On confidentiality preserving monitoring of dynamic networks against ...

On confidentiality preserving monitoring of dynamic networks against inference attacks Minghui Zhu and Yang Lu Abstract— Information sharing in dynamic networks raises the concern that confidential information of dynamic networks could be inferred by malicious entities and further exploited in direct attacks to dynamic networks. In this paper, we formulate the problem of competitive confidentiality preserving monitoring of dynamic networks against inference attacks. We show that the unstructured `0 minimization is NP-hard and further provide a SDP equivalence for the structured `2 relaxation. The solution of the structured `2 relaxation is always a feasible solution of the unstructured `0 minimization.

I. I NTRODUCTION Recent advances in communication, computation and control have stimulated the emergence of large-scale dynamic networks including the smart grid, intelligent transportation systems and smart buildings. Technological advances allow spatially distributed entities to exchange real-time information which is necessary to achieve network-wide objectives. However, the vulnerabilities of information infrastructures also impose security risks on control systems where malicious attackers compromise physical systems through bypassing cyber defenses. There have been a number of cyber attacks to control systems, including the computer worm Stuxnet. Usually, the information of physical systems, including their real-time states, inputs, system parameters and control policies, are kept confidential from attackers. In order to launch targeted attacks, attackers have incentives to infer the confidential information from limited information they are accessible to. This is referred to as inference attacks. Unfortunately, dynamic networks are vulnerable to inference attacks due to the ubiquity of distributed information sharing. Consequently, it is of interest to synthesize schemes to protect dynamic networks from inference attacks. Note that protection schemes should not compromise desired network properties and missions. This imposes a constraint on the design of protection schemes. Literature review. The privacy of the smart grid has been receiving increasing attention. Several techniques have been proposed to protect the privacy of the owners of smart meters. In particular, energy storage devices are commonly used to mask the features of appliances that are used by NALM algorithms to detect appliances turning on or off [2], [16], [23], [14], [21]. By using information theory and hidden Markov models, the authors in [20] provide a novel privacyutility tradeoff of smart meter data. Besides the smart grid, M. Zhu and Y. Lu are with the Department of Electrical Engineering, Pennsylvania State University, 201 Old Main, University Park, PA, 16802, [email protected],[email protected]. This work was partially supported by ARO W911NF-13-1-0421 (MURI).

the research has also been devoted to the user privacy of intelligent transportation systems [12] and smart buildings [3], [17]. However, this set of work does not explicitly consider physical dynamics. The recent paper [18] investigates differential privacy of real-time monitoring of dynamic systems. The authors design Kalman filters which can ensure differential privacy of control-free dynamically decoupled linear time-invariant systems. In contrast, our paper focuses on controlled dynamically coupled linear time-invariant systems. This distinction requires a new privacy/confidentiality-utility tradeoff and a new set of privacy/confidentiality-preserving schemes. More importantly, differential privacy in [18] is probabilistic and different from inference attacks studied in the current paper. Contributions. The current paper investigate competitive confidentiality preserving monitoring of an interconnected dynamic network against inference attacks. We formulate that the network confidentiality is compromised if and only if the dynamic system is strongly observable. We propose a protection scheme where the agents intentionally perturb the inputs and outputs of the dynamic network such that (i) the strong observability of the dynamic network is compromised; (ii) its controllability is maintained; and (iii) the sparsity of the introduced perturbations are maximized. We first show the problem, so called unstructured `0 minimization, is NP-hard. To mitigate the computational challenges, we investigate an approximation where the non-convex 0-norm is replaced by the convex 2-norm and the perturbations are structured such that the network controllability is always maintained. For the relaxation, so called structured `2 minimization, we show that it is equivalent to a semi-definite program which can be efficiently solved. The solution of the structured `2 minimization is always a feasible solution of the unstructured `0 minimization. II. A MOTIVATING EXAMPLE In this section, we will use microgrids to exemplify inference attacks to dynamic networks. As shown in Figure 1, a microgrid consists of a collection of power plants V , {1, · · · , N } and each of them is comprised of a prime mover, electric generator and their primary control. The power plants are coupled via transmission lines and can be written as interconnected dynamic systems as follows: x˙ i = fi (xi , [Pij ]j∈Ni , PLi , ui ).

