On the (non-)resilience of encrypted controllers to covert attacks

TL;DR

This paper examines the vulnerabilities of encrypted control systems to covert attacks and proposes a verifiable computation approach to enhance their resilience without additional communication costs.

Contribution

It demonstrates the inherent malleability of homomorphic encryption schemes in encrypted control and introduces a verifiable computation method to improve attack resilience.

Findings

Encrypted control schemes are vulnerable to covert attacks due to homomorphic encryption malleability.

Homomorphic encryption alone cannot ensure integrity against certain attacks in control systems.

Verifiable computation can provide asymptotic security without extra communication overhead.

Abstract

The security of networked control systems (NCS) is receiving increasing attention from both cyber-security and system-theoretic perspectives. The former focuses on classical IT security goals such as confidentiality, integrity, and availability of process data, while the latter investigates tailored attacks (and detection schemes), including covert and zero-dynamics attacks. Confidentiality in control systems can, for instance, be achieved by securely outsourcing the evaluation of the controller to third-party platforms, such as cloud services. The underlying technology enabling such secure computation often is homomorphic encryption (HE). Recent works in encrypted control have proposed modifications to underlying HE schemes to achieve not only confidentiality but also resilience to certain types of integrity attacks. While extensions in this direction are desirable in principle, we show that the integrity problem in encrypted control cannot be solved by public-key HE schemes alone due to their inherent malleability. In other words, the same homomorphisms that enable encrypted control in the first place can be leveraged not only constructively but also destructively. More precisely, we demonstrate that NCS are vulnerable to covert attacks, even when encrypted control is employed. Remarkably, this remains possible without knowledge of an unencrypted model. Yet, resilience to such attacks can still be achieved through complementary techniques. We present an approach based on verifiable computation that integrates with modern homomorphic cryptosystems and is asymptotically secure while incurring no communication overhead.