-
Attack Impact Evaluation for Stochastic Control Systems through Alarm Flag State Augmentation
Authors:
Hampei Sasahara,
Takashi Tanaka,
Henrik Sandberg
Abstract:
This note addresses the problem of evaluating the impact of an attack on discrete-time nonlinear stochastic control systems. The problem is formulated as an optimal control problem with a joint chance constraint that forces the adversary to avoid detection throughout a given time period. Due to the joint constraint, the optimal control policy depends not only on the current state, but also on the…
▽ More
This note addresses the problem of evaluating the impact of an attack on discrete-time nonlinear stochastic control systems. The problem is formulated as an optimal control problem with a joint chance constraint that forces the adversary to avoid detection throughout a given time period. Due to the joint constraint, the optimal control policy depends not only on the current state, but also on the entire history, leading to an explosion of the search space and making the problem generally intractable. However, we discover that the current state and whether an alarm has been triggered, or not, is sufficient for specifying the optimal decision at each time step. This information, which we refer to as the alarm flag, can be added to the state space to create an equivalent optimal control problem that can be solved with existing numerical approaches using a Markov policy. Additionally, we note that the formulation results in a policy that does not avoid detection once an alarm has been triggered. We extend the formulation to handle multi-alarm avoidance policies for more reasonable attack impact evaluations, and show that the idea of augmenting the state space with an alarm flag is valid in this extended formulation as well.
△ Less
Submitted 30 January, 2023;
originally announced January 2023.
-
Comparison of encrypted control approaches and tutorial on dynamic systems using LWE-based homomorphic encryption
Authors:
Junsoo Kim,
Dongwoo Kim,
Yongsoo Song,
Hyungbo Shim,
Henrik Sandberg,
Karl H. Johansson
Abstract:
Encrypted control has been introduced to protect controller data by encryption at the stage of computation and communication, by performing the computation directly on encrypted data. In this article, we first review and categorize recent relevant studies on encrypted control. Approaches based on homomorphic encryption, multi-party computation, and secret sharing are introduced, compared, and then…
▽ More
Encrypted control has been introduced to protect controller data by encryption at the stage of computation and communication, by performing the computation directly on encrypted data. In this article, we first review and categorize recent relevant studies on encrypted control. Approaches based on homomorphic encryption, multi-party computation, and secret sharing are introduced, compared, and then discussed with respect to computational complexity, communication load, enabled operations, security, and research directions. We proceed to discuss a current challenge in the application of homomorphic encryption to dynamic systems, where arithmetic operations other than integer addition and multiplication are limited. We also introduce a homomorphic cryptosystem called ``GSW-LWE'' and discuss its benefits that allow for recursive multiplication of encrypted dynamic systems, without use of computationally expensive bootstrap** techniques.
△ Less
Submitted 11 October, 2022;
originally announced October 2022.
-
How are policy gradient methods affected by the limits of control?
Authors:
Ingvar Ziemann,
Anastasios Tsiamis,
Henrik Sandberg,
Nikolai Matni
Abstract:
We study stochastic policy gradient methods from the perspective of control-theoretic limitations. Our main result is that ill-conditioned linear systems in the sense of Doyle inevitably lead to noisy gradient estimates. We also give an example of a class of stable systems in which policy gradient methods suffer from the curse of dimensionality. Our results apply to both state feedback and partial…
▽ More
We study stochastic policy gradient methods from the perspective of control-theoretic limitations. Our main result is that ill-conditioned linear systems in the sense of Doyle inevitably lead to noisy gradient estimates. We also give an example of a class of stable systems in which policy gradient methods suffer from the curse of dimensionality. Our results apply to both state feedback and partially observed systems.
△ Less
Submitted 14 June, 2022;
originally announced June 2022.
-
Green Routing Game: Strategic Logistical Planning using Mixed Fleets of ICEVs and EVs
Authors:
Hampei Sasahara,
György Dán,
Saurabh Amin,
Henrik Sandberg
Abstract:
This paper introduces a "green" routing game between multiple logistic operators (players), each owning a mixed fleet of internal combustion engine vehicle (ICEV) and electric vehicle (EV) trucks. Each player faces the cost of delayed delivery (due to charging requirements of EVs) and a pollution cost levied on the ICEVs. This cost structure models: 1) limited battery capacity of EVs and their cha…
▽ More
This paper introduces a "green" routing game between multiple logistic operators (players), each owning a mixed fleet of internal combustion engine vehicle (ICEV) and electric vehicle (EV) trucks. Each player faces the cost of delayed delivery (due to charging requirements of EVs) and a pollution cost levied on the ICEVs. This cost structure models: 1) limited battery capacity of EVs and their charging requirement; 2) shared nature of charging facilities; 3) pollution cost levied by regulatory agency on the use of ICEVs. We characterize Nash equilibria of this game and derive a condition for its uniqueness. We also use the gradient projection method to compute this equilibrium in a distributed manner. Our equilibrium analysis is useful to analyze the trade-off faced by players in incurring higher delay due to congestion at charging locations when the share of EVs increases versus a higher pollution cost when the share of ICEVs increases. A numerical example suggests that to increase marginal pollution cost can dramatically reduce inefficiency of equilibria.