(1)

In (1), xi is the vector of internal state variables of power plant i, such as angular frequency wi and phase angle θi . If there is a transmission line connecting power plants i and j,

then j ∈ Ni . Pij is the power transmitted from power plant i to power plant j and PLi is the load connected to power plant i. ui represents the control of power plant i. As an example of (1), the model of a synchronous generator is described by X
1 dwi Pij − PMi + PLi =− Di wi + dt mi j∈Ni

dθi = 2πwi dt
dPMi 1 =− PMi − Pvi dt TCH i
1 dPvi 1 Pv i + =− wi − Pref i , dt TGi Ri

(2)

where the linearized exchanged power Pij is given by: Pij (t) = tij (θi (t) − θj (t)). A fundamental objective of the microgrid is to balance power generations and loads. There is a system operator who is responsible for monitoring the microgrid operation and ensuring the enforcement of the fundamental objective. The system operator chooses VMP⊆ V and real-time monitors the power unbalances ∆i (t) , j∈Ni Pij (t) − PMi (t) + PLi (t) for i ∈ VM and all t ≥ 0. The owner of power plant i ∈ VM is willing to disclose ∆i (t) since it is essential for the microgrid monitoring. Assume the system operator is semihonest and wants to exploit ∆i (t) for i ∈ VM to recover the state x(t) and input u(t). In addition, if x(t) and u(t) are available and ui (t) = Ki x(t) is linear, the system operator can perform parameter estimation to recover the gain Ki of ui (t). This is achievable if x(t) is persistently excited. Note that x(t), u(t) and Ki are confidential information of the owners and should not be disclosed to the system operator. The above discussion reveals a dilemma. On one hand, the owners need to disclose certain information which indicates the normal operation of the microgrid. On the other hand, it gives rise the risk of leaking confidential information of the owners if the disclosed information is not properly chosen. III. P ROBLEM S TATEMENT In the last section, we used microgrid as an example to illustrate the vulnerability of dynamic networks against inference attacks. In this section, we will formalize the problem of competitive confidentiality preserving monitoring of dynamic networks. A. Network model Consider an interconnected dynamic network where the dynamics of agent i is described by the following linear timeinvariant discrete-time system: X xi (k + 1) = Ai xi (k) + Aij xj (k) + gi di (k), j∈Ni

yi0 (k)

= ci xi (k) + hi di (k). ni

(3)

In (3), xi (k) ∈ R is the state vector of agent i at time k, di (k) ∈ Rpi is its “input” vector, and yi0 (k) ∈ Rli is its measurement vector. Without loss of generality, we assume throughout the paper that ni ≥ li ≥ 1 and li ≥ pi ≥ 0.

Fig. 1: An example of microgrid.

In (3), Ni ⊆ V \ {i} represents the set of agents whose states affect that of agent i. Denote G , (V, E) where (i, j) ∈ E if j ∈ Ni . So the graph G represents the physical interconnections of the agents. The collection of (3) can be compactly written as follows: x(k + 1) = Ax(k) + GD(k).

(4)

where x(k) ∈ Rn and D(k) ∈ Rp with n , i∈V ni and P p , i∈V pi . Each agent can also communicate with some other agents. The inter-agent communication topology is denoted by G C . In this paper, we assume that G C is a complete graph. P

B. Adversary model There is a monitoring operator who is responsible for monitoring the dynamic network (4). The monitoring operator can measure a linear combination of individual’s outputs in (3) which is given by:   c1 x1 (k) + h1 d1 (k)   .. y(k) = Πy 0 (k) = Π   . cN xN (k) + hN dN (k) = Cx(k) + HD(k),

(5)

where C ∈ Rq×n and D ∈ Rq×p . The monitoring operator is assumed to be semi-honest (or honest-but-curious) [6], [8], [15], [19] and aims to exploit y(k) to infer x(k) and d(k). Assume d(k) = Kx(k). If x(k) and u(k) are available, the monitoring operator can infer matrix K if x(k) is persistently excited. In the current paper, we assume that the monitoring operator is aware of the matrices A, C, G and H. One of our future directions is to relax this assumption [1].

