Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Privacy and Security Trade-off in Interconnected Systems with Known or Unknown Privacy Noise Covariance

Haojun Wang, Kun Liu, Baojia Li, Emilia Fridman, Yuanqing Xia

TL;DR

This work addresses privacy-security trade-offs in interconnected systems where local attack detectors rely on neighbor information. It proposes a privacy-preserving mechanism that injects Gaussian noise into transmitted estimates and uses mutual information $I[(\tilde{x}_j)^K_1;(\theta_j^i)^K_1]$ to quantify privacy, while deriving distributed detectors and a convex design for privacy-noise covariances. The analysis covers both known and unknown privacy-noise covariance scenarios, including a bound on false-alarm distortion when covariance is unknown and a secondary-data-based approach to assess detection performance under uncertainty. Numerical validation on a four-subsystem pendulum network confirms the predicted trade-offs: higher privacy reduces mutual information but requires careful tuning to maintain detection performance, illustrating practical implications for secure, privacy-aware inter-subsystem monitoring.

Abstract

This paper is concerned with the security problem for interconnected systems, where each subsystem is required to detect local attacks using locally available information and the information received from its neighboring subsystems. Moreover, we consider that there exists an additional eavesdropper being able to infer the private information by eavesdropping transmitted data between subsystems. Then, a privacy-preserving method is employed by adding privacy noise to transmitted data, and the privacy level is measured by mutual information. Nevertheless, adding privacy noise to transmitted data may affect the detection performance metrics such as detection probability and false alarm probability. Thus, we theoretically analyze the trade-off between the privacy and the detection performance. An optimization problem with maximizing both the degree of privacy preservation and the detection probability is established to obtain the covariance of the privacy noise. In addition, the attack detector of each subsystem may not obtain all information about the privacy noise. We further theoretically analyze the trade-off between the privacy and the false alarm probability when the attack detector has no knowledge of the privacy noise covariance. An optimization problem with maximizing the degree of privacy preservation with guaranteeing a bound of false alarm distortion level is established to obtain {\color{black}{the covariance of the privacy noise}}. Moreover, to analyze the effect of the privacy noise on the detection probability, we consider that each subsystem can estimate the unknown privacy noise covariance by the secondary data. Based on the estimated covariance, we construct another attack detector and analyze how the privacy noise affects its detection performance. Finally, a numerical example is provided to verify the effectiveness of theoretical results.

Privacy and Security Trade-off in Interconnected Systems with Known or Unknown Privacy Noise Covariance

TL;DR

This work addresses privacy-security trade-offs in interconnected systems where local attack detectors rely on neighbor information. It proposes a privacy-preserving mechanism that injects Gaussian noise into transmitted estimates and uses mutual information to quantify privacy, while deriving distributed detectors and a convex design for privacy-noise covariances. The analysis covers both known and unknown privacy-noise covariance scenarios, including a bound on false-alarm distortion when covariance is unknown and a secondary-data-based approach to assess detection performance under uncertainty. Numerical validation on a four-subsystem pendulum network confirms the predicted trade-offs: higher privacy reduces mutual information but requires careful tuning to maintain detection performance, illustrating practical implications for secure, privacy-aware inter-subsystem monitoring.

Abstract

This paper is concerned with the security problem for interconnected systems, where each subsystem is required to detect local attacks using locally available information and the information received from its neighboring subsystems. Moreover, we consider that there exists an additional eavesdropper being able to infer the private information by eavesdropping transmitted data between subsystems. Then, a privacy-preserving method is employed by adding privacy noise to transmitted data, and the privacy level is measured by mutual information. Nevertheless, adding privacy noise to transmitted data may affect the detection performance metrics such as detection probability and false alarm probability. Thus, we theoretically analyze the trade-off between the privacy and the detection performance. An optimization problem with maximizing both the degree of privacy preservation and the detection probability is established to obtain the covariance of the privacy noise. In addition, the attack detector of each subsystem may not obtain all information about the privacy noise. We further theoretically analyze the trade-off between the privacy and the false alarm probability when the attack detector has no knowledge of the privacy noise covariance. An optimization problem with maximizing the degree of privacy preservation with guaranteeing a bound of false alarm distortion level is established to obtain {\color{black}{the covariance of the privacy noise}}. Moreover, to analyze the effect of the privacy noise on the detection probability, we consider that each subsystem can estimate the unknown privacy noise covariance by the secondary data. Based on the estimated covariance, we construct another attack detector and analyze how the privacy noise affects its detection performance. Finally, a numerical example is provided to verify the effectiveness of theoretical results.
Paper Structure (15 sections, 2 theorems, 90 equations, 5 figures, 1 table)

This paper contains 15 sections, 2 theorems, 90 equations, 5 figures, 1 table.

Table of Contents

  1. Introduction
  2. Preliminaries
  3. System model
  4. Attack model
  5. Local filter
  6. Attack detector and privacy-preserving method
  7. Distributed attack detector
  8. Privacy concern
  9. The trade-off between privacy and security under known privacy noise covariance
  10. The trade-off between privacy and security under unknown privacy noise covariance
  11. False alarm probability under unknown privacy noise covariance
  12. Detection probability under unknown privacy noise covariance
  13. Simulation
  14. Conclusion
  15. Proof of Lemma 4

Key Result

Theorem 1

If the privacy noise covariances $\Sigma_{\alpha_j^i}^{(a)}$ and $\Sigma_{\alpha_j^i}^{(b)}$, ${j\in \mathcal{N}_i}$, satisfy $\Sigma_{\alpha_j^i}^{(a)}\succeq \Sigma_{\alpha_j^i}^{(b)}\succ 0$, then we have ${I}^{(a)}[(\tilde{x}_j)^{K}_1;(\theta_j^i)^{K}_1]\leq{I}^{(b)}[(\tilde{x}_j)^{K}_1;(\theta_

Figures (5)

  • Figure 1: Architecture of attacked subsystem $i$
  • Figure 2: Topology of interconnected system.
  • Figure 3: Effects of weight factor $\kappa_2$ on the mutual information and the detection probability when subsystem $2$ has the knowledge of the privacy noise covariance of neighboring subsystems.
  • Figure 4: Effect of $\nu_2$ on the mutual information when subsystem $2$ has no knowledge of the privacy noise covariance of neighboring subsystems.
  • Figure 5: Effect of weight factor $\kappa_2$ on detection probability when subsystem $2$ has no knowledge of the privacy noise covariance of neighboring subsystems.

Theorems & Definitions (8)

  • Remark 1
  • Remark 2
  • Theorem 1
  • Remark 3
  • Theorem 2
  • Remark 4
  • Remark 5
  • Remark 6