdropper Detection

To enact the proposed encoding scheme, the legitimate user detects when an eavesdropper attack is occurring to form the decision variable $\nu_{k}$ (9). Let $\mathbb{P}_{\epsilon}(k<\Lambda|\mathcal{F}_{k})$ be the no-change posterior probability. Following [23], the optimal stopping rule for the Shiryaev cost criterion (25) is

\tau^{*}=\inf\{k\geq 1:\mathbb{P}_{\epsilon}(k<\Lambda|\mathcal{F}_{k})\leq h\},

(26)

given that $h\in(0,1)$ is a threshold chosen to control the probability of false alarms. At each time $k$ , the no-change posterior $\mathbb{P}_{\epsilon}(k<\Lambda|\mathcal{F}_{k})$ is calculated at the legitimate user using its channel outcome $\lambda_{k}$ . An optimal stopping time is achieved under (26) to declare that an eavesdropper attack is occurring. This forms the decision variable $\nu_{k}$ (9), which enacts the encoding scheme.

\nu_{k}=\begin{cases}0&\text{if $\tau^{*}$ has been declared}\\ 1&\text{otherwise}.\\ \end{cases}

9.2 Efficient Calculation of the No-Change Posterior

We now present an efficient recursive method to compute the no-change posterior $\mathbb{P}_{\epsilon}(k<\Lambda|\mathcal{F}_{k})$ . We define $\hat{M}_{k}^{1}\triangleq\mathbb{P}_{\epsilon}(k<\Lambda|\mathcal{F}_{k})$ . Following [10, Lemma 1], given the sequence of legitimate user’s channel outcome $\lambda_{k}$ , the no-change posterior is provided by the scalar recursion

\hat{M}_{k}^{1}=N_{k}(1-\kappa)(1-\gamma)\hat{M}_{k-1}^{1},

with $\hat{M}_{0}^{1}=1$ , and where $N_{k}$ is the normalisation factor

N^{-1}_{k}=(1-\bar{\gamma})+(1-\kappa)(\bar{\gamma}-\gamma)\hat{M}^{1}_{k-1}.

10 Numerical Illustration with QCD

We show a numerical example to illustrate the results of QCD. Consider the following second-order system detailed in Section 8. The eavesdropper intrusion time is $\Lambda=700$ . The nominal probability of channel dropout for the legitimate user is $\gamma=0.2$ . When the eavesdropper is performing an attack, the legitimate user’s channel quality is degraded with $\bar{\gamma}=0.3$ . The eavesdropper’s probability of channel dropout is $\gamma^{e}=0.3$ . To demonstrate the need for QCD in detecting the eavesdropper, we propose a moving average test over a window of length $N=100$ computed on the channel outcomes at the legitimate user for a finite time horizon of $2000$ time steps. The moving average is displayed in Fig. 5.

The theoretical mean of the channel outcomes at the legitimate user under no attack is $1-\gamma=0.8$ , and when an eavesdropper attack occurring is $1-\bar{\gamma}=0.7$ . While it is visually apparent that there is a decrease in the moving average, it is challenging to quickly detect the presence of the eavesdropper with certainty, where a naive user would declare a false alarm at time $k=668$ in Fig. 5. To quickly detect the presence of an eavesdropper, the proposed QCD test is applied. Fig. 6 displays the no change posterior calculated at the legitimate user for each time-step $k$ .

The threshold is chosen at the minimum value that achieves zero false alarms. This threshold for the given channel characteristics is $h=3\times 10^{-3}$ and was determined numerically via Monte-Carlo methods. The probability that an eavesdropper performs an eavesdropping attack is $\kappa=5\times 10^{-6}$ . The legitimate user detects the presence of an eavesdropper at time $k=779$ , which is a detection delay of $79$ time steps. The posterior probability of no change reduces to a small value after the eavesdropper intrusion time. This indicates a strong probability of the presence of an active eavesdropper. Therefore at $k=779$ , a stopping time $\tau^{*}$ has been declared and the legitimate alarms the sensor, with $\nu_{k}=0$ . The indicator $\nu_{k}$ is shared with the sensor. The sensor then enacts the randomised scheme of transmitting noise or the state estimate.

To show the performance over time with the detection scheme, we show the trace of the estimation error covariance of the legitimate user ( $\operatorname{trace}P_{k}$ , see (14)) and the eavesdropper ( $\operatorname{trace}P_{k}^{e}$ , see (16)) between the time window $k=650$ and $k=850$ in Fig. 7. The probability of sending noise $\mu$ is chosen to be $0.8$ , which satisfies Theorem 6.

Before the eavesdropper intrusion, the legitimate user is forming a state estimate and a corresponding estimation error covariance. The trace of the estimation error covariance increases when there are packet dropouts. After the intrusion time, the eavesdropper performs an attack on the legitimate user’s channel. There are more packet dropouts for the legitimate user and the trace of the legitimate user’s estimation error covariance increases more often. The eavesdropper intercepts packets at this time and forms its own estimate of state and corresponding estimation error covariance. It is at time $k=779$ that the eavesdropper is detected. The sensor enacts the encoding scheme at this time. Under successive packet dropouts or transmissions of noise from the sensor, the trace of the legitimate user’s estimation error covariance is upper bounded by $\operatorname{trace}P^{OP}$ . Under receiving a packet of noise, the trace of the eavesdropper’s estimation error covariance is $\operatorname{trace}P_{n}$ .