C. Competitive confidentiality preserving monitoring We say that the confidentiality of the dynamic network is compromised if the states and inputs of (4) can be estimated from past outputs in (5). In order to formally define the network confidentiality, we need the following definition of strong observability: Definition 3.1 (Strong observability): The linear sys A G tem (4) and (5) or equivalently is strongly C H observable, or equivalently state and input observable or perfectly observable, if the initial condition x(0) and the input sequence up to time n − 1, {D(0), · · · , D(n − 1)} can be uniquely determined from the measured output sequence {y(0), · · · , y(n)}. One can see that the network confidentiality is compromised if and only if the dynamic network is strongly observable.  To avoid  a trivial problem, we assume that the A G is strongly observable. system C H The following theorem in [25] provides a sufficient and necessary condition in terms of matrix pencils for strong observability:   A G Theorem 3.1: The system is strongly observC H able if and only if   zI − A −G rank = n + p, ∀z ∈ C. (6) C H Theorem 3.1 is the extension of the PBH test on observability (and controllability) to strong observability. By Theo  zI − A −G rem 3.1, if there is some z ∈ C such that C H does not have a full column rank, then the dynamic network is not strongly observable and the network confidentiality is preserved. In order to protect their confidentiality, the agents could perturb the system matrices such that the perturbed system is not strongly observable. However, such change should maintain certain system properties; e.g., controllability. These partially conflicting components define the problem of competitive confidentiality preserving monitoring. Figure 2 provides an illustration where unperturbed systems S1 and S3 are strongly observable, and perturbed systems S2 and S4 are not strongly observable but controllable. Hence, systems S2 and S4 are desirable but systems S1 and S3 are not. In the remainder of the paper, we will introduce our solutions to this problem. D. Notations and notions The induced 2-norm of matrix M is denoted by kM k2 . It is well-known that kM xk2 ≤ kM k2 kxk2 and kM1 M2 k2 ≤ kM1 k2 kM2 k2 . For all positive integer `, [`] is the power set of {1, · · · , `}. The set C represents the collection of complex numbers. 0n (resp. 1n ) is the column vector with n zeros (resp. ones). We conclude with introducing the necessary terminology from computational complexity. First, a polynomial-time

Fig. 2: An illustration of competitive confidentiality preserving monitoring.

algorithm is an algorithm performing its task in a number of steps bounded by a polynomial expression in the size of the problem input. In computational complexity theory, NP is one of the most fundamental complexity classes. The abbreviation NP refers to ”nondeterministic polynomial time”. The class of NP-hard problems consist of all problems for which a solving algorithm could be transformed in polynomial time into a solving algorithm for any NP-problem. IV. S PARSE INPUT- OUTPUT PERTURBATIONS In this section, we will introduce our approach of intentional input-output perturbations to preserve the confidentiality of the dynamic network and formulate the problem as an unstructured `0 minimization problem. Then we will show that the unstructured `0 minimization problem is NP-hard. At the end of this section, we will provide an upper bound on the optimal value of the unstructured `0 minimization problem. A. Problem formulation In order to compromise the strong observability, we propose the approach of intentional input-output perturbations. In particular, each agent i intentionally perturbs its own input di (k) (resp. its own output yi0 (k)) by adding the signals µdi (k) (resp. µyi (k)). The perturbations µdi (k) and µyi (k) are given by: X X SS IS µdi (k) = Kij xj (k) + Kij dj (k) j∈V

µyi (k)

=

X j∈V

j∈V SO Kij xj (k)

+

X

IO Kij dj (k).

(7)

j∈V

The superscript IS means a perturbation from an input to a state. Other superscripts are defined analogously. The perSS IS SO IO turbation matrices Kij , Kij , Kij and Kij have proper dimensions and are decision variables of agent i. Since G C is a complete graph, each agent i has the access to the states and inputs of any other agent in (7). So the added perturbations are unrestricted or unstructured. Substitute the unstructured perturbations µdi (k) and µyi (k) into (4) and (5) and it renders the following perturbed system: x(k + 1) = (A + GKSS )x(k) + G(I + KIS )D(k), y(k) = (C + HKSS + KSO )x(k) + (H + HKIS + KIO )D(k),

(8)

SS IS SO where KSS , [Kij ], KIS , [Kij ], KSO , [Kij ] and K K SS IS IO ]. Let K , KIO , [Kij ∈ R(n+q)×(n+p) . KSO KIO In order to preserve the network confidentiality, the agents need to choose the matrices K such that the perturbed system (8) is not strongly observable. Meanwhile, the agents are not willing to compromise the network controllability and thus the perturbed system (8) should be controllable. These represent two hard constraints on the choice of K. In addition, the added perturbations require sensing and comSS OS munication. If one element of KiiSS , Kji or Kji is nonzero, agent i needs to sense the corresponding component SO SS is non-zero, or Kij of xi (k). If one element of Kij agent j should send the corresponding component of xj (k) to agent i. So, the agents would like to minimize the sensing and communication costs caused by the perturbations. This can be encoded into maximizing the sparsity of the perturbation matrices and equivalently minimizing the zero norm of K. All the above objectives are encapsulated in problem P0 as follows:

min kKk0   A G s.t. C H  GKSS + HKSS + KSO

` = 1, · · · , n.

