Controller encryption using RSA public-key encryption scheme (Asian Control Conference 2015)

Controller encryption using RSA public-key encryption scheme (Asian Control Conference 2015)

• 1.
  June 3 Wed.,2015, 11:20-11:30, Technology And Theory For Cybersecurity Of Industrial Control Systems @ Meeting Room 2 Security  Enhancements  of  Networked   Control  Systems  Using  RSA  Public-‐‑‒ Key  Cryptosystem Takahiro Fujita Nara Institute of Science and Technology Kiminao Kogiso, Kenji Sawada and Seiichi Shin University of Electro-Communications The 10th Asian Control Conference May 31 to June 3, 2015 @ Sutera Harbour Resort, Sabah, Malaysia
• 2.
  Outline 2 Introduction   Problem  Statement  RSA-‐‑‒Encrypted  Controller   Simulation  &  Validation   Conclusion
• 3.
  Introduction 3 Controller device isimportant, but exposed to threats of hacking and targeted attacks. signals: interruption, modeling, stealing recipe, management policy and know-how parameters: knowledges about system designs and operations Attacks to networked control system plantcontroller ref. (recipe) control signals feedback signals parameters [1] Sandberg et al., 2015. [2] Sato et al., 2015. [3] Pang et al., 2011 Related works aiming to conceal the signals control-theoretical approach: detection[1], positive use of noises[2] cryptography-based approach: encryption of communication links[3] no studies trying to encrypt the controller itself… control (cipher) feedback (cipher) EncDec Enc Dec plantcontroller ref. ref. (cipher) Enc Dec
• 4.
  Introduction 4 Objective of thiswork Realize a cryptography-based control law to conceal both the signals & parameters. control (cipher) feedback (cipher) EncDec Enc Dec plantcontroller ref. ref. (cipher) Enc Dec conventional: control (cipher) feedback (cipher) Enc Dec plantencrypted controller ref. ref. (cipher) Enc parameters (cipher) proposed: The encrypted controller: calculates an encrypted control directly from an encrypted feedback signal & an encrypted reference using encrypted parameters, and incorporates homomorphism of RSA public-key encryption into the control law.
• 5.
  Problem Statement 5 Encryption ofcontroller Consider a feedback control law : K: scalar gain k : discrete time : scalar plant output : scalar control inputu y f Controller encryption problem: Given an encryption scheme , for a control law realize an encrypted law .fE fE Define an encrypted control law , given an encryption scheme , satisfyingfE fE (Enc(K), Enc(y)) = Enc(f(K, y)) 5 control (cipher) feedback (cipher) Enc Dec plant parameters (cipher) fE (Enc(K), Enc(y)) Enc(y) Enc(u) u y Enc(K) E . u[k] = f(K, y[k]) := Ky[k]
• 6.
  RSA-Encrypted Controller 6[4] Rivest,“A Method for Obtaining Digital Signatures and Public-Key Cryptosystem”, 1978. [5] Rivest, “On Data Banks and Privacy Homomorphisms”, 1978. RSA public-key encryption RSA encryption scheme[4,5] (Rivest-Shamir-Adelman cryptosystem) key generation: public keys , , and private key (prime numbers) encryption: decryption: e n d m c : integer in plaintext space : integer in ciphertext space Homomorphism of the RSA encryption[5] Enc(m1 ⇥ m2) = Enc(m1) ⇥ Enc(m2) mod n Assumed that and , then the following holds.m1 = K m2 = y fE (Enc(K), Enc(y)) := Enc(K) ⇥ Enc(y) mod n = Enc(K ⇥ y) = Enc(u) c = Enc(m) = me mod n m = Enc(c) = cd mod n
• 7.
  RSA-Encrypted Controller 7 a 2N b•e : round function KpM = ba ⇥ Kpe yM[k] = ba ⇥ y[k]e uM[k] = KpMyM[k] Kp y[k] u[k] = Kpy[k] example: , then .Kp = 0.83, a = 1000 KpM = b1000 ⇥ 0.83e = 830 Remarks Signals & parameters are real; Plaintext is integer. need a map: multiplying by a natural number and rounding off to an integer, i.e., with and sufficient large, rounding (quantization) error can be made small. Enc(uM[k]) = Enc(KpM)Enc(yM) mod n a encrypted controller u[k] y[k] Enc Dec Enc(KpM) Enc(yM[k]) Enc(uM[k]) a 2 yM[k] uM[k] ba•e plant n
• 8.
  Simulation: Controller Encryption 8 Enc(KpM)= (ba ⇥ Kpe)e mod n = 36364958n = 94399927 e = 587 d = 42929459 (key length 27bit) Things seen in controller Kp = 0.83 Enc(KpM) = 36364958 encrypted controller Enc(KpM) Enc(yM[k]) Enc(uM[k]) 0 10 20 30 0 5 10 x 10 7 Enc(uM[k]) time[s] −1 0 1 0 10 20 30 0 5 10 x 10 7 Enc(yM[k]) time[s] −1 0 1 u[k]y[k] normal: proposed: Kp u[k] y[k] controller a = 1000
• 9.
  Validation: Protection fromStealing 9 Result of system identification (n4sid) −150 −100 −50 0 50 10 −1 10 0 10 1 10 2 10 3 −270 −180 −90 0 original closed loop system without encryption with encryption frequency[rad/s] gain[dB]phase[deg]
• 10.
  Conclusion 10 0 10 2030 0 5 10 x 10 7 Enc(uM[k]) time[s] −1 0 1 0 10 20 30 0 5 10 x 10 7 Enc(yM[k]) time[s] −1 0 1 u[k]y[k] −150 −100 −50 0 50 10 −1 10 0 10 1 10 2 10 3 −270 −180 −90 0 original closed loop system without encryption with encryption frequency[rad/s] gain[dB]phase[deg] Introduction Problem Statement controller encryption problem RSA-Encrypted Controller homomorphism of RSA encryption remarks in quantization error Simulation & Validation enable to conceal signals & parameters inside the controller device in terms of cryptography. enable to hide dynamics of the control system. Future works conceal control operations perfectly. extend to linear and polynomial control laws.
• 11.
  Simulation: Computation Cost 11 0500 1000 1500 2000 2500 3000 0 1 2 3 4 x 10 −4 steps(sampling interval : 10ms) computationaltime[s] MATLAB R2014a Intel Core i5 3.2GHz RAM16GB