Intermittent Encryption Strategies for Anti-Eavesdropping Estimation

TL;DR

This paper develops a privacy-preserving state estimation framework using a linear encryption scheme applied to the innovation in a Kalman filtering setting. By introducing stochastic, deterministic, and single intermittent encryption strategies, it analyzes how encryption frequency and partial encryption affect the eavesdropper’s MSE in both stable ($\rho(A)<1$) and unstable ($\rho(A)\ge1$) plant regimes, providing analytical expressions and LMI-based conditions to maximize or guarantee unbounded eavesdropper error. It offers explicit, finite-set solutions for optimal encryption parameters and proves convergence, periodicity, or unboundedness of the eavesdropper’s covariance under different strategies. The work also discusses practical issues such as strategy differences, rounding errors, and computational considerations, supported by simulations on a mass-spring system. Overall, the results enable privacy-privacy-utility tradeoffs with analytically tractable encryption scheduling that can dramatically reduce encryption burden while maintaining strong anti-eavesdropping guarantees in dynamic estimation settings.

Abstract

In this paper, an anti-eavesdropping estimation problem is investigated. A linear encryption scheme is utilized, which first linearly transforms innovation via an encryption matrix and then encrypts some components of the transformed innovation. To reduce the computation and energy resources consumed by the linear encryption scheme, both stochastic and deterministic intermittent strategies which perform the linear encryption scheme only at partial moments are developed. When the system is stable, it is shown that the mean squared error (MSE) of the eavesdropper converges under any stochastic or deterministic intermittent strategy. Also, an analytical encryption matrix that maximizes the steady-state of the MSE is designed. When the system is unstable, the eavesdropper's MSE can be unbounded with arbitrary positive encryption probabilities and decision functions if encryption matrices are chosen appropriately. Then, the relationship between the aforementioned encryption parameters and the eavesdropper's MSE is analyzed. Moreover, a single intermittent strategy which only encrypts one message is discussed. This strategy can be unavailable for stable systems, but can make the eavesdropper's MSE unbounded in unstable systems for the encrypted message satisfies a linear matrix inequality (LMI) condition. The effectiveness of the proposed methods is verified in the simulation.

Figures (5)

• Figure 1: The framework of anti-eavesdropping state estimation.
• Figure 2: The relationships among main theorems and lemmas.
• Figure 3: When the system is unstable, MSEs of the user and the eavesdropper under different intermittent strategies. In (a), $\bar{m}=1$ and $\tilde{S}$ is obtained by Lemma 6. In (b), $\bar{m}=2$, i.e., $\varepsilon_k$ is encrypted completely.
• Figure 4: When the system is stable, MSEs of the user and the eavesdropper under different intermittent strategies. (a) Stochastic intermittent strategy. (b) Deterministic intermittent strategy.
• Figure 5: The privacy levels of the proposed encryption strategies, the encryption strategy in [21] and the encryption strategy in [22].