On the confidentiality of controller states under sensor attacks

Abstract

With the emergence of cyber-attacks on control systems it has become clear that improving the security of control systems is an important task in today’s society. We investigate how an attacker that has access to the measurements transmitted from the plant to the controller can perfectly estimate the internal state of the controller. This attack on sensitive information of the control loop is, on the one hand, a violation of the privacy, and, on the other hand, a violation of the security of the closed-loop system if the obtained estimate is used in a larger attack scheme. Current literature on sensor attacks often assumes that the attacker has already access to the controller’s state. However, this is not always possible. We derive conditions for when the attacker is able to perfectly estimate the controller’s state. These conditions show that if the controller has unstable poles a perfect estimate of the controller state is not possible. Moreover, we propose a defence mechanism to render the attack infeasible. This defence is based on adding uncertainty to the controller dynamics. We also discuss why an unstable controller is only a good defence for certain plants. Finally, simulations with a three-tank system verify our results.