△ Less
Submitted 1 April, 2022;
originally announced April 2022.
-
Attack Impact Evaluation by Exact Convexification through State Space Augmentation
Authors:
Hampei Sasahara,
Takashi Tanaka,
Henrik Sandberg
Abstract:
We address the attack impact evaluation problem for control system security. We formulate the problem as a Markov decision process with a temporally joint chance constraint that forces the adversary to avoid being detected throughout the considered time period. Owing to the joint constraint, the optimal control policy depends not only on the current state but also on the entire history, which lead…
▽ More
We address the attack impact evaluation problem for control system security. We formulate the problem as a Markov decision process with a temporally joint chance constraint that forces the adversary to avoid being detected throughout the considered time period. Owing to the joint constraint, the optimal control policy depends not only on the current state but also on the entire history, which leads to the explosion of the search space and makes the problem generally intractable. It is shown that whether an alarm has been triggered or not, in addition to the current state is sufficient for specifying the optimal decision at each time step. Augmentation of the information to the state space induces an equivalent convex optimization problem, which is tractable using standard solvers.
△ Less
Submitted 31 March, 2022;
originally announced March 2022.
-
Single Trajectory Nonparametric Learning of Nonlinear Dynamics
Authors:
Ingvar Ziemann,
Henrik Sandberg,
Nikolai Matni
Abstract:
Given a single trajectory of a dynamical system, we analyze the performance of the nonparametric least squares estimator (LSE). More precisely, we give nonasymptotic expected $l^2$-distance bounds between the LSE and the true regression function, where expectation is evaluated on a fresh, counterfactual, trajectory. We leverage recently developed information-theoretic methods to establish the opti…
▽ More
Given a single trajectory of a dynamical system, we analyze the performance of the nonparametric least squares estimator (LSE). More precisely, we give nonasymptotic expected $l^2$-distance bounds between the LSE and the true regression function, where expectation is evaluated on a fresh, counterfactual, trajectory. We leverage recently developed information-theoretic methods to establish the optimality of the LSE for nonparametric hypotheses classes in terms of supremum norm metric entropy and a subgaussian parameter. Next, we relate this subgaussian parameter to the stability of the underlying process using notions from dynamical systems theory. When combined, these developments lead to rate-optimal error bounds that scale as $T^{-1/(2+q)}$ for suitably stable processes and hypothesis classes with metric entropy growth of order $δ^{-q}$. Here, $T$ is the length of the observed trajectory, $δ\in \mathbb{R}_+$ is the packing granularity and $q\in (0,2)$ is a complexity term. Finally, we specialize our results to a number of scenarios of practical interest, such as Lipschitz dynamics, generalized linear models, and dynamics described by functions in certain classes of Reproducing Kernel Hilbert Spaces (RKHS).
△ Less
Submitted 19 February, 2022; v1 submitted 16 February, 2022;
originally announced February 2022.
-
Asymptotic Security using Bayesian Defense Mechanism with Application to Cyber Deception
Authors:
Hampei Sasahara,
Henrik Sandberg
Abstract:
This paper addresses the question whether model knowledge can guide a defender to appropriate decisions, or not, when an attacker intrudes into control systems. The model-based defense scheme considered in this study, namely Bayesian defense mechanism, chooses reasonable reactions through observation of the system's behavior using models of the system's stochastic dynamics, the vulnerability to be…
▽ More
This paper addresses the question whether model knowledge can guide a defender to appropriate decisions, or not, when an attacker intrudes into control systems. The model-based defense scheme considered in this study, namely Bayesian defense mechanism, chooses reasonable reactions through observation of the system's behavior using models of the system's stochastic dynamics, the vulnerability to be exploited, and the attacker's objective. On the other hand, rational attackers take deceptive strategies for misleading the defender into making inappropriate decisions. In this paper, their dynamic decision making is formulated as a stochastic signaling game. It is shown that the belief of the true scenario has a limit in a stochastic sense at an equilibrium based on martingale analysis. This fact implies that there are only two possible cases: the defender asymptotically detects the attack with a firm belief, or the attacker takes actions such that the system's behavior becomes nominal after a finite time step. Consequently, if different scenarios result in different stochastic behaviors, the Bayesian defense mechanism guarantees the system to be secure in an asymptotic manner provided that effective countermeasures are implemented. As an application of the finding, a defensive deception utilizing asymmetric recognition of vulnerabilities exploited by the attacker is analyzed. It is shown that the attacker possibly stops the attack even if the defender is unaware of the exploited vulnerabilities as long as the defender's unawareness is concealed by the defensive deception.
