Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Secure Distributed Consensus Estimation under False Data Injection Attacks: A Defense Strategy Based on Partial Channel Coding

Jiahao Huang, Marios M. Polycarpou, Wen Yang, Fangfei Li, Yang Tang

TL;DR

This work addresses the security of distributed consensus estimation in CPS under stealthy false data injection when an attacker can compromise a subset of communication channels. It derives necessary and sufficient conditions for when such attacks can diverge the estimation error while remaining undetected, for both full-channel and partial-channel scenarios. To defend against these attacks, the paper proposes two strategies: (i) detection based on the Euclidean distance between local state estimates, and (ii) a coding-based protection using time-varying, synchronized encoding matrices $M_{ij}(k)$ to protect channel transmissions; it also provides an allocation procedure to balance security against coding costs. A key finding is that the Euclidean-distance detector covers many vulnerabilities, while the coding scheme can fully restore security if the encoding remains confidential; their combination reduces encoding requirements through a joint protection framework. The results are supported by numerical simulations on a 30-node network, illustrating the approach’s practical relevance for secure, scalable distributed estimation in resource-limited sensor networks.

Abstract

This article investigates the security issue caused by false data injection attacks in distributed estimation, wherein each sensor can construct two types of residues based on local estimates and neighbor information, respectively. The resource-constrained attacker can select partial channels from the sensor network and arbitrarily manipulate the transmitted data. We derive necessary and sufficient conditions to reveal system vulnerabilities, under which the attacker is able to diverge the estimation error while preserving the stealthiness of all residues. We propose two defense strategies with mechanisms of exploiting the Euclidean distance between local estimates to detect attacks, and adopting the coding scheme to protect the transmitted data, respectively. It is proven that the former has the capability to address the majority of security loopholes, while the latter can serve as an additional enhancement to the former. By employing the time-varying coding matrix to mitigate the risk of being cracked, we demonstrate that the latter can safeguard against adversaries injecting stealthy sequences into the encoded channels. Hence, drawing upon the security analysis, we further provide a procedure to select security-critical channels that need to be encoded, thereby achieving a trade-off between security and coding costs. Finally, some numerical simulations are conducted to demonstrate the theoretical results.

Secure Distributed Consensus Estimation under False Data Injection Attacks: A Defense Strategy Based on Partial Channel Coding

TL;DR

This work addresses the security of distributed consensus estimation in CPS under stealthy false data injection when an attacker can compromise a subset of communication channels. It derives necessary and sufficient conditions for when such attacks can diverge the estimation error while remaining undetected, for both full-channel and partial-channel scenarios. To defend against these attacks, the paper proposes two strategies: (i) detection based on the Euclidean distance between local state estimates, and (ii) a coding-based protection using time-varying, synchronized encoding matrices to protect channel transmissions; it also provides an allocation procedure to balance security against coding costs. A key finding is that the Euclidean-distance detector covers many vulnerabilities, while the coding scheme can fully restore security if the encoding remains confidential; their combination reduces encoding requirements through a joint protection framework. The results are supported by numerical simulations on a 30-node network, illustrating the approach’s practical relevance for secure, scalable distributed estimation in resource-limited sensor networks.

Abstract

This article investigates the security issue caused by false data injection attacks in distributed estimation, wherein each sensor can construct two types of residues based on local estimates and neighbor information, respectively. The resource-constrained attacker can select partial channels from the sensor network and arbitrarily manipulate the transmitted data. We derive necessary and sufficient conditions to reveal system vulnerabilities, under which the attacker is able to diverge the estimation error while preserving the stealthiness of all residues. We propose two defense strategies with mechanisms of exploiting the Euclidean distance between local estimates to detect attacks, and adopting the coding scheme to protect the transmitted data, respectively. It is proven that the former has the capability to address the majority of security loopholes, while the latter can serve as an additional enhancement to the former. By employing the time-varying coding matrix to mitigate the risk of being cracked, we demonstrate that the latter can safeguard against adversaries injecting stealthy sequences into the encoded channels. Hence, drawing upon the security analysis, we further provide a procedure to select security-critical channels that need to be encoded, thereby achieving a trade-off between security and coding costs. Finally, some numerical simulations are conducted to demonstrate the theoretical results.

Paper Structure

This paper contains 20 sections, 10 theorems, 28 equations, 7 figures, 1 algorithm.

Table of Contents

  1. Introduction
  2. System Description
  3. Process Model
  4. Distributed Estimator
  5. False Data Detector
  6. Attack Model
  7. Problems of Interest
  8. Security Analysis
  9. Scenario I: all channels are under attack
  10. Scenario II: partial channels are under attack
  11. Protection Strategy
  12. Protection strategy based on Euclidean distance between local estimates
  13. Protection strategy based on coding scheme
  14. Allocation strategy of encoded channels
  15. Simulation Examples
  16. ...and 5 more sections

Key Result

Lemma 1

Under Assumptions assumption1-assumption3, for any initial non-negative symmetric matrix $P(0)$, the estimation error covariance $P(k)$ of the distributed consensus filtering (3) is bounded for all $k$, and converges to a unique limit $\bar{P}>0$.

Figures (7)

  • Figure 1: System diagram: (a) the attacker tampers with partial channels of a distributed sensor network, (b) the internal architecture of each sensor node, which can construct two types of residues for attack detection.
  • Figure 2: System diagram: (a) red lines denote the encoded channels, (b) the channel $(i,j)$ is protected by the coding scheme.
  • Figure 3: Comparison between the attack strategy satisfying Lemma \ref{['lemma 2']} and the one in zhou2022watermarking in terms of the estimation error of the distributed estimator (\ref{['DKF']}) and the alarm rate of the detector (\ref{['detector']}).
  • Figure 4: Comparison between the attack strategy satisfying Lemma \ref{['lemma 2']} and the one satisfying Theorem \ref{['theorem 3']} in terms of the estimation error of the distributed estimator (\ref{['DKF']}) and the alarm rate of the detectors (\ref{['detector']}) and (\ref{['detector1']}).
  • Figure 5: Under the protection of the coding scheme, the alarm rate of the detectors (\ref{['detector']}) and (\ref{['detector1']}), when the attacker exploits the original attack strategies.
  • ...and 2 more figures

Theorems & Definitions (15)

  • Lemma 1
  • Remark 1
  • Definition 1
  • Remark 2
  • Theorem 1
  • Lemma 2
  • Theorem 2
  • Lemma 3
  • Theorem 3
  • Remark 3
  • ...and 5 more