On Connections between Opacity and Security in Linear Systems

TL;DR

This paper explores the fundamental trade-off between opacity (privacy) and attack detectability (security) in linear systems, showing that increasing opacity can reduce attack detection capabilities, with practical implications demonstrated on automotive systems.

Contribution

It characterizes the relationship between opacity and attack detectability in linear systems using the weakly unobservable subspace, revealing a fundamental security-privacy trade-off.

Findings

Opacity is linked to the weakly unobservable subspace.

Increasing opacity enlarges the set of undetectable attacks.

Trade-off between system privacy and attack detection is demonstrated.

Abstract

Opacity and attack detectability are important properties for any system as they allow the states to remain private and malicious attacks to be detected, respectively. In this paper, we show that a fundamental trade-off exists between these properties for a linear dynamical system, in the sense that if an opaque system is subjected to attacks, all attacks cannot be detected. We first characterize the opacity conditions for the system in terms of its weakly unobservable subspace (WUS) and show that the number of opaque states is proportional to the size of the WUS. Further, we establish conditions under which increasing the opaque sets also increases the set of undetectable attacks. This highlights a fundamental trade-off between security and privacy. We demonstrate application of our results on a remotely controlled automotive system.