(11)

Let G = 0, and then problem P˜0 becomes: min kKIS k0 KIS

s.t. k(W KIS )` k0 6= 0,

` = 1, · · · , n,

(12)

where (W KIS )` is the `-th row of V T KIS and W = V T is the input to problem (12). Now let us consider the following problem: ˆ IS k0 min kK ˆ IS K

s.t.

ˆ IS = [1n 0n · · · 0n ]. WK | {z }

(13)

p−1

p−1

is a solution of the following problem: GKIS HBKIS + KIO

 min kkIS k0 kIS

is not strongly observable     A G + GKSS GKIS is controllable.

s.t. (9)

Since K is unstructured, problem P0 is referred to as the unstructured `0 minimization. Here we would like to mention that the objectives of problem P0 are different from the work; e.g., [24], on optimal actuator (resp. sensor) placement to ensure system controllability (resp. observability). In the next section, we will show that the problem is NP-hard. B. Computational intractability In the unstructured `0 minimization, k · k0 is non-convex and introduces the combinatorial feature. So problem P0 could be computationally challenging. Actually problem P0 is as hard as the problem of exact cover by 3-sets [7]: given a collection {Ci }i∈{1,··· ,m} of 3-element subsets of {1, · · · , n}, does there exist an exact cover (a partition) of {1, · · · , m}; that is, a set of J ⊂ {1, · · · , n} such that ∪j∈J Cj = {1, · · · , m} and Ci ∩ Cj = ∅ for all i 6= j ∈ J. It is known that the problem of exact cover by 3-sets is NP-complete [7]. In the following theorem, we will use this result to show that problem P0 is NP-hard. Theorem 4.1: The unstructured `0 minimization is NPhard if (A, C, G, H) is the input. ˜0 Proof: Let us consider the following special case P of P0 :

KIS

v`T KIS 6= −v`T G,

It is obvious that, other than the first column, other columns ˆ ∗ are zero. Hence, K ˆ ∗ = [k ∗ 0n · · · 0n ] where k ∗ of K IS IS IS IS | {z }

K∈R(n+q)×(n+p)

min kKIS k0 KIS    A G + 0 s.t.

where (A, G) is the input of the problem. Let vi be the left eigenvector of A and V , [v1 · · · vn ]. By the PBH test, no left eigenvector of A is orthogonal to all the columns of G + KIS ; v`T (G + KIS ) 6= 0Tp for ` = 1, · · · , n. That is,



is controllable,

(10)

W kIS = 1n ,

(14)

∗ where kIS ∈ Rn . As Theorem 2.13 in [11], the solution kIS n ∗ to (14) is such that kkIS k0 = 3 . Since the constraint of (13) and (14) are smaller than that in (12), we have

n ∗ ∗ ∗ ˆ IS kKIS k0 = kK k0 ≤ kkIS k0 = . 3

(15)

As [7], we let {Ci }i∈[n] be a collection of 3-element of [n] and define vectors wi ∈ Rn by:  1 j ∈ Ci wi,j = . (16) 0 j∈ / Ci Since each column of W has three non-zero elements and ∗ W KIS has at least n non-zero elements, so kKIS k0 ≥ n3 . n ∗ Combining this with (15), we have kKIS k0 = 3 . Combining with that each column of W has three non-zero elements, ∗ ∗ we have kW KIS k0 ≤ n. Since each column of kW KIS k0 ∗ has at least one non-zero element, kW KIS k0 ≥ n. We then ∗ reach kW KIS k0 = n. So, the collection of {Ci }i∈[n] forms an exact cover of [n]. Recall that the problem of exact cover by 3-sets is NP-complete [7]. It completes the proof. Theorem 4.1 verifies the computational hardness of the unstructured `0 minimization. The following lemma then provides an upper bound for its optimal value. Lemma 4.1: The optimal value of the unstructured `0 minimization is upper bounded by q which is the output dimension. ˜ 0 of P0 where Proof: Let us consider a special case P the input matrices G and H are zero and the perturbation

matrices KIO = KSS = 0. That is, min kKSO k0     A 0 s.t. + is not observable. C KSO KSO

(17)

Recall the PBH test that (C, A) is unobservable if and only if ∃v 6= 0 such that Av = λv and Cv = 0; i.e., a right eigenvector of A is in the null space of C. Let λ1 , · · · , λn the eigenvalues of A and v1 , · · · , vn the associated right eigenvectors. With these, let us define an auxiliary problem ˆ 0 (vi ) for each vi : P min kKSO k0

KSO

s.t. (C + KSO )vi = 0.

