As the control system has been connected to the network, it has become vulnerable to malicious attacks using information leakage from the control system and the security of the control system has been a significant issue.
Recently, CDSL has released a C++ library named ECLIB (Encrypted Controller LIBrary).
ECLIB provides C++ modules to convert a linear single-input single-output (SISO) controller into an encrypted controller. The main goal of ECLIB is to give designers an easy way to convert their original controller to an encrypted controller and simulate its performance.
ECLIB is developed based on the method proposed in the paper [1] on homomorphic encryption (especially, LWE-based encryption) of dynamic control system. Homomorphic encryption allows the controller to operate directly on encrypted data, without requiring any decryption in the process. For the control system in Figure 1, if the controller is homomorphically encrypted, all the control operations are performed in the ciphertext space. So the controller is unable to know the secret key or the plaintext of an input signal, thus the system attacker can’t get information from controller access.
There are libraries that formulate a homomorphic encryption system and provide encryption, decryption, and various computation functions such as SEAL and HEAAN. However, in order to build an encrypted controller, it is not enough to apply such homomorphic cryptographic libraries. Control system designers have to determine additional cryptographic parameters so that their desired controller has practical control performance over homomorphic cryptography. In addition, it is necessary to solve the problem of controller operation on infinite time horizon, which is the main difficulty of encryption of the controller, and an increase in computation time due to data increase.
In this respect, ECLIB determines cryptosystem parameters to enable the controller to operate on infinite time horizon and ensure the performance designed by the user. The encrypted controller constructed by ECLIB will satisfy the following conditions.
- Perform one cycle of encryption and decryption of signals, control operation, and signal communication in a sampling period.
- Performance degradation by the growth of error due to LWE-based encryption, is relatively insignificant than the user’s desired bound.
- Guarantee the maximum security level while satisfying the above conditions.
ECLIB is free of charge to use and is openly distributed. For more information, please visit the following link.
[1] “Dynamic Controller that Operates over Homomorphically Encrypted Data for Infinite Time Horizon”
Junsoo Kim, Hyungbo Shim, and Kyoohyung Han
arXiv preprint arXiv:1912.07362 , 2019
Comments are closed.