controller encryption using rsa public-key encryption scheme (asian control conference 2015)
TRANSCRIPT
June 3 Wed., 2015, 11:20-11:30, Technology And Theory For Cybersecurity Of Industrial Control Systems @ Meeting Room 2
Security Enhancements of Networked Control Systems Using RSA Public-‐‑‒
Key Cryptosystem
Takahiro FujitaNara Institute of Science and Technology
Kiminao Kogiso, Kenji Sawada and Seiichi ShinUniversity of Electro-Communications
The 10th Asian Control ConferenceMay 31 to June 3, 2015
@ Sutera Harbour Resort, Sabah, Malaysia
Outline
2
Introduction Problem Statement RSA-‐‑‒Encrypted Controller Simulation & Validation Conclusion
Introduction
3
Controller device is important, but exposed to threats of hacking and targeted attacks. signals: interruption, modeling, stealing recipe, management policy and know-how parameters: knowledges about system designs and operations
Attacks to networked control system
plantcontrollerref. (recipe)
control signals
feedback signalsparameters
[1] Sandberg et al., 2015. [2] Sato et al., 2015. [3] Pang et al., 2011
Related works aiming to conceal the signals control-theoretical approach: detection[1], positive use of noises[2] cryptography-based approach: encryption of communication links[3]
no studies trying to encrypt the controller itself…
control (cipher)
feedback(cipher)
EncDec
Enc Decplantcontroller
ref. ref.
(cipher)Enc Dec
Introduction
4
Objective of this workRealize a cryptography-based control law to conceal both the signals & parameters.
control (cipher)
feedback(cipher)
EncDec
Enc Decplantcontroller
ref. ref.
(cipher)Enc Dec
conventional:
control (cipher)
feedback(cipher)
Enc
Decplantencrypted
controller
ref. ref.
(cipher)Enc
parameters (cipher)
proposed:
The encrypted controller: calculates an encrypted control directly from an encrypted feedback signal & an encrypted reference using encrypted parameters, and
incorporates homomorphism of RSA public-key encryption into the control law.
Problem Statement
5
Encryption of controllerConsider a feedback control law :
K : scalar gain k : discrete time
: scalar plant output: scalar control inputu
y
f
Controller encryption problem:
Given an encryption scheme , for a control law realize an encrypted law .fE fE
Define an encrypted control law , given an encryption scheme , satisfyingfE
fE(Enc(K),Enc(y)) = Enc(f(K, y))
5
control (cipher)
feedback(cipher)
Enc
Decplant
parameters (cipher)
fE(Enc(K),Enc(y))
Enc(y)
Enc(u) u
yEnc(K)
E
.
u[k] = f(K, y[k]) := Ky[k]
RSA-Encrypted Controller
6[4] Rivest, “A Method for Obtaining Digital Signatures and Public-Key Cryptosystem”, 1978. [5] Rivest, “On Data Banks and Privacy Homomorphisms”, 1978.
RSA public-key encryptionRSA encryption scheme[4,5] (Rivest-Shamir-Adelman cryptosystem)
key generation: public keys , , and private key (prime numbers)
encryption:
decryption:
e n d
m
c
: integer in plaintext space
: integer in ciphertext space
Homomorphism of the RSA encryption[5]
Enc(m1 ⇥m2) = Enc(m1)⇥ Enc(m2) mod n
Assumed that and , then the following holds.m1 = K m2 = y
fE(Enc(K),Enc(y)) := Enc(K)⇥ Enc(y) mod n
= Enc(K ⇥ y) = Enc(u)
c = Enc(m) = memod n
m = Enc(c) = cd mod n
RSA-Encrypted Controller
7
a 2 Nb•e : round function
KpM = ba⇥KpeyM[k] = ba⇥ y[k]euM[k] = KpMyM[k]
Kp
y[k]
u[k] = Kpy[k]
example: , then .Kp = 0.83, a = 1000 KpM = b1000⇥ 0.83e = 830
RemarksSignals & parameters are real; Plaintext is integer.
need a map: multiplying by a natural number and rounding off to an integer, i.e.,
with and sufficient large, rounding (quantization) error can be made small.
Enc(uM[k]) = Enc(KpM)Enc(yM) mod n
a
encrypted controller
u[k]
y[k]Enc
Dec
Enc(KpM)
Enc(yM[k])
Enc(uM[k])a�2
yM[k]
uM[k]
ba•eplant
n
Simulation: Controller Encryption
8
Enc(KpM) = (ba⇥Kpe)e mod n = 36364958n = 94399927 e = 587 d = 42929459(key length 27bit)
Things seen in controller
Kp = 0.83
Enc(KpM) = 36364958
encrypted controller
Enc(KpM)
Enc(yM[k])
Enc(uM[k])
0 10 20 300
5
10x 107
Enc(uM[k])
time[s]−1
0
1
0 10 20 300
5
10x 107
Enc(yM[k])
time[s]−1
0
1
u[k]
y[k]
normal:
proposed:
Kp
u[k]
y[k]
controller
a = 1000
Validation: Protection from Stealing
9
Result of system identification (n4sid)
−150
−100
−50
0
50
10−1
100
101
102
103
−270
−180
−90
0
original closed loop systemwithout encryptionwith encryption
frequency[rad/s]
gain
[dB
]phas
e[deg
]
Conclusion
10
0 10 20 300
5
10x 107
Enc(uM[k])
time[s]−1
0
1
0 10 20 300
5
10x 107
Enc(yM[k])
time[s]−1
0
1
u[k]
y[k]
−150
−100
−50
0
50
10−1
100
101
102
103
−270
−180
−90
0
original closed loop systemwithout encryptionwith encryption
frequency[rad/s]
gain
[dB
]phas
e[deg
]
Introduction Problem Statement controller encryption problem
RSA-Encrypted Controller homomorphism of RSA encryption remarks in quantization error
Simulation & Validation enable to conceal signals & parameters inside the controller device in terms of cryptography. enable to hide dynamics of the control system.
Future works conceal control operations perfectly. extend to linear and polynomial control laws.