LQG control policy design against agent identity privacy problem

This thesis project studies the agent identity privacy problem in the scalar linear quadratic Gaussian (LQG) control system. For the agent identity privacy problem in the LQG control, privacy models and privacy measures have to be established first. It depends on a trajectory of correlated data rather than a single observation. I propose here privacy models and the corresponding privacy measures by taking into account the two characteristics. The agent identity is a binary hypothesis: Agent A or Agent B. An eavesdropper is assumed to make a hypothesis testing on the agent identity based on the intercepted environment state sequence. The privacy risk is measured by the Kullback-Leibler divergence between the probability distributions of state sequences under two hypotheses. By taking into account both the accumulative control reward and privacy risk, an optimization problem of the policy of Agent B is formulated. The optimal deterministic privacy-preserving LQG policy of Agent B is a linear mapping. A sufficient condition is given to guarantee that the optimal deterministic privacy-preserving policy is time-invariant in the asymptotic regime. An independent Gaussian random variable cannot improve the performance of Agent B. The numerical experiments justify the theoretic results and illustrate the reward-privacy trade-off. Based on the privacy model and the LQG control model, I have formulated the mathematical problems for the agent identity privacy problem in LQG. The formulated problems address the two design objectives: to maximize the control reward and to minimize the privacy risk. I have conducted theoretic analysis on the LQG control policy in the agent identity privacy problem and the trade-off between the control reward and the privacy risk.Finally, the theoretic results are justified by numerical experiments. From the numerical results, I expected to have some interesting observations and insights, which are explained in the last chapter.

Il Sistema IBE di Boneh e Franklin

Un sistema di cifratura IBE (Identity-Based Encription Scheme) si basa su un sistema crittografico a chiave pubblica, costituita però in questo caso da una stringa arbitraria. Invece di generare una coppia casuale di chiavi pubbliche e private e pubblicare la prima, l'utente utilizza come chiave pubblica la sua "identità", ovvero una combinazione di informazioni opportune (nome, indirizzo...) che lo identifichino in maniera univoca. In questo modo ad ogni coppia di utenti risulta possibile comunicare in sicurezza e verificare le reciproche firme digitali senza lo scambio di chiavi private o pubbliche, senza la necessità di mantenere una key directory e senza dover ricorrere ogni volta ai servizi di un ente esterno. Nel 2001 Boneh e Franklin proposero uno schema completamente funzionante con sicurezza IND-ID-CCA, basato su un analogo del problema computazionale di Diffie-Hellman e che da un punto di vista tecnico-matematico utilizza la crittografia su curve ellittiche e la mappa bilineare Weil Pairing.