Cyber-Security Enhancements of Networked Control Systems Using Homomorphic Encryption
-
Upload
kiminao-kogiso -
Category
Engineering
-
view
478 -
download
0
Transcript of Cyber-Security Enhancements of Networked Control Systems Using Homomorphic Encryption
December 18 Fri., 2015, 13:30-13:50, Regular Session: Networked Control Systems 2, Frb09.1 @ 1003
Cyber-‐‑‒Security Enhancements of Networked Control Systems Using
Homomorphic Encryption
Kiminao KogisoUniversity of Electro-Communications
Tokyo, Japan
Takahiro FujitaYokogawa Denshikiki Co., Ltd.
The 54 Conference on Decision and ControlOsaka International Convention Center, Osaka, Japan
December 15 to 18, 2015
Outline
2
Introduction Problem Statement Controller Encryption Simulation & Validation Conclusion
Introduction
3
Controller device is important, but exposed to threats of hacking and targeted attacks. signals: modeling, stealing recipe, management policy and know-how parameters: knowledges about system designs and operations
Attacks on networked control system
plantcontrollerref. (recipe)
control signals
feedback signalsparameters
[1] Sandberg et al., 2015. [2] Sato et al., 2015. [3] Pang et al., 2011
Related works aiming to conceal the signals control-theoretical approach: detection[1], positive use of noises[2] cryptography-based approach: encryption of communication links[3]
no studies considering encryption of the controller or its inside…
control (cipher)
feedback(cipher)
EncDec
Enc Decplantcontroller
ref. ref.
(cipher)Enc Dec
Introduction
4
Objective of this workRealize a cryptography-based control law to conceal both the signals & parameters.
control (cipher)
feedback(cipher)
EncDec
Enc Decplantcontroller
ref. ref.
(cipher)Enc Dec
conventional:
control (cipher)
feedback(cipher)
Enc
Decplantencrypted
controller
ref. ref.
(cipher)Enc
parameters (cipher)
proposed:
Concept of encrypted controller: calculates an encrypted control directly from an encrypted feedback signal & an encrypted reference using encrypted parameters,
is achieved by incorporating homomorphic encryption scheme into the control law.
Problem Statement
5
Encryption of linear controllerConsider a linear controller: f
Controller Encryption Problem:
Given an encryption scheme , for a control law realize an encrypted law .fE fE
Define an encrypted control law , given an encryption scheme , satisfyingfE E
x[k + 1]u[k]
�=
A B
C D
� x[k]y[k]
�:= �⇠[k] := f(�, ⇠[k])
: parameter matrix
: plant output
: control inputuy
�
5
control (cipher)
feedback(cipher)
Enc
Decplant
parameters (cipher)
Enc(y)
Enc(u) u
yEnc(�)
fE(Enc(�),Enc(⇠))
fE(Enc(�),Enc(⇠)) = Enc(f(�, ⇠))
RSA encryption[4,5] (deterministic) & ElGamal encryption[6] (stochastic) ElGamal encryption scheme[4]
key generation: public , and private (random)
encryption:
decryption:
Controller Encryption 1/3
6[4] Rivest, “A Method for Obtaining Digital Signatures and Public-Key Cryptosystem”, 1978. [5] Rivest, “On Data Banks and Privacy Homomorphisms”, 1978.
Homomorphic encryption schemes
RSA: Rivest-Shamir-Adelman
Dec(c1, c2) = c2 ⇥ c�s1 mod p
g, p, s 2 N(g, p) s
r 2 N : randomEnc(m) = (gr mod p, m⇥ gsr mod p)= c1 = c2 m : integer in plaintext space
: integer in ciphertext spacec1, c2
Homomorphism definition
Enc(m1 •m2) = Enc(m1) ⇤ Enc(m2)
in the case of ElGamal· : multiplication ⇤ : modulo operation
plaintext spaceciphertext space
m1
m2
⇥
⇥⇥
m2•m1
⇥
⇥⇥
Enc(m1)
Enc(m2)
N N2
Enc
Enc
Enc
Controller Encryption 2/3
7
Idea for controller encryptionDivide the linear operation to apply the homomorphism.
f = f+ � f⇥
f⇥(�, ⇠) =⇥�1⇠1 �2⇠2 · · ·�L⇠L
⇤=:
← executed after the decryption
← executed in the controller device
modification of the decryption process to update the decryption algorithm with “Dec+”.
