Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Innovation-Based Remote State Estimation Secrecy with no Acknowledgments

Justin M. Kennedy, Jason J. Ford, Daniel E. Quevedo, Falko Dressler

TL;DR

This work tackles confidential remote state estimation over unreliable wireless networks without packet acknowledgments by introducing a secrecy encoding that randomly alternates between sending the true state and an encoded innovation using a pre-arranged, pseudo-random schedule. The legitimate estimator, equipped with knowledge of the schedule and encoding, maintains a bounded estimation error, while an eavesdropper’s error can be driven to infinity under suitable channel conditions and encoding design. The authors derive closed-form expressions and Lyapunov-based stability conditions for the legitimate and eavesdropper estimators, provide scheduling guidelines through a monotonically decreasing performance trade-off, and demonstrate applicability to power systems via a microgrid example with Monte Carlo validation. The results show practical secrecy gains with modest impact on control performance and discuss open problems relating to intelligent eavesdroppers able to learn the encoding strategy.

Abstract

Secrecy encoding for remote state estimation in the presence of adversarial eavesdroppers is a well studied problem. Typical existing secrecy encoding schemes rely on the transmitter's knowledge of the remote estimator's current performance. This performance measure is often shared via packet receipt acknowledgments. However, in practical situations the acknowledgment channel may be susceptible to interference from an active adversary, resulting in the secrecy encoding scheme failing. Aiming to achieve a reliable state estimate for a legitimate estimator while ensuring secrecy, we propose a secrecy encoding scheme without the need for packet receipt acknowledgments. Our encoding scheme uses a pre-arranged scheduling sequence established at the transmitter and legitimate receiver. We transmit a packet containing either the state measurement or encoded information for the legitimate user. The encoding makes the packet appear to be the state but is designed to damage an eavesdropper's estimate. The pre-arranged scheduling sequence and encoding is chosen psuedo-random. We analyze the performance of our encoding scheme against a class of eavesdropper, and show conditions to force the eavesdropper to have an unbounded estimation performance. Further, we provide a numerical illustration and apply our encoding scheme to an application in power systems.

Innovation-Based Remote State Estimation Secrecy with no Acknowledgments

TL;DR

This work tackles confidential remote state estimation over unreliable wireless networks without packet acknowledgments by introducing a secrecy encoding that randomly alternates between sending the true state and an encoded innovation using a pre-arranged, pseudo-random schedule. The legitimate estimator, equipped with knowledge of the schedule and encoding, maintains a bounded estimation error, while an eavesdropper’s error can be driven to infinity under suitable channel conditions and encoding design. The authors derive closed-form expressions and Lyapunov-based stability conditions for the legitimate and eavesdropper estimators, provide scheduling guidelines through a monotonically decreasing performance trade-off, and demonstrate applicability to power systems via a microgrid example with Monte Carlo validation. The results show practical secrecy gains with modest impact on control performance and discuss open problems relating to intelligent eavesdroppers able to learn the encoding strategy.

Abstract

Secrecy encoding for remote state estimation in the presence of adversarial eavesdroppers is a well studied problem. Typical existing secrecy encoding schemes rely on the transmitter's knowledge of the remote estimator's current performance. This performance measure is often shared via packet receipt acknowledgments. However, in practical situations the acknowledgment channel may be susceptible to interference from an active adversary, resulting in the secrecy encoding scheme failing. Aiming to achieve a reliable state estimate for a legitimate estimator while ensuring secrecy, we propose a secrecy encoding scheme without the need for packet receipt acknowledgments. Our encoding scheme uses a pre-arranged scheduling sequence established at the transmitter and legitimate receiver. We transmit a packet containing either the state measurement or encoded information for the legitimate user. The encoding makes the packet appear to be the state but is designed to damage an eavesdropper's estimate. The pre-arranged scheduling sequence and encoding is chosen psuedo-random. We analyze the performance of our encoding scheme against a class of eavesdropper, and show conditions to force the eavesdropper to have an unbounded estimation performance. Further, we provide a numerical illustration and apply our encoding scheme to an application in power systems.
Paper Structure (32 sections, 12 theorems, 149 equations, 5 figures)

This paper contains 32 sections, 12 theorems, 149 equations, 5 figures.

Table of Contents

  1. INTRODUCTION
  2. REMOTE STATE ESTIMATION WITH AN EAVESDROPPER
  3. System Dynamics
  4. Channel Model
  5. Minimum Mean Square Error Estimation
  6. RANDOMIZED INNOVATION BASED ENCODING
  7. State Secrecy
  8. Encoding Mechanism
  9. STATE ESTIMATION PERFORMANCE
  10. State Estimator
  11. Expected Performance
  12. EAVESDROPPER ESTIMATION PERFORMANCE
  13. Expected Eavesdropper Estimation Performance
  14. Naive Eavesdropper
  15. Suspicious Eavesdropper
  16. ...and 17 more sections

Key Result

Theorem IV.1

The covariance of the legitimate estimator's state estimate is

Figures (5)

  • Figure 1: Architecture of channel environment. A remote process sends state information over an unreliable network that can be received by the legitimate estimator and eavesdropper. The packet $z_k$ is encoded with scheduling sequence $\nu_k$ which is known exactly to the legitimate estimator but not the eavesdropper. The encoding does not rely on packet receipt acknowledgments.
  • Figure 2: Comparison of the absolute difference in trace of the expected estimation error covariance of the legitimate estimator compared with the smart eavesdropper with four channel qualities (worse, equal, better, much better). Eavesdropper with worse channel quality in dotted magenta, equal channel quality in dashed blue, better channel quality in solid black, and much better channel quality in dot-dashed red. The results of Theorem \ref{['thm:smarteavaesdropperrelativeperformance:bounded']} are apparent where the eavesdropper has worse performance than the legitimate estimator in the case of worse or equal channel quality.
  • Figure 3: Illustration of the microgrid power flow connections, adapted from Bordons2020ModelPredictiveControl. Local green power supplies a small to medium sized load, such as a house, with batteries and hydrogen system providing power storage. The controller manages the power flows to maximize the use of the storage systems and minimize purchase of power from the grid.
  • Figure 4: Monte Carlo Simulation of Microgrid with transmission encoding of remote state estimate. Eavesdropper performance is significantly reduced compared to the legitimate estimator by randomly sending true state and one step innovation.
  • Figure 5: Markov Chain representation of the states of the legitimate estimator. The first state is the 'in-sync' state where the estimate is in sync with the transmitter. The legitimate estimator remains in sync from state or innovation receipts, or drops the packet moving to the second state. The estimate after this first dropout is dependent on the sequence of further dropouts of successful packet receipts of transmitted innovations. At any point, the estimator can receive a state packet and return or reset to the 'in-sync' state.

Theorems & Definitions (37)

  • Remark II.1
  • Definition 1: Relative Secrecy
  • Definition 2: Perfect Secrecy
  • Theorem IV.1
  • proof
  • Remark IV.2
  • Theorem IV.3
  • proof
  • Lemma V.1
  • proof
  • ...and 27 more