Opacity and its Trade-offs with Security in Linear Dynamical Systems

Abstract

Opacity is notion of privacy that is well-studied in computer science and discrete-event systems. In our work, we extend the opacity notion to linear dynamical systems. Opacity describes an eavesdropper’s inability to estimate a system’s “secret” states by observing the system’s outputs. We consider four opacity classes - initial-state, current-state, K-step and infinite-step opacity, and show that they are fundamentally connected with two subspaces of the linear system - the weakly unobservable subspace and the weakly unconstructible subspace. Further, we establish that a trade-off exists between opacity and security in the system. We show this in two ways – (i) we prove that an opaque system always permits undetectable attacks, (ii) we show that expanding the set of opaque states in the system always expands the set of undetectable attacks. We also propose optimization algorithms to minimally perturb a non-opaque system to make it opaque. We demonstrate our results on a smart grid system. Our work is the first to study opacity in such generality for linear dynamical systems, and provides necessary mathematical foundation for system designers to develop and build opaque systems, while ensuring adequate security.