△ Less
Submitted 6 December, 2023; v1 submitted 7 January, 2022;
originally announced January 2022.
-
Regret Lower Bounds for Learning Linear Quadratic Gaussian Systems
Authors:
Ingvar Ziemann,
Henrik Sandberg
Abstract:
TWe establish regret lower bounds for adaptively controlling an unknown linear Gaussian system with quadratic costs. We combine ideas from experiment design, estimation theory and a perturbation bound of certain information matrices to derive regret lower bounds exhibiting scaling on the order of magnitude $\sqrt{T}$ in the time horizon $T$. Our bounds accurately capture the role of control-theore…
▽ More
TWe establish regret lower bounds for adaptively controlling an unknown linear Gaussian system with quadratic costs. We combine ideas from experiment design, estimation theory and a perturbation bound of certain information matrices to derive regret lower bounds exhibiting scaling on the order of magnitude $\sqrt{T}$ in the time horizon $T$. Our bounds accurately capture the role of control-theoretic parameters and we are able to show that systems that are hard to control are also hard to learn to control; when instantiated to state feedback systems we recover the dimensional dependency of earlier work but with improved scaling with system-theoretic constants such as system costs and Gramians. Furthermore, we extend our results to a class of partially observed systems and demonstrate that systems with poor observability structure also are hard to learn to control.
△ Less
Submitted 12 June, 2024; v1 submitted 5 January, 2022;
originally announced January 2022.
-
Privacy Guarantees for Cloud-based State Estimation using Partially Homomorphic Encryption
Authors:
Sawsan Emad,
Amr Alanwar,
Yousra Alkabani,
M. Watheq El-Kharashi,
Henrik Sandberg,
Karl H. Johansson
Abstract:
The privacy aspect of state estimation algorithms has been drawing high research attention due to the necessity for a trustworthy private environment in cyber-physical systems. These systems usually engage cloud-computing platforms to aggregate essential information from spatially distributed nodes and produce desired estimates. The exchange of sensitive data among semi-honest parties raises priva…
▽ More
The privacy aspect of state estimation algorithms has been drawing high research attention due to the necessity for a trustworthy private environment in cyber-physical systems. These systems usually engage cloud-computing platforms to aggregate essential information from spatially distributed nodes and produce desired estimates. The exchange of sensitive data among semi-honest parties raises privacy concerns, especially when there are coalitions between parties. We propose two privacy-preserving protocols using Kalman filter and partially homomorphic encryption of the measurements and estimates while exposing the covariances and other model parameters. We prove that the proposed protocols achieve satisfying computational privacy guarantees against various coalitions based on formal cryptographic definitions of indistinguishability. We evaluate the proposed protocols to demonstrate their efficiency using data from a real testbed.
△ Less
Submitted 4 April, 2022; v1 submitted 8 November, 2021;
originally announced November 2021.
-
Asymptotic Security by Model-based Incident Handlers for Markov Decision Processes
Authors:
Hampei Sasahara,
Henrik Sandberg
Abstract:
This study investigates general model-based incident handler's asymptotic behaviors in time against cyber attacks to control systems. The attacker's and the defender's dynamic decision making is modeled as an equilibrium of a dynamic signaling game. It is shown that the defender's belief on existence of an attacker converges over time for any attacker's strategy provided that the stochastic dynami…
▽ More
This study investigates general model-based incident handler's asymptotic behaviors in time against cyber attacks to control systems. The attacker's and the defender's dynamic decision making is modeled as an equilibrium of a dynamic signaling game. It is shown that the defender's belief on existence of an attacker converges over time for any attacker's strategy provided that the stochastic dynamics of the control system is known to the defender. This fact implies that the rational behavior of the attacker converges to a harmless action as long as the defender possesses an effective counteraction. The obtained result supports the powerful protection capability achieved by model-based defense mechanisms.
△ Less
Submitted 24 March, 2021;
originally announced March 2021.