(18)

The solution to (18) is denoted by KSO (vi ). Hence, the solu˜ 0 is KSO (vi ) such that kKSO (vi )k0 ≤ kKSO (vj )k0 tion to P for all j. ˆ 0 (vi ) is NP-hard. The Now we proceed to show that P ˆ equality constraint in P0 (vi ) can be written as KSO vi = wi = −Cvi .

(19)

ˆ 0 (vi ). ¯ SO (vi ) = diag( wi,j ) is a feasible solution of P So K vi,j ¯ Since kKSO (vi )k0 is not larger than q, so are kKSO (vi )k0 ∗ k0 , the solution of (17). and kKSO V. S TRUCTURED `2 MINIMIZATION Theorem 4.1 verifies that the unstructured `0 minimization is NP-hard. It is mainly induced by the non-convexity of k · k0 . Note that k · kp approaches k · k0 as p > 0 approaches 0. In compressed sensing [5], [9], group testing [10] and network tomography [4], it is a common practice that k · k0 is replaced by k · k1 . Usually, this approximation can return sparse solutions. In this section, we will replace k · k0 by k·k2 and restrict the perturbations such that the controllability is guaranteed a priori. We will show that the structured `2 minimization can be converted into a semi-definite program (SDP). A. Structured perturbations First of all, let us assume that the unperturbed system is controllable:   Assumption 5.1: A G is controllable. Let us choose K ∈ {0, 1}(n+q)×(n+p) , and define a class S(K) of structured matrices in R(n+q)×(n+p) where each K ∈ S(K) has the same pattern as K; i.e., Kij 6= 0 if and only if Kij 6= 0. We assume that the class S(K) can preserve the controllability:   A G +  Assumption 5.2: For any K ∈ S(K), GKSS GKIS is controllable. The following lemma indicates that the constraint to K can be realized by premultiplying Ψ[κ] and postmultiplying Φ[κ] . [κ] Lemma 5.1: Given K, there exists matrices Φ[κ] Pa Ψ [κ] and [κ] for κ = 1, · · · , a such that if and only if κ=1 Ψ KΦ ∈ S(K) for any K.

Proof: Given K, we denote a , kKk0 and Π , {(`, `0 )|K``0 6= 0}. For each (`, `0 ) ∈ Π, we define the 0 matrix Ψ[`` ] which has a single one at the `-th diagonal 0 element, and the matrix Φ[`` ] which has a single one at 0 the element. For any K ∈ R(n+q)×(n+p) , Pa ` -th diagonal 0 [``0 ] KΦ[`` ] has the same pattern as K. (`,`0 )∈Π Ψ Remark 5.1: The proof of Lemma 5.1 provides one way to identify Ψ[κ] and Φ[κ] . Here  we would like to provide a 1 0 0 special example. Given K = , we have 1 0 1     1 0 0 1 0 K 0 0 0  0 0 0 0 0     1 0 0 0 0 + K 0 0 0  0 1 0 0 0     0 0 0 0 0 + K  0 0 0  ∈ S(K) 0 1 0 0 1 for any K ∈ R3×2 . Note that the ways to find such matrices are not unique. The way in in the proof of Lemma 5.1 may not return the minimum number of constraint matrices. • B. Structured `2 minimization Given K satisfying Assumption 5.2, let Ψ = [Ψ[1] · · · Ψ[a] ] and Φ = [(Φ[1] )T · · · (Φ[a] )T ]T satisfying the condition ˆ = diag(K). Then we have in 5.1 and K Pa Lemma [κ] [κ] ˆ = ΨKΦ ∈ S(K). κ=1 Ψ KΦ Assumption 5.3: The matrix Ψ has a full row rank and the matrix Φ has a full column rank. Remark 5.2: Here we provide for Assump an example  tions 5.2 and 5.3. Assume that Ai Gi is controllability for each i ∈ V . Choose the elements of K are all ones other IS than KSS ii = 0 and Kii = 0 for all i ∈ V . Then The induced class S(K) satisfies Assumptions 5.2 and 5.3. • We also assume the following one: Assumption 5.4: q = p. With `2 minimization over structured perturbations satisfying Assumption 5.2, we rewrite (9) as follows: min kKk2 K  A s.t. C



