Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Privacy Analysis of Affine Transformations in Cloud-based MPC: Vulnerability to Side-knowledge

Teimour Hosseinalizadeh, Nils Schlüter, Moritz Schulze Darup, Nima Monshizadeh

TL;DR

This work analyzes the privacy of cloud-based model predictive control when initiated via random affine transformations. It shows that, under mild side-knowledge about the control problem, both separate-form and dense-form MPC transformations leak privacy: the cloud can recover the system dynamics up to a similarity transform and infer cost-parameter structure, with exact recovery possible in several common knowledge scenarios. The authors provide rigorous proofs of identifiability and illustrate the findings with numerical experiments on a quadruple-tank process, highlighting practical privacy breaches as horizon length increases. The results underscore that simple affine-based privacy is not robust to side-knowledge and motivate developing stronger privacy-preserving mechanisms for real-time cloud-assisted MPC, including time-varying transformations and additional obfuscation strategies.

Abstract

Search for the optimizer in computationally demanding model predictive control (MPC) setups can be facilitated by Cloud as a service provider in cyber-physical systems. This advantage introduces the risk that Cloud can obtain unauthorized access to the privacy-sensitive parameters of the system and cost function. To solve this issue, i.e., preventing Cloud from accessing the parameters while benefiting from Cloud computation, random affine transformations provide an exact yet light weight in computation solution. This research deals with analyzing privacy preserving properties of these transformations when they are adopted for MPC problems. We consider two common strategies for outsourcing the optimization required in MPC problems, namely separate and dense forms, and establish that random affine transformations utilized in these forms are vulnerable to side-knowledge from Cloud. Specifically, we prove that the privacy guarantees of these methods and their extensions for separate form are undermined when a mild side-knowledge about the problem in terms of structure of MPC cost function is available. In addition, while we prove that outsourcing the MPC problem in the dense form inherently leads to some degree of privacy for the system and cost function parameters, we also establish that affine transformations applied to this form are nevertheless prone to be undermined by a Cloud with mild side-knowledge. Numerical simulations confirm our results.

Privacy Analysis of Affine Transformations in Cloud-based MPC: Vulnerability to Side-knowledge

TL;DR

This work analyzes the privacy of cloud-based model predictive control when initiated via random affine transformations. It shows that, under mild side-knowledge about the control problem, both separate-form and dense-form MPC transformations leak privacy: the cloud can recover the system dynamics up to a similarity transform and infer cost-parameter structure, with exact recovery possible in several common knowledge scenarios. The authors provide rigorous proofs of identifiability and illustrate the findings with numerical experiments on a quadruple-tank process, highlighting practical privacy breaches as horizon length increases. The results underscore that simple affine-based privacy is not robust to side-knowledge and motivate developing stronger privacy-preserving mechanisms for real-time cloud-assisted MPC, including time-varying transformations and additional obfuscation strategies.

Abstract

Search for the optimizer in computationally demanding model predictive control (MPC) setups can be facilitated by Cloud as a service provider in cyber-physical systems. This advantage introduces the risk that Cloud can obtain unauthorized access to the privacy-sensitive parameters of the system and cost function. To solve this issue, i.e., preventing Cloud from accessing the parameters while benefiting from Cloud computation, random affine transformations provide an exact yet light weight in computation solution. This research deals with analyzing privacy preserving properties of these transformations when they are adopted for MPC problems. We consider two common strategies for outsourcing the optimization required in MPC problems, namely separate and dense forms, and establish that random affine transformations utilized in these forms are vulnerable to side-knowledge from Cloud. Specifically, we prove that the privacy guarantees of these methods and their extensions for separate form are undermined when a mild side-knowledge about the problem in terms of structure of MPC cost function is available. In addition, while we prove that outsourcing the MPC problem in the dense form inherently leads to some degree of privacy for the system and cost function parameters, we also establish that affine transformations applied to this form are nevertheless prone to be undermined by a Cloud with mild side-knowledge. Numerical simulations confirm our results.
Paper Structure (23 sections, 10 theorems, 105 equations, 4 figures)

This paper contains 23 sections, 10 theorems, 105 equations, 4 figures.

Table of Contents

  1. Introduction
  2. Problem formulation
  3. Privacy Analysis of transformations for MPC in separate form
  4. Privacy mechanism
  5. Privacy analysis
  6. Other forms of transformation \ref{['eq:iso']}
  7. Affine form of \ref{['eq:iso']}
  8. Increasing the dimension of \ref{['eq:iso']}
  9. Analysis of inherent privacy for MPC in dense form
  10. Dense form of MPC
  11. Privacy analysis when Cloud knows $H$, $F$, $G$, $W$ and $O$ in \ref{['eq:LQ_merged']}
  12. Privacy analysis when Cloud knows $H$, $x_0^\top F$, $G$ and $W+Ox_0$ in \ref{['eq:LQ_merged']}
  13. Privacy analysis when Cloud knows $H$ and $F$ in \ref{['eq:LQ_merged']}
  14. Privacy analysis of affine transformation for MPC in dense form
  15. Affine transformation $(\boldsymbol{R}, \boldsymbol{r})$
  16. ...and 8 more sections

Key Result

Theorem 1

Let Assumption assum:cloud_knowledge hold, and suppose that Cloud knows the transformed matrices $(\tilde{A}, \tilde{B}, \tilde{C})$ in eq:lin_transformed and the transformed cost function in eq:mod_cost. Then, Cloud infers $\hat{A} = \boldsymbol{T} A\boldsymbol{T}^{-1}$ and $\hat{Q} = \boldsymbol{T

Figures (4)

  • Figure 1: The output $y_1$ and $y_2$ for the system \ref{['eq:Quad_tank_model']} for $N=5$, $20$, $50$. The system response is more sluggish with $N=5$ compared to $N=20$ and $N=50$.
  • Figure 2: Cloud's estimation error for $A$ and $B$ matrices of quadruple-tank process, and convergence error for $Y$ using Theorem \ref{['thrm:HF_knwon']}
  • Figure 3: Cloud's estimation of the true zeros of the system $z_1 = 1.02$, and $z_2 = 0.89$ as prediction horizon $N$ changes
  • Figure 4: Cloud's estimation of eigenvalues of $\hat{A} = TAT^{-1}$ for $N=5$, $20$, $50$ using Theorem \ref{['thrm:iden_R_r_P_with_F']} when Plant has adopted random $(\boldsymbol{R}, \boldsymbol{r}, \boldsymbol{P})$ and true values of $\lambda(A)$.

Theorems & Definitions (23)

  • Definition 1: Cloud model
  • Remark 1
  • Theorem 1
  • Remark 2: Treatment of side-knowledge in sultangazin2020symmetries
  • Remark 3: General cost function
  • Remark 4: Loss of observability
  • Example 1
  • Corollary 1
  • Corollary 2
  • Remark 5: Time-varying high dimensional affine transformations
  • ...and 13 more