-
Epistemic Signaling Games for Cyber Deception with Asymmetric Recognition
Authors:
Hampei Sasahara,
Henrik Sandberg
Abstract:
This study provides a model of cyber deception with asymmetric recognition represented by private beliefs. Signaling games, which are often used in existing works, are built on the implicit premise that the receiver's belief is public information. However, this assumption, which leads to symmetric recognition, is unrealistic in adversarial decision making. For a precise evaluation of risks arising…
▽ More
This study provides a model of cyber deception with asymmetric recognition represented by private beliefs. Signaling games, which are often used in existing works, are built on the implicit premise that the receiver's belief is public information. However, this assumption, which leads to symmetric recognition, is unrealistic in adversarial decision making. For a precise evaluation of risks arising from cognitive gaps, this paper proposes epistemic signaling games based on the Mertens-Zamir model, which explicitly quantifies players' asymmetric recognition. Equilibria of the games are analytically characterized with an interpretation.
△ Less
Submitted 11 May, 2021; v1 submitted 4 March, 2021;
originally announced March 2021.
-
On Uninformative Optimal Policies in Adaptive LQR with Unknown B-Matrix
Authors:
Ingvar Ziemann,
Henrik Sandberg
Abstract:
This paper presents local asymptotic minimax regret lower bounds for adaptive Linear Quadratic Regulators (LQR). We consider affinely parametrized $B$-matrices and known $A$-matrices and aim to understand when logarithmic regret is impossible even in the presence of structural side information. After defining the intrinsic notion of an uninformative optimal policy in terms of a singularity conditi…
▽ More
This paper presents local asymptotic minimax regret lower bounds for adaptive Linear Quadratic Regulators (LQR). We consider affinely parametrized $B$-matrices and known $A$-matrices and aim to understand when logarithmic regret is impossible even in the presence of structural side information. After defining the intrinsic notion of an uninformative optimal policy in terms of a singularity condition for Fisher information we obtain local minimax regret lower bounds for such uninformative instances of LQR by appealing to van Trees' inequality (Bayesian Cramér-Rao) and a representation of regret in terms of a quadratic form (Bellman error). It is shown that if the parametrization induces an uninformative optimal policy, logarithmic regret is impossible and the rate is at least order square root in the time horizon. We explicitly characterize the notion of an uninformative optimal policy in terms of the nullspaces of system-theoretic quantities and the particular instance parametrization.
△ Less
Submitted 30 April, 2021; v1 submitted 18 November, 2020;
originally announced November 2020.
-
Privacy Preserving Set-Based Estimation Using Partially Homomorphic Encryption
Authors:
Amr Alanwar,
Victor Gassmann,
Xingkang He,
Hazem Said,
Henrik Sandberg,
Karl Henrik Johansson,
Matthias Althoff
Abstract:
The set-based estimation has gained a lot of attention due to its ability to guarantee state enclosures for safety-critical systems. However, collecting measurements from distributed sensors often requires outsourcing the set-based operations to an aggregator node, raising many privacy concerns. To address this problem, we present set-based estimation protocols using partially homomorphic encrypti…
▽ More
The set-based estimation has gained a lot of attention due to its ability to guarantee state enclosures for safety-critical systems. However, collecting measurements from distributed sensors often requires outsourcing the set-based operations to an aggregator node, raising many privacy concerns. To address this problem, we present set-based estimation protocols using partially homomorphic encryption that preserve the privacy of the measurements and sets bounding the estimates. We consider a linear discrete-time dynamical system with bounded modeling and measurement uncertainties. Sets are represented by zonotopes and constrained zonotopes as they can compactly represent high-dimensional sets and are closed under linear maps and Minkowski addition. By selectively encrypting parameters of the set representations, we establish the notion of encrypted sets and intersect sets in the encrypted domain, which enables guaranteed state estimation while ensuring privacy. In particular, we show that our protocols achieve computational privacy using the cryptographic notion of computational indistinguishability. We demonstrate the efficiency of our approach by localizing a real mobile quadcopter using ultra-wideband wireless devices.
△ Less
Submitted 25 February, 2023; v1 submitted 19 October, 2020;
originally announced October 2020.
-
Two-Way Coding and Attack Decoupling in Control Systems Under Injection Attacks
Authors:
Song Fang,
Karl Henrik Johansson,
Mikael Skoglund,
Henrik Sandberg,
Hideaki Ishii
Abstract:
In this paper, we introduce the concept of two-way coding, which originates in communication theory characterizing coding schemes for two-way channels, into control theory, particularly to facilitate the analysis and design of feedback control systems under injection attacks. Moreover, we propose the notion of attack decoupling, and show how the controller and the two-way coding can be co-designed…
▽ More
In this paper, we introduce the concept of two-way coding, which originates in communication theory characterizing coding schemes for two-way channels, into control theory, particularly to facilitate the analysis and design of feedback control systems under injection attacks. Moreover, we propose the notion of attack decoupling, and show how the controller and the two-way coding can be co-designed to nullify the transfer function from attack to plant, rendering the attack effect zero both in transient phase and in steady state.