Dec+
Configuration using ElGamal encryption scheme
signals (cipher)
feedback(cipher)
Enc
Decplant
parameters (cipher)
Enc(�)
Enc( )f+
f⇥
Enc(⇠)
x[k + 1]
u[k]
⇠
fE(Enc(�),Enc(⇠))
f+( ) =LX
l=1
l
with and sufficient large, rounding (quantization) error can be made small.a
encrypted controller
u[k]
y[k]Enc
Enc(KpM)
Enc(yM[k])
Enc(uM[k])a�2
yM[k]
uM[k]
ba•eplant
Dec+
n
Controller Encryption 3/3
8
a 2 Nb•e : round function
KpM = ba⇥KpeyM[k] = ba⇥ y[k]euM[k] = KpMyM[k]
Kp
y[k]
u[k] = Kpy[k]
example: , then .Kp = 0.83, a = 1000 KpM = b1000⇥ 0.83e = 830
RemarksSignals & parameters are real; Plaintext is integer. need a map: multiplying by a natural number and rounding off to an integer, i.e.,
Simulation: Controller Encryption
9
(key length 25bit)
Things seen in controller
encrypted controller
normal:
proposed:
u[k]
y[k]
controller
n = 67108913 g = 3
Enc(�)
�
� =
2
41 0.0063 00 0.3678 0.006310 �99.90 3
3
5
=
Enc(x[k])Enc(y[k])
�Enc(⇠[k])
Enc( [k])
0 1 2 3 4 5
-3
-2
-1
0
1
0 1 2 3 4 5-0.5
0
0.5
1
1.5
time [s] time [s]
control output
0 1 2 3 4 5time [s]
01234 × 107
0 1 2 3 4 5time [s]
01234 × 107
0 1 2 3 4 5time [s]
01234 × 107
0 1 2 3 4 5time [s]
01234 × 107
0 1 2 3 4 5time [s]
01234 × 107
0 1 2 3 4 5time [s]
01234 × 107
0 1 2 3 4 50
1
2
3
4 × 107
0 1 2 3 4 50
1
2
3
4 × 107
6 signals related to control
2 signals related to output
0 1 2 3 4 5-0.5
0
0.5
1
1.5
0 1 2 3 4 5
-3
-2
-1
0
1
Enc(�)2 =
2
414170023 24305287 411447224817983 26559389 3337940629922594 31813162 24125985
3
5
Enc(�)1 =
2
416354115 11333831 1242809425939844 22437363 1765074523018684 228286 8037052
3
5
Validation: Protection from Stealing
10
System identification (n4sid)
-150
-100
-50
0
50
10-2 100 102-270-225-180-135-90-450
frequency [rad/s]
gain
[d
B]
phas
e [deg
]
original closed loop systemwithout encryptionwith encryption(RSA)with encryption(ElGamal)
Conclusion
11
Introduction Problem Statement controller encryption problem
Encrypted Controller homomorphism of specific encryption scheme remarks in quantization error
Simulation & Validation enable to conceal signals & parameters inside the controller device in terms of cryptography. enable to hide dynamics of the control system.
Future works incorporate an attack detection method. validate computation cost of encrypted controller.
-150
-100
-50
0
50
10-2 100 102-270-225-180-135-90-450
frequency [rad/s]
gain
[d
B]
phas
e [deg
]
original closed loop systemwithout encryptionwith encryption(RSA)with encryption(ElGamal)
0 1 2 3 4 5time [s]
01234 × 107
0 1 2 3 4 5time [s]
01234 × 107
0 1 2 3 4 5time [s]
01234 × 107
0 1 2 3 4 5time [s]
01234 × 107
0 1 2 3 4 5time [s]
01234 × 107
0 1 2 3 4 5time [s]
01234 × 107
0 1 2 3 4 50
1
2
3
4 × 107
0 1 2 3 4 50
1
2
3
4 × 107