11 Conclusion

This paper has developed an encoding scheme that is activated on the detection of an active eavesdropper. We proposed that when the active eavesdropper is performing an attack, there is a statistical change in the dropout probability of the legitimate user’s channel. We propose a QCD statistical test to quickly detect the presence of an eavesdropper. When an eavesdropper is detected, the sensor transmits either its state estimate or noise based upon a pseudo-random indicator. The encoding scheme ensures the confidentiality of the state of a dynamic system, in a network environment without packet receipt acknowledgments when the eavesdropper is performing an attack. Under our encoding design, the expected steady-state estimation error covariance of the eavesdropper is larger than that of the legitimate user. For certain design choices, the trace of the eavesdropper’s expected steady-state estimation error covariance is larger than the trace of the open-loop estimation error covariance, whilst the trace of the legitimate user’s expected steady-state estimation error covariance is smaller than the trace of open-loop estimation covariance.

References

[1] Anderson, B and Moore, J. B. Optimal Filtering. Englewood Cliffs, N.J., USA: Prentice-Hall, 1979.
[2] Basseville, M. Detecting Changes in Signals and Systems—A Survey. Automatica, 24(3):309–326, 1988.
[3] Brémaud, P. Markov Chains. New York, NY, USA: Springer-Verlag, 1999.
[4] Cardenas, A. A, Amin, S, and Sastry, S. Secure Control: Towards Survivable Cyber-Physical Systems. In 28th International Conference on Distributed Computing Systems Workshops, pages 495–500, Berkeley, California, 2008.
[5] Crimson, M, Kennedy, J. M, and Quevedo, D. E. Remote State Estimation with Privacy Against Eavesdroppers. IFAC World Congress, Yokohama, Japan arXiv:2211.13411, 2023.
[6] Ding, K, Li, Y, Quevedo, D. E, Dey, S, and Shi, L. A multi-channel transmission schedule for remote state estimation under DoS attacks. Automatica, 78:194–201, 2017.
[7] Ding, K, Ren, X., Leong, A. S, Quevedo, D. E, and Shi, L. Remote State Estimation in the Presence of an Active Eavesdropper. IEEE Transactions on Automatic Control, 66(1):229–244, 2021.
[8] Durrett, R. Probability: Theory and Examples. Cambridge university press, 2010.
[9] Elliott, R. J, Aggoun, L, and Moore, J. B. Hidden Markov Models: Estimation and Control, volume 29. Springer Science & Business Media, 2008.
[10] Ford, J. J, James, J, and Molloy, T. L. On the informativeness of measurements in Shiryaev’s Bayesian quickest change detection. Automatica, 111:108645, 2020.
[11] Humayed, A, Lin, J, Li, F, and Luo, B. Cyber-Physical Systems Security—A Survey. IEEE Internet of Things Journal, 4(6):1802–1831, 2017.
[12] Ishii, H and Zhu, Q, editors. Security and Resilience of Control Systems. Springer, 2022.
[13] Katz, J and Lindell, Y. Introduction to Modern Cryptography. CRC press, 2020.
[14] Klingler, F and Dressler, F. Jamming WLAN Data Frames and Acknowledgments using Commodity Hardware. In IEEE Conference on Computer Communications Workshops, pages 1015–1016, Paderborn, Germany, 2019.
[15] Lee, J, Kapitanova, K, and Son, S. H. The price of security in wireless sensor networks. Computer Networks, 54(17):2967–2978, 2010.
[16] Leong, A. S, Quevedo, D. E, Dolz, D, and Dey, S. Transmission Scheduling for Remote State Estimation Over Packet Dropping Links in the Presence of an Eavesdropper. IEEE Transactions on Automatic Control, 64(9):3732–3739, 2019.
[17] Lücke, M, Lu, J, and Quevedo, D. E. Coding for Secrecy in Remote State Estimation With an Adversary. IEEE Transactions on Automatic Control, 67(9):4955–4962, 2022.
[18] Naha, A, Teixeira, A.M.H, Ahlén, A, and Dey, S. Quickest detection of deception attacks on cyber–physical systems with a parsimonious watermarking policy. Automatica, 155:111147, 2023.
[19] Poubelle, M.A, Bitmead, R.R, and Gevers, M.R. Fake Algebraic Riccati Techniques and Stability. IEEE Transactions on Automatic Control, 33(4):379–381, 1988.
[20] Rouf, I, Mustafa, H, Xu, M, Xu, W, Miller, R, and Gruteser, M. Neighborhood Watch: Security and Privacy Analysis of Automatic Meter Reading Systems. In Proceedings of the 2012 ACM conference on Computer and communications security, page 462–473, NY, USA, 2012.
[21] Shiryaev, A. N. On Optimum Methods in Quickest Detection Problems. Theory of Probability & Its Applications, 8(1):22–46, 1963.
[22] Tsiamis, A, Gatsis, K, and Pappas, G. J. State-Secrecy Codes for Stable Systems. In 2018 American Control Conference (ACC), pages 171–177, Milwaukee, USA, 2018.
[23] Unnikrishnan, J, Veeravalli, V. V, and Meyn, S. P. Minimax Robust Quickest Change Detection. IEEE Transactions on Information Theory, 57(3):1604–1614, 2011.
[24] Zhou, X, Maham, B, and Hjorungnes, A. Pilot Contamination for Active Eavesdropping. IEEE Transactions on Wireless Communications, 11(3):903–907, 2012.