△ Less
Submitted 4 September, 2019;
originally announced September 2019.
-
A Network Monitoring Game with Heterogeneous Component Criticality Levels
Authors:
Jezdimir Milosevic,
Mathieu Dahan,
Saurabh Amin,
Henrik Sandberg
Abstract:
We consider an attacker-operator game for monitoring a large-scale network that is comprised on components that differ in their criticality levels. In this zero-sum game, the operator seeks to position a limited number of sensors to monitor the network against an attacker who strategically targets a network component. The operator (resp. attacker) seeks to minimize (resp. maximize) the network los…
▽ More
We consider an attacker-operator game for monitoring a large-scale network that is comprised on components that differ in their criticality levels. In this zero-sum game, the operator seeks to position a limited number of sensors to monitor the network against an attacker who strategically targets a network component. The operator (resp. attacker) seeks to minimize (resp. maximize) the network loss. To study the properties of mixed-strategy Nash Equilibria of this game, we first study two simple instances: (i) When component sets monitored by individual sensor locations are mutually disjoint; (ii) When only a single sensor is positioned, but with possibly overlap** monitoring component sets. Our analysis reveals new insights on how criticality levels impact the players equilibrium strategies. Next, we extend a previously known approach to obtain an approximate Nash equilibrium for the general case of the game. This approach uses solutions to minimum set cover and maximum set packing problems to construct an approximate Nash equilibrium. Finally, we implement a column generation procedure to improve this solution and numerically evaluate the performance of our approach.
△ Less
Submitted 18 March, 2019;
originally announced March 2019.
-
Ensuring Privacy with Constrained Additive Noise by Minimizing Fisher Information
Authors:
Farhad Farokhi,
Henrik Sandberg
Abstract:
The problem of preserving the privacy of individual entries of a database when responding to linear or nonlinear queries with constrained additive noise is considered. For privacy protection, the response to the query is systematically corrupted with an additive random noise whose support is a subset or equal to a pre-defined constraint set. A measure of privacy using the inverse of the trace of t…
▽ More
The problem of preserving the privacy of individual entries of a database when responding to linear or nonlinear queries with constrained additive noise is considered. For privacy protection, the response to the query is systematically corrupted with an additive random noise whose support is a subset or equal to a pre-defined constraint set. A measure of privacy using the inverse of the trace of the Fisher information matrix is developed. The Cramer-Rao bound relates the variance of any estimator of the database entries to the introduced privacy measure. The probability density that minimizes the trace of the Fisher information (as a proxy for maximizing the measure of privacy) is computed. An extension to dynamic problems is also presented. Finally, the results are compared to the differential privacy methodology.
△ Less
Submitted 28 August, 2018;
originally announced August 2018.
-
Transfer-Entropy-Regularized Markov Decision Processes
Authors:
Takashi Tanaka,
Henrik Sandberg,
Mikael Skoglund
Abstract:
We consider the framework of transfer-entropy-regularized Markov Decision Process (TERMDP) in which the weighted sum of the classical state-dependent cost and the transfer entropy from the state random process to the control random process is minimized. Although TERMDPs are generally formulated as nonconvex optimization problems, we derive an analytical necessary optimality condition expressed as…
▽ More
We consider the framework of transfer-entropy-regularized Markov Decision Process (TERMDP) in which the weighted sum of the classical state-dependent cost and the transfer entropy from the state random process to the control random process is minimized. Although TERMDPs are generally formulated as nonconvex optimization problems, we derive an analytical necessary optimality condition expressed as a finite set of nonlinear equations, based on which an iterative forward-backward computational procedure similar to the Arimoto-Blahut algorithm is proposed. It is shown that every limit point of the sequence generated by the proposed algorithm is a stationary point of the TERMDP. Applications of TERMDPs are discussed in the context of networked control systems theory and non-equilibrium thermodynamics. The proposed algorithm is applied to an information-constrained maze navigation problem, whereby we study how the price of information qualitatively alters the optimal decision polices.
△ Less
Submitted 27 May, 2020; v1 submitted 29 August, 2017;
originally announced August 2017.
-
Directed Information as Privacy Measure in Cloud-based Control
Authors:
Takashi Tanaka,
Mikael Skoglund,
Henrik Sandberg,
Karl Henrik Johansson
Abstract:
We consider cloud-based control scenarios in which clients with local control tasks outsource their computational or physical duties to a cloud service provider. In order to address privacy concerns in such a control architecture, we first investigate the issue of finding an appropriate privacy measure for clients who desire to keep local state information as private as possible during the control…
▽ More
We consider cloud-based control scenarios in which clients with local control tasks outsource their computational or physical duties to a cloud service provider. In order to address privacy concerns in such a control architecture, we first investigate the issue of finding an appropriate privacy measure for clients who desire to keep local state information as private as possible during the control operation. Specifically, we justify the use of Kramer's notion of causally conditioned directed information as a measure of privacy loss based on an axiomatic argument. Then we propose a methodology to design an optimal "privacy filter" that minimizes privacy loss while a given level of control performance is guaranteed. We show in particular that the optimal privacy filter for cloud-based Linear-Quadratic-Gaussian (LQG) control can be synthesized by a Linear-Matrix-Inequality (LMI) algorithm. The trade-off in the design is illustrated by a numerical example.
