Controller confidentiality for nonlinear systems under sensor attacks

TL;DR

This paper investigates how an adversary can estimate the internal states of a nonlinear control system's controller through sensor attacks, revealing conditions under which confidentiality can be compromised or maintained.

Contribution

It introduces conditions for breaching controller confidentiality in nonlinear systems, including detectability and a novel periodic probing scheme under observability assumptions.

Findings

Controller states can be estimated accurately if the system is detectable.

Confidentiality can be breached via periodic probing under robust observability.

Stealth can be preserved by selecting appropriate probing durations.

Abstract

Controller confidentiality under sensor attacks refers to whether the internal states of the controller can be estimated when the adversary knows the model of the plant and controller, while only having access to sensors, but not the actuators. We show that the controller's state can be estimated accurately when the nonlinear closed-loop system is detectable. In the absence of detectability, controller confidentiality can still be breached with a periodic probing scheme via the sensors under a robust observability assumption, which allows for the controller's state to be estimated with arbitrary accuracy during the probing period, and with bounded error during the non-probing period. Further, stealth can be maintained by choosing an appropriate probing duration. This study shows that the controller confidentiality for nonlinear systems can be breached by balancing the estimation precision and the stealthiness of the adversary.