G H

 +N

a X

Ψκ KΦκ

κ=1

is not strongly observable, (20)  G 0 and the added perturbations are H I

where N , Pa κ=1 Ψκ KΦκ . Problem (20) is referred to as P2 , the structured `2 minimization. We will show that it is equivalent to a semidefinite program (SDP). Intuitively speaking, the structured `2 minimization is to identify the minimum K such that the pencil matrix loses the row rank for some z ∈ C. To solve this problem, let us first choose any z ∈ C and consider the

˜ We now proceed to show that K(z) is a solution to 0 problem P2 (z). Since U and V are unitary, then we have

following problem P2 (z): min kKk2

−1 T ¯ ˜ ¯ kK(z)k UΨ ΣΨ k−1 2 = kΣΦ VΦ M (z) 2 .

K

ˆ s.t. rank(M (z) + N ΨKΦ) < n + p,     zI − A −G A G . Since is where M (z) , C H C H strongly observable and q = p in Assumption 5.4, M (z) is square and non-singular for all z ∈ C. We perform SVD T on Ψ = UΨ ΣΨ VΨ and Φ = UΦT ΣΦ VΦ . We denote ¯ Ψ 0], ΣΨ = [Σ

¯ Φ 0], ΣΦ = [Σ

¯ , VΨ KU ˆ ΦT , K

¯ Ψ and Σ ¯ Φ are square matrices and contain the where Σ singular values of Ψ and Φ, respectively. By Assumption 5.3, ¯ Ψ and Σ ¯ Φ are non-singular. So we have Σ ˆ = M (z) + U T ΣΨ VΨ KU ˆ T ΣΦ VΦ M (z) + N ΨKΦ Ψ Φ T¯ ¯¯ = M (z) + UΨ ΣΨ K ΣΦ VΦ . ¯ 2 = Since unitary matrices preserve two norm, then kKk ˆ T k2 . With this, P2 (z) is equivalent to P0 (z) defined kVΨ KU 2 Φ as follows:

T¯ ˜ ¯ Φ VΦ M (z) + UΨ ΣΨ K(z)Σ T¯ ˜ ¯ Φ VΦ ) = M (z)(I + M (z)−1 UΨ ΣΨ K(z)Σ T¯ ˜ ¯ Φ VΦ )−1 + M (z)−1 UΨ ¯ Φ VΦ = M (z)((Σ ΣΨ K(z))Σ T¯ ˜ ¯ Φ VΦ )−1 (I + Σ ¯ Φ VΦ M (z)−1 UΨ ¯ Φ VΦ . = M (z)(Σ ΣΨ K(z))Σ

¯ Φ VΦ M (z)−1 U T Σ ¯ ˜ Notice that Σ Ψ Ψ K(z) has a single −1 on the diagonal and all other elements are zeros. Hence, ¯ Φ VΦ M (z)−1 U T Σ ¯ ˜ I + Σ Ψ Ψ K(z) is singular. Notice that rank(M1 M2 ) ≤ min{rank(M1 ), rank(M2 )}. So we reach T¯ ˜ ¯ Φ VΦ does not have a full column that M (z) + UΨ ΣΨ K(z)Σ rank. With Theorem 5.1, P2 can be rewritten as follows: ˜ min kK(z)k 2.

(24)

By (23), problem (24) is equivalent to:

¯ K

s.t. rank(M (z) +

˜ So kK(z)k 2 reaches the lower bound in (22). We proceed T¯ ˜ ¯ Φ VΦ is singular. Notice to show that M (z) + UΨ ΣΨ K(z)Σ that

z∈C

¯ 2 min kKk

(23)

T¯ ¯¯ UΨ ΣΨ K ΣΦ VΦ )

T¯ ¯ Φ VΦ M (z)−1 UΨ min kΣ ΣΨ k−1 2 .

< n + p.

¯ Ψ, Σ ¯ Φ and VΦ are nonRecall that the matrices Σ ¯ Φ VΦ M (z)−1 U T Σ ¯ singular. We perform SVD on Σ Ψ Ψ = U T ΣV where its largest singular value is denoted by σ1 . T ¯ −1 ˜ ¯ Φ VΦ M (z)−1 U T Σ Now we choose K(z) = −kΣ Ψ Ψ k2 v1 u1 where u1 (resp. v1 ) is the first column of U (resp. V ). ˜ The following theorem characterizes that K(z) is the solution to P02 (z). ˜ Theorem 5.1: For any z ∈ C, K(z) is the solution to P02 (z). ¯ Proof: Fix z ∈ C and assume that K(z) renders that T¯ ¯ ¯ Φ VΦ does not have a full column rank. ΣΨ K(z)Σ M (z)+UΨ Then there is a 6= 0 such that T UΨ ,

