Encrypted Dynamic Control exploiting Limited Number of Multiplications and a Method using Ring-LWE based Cryptosystem

In this paper, we present a method to encrypt dynamic controllers that can be implemented through most homomorphic encryption schemes, including somewhat, leveled fully, and fully homomorphic encryption. To this end, we represent the output of the given controller as a linear combination of a fixed number of previous inputs and outputs. As a result, the encrypted controller involves only a limited number of homomorphic multiplications on every encrypted data, assuming that the output is re-encrypted and transmitted back from the actuator. A guidance for parameter choice is also provided, ensuring that the encrypted controller achieves predefined performance for an infinite time horizon. Furthermore, we propose a customization of the method for Ring-Learning With Errors (Ring-LWE) based cryptosystems, where a vector of messages can be encrypted into a single ciphertext and operated simultaneously, thus reducing computation and communication loads. Unlike previous results, the proposed customization does not require extra algorithms such as rotation, other than basic addition and multiplication. Simulation results demonstrate the effectiveness of the proposed method.Comment: 11 pages, 4 figures, submitted to IEEE Transactions on Systems, Man, and Cybernetics: System

Fully Homomorphic Encryption-enabled Distance-based Distributed Formation Control with Distance Mismatch Estimators

This paper considers the use of fully homomorphic encryption for the realisation of distributed formation control of multi-agent systems via edge computer. In our proposed framework, the distributed control computation in the edge computer uses only the encrypted data without the need for a reset mechanism that is commonly required to avoid error accumulation. Simulation results show that, despite the use of encrypted data on the controller and errors introduced by the quantization process prior to the encryption, the formation is able to converge to the desired shape. The proposed architecture offers insight on the mechanism for realising distributed control computation in an edge/cloud computer while preserving the privacy of local information coming from each agent

Privacy-aware Security Applications in the Era of Internet of Things

In this dissertation, we introduce several novel privacy-aware security applications. We split these contributions into three main categories: First, to strengthen the current authentication mechanisms, we designed two novel privacy-aware alternative complementary authentication mechanisms, Continuous Authentication (CA) and Multi-factor Authentication (MFA). Our first system is Wearable-assisted Continuous Authentication (WACA), where we used the sensor data collected from a wrist-worn device to authenticate users continuously. Then, we improved WACA by integrating a noise-tolerant template matching technique called NTT-Sec to make it privacy-aware as the collected data can be sensitive. We also designed a novel, lightweight, Privacy-aware Continuous Authentication (PACA) protocol. PACA is easily applicable to other biometric authentication mechanisms when feature vectors are represented as fixed-length real-valued vectors. In addition to CA, we also introduced a privacy-aware multi-factor authentication method, called PINTA. In PINTA, we used fuzzy hashing and homomorphic encryption mechanