信息物理系统（CPS）利用通信网络技术达成子系统间的数据分享以实现功能集成，然而，数据共享增加CPS隐私泄露的风险。在CPS应用中，对数据机密性的保护可能会损失数据的可用性；物理系统对实时性、节点资源配置等方面的要求也会制约隐私保护机制的设计。由于二者相互影响深远，CPS隐私保护机制和状态估计方法应该协同设计，以平衡数据的机密性和可用性。本文基于以估计误差的统计量为隐私定义原则，针对上述协同设计问题开展研究，主要贡献如下： （1） 针对数据丢包信道下状态估计过程中存在的隐私安全问题，提出了一种隐私保护机制与状态估计的协同设计策略。考虑到数据丢失，引入了参照时刻的概念。通过构造加密新息与参照时刻解密新息的差值，并结合关键事件的定义，生成了动态密钥。采用随机非线性映射函数作为加密函数，使其在不稳定系统与稳定系统中均可适用，并达到了加密与解密新息的期望无偏性。在最小均方误差意义下，设计了解密状态滤波算法。在基于估计误差协方差的隐私定义框架下，证明了协同设计方法在不稳定系统与稳定系统的隐私性。 （2）针对MFC下隐私保护机制与状态估计的协同设计问题，提出了一种基于数据加权作差的加密方案，降低了加密计算量与通信传输量。通过对新息加权差结果进行随机非线性映射，实现期望无损加密并完成对传输数据的量化，减少数据传输量。在对解密后测量噪声分布的重构后，设计了解密Kalman滤波形式。引入解密失真率，分析了合法用户端实际期望状态估计误差协方差有界性条件，以及窃听者的估计误差在期望意义下发散条件。 （3）针对多传感器系统中隐私保护与信息融合的协同设计问题，提出了面向多MFC的分散式隐私保护策略，并设计了集中式解密信息融合算法。引入传输容量概念，并结合马勒测度与拓扑熵，对合法用户实际的期望状态估计误差协方差进行了有界性分析。对于窃听者，证明了两种计算能力情况下的隐私性条件。考虑系统资源受限的情况，提出了分散式隐私保护与信息融合的协同设计算法。分析了合法用户端局部与全局的实际期望状态估计误差协方差的有界性条件，并证明了窃听者在不具有排除错误解码信息能力的情况下其信息融合误差在期望意义下会发散的条件。完成了对所提出的协同设计方法能够同时保障多传感器系统隐私性的证明。

Cyber-physical systems (CPSs) utilize communication network technologies to achieve data sharing between subsystems, thereby achieving function integration and enhancing production efficiency. However, data sharing heightens the risk of privacy leakage within CPS. In CPS applications, mechanisms for protecting the confidentiality of data may inadvertently lead to diminished data availability. Additionally, the design of privacy-preserving mechanisms may face constraints imposed by the requirements of the physical systems such as real-time performance, resource allocation and so on. Given the profound interplay between cyber communication systems and physical systems, it is imperative to co-design CPS privacy-preserving mechanisms and state estimation methods to ensure a balance between data confidentiality and availability. This dissertation engages in research on the co-design of privacy-preserving mechanisms and state estimation within the estimation-error-based privacy framework; the primary research contents are presented below. (1) In addressing the privacy risk associated with state estimation in the presence of data packet dropout, a co-design strategy for privacy-preserving mechanisms and state estimation is proposed. To account for data missing due to unreliable channels, the concept of a reference time is introduced. This involves constructing the difference between the innovation and the decoded innovation at the reference time, and defining key events, to generate a dynamic key. A random nonlinear mapping function is utilized as the encoding function, making it applicable in both unstable systems and stable systems. The encoding function ensures unbiasedness in the expected sense for the innovation both encoded and decoded. Additionally, state filtering algorithm is designed for the proposed privacy-preserving mechanism, in the sense of minimum mean square error. The analysis of the monotonicity conditions of the legitimate user‘s estimation error covariance in this co-design method provides a guarantee for data privacy. (2) The co-design problem of privacy-preserving mechanism and state estimation is investigated under Markov fading channels. Based on a vector parameter weighted approach, a weighted difference form is derived from the current innovation and the decoded innovation at the reference time. This derivation not only reduces the computational complexity of the encryption algorithm but also expands the definition of secrecy from unstable systems to stable systems. Lossless encoding is achieved in the expected sense through the adoption of a random nonlinear mapping for the weighted difference of innovation, allowing for quantization of transmitted data and reduction of data volume. Furthermore, a decoding Kalman filter is designed with the assumption that the distribution of measurement noise can be approximated as Gaussian distribution after decoding. Secrecy of the proposed co-design is demonstrated through an analysis of the boundedness of the exact expected state estimation error covariance for the legitimate user, as well as an analysis of the analysis of the divergence of the expected estimation error of the eavesdropper. (3) To tackle the co-design problem of privacy-preserving mechanisms and information fusion for multi-sensor systems, a decentralized privacy-preserving strategy for multiple Markov Fading Channels (MFC) is proposed. The system is transformed based on the channel output, and a centralized decryption information fusion algorithm is developed. The concept of transmission capacity is introduced, and in combination with Mahler‘s measure and topological entropy, an analysis of the boundedness of the actual expected state estimation error covariance for the legitimate user is provided. For an eavesdropper, the conditions under which the privacy-preserving mechanism achieves confidentiality are proved for two different eavesdropper computing capabilities. Considered the constraints on computational and communication resources, a decentralized decryption information fusion algorithm is designed within the decentralized privacy protection framework. By constructing a weighted sum for the local estimation error covariance and solving the minimization problem for the global estimation error covariance, the design of the weight parameters in the global decryption estimation is achieved. The boundedness conditions of both local and global the actual expected state estimation error covariance matrices for the legitimate user are separately analyzed. For eavesdroppers without the ability to exclude erroneous decoding data, the dynamics for the estimation error are described, and the conditions under which the eavesdropper‘s information fusion error diverges in the expected sense are analyzed. In summary, the proposed co-design strategy is proven to simultaneously achieve the confidentiality and availability of data in multi-sensor systems.