Applications of Cryptographic Methods in Feedback Control
Abstract
Advances in information and communication technologies drive rapid developments in and increased adoption of unmanned and autonomous vehicles, desirable in numerous applications, such as public transportation, shipping, environmental mapping, and remote surveillance systems. Onboard these vehicles are increasingly modular guidance, navigation, and control systems connected across general-purpose networks, often called networked control systems, enabling more flexible hardware- and software architectures, reducing maintenance costs, and ensuring ease of installation. Moreover, increased connectivity and cloud computing technology permit outsourcing computational tasks to cloud-computing services. However, this increased connectivity also introduces new challenges concerning cybersecurity. Insecure communication channels make systems vulnerable to cyberattacks such as data injection, spoofing, and replay attacks. Similarly, outsourcing computations to third-party cloud servers may cause leaks of confidential system information.
Throughout this thesis, we are concerned with securing communication links onboard these vehicles and designing privacy-preserving systems with which we can outsource computations without exposing private information to inadvertent leaks. To this end, the thesis is composed of two parts. In the first part, we are concerned with secure signal transmission between distributed components in networked control systems and conventional cybersecurity. The second part of the thesis presents methods to design privacy-preserving control and guidance systems and information fusion schemes.
We start the first part of the thesis by considering using stream ciphers and authenticated encryption to obtain secure and computationally efficient data transmission in distributed guidance, navigation, and control systems connected over multi-purpose networks. We are motivated by the observation that previous studies have suggested using various ad-hoc constructions to achieve authenticated encryption for secure signal transmission between the components of networked control systems. However, these constructions consist of compositions of block ciphers and legacy algorithms with questionable efficiency and security. To this end, we show how we can use modern stream ciphers and cryptographically strong authenticated encryption to achieve secure and efficient data transfer between computing devices in distributed guidance, navigation, and control architectures. Through experimental validation of a cryptographic pipeline in the Robot Operating System, we show that modern stream ciphers perform very well on sensor data such as images and point clouds, which require significant throughput. Hence, using these algorithms should enhance security without adversely affecting the overall performance of the closed-loop system. We also consider the use of 'compress-then-encrypt' schemes and show that compression should only be used if the bandwidth is constrained.
We then consider potential cyber-physical attacks against vehicles with distributed guidance, navigation, and control architectures. To this end, we use an unmanned surface vehicle where the navigation and the guidance & control systems run on different computing devices. By spooffing the address resolution protocol, we redirect the signal transmission through a device under our control, where we can change the position and heading estimates from the navigation device. These changes then result in predictable changes in the vehicle's path. Since the only integrity check used by the communication protocol consists of un-keyed cyclic redundancy checks, we can recompute the cyclic redundancy check of the manipulated messages such that the attack goes undetected by the guidance & control system. We show how to prevent such attacks by imposing authenticated encryption on the communication links. We also demonstrate that auxiliary information, such as timestamps, is essential to detect replay attacks.
In the second part of the thesis, we consider the design, implementation, and experimental validation of privacy-preserving systems which we can host on cloud infrastructure without leaking information. To this end, we use a cryptographic concept called homomorphic encryption to design encrypted systems that perform computations directly on encrypted data. We start the second part of the thesis by presenting and implementing an encrypted control system for the surge speed and yaw of an unmanned surface vehicle that computes encrypted thrust allocations over encrypted control gains and state information. We achieve this using a cryptosystem called labeled homomorphic encryption, which allows both homomorphic additions and homomorphic multiplications at the cost of revealing the function we are evaluating. We then validate the effectiveness of the encrypted control system through field experiments on an unmanned surface vehicle in the Trondheim Fjord, where it is exposed to considerable environmental disturbances.
We proceed by conceptualizing, designing, and implementing encrypted guidance systems. The motivation is that guidance systems are outer-loop systems that are iterated less frequently than inner-loop control systems that compute thrust allocations. Therefore, we argue that it is more intuitive to outsource guidance systems than encrypted control systems. To this end, we show that by revealing the bearing between individual waypoints and linearizing the line-of-sight and integral line-of-sight guidance laws, we can use an additively homomorphic cryptosystem to design encrypted guidance systems with and without integral action. These guidance systems operate with plaintext gains but compute encrypted course and heading commands using encrypted position measurements and waypoints. Hence, the host of the guidance system cannot derive the vehicle's position and planned path. We show that these guidance laws are locally exponentially stable and argue that, in practice, local stability is often sufficient for guidance laws since the vehicles tend to stay close to their desired paths. Finally, we demonstrate the effectiveness of an encrypted system with integral action through field experiments on the Trondheim Fjord using an unmanned surface vehicle.
Finally, we consider the fusion of encrypted unbiased Gaussian estimates using a concept called encrypted fast covariance intersection. Fusing estimates directly in encrypted form can be desirable for numerous reasons; for example, we present a collaborative air defense surveillance system as a potential use case. Countries may want to collaborate to obtain a more accurate, fused position estimate of a target. However, sharing radar data may not be possible since the accuracy of individual radar stations may be considered classiffied. To this end, encrypted fast covariance intersection allows sharing and fusing estimates without revealing how accurate each estimate is and, thus, how well each sensor system performs. A variant of encrypted fast covariance intersection already exists. However, we show how we can use stream ciphers and privacy-preserving aggregation to design accelerated and decentralized variants of the scheme, respectively. Using simulations, we demonstrate that the accelerated variant is approximately five to six orders of magnitude faster than the existing algorithm. In addition, for a 128-bit level of security, we show that the accelerated variant reduces the amount of data transmitted by approximately 99%. The decentralized scheme is slower than the original scheme but eliminates the need for a fusion center and the assumption that all recipients must be honest. We also demonstrate that the performance of the two variants is identical to the existing scheme in terms of the accuracy of the fused output.