T¯ ¯ ¯ Φ VΦ )a = 0. (M (z) + UΨ ΣΨ K(z)Σ

Since M (z) is non-singular, we reach T¯ ¯ ¯ Φ VΦ a. a = −M (z)−1 UΨ ΣΨ K(z)Σ

(21)

¯ Φ VΦ , let b , Σ ¯ Φ VΦ a 6= 0 Multiply both sides of (21) by Σ and we have ¯ Φ VΦ M (z)−1 U T Σ ¯ ¯ b = −Σ Ψ Ψ K(z)b.

z∈C

(25)

Notice that ¯ Φ VΦ M (z)−1 U T Σ ¯ −1 kΣ Ψ Ψ k2 kak2 = inf ¯ ¯ a kΣΦ VΦ M (z)−1 U T Σ Ψ Ψ ak2 = inf

inf

¯ Φ VΦ M (z)−1 U T Σ ¯ b c∈{a|Σ Ψ Ψ a=b}

kck2 kbk2

T¯ ¯ Φ VΦ )−1 bk2 k(UΨ ΣΨ )−1 M (z)(Σ b kbk2 T¯ ¯ Φ VΦ )−1 ). = σmin ((UΨ ΣΨ )−1 M (z)(Σ

= inf

(26)

In (26), the first equality is the result of the definition of k·k2 . The third equality is the property that the pseudoinverse defines the minimum 2-norm solution to a linear system. The last equality is a result of Page 71 in [13]. By (26), problem (25) is equivalent to: T¯ ¯ Φ VΦ )−1 ). min σmin ((UΨ ΣΨ )−1 M (z)(Σ z∈C

and thus min τ

z∈C,τ ∈R

Therefore, we have

T¯ ¯ Φ VΦ )−1 ) ((UΨ ΣΨ )−1 M (z)(Σ T¯ ¯ Φ VΦ )−1 )T ≥ τ 2 I. × ((UΨ ΣΨ )−1 M (z)(Σ

s.t.

¯ Φ VΦ M (z)−1 U T Σ ¯ ¯ kbk2 = kΣ Ψ Ψ K(z)bk2 T¯ ¯ Φ VΦ M (z)−1 UΨ ¯ ≤ kΣ ΣΨ k2 kK(z)k 2 kbk2 .

We proceed to verify that (27) is a SDP. To achieve this, we rewrite problem (27) as follows:

and then −1 T ¯ ¯ ¯ kK(z)k UΨ ΣΨ k−1 2 ≥ kΣΦ VΦ M (z) 2 .

(27)

(22)

This implies that the two-norm of the solution to problem ¯ Φ VΦ M (z)−1 U T Σ ¯ −1 P02 (z) is lower bounded by kΣ Ψ Ψ k2 .

max τ

z∈C,τ

 s.t.

Π τI

τI ΠT

 ≥ 0,

(28)

T¯ ¯ Φ VΦ )−1 . We further rewrite where Π , (UΨ ΣΨ )−1 M (z)(Σ the inequality constraint in (28) as follows:   Π τI τ I ΠT     T¯ ¯ Φ VΦ )−1 0 0 I (UΨ ΣΨ )−1 M (z)(Σ = +τ I 0 0 0   0 0 + T¯ ¯ Φ VΦ )−1 )T . 0 ((UΨ ΣΨ )−1 M (z)(Σ

Recall that 

 zI − A −G C H     I 0 −A −G =z + . 0 0 C H

M (z) =

Hence, problem (28) is a SDP and can be written as follows: min τ

z∈C,τ ∈R

s.t.

F0 + zFz + τ Fτ ≥ 0.

(29)