△ Less
Submitted 8 May, 2017;
originally announced May 2017.
-
Secure Estimation and Zero-Error Secrecy Capacity
Authors:
Moritz Wiese,
Tobias J. Oechtering,
Karl Henrik Johansson,
Panos Papadimitratos,
Henrik Sandberg,
Mikael Skoglund
Abstract:
We study the problem of securely estimating the states of an unstable dynamical system subject to nonstochastic disturbances. The estimator obtains all its information through an uncertain channel which is subject to nonstochastic disturbances as well, and an eavesdropper obtains a disturbed version of the channel inputs through a second uncertain channel. An encoder observes and block-encodes the…
▽ More
We study the problem of securely estimating the states of an unstable dynamical system subject to nonstochastic disturbances. The estimator obtains all its information through an uncertain channel which is subject to nonstochastic disturbances as well, and an eavesdropper obtains a disturbed version of the channel inputs through a second uncertain channel. An encoder observes and block-encodes the states in such a way that, upon sending the generated codeword, the estimator's error is bounded and such that a security criterion is satisfied ensuring that the eavesdropper obtains as little state information as possible. Two security criteria are considered and discussed with the help of a numerical example. A sufficient condition on the uncertain wiretap channel, i.e., the pair formed by the uncertain channel from encoder to estimator and the uncertain channel from encoder to eavesdropper, is derived which ensures that a bounded estimation error and security are achieved. This condition is also shown to be necessary for a subclass of uncertain wiretap channels. To formulate the condition, the zero-error secrecy capacity of uncertain wiretap channels is introduced, i.e., the maximal rate at which data can be transmitted from the encoder to the estimator in such a way that the eavesdropper is unable to reconstruct the transmitted data. Lastly, the zero-error secrecy capacity of uncertain wiretap channels is studied.
△ Less
Submitted 14 July, 2017; v1 submitted 16 December, 2016;
originally announced December 2016.
-
Uncertain Wiretap Channels and Secure Estimation
Authors:
Moritz Wiese,
Karl Henrik Johansson,
Tobias J. Oechtering,
Panos Papadimitratos,
Henrik Sandberg,
Mikael Skoglund
Abstract:
Uncertain wiretap channels are introduced. Their zero-error secrecy capacity is defined. If the sensor-estimator channel is perfect, it is also calculated. Further properties are discussed. The problem of estimating a dynamical system with nonstochastic disturbances is studied where the sensor is connected to the estimator and an eavesdropper via an uncertain wiretap channel. The estimator should…
▽ More
Uncertain wiretap channels are introduced. Their zero-error secrecy capacity is defined. If the sensor-estimator channel is perfect, it is also calculated. Further properties are discussed. The problem of estimating a dynamical system with nonstochastic disturbances is studied where the sensor is connected to the estimator and an eavesdropper via an uncertain wiretap channel. The estimator should obtain a uniformly bounded estimation error whereas the eavesdropper's error should tend to infinity. It is proved that the system can be estimated securely if the zero-error capacity of the sensor-estimator channel is strictly larger than the logarithm of the system's unstable pole and the zero-error secrecy capacity of the uncertain wiretap channel is positive.
△ Less
Submitted 1 May, 2016;
originally announced May 2016.
-
Rate of Prefix-free Codes in LQG Control Systems
Authors:
Takashi Tanaka,
Karl Henrik Johansson,
Tobias Oechtering,
Henrik Sandberg,
Mikael Skoglund
Abstract:
In this paper, we consider a discrete time linear quadratic Gaussian (LQG) control problem in which state information of the plant is encoded in a variable-length binary codeword at every time step, and a control input is determined based on the codewords generated in the past. We derive a lower bound of the rate achievable by the class of prefix-free codes attaining the required LQG control perfo…
▽ More
In this paper, we consider a discrete time linear quadratic Gaussian (LQG) control problem in which state information of the plant is encoded in a variable-length binary codeword at every time step, and a control input is determined based on the codewords generated in the past. We derive a lower bound of the rate achievable by the class of prefix-free codes attaining the required LQG control performance. This lower bound coincides with the infimum of a certain directed information expression, and is computable by semidefinite programming (SDP). Based on a technique by Silva et al., we also provide an upper bound of the best achievable rate by constructing a controller equipped with a uniform quantizer with subtractive dither and Shannon-Fano coding. The gap between the obtained lower and upper bounds is less than $0.754r+1$ bits per time step regardless of the required LQG control performance, where $r$ is the rank of a signal-to-noise ratio matrix obtained by SDP, which is no greater than the dimension of the state.
