Stealthy Hacking and Secrecy of Controlled State Estimation Systems With Random Dropouts

We study the maximum information gain that an adversary may obtain through hacking without being detected. Consider a dynamical process observed by a sensor that transmits a local estimate of the system state to a remote estimator according to some reference transmission policy across a packet-dropping wireless channel equipped with acknowledgments (ACK). An adversary overhears the transmissions and proactively hijacks the sensor to reprogram its transmission policy. We define perfect secrecy as keeping the averaged expected error covariance bounded at the legitimate estimator and unbounded at the adversary. By analyzing the stationary distribution of the expected error covariance, we show that perfect secrecy can be attained for unstable systems only if the ACK channel has no packet dropouts. In other situations, we prove that independent of the reference policy and the detection methods, perfect secrecy is not attainable. For this scenario, we devise a Stackelberg game to derive the optimal defensive reference policy for the legitimate estimator and present a branch-and-bound algorithm with global optimality to solve the proposed game.