Current-State Opacity Based on State Outputs

Abstract

Cyber-physical systems (CPS) are formed of physical and computational components that interact to operate safely and efficiently according to a desired behavior. In this paper, we consider that the network used to transmit data from the plant to its monitoring and control device is vulnerable to cyber-attacks. The attacker eavesdrops on the communication channel to infer that the system is in a secret state. We assume that the information transmitted in the network is the status of system components, such as sensors, actuators, and local controllers’ memory variables. Therefore, the system can be modeled from the attacker's perspective as a finite state transducer, where each state of the model is associated with an output vector formed of signals associated with system components. Considering that the attacker has full knowledge of the system model and does not know the system's current state when they initiate to eavesdrop on the communication channel, the attacker tries to estimate the system's current state by observing the transmitted state outputs. Thus, in this case, it is necessary to verify if the attacker is never able to detect whenever the system is in a secret state. In the Discrete-Event System literature, the system property associated with the intruder's inability to discover the system secret based on the transmitted information is called opacity. Since in this paper, the attacker observes state outputs of a finite state transducer, a new definition of opacity, called current-state opacity based on state outputs (CSO-SO), is introduced. We also present a method for the verification of this property.