△ Less
Submitted 5 April, 2016;
originally announced April 2016.
-
Quadratic Gaussian Privacy Games
Authors:
Farhad Farokhi,
Henrik Sandberg,
Iman Shames,
Michael Cantoni
Abstract:
A game-theoretic model for analysing the effects of privacy on strategic communication between agents is devised. In the model, a sender wishes to provide an accurate measurement of the state to a receiver while also protecting its private information (which is correlated with the state) private from a malicious agent that may eavesdrop on its communications with the receiver. A family of nontrivi…
▽ More
A game-theoretic model for analysing the effects of privacy on strategic communication between agents is devised. In the model, a sender wishes to provide an accurate measurement of the state to a receiver while also protecting its private information (which is correlated with the state) private from a malicious agent that may eavesdrop on its communications with the receiver. A family of nontrivial equilibria, in which the communicated messages carry information, is constructed and its properties are studied.
△ Less
Submitted 17 September, 2015;
originally announced September 2015.
-
Performance Analysis of a Network of Event-based Systems
Authors:
Chithrupa Ramesh,
Henrik Sandberg,
Karl H. Johansson
Abstract:
We consider a scenario where multiple event-based systems use a wireless network to communicate with their respective controllers. These systems use a contention resolution mechanism (CRM) to arbitrate access to the network. We present a Markov model for the network interactions between the event-based systems. Using this model, we obtain an analytical expression for the reliability, or the probab…
▽ More
We consider a scenario where multiple event-based systems use a wireless network to communicate with their respective controllers. These systems use a contention resolution mechanism (CRM) to arbitrate access to the network. We present a Markov model for the network interactions between the event-based systems. Using this model, we obtain an analytical expression for the reliability, or the probability of successfully transmitting a packet, in this network. There are two important aspects to our model. Firstly, our model captures the joint interactions of the event-triggering policy and the CRM. This is required because event-triggering policies typically adapt to the CRM outcome. Secondly, the model is obtained by decoupling interactions between the different systems in the network, drawing inspiration from Bianchi's analysis of IEEE 802.11. This is required because the network interactions introduce a correlation between the system variables. We present Monte-Carlo simulations that validate our model under various network configurations, and verify our performance analysis as well.
△ Less
Submitted 20 January, 2014;
originally announced January 2014.
-
The conservation of information, towards an axiomatized modular modeling approach to congestion control
Authors:
C. Briat,
E. A. Yavuz,
H. Hjalmarsson,
K. H. Johansson,
U. T. Jönsson,
G. Karlsson,
H. Sandberg
Abstract:
We derive a modular fluid-flow network congestion control model based on a law of fundamental nature in networks: the conservation of information. Network elements such as queues, users, and transmission channels and network performance indicators like sending/acknowledgement rates and delays are mathematically modelled by applying this law locally. Our contributions are twofold. First, we introdu…
▽ More
We derive a modular fluid-flow network congestion control model based on a law of fundamental nature in networks: the conservation of information. Network elements such as queues, users, and transmission channels and network performance indicators like sending/acknowledgement rates and delays are mathematically modelled by applying this law locally. Our contributions are twofold. First, we introduce a modular metamodel that is sufficiently generic to represent any network topology. The proposed model is composed of building blocks that implement mechanisms ignored by the existing ones, which can be recovered from exact reduction or approximation of this new model. Second, we provide a novel classification of previously proposed models in the literature and show that they are often not capable of capturing the transient behavior of the network precisely. Numerical results obtained from packet-level simulations demonstrate the accuracy of the proposed model.
△ Less
Submitted 15 March, 2013;
originally announced March 2013.
-
On the Exact Solution to a Smart Grid Cyber-Security Analysis Problem
Authors:
Kin Cheong Sou,
Henrik Sandberg,
Karl Henrik Johansson
Abstract:
This paper considers a smart grid cyber-security problem analyzing the vulnerabilities of electric power networks to false data attacks. The analysis problem is related to a constrained cardinality minimization problem. The main result shows that an $l_1$ relaxation technique provides an exact optimal solution to this cardinality minimization problem. The proposed result is based on a polyhedral c…
▽ More
This paper considers a smart grid cyber-security problem analyzing the vulnerabilities of electric power networks to false data attacks. The analysis problem is related to a constrained cardinality minimization problem. The main result shows that an $l_1$ relaxation technique provides an exact optimal solution to this cardinality minimization problem. The proposed result is based on a polyhedral combinatorics argument. It is different from well-known results based on mutual coherence and restricted isometry property. The results are illustrated on benchmarks including the IEEE 118-bus and 300-bus systems.