We have converted the structured `2 minimization into the SDP (29). There are several types of efficient algorithms for solving SDPs; e.g., interior point methods and bundle method [22]. These algorithms output the value of the SDP up to an additive error  in time that is polynomial in the program description size and log 1 . ˜ ∗) Let (z ∗ , τ ∗ ) be the solution to the SDP (29). Then K(z is the solution of the structured `2 minimization and an approximation of the solution of the unstructured `0 min˜ ∗ ) is always imization. Although it may not be optimal, K(z a feasible solution of the unstructured `0 minimization. VI. C ONCLUSIONS We have formulated the problem of competitive confidentiality preserving monitoring of dynamic networks against inference attacks. We have shown that the unstructured `0 minimization is NP-hard and provided a SDP equivalence for the structured `2 relaxation. The solution of the structured `2 relaxation is always a feasible solution of the unstructured `0 minimization. One of the future work is to investigate the structured `1 relaxation. R EFERENCES [1] K. Abed-Meraim, W. Qiu, and Y. Hua. Blind system identification. Proceedings of the IEEE, 85(8):1310–1322, 1997. [2] M. Backes and S. Meiser. Differentially private smart metering with battery recharging. Data Privacy Management and Autonomous Spontaneous Security, pages 194–212, 2014. [3] J. Boyer, K. Tan, and C. Gunter. Privacy sensitive location information systems in smart buildings. Security in Pervasive Computing, pages 149–164, 2006. [4] T. Bu, N. Duffield, F. L. Presti, and D. Towsley. Network tomography on general topologies,. In ACM SIGMETRICS, pages 21–30, 2002. [5] E. Candes and T. Tao. Decoding by linear programming. IEEE Transactions on Information Theory, (12):4203–4215, 2005. [6] C. Clifton, M. Kantarcioglu, J. Vaidya, X. Lin, and M. Zhu. Tools for privacy preserving distributed data mining. ACM SIGKDD Explorations Newsletter, 4(2):28–34, 2002. [7] T. Cormen, C. Stein, R. Rivest, and C. Leiserson. Introduction to Algorithms. McGraw-Hill Higher Education, 2001.

[8] D. Dolev and A. Yao. On the security of public key protocols. IEEE Transactions on Information Theory, 29(2):198 – 208, 1983. [9] D. Donoho. Compressed sensing. IEEE Transactions on Information Theory, (4):1289–1306, 2006. [10] D. Du and F. Hwang. Combinatorial group testing and its applications. World Scientific Publishing Company, 2000. [11] S. Foucart and H. Rauhut. A Mathematical Introduction to Compressive Sensing. Birkhauser, 2013. [12] R. Friesa, M. Gahrooeia, M. Chowdhuryb, and A. Conwayc. Meeting privacy challenges while advancing intelligent transportation systems. ACM Transactions on Multimedia Computing, pages 34–45, 2012. [13] G. Golub and C. Van Loan. Matrix Computations. Johns Hopkins University Press, 1996. [14] G. Kalogridis, C. Efthymiou, S. Denic, T. Lewis, and R. Cepeda. Privacy for smart meters: Towards undetectable appliance load signatures. In IEEE International Conference on Smart Grid Communications, pages 232–237, 2010. [15] Y. Lindell and B. Pinkas. The journal of privacy and confidentiality. ACM SIGKDD Explorations Newsletter, 1(1):59–98, 2009. [16] S. McLaughlin, P. McDaniel, and W. Aiello. Protecting consumer privacy from electric load monitoring. In 18th ACM Conference on Computer and Communications Security, pages 87–98, 2011. [17] S. Moncrieff, S. Venkatesh, and G. West. Dynamic privacy assessment in a smart house environment using multimodal sensing. ACM Transactions on Multimedia Computing, 5:1–29, 2008. [18] J. Le Ny and G. Pappas. Differentially private filtering. IEEE Transactions on Automatic Control, 59(2):341–354, 2014. [19] M.M. Prabhakaran and A. Sahai. Secure multi-party computation. IOS Press, 2013. [20] L. Sankar, S.R. Rajagopalan, S. Mohajer, and H.V. Poor. Smart meter privacy: A theoretical framework. IEEE Transactions on Smart Grid, 4(2):837–846, 2013. [21] O. Tan, D. Gunduz, and H.V. Poor. Increasing smart meter privacy through energy harvesting and storage devices. IEEE Journal on Selected Areas in Communications, 31(7):1331–1341, 2013. [22] L. Vandenberghe and S. Boyd. Semidefinite programming. SIAM Review, (1):49–95, 1996. [23] D. Varodayan and A. Khisti. Smart meter privacy using a rechargeable battery: Minimizing the rate of information leakage. In IEEE International Conference on Acoustics, Speech and Signal Processing, pages 1932–1935, 2011. [24] M. Van De Wal and B. De Jager. A review of methods for input/output selection. Automatica, 37(4):487 – 510, 2001. [25] S. Yong, M. Zhu, and E. Frazzoli. Simultaneous input and state estimation for linear discrete-time stochastic systems with direct feedthrough. In IEEE Conference on Decision and Control, pages 7034–7039, Florence, Italy, 2013.