Stealthy hacking and secrecy of controlled state estimation systems with random dropouts

TL;DR

This paper investigates the limits of secrecy in controlled state estimation systems with random packet dropouts, analyzing how an adversary can hijack sensor transmissions and proposing optimal policies for both attacker and defender.

Contribution

It introduces a framework for analyzing perfect secrecy in systems with packet dropouts and develops optimal strategies for both adversaries and legitimate estimators.

Findings

Perfect secrecy is achievable only if the ACK channel has no packet dropouts for unstable systems.

In most scenarios, perfect secrecy cannot be guaranteed regardless of policies or detection methods.

Optimal transmission and reference policies are derived using Markov decision processes and Stackelberg games.

Abstract

We study the maximum information gain that an adversary may obtain through hacking without being detected. Consider a dynamical process observed by a sensor that transmits a local estimate of the system state to a remote estimator according to some reference transmission policy across a packet-dropping wireless channel equipped with acknowledgments (ACK). An adversary overhears the transmissions and proactively hijacks the sensor to reprogram its transmission policy. We define perfect secrecy as keeping the averaged expected error covariance bounded at the legitimate estimator and unbounded at the adversary. By analyzing the stationary distribution of the expected error covariance, we show that perfect secrecy can be attained for unstable systems only if the ACK channel has no packet dropouts. In other situations, we prove that independent of the reference policy and the detection methods, perfect secrecy is not attainable. For this scenario, we formulate a constrained Markov decision process to derive the optimal transmission policy that the adversary should implement at the sensor, and devise a Stackelberg game to derive the optimal reference policy for the legitimate estimator.