△ Less
Submitted 17 September, 2012; v1 submitted 22 December, 2011;
originally announced January 2012.
-
Computing Critical $k$-tuples in Power Networks
Authors:
Kin Cheong Sou,
Henrik Sandberg,
Karl Henrik Johansson
Abstract:
In this paper the problem of finding the sparsest (i.e., minimum cardinality) critical $k$-tuple including one arbitrarily specified measurement is considered. The solution to this problem can be used to identify weak points in the measurement set, or aid the placement of new meters. The critical $k$-tuple problem is a combinatorial generalization of the critical measurement calculation problem. U…
▽ More
In this paper the problem of finding the sparsest (i.e., minimum cardinality) critical $k$-tuple including one arbitrarily specified measurement is considered. The solution to this problem can be used to identify weak points in the measurement set, or aid the placement of new meters. The critical $k$-tuple problem is a combinatorial generalization of the critical measurement calculation problem. Using topological network observability results, this paper proposes an efficient and accurate approximate solution procedure for the considered problem based on solving a minimum-cut (Min-Cut) problem and enumerating all its optimal solutions. It is also shown that the sparsest critical $k$-tuple problem can be formulated as a mixed integer linear programming (MILP) problem. This MILP problem can be solved exactly using available solvers such as CPLEX and Gurobi. A detailed numerical study is presented to evaluate the efficiency and the accuracy of the proposed Min-Cut and MILP calculations.
△ Less
Submitted 2 January, 2012;
originally announced January 2012.
-
The Meaning of Structure in Interconnected Dynamic Systems
Authors:
E. Yeung,
J. Goncalves,
H. Sandberg,
S. Warnick
Abstract:
Interconnected dynamic systems are a pervasive component of our modern infrastructures. The complexity of such systems can be staggering, which motivates simplified representations for their manipulation and analysis. This work introduces the complete computational structure of a system as a common baseline for comparing different simplified representations. Linear systems are then used as a vehic…
▽ More
Interconnected dynamic systems are a pervasive component of our modern infrastructures. The complexity of such systems can be staggering, which motivates simplified representations for their manipulation and analysis. This work introduces the complete computational structure of a system as a common baseline for comparing different simplified representations. Linear systems are then used as a vehicle for comparing and contrasting distinct partial structure representations. Such representations simplify the description of a system's complete computational structure at various levels of fidelity while retaining a full description of the system's input-output dynamic behavior. Relationships between these various partial structure representations are detailed, and the landscape of new realization, minimality, and model reduction problems introduced by these representations is briefly surveyed.
△ Less
Submitted 12 August, 2011;
originally announced August 2011.
-
A Cyber Security Study of a SCADA Energy Management System: Stealthy Deception Attacks on the State Estimator
Authors:
André Teixeira,
György Dán,
Henrik Sandberg,
Karl H. Johansson
Abstract:
The electrical power network is a critical infrastructure in today's society, so its safe and reliable operation is of major concern. State estimators are commonly used in power networks, for example, to detect faulty equipment and to optimally route power flows. The estimators are often located in control centers, to which large numbers of measurements are sent over unencrypted communication chan…
▽ More
The electrical power network is a critical infrastructure in today's society, so its safe and reliable operation is of major concern. State estimators are commonly used in power networks, for example, to detect faulty equipment and to optimally route power flows. The estimators are often located in control centers, to which large numbers of measurements are sent over unencrypted communication channels. Therefore cyber security for state estimators becomes an important issue. In this paper we analyze the cyber security of state estimators in supervisory control and data acquisition (SCADA) for energy management systems (EMS) operating the power network. Current EMS state estimation algorithms have bad data detection (BDD) schemes to detect outliers in the measurement data. Such schemes are based on high measurement redundancy. Although these methods may detect a set of basic cyber attacks, they may fail in the presence of an intelligent attacker. We explore the latter by considering scenarios where stealthy deception attacks are performed by sending false information to the control center. We begin by presenting a recent framework that characterizes the attack as an optimization problem with the objective specified through a security metric and constraints corresponding to the attack cost. The framework is used to conduct realistic experiments on a state-of-the-art SCADA EMS software for a power network example with 14 substations, 27 buses, and 40 branches. The results indicate how state estimators for power networks can be made more resilient to cyber security attacks.
△ Less
Submitted 8 November, 2010;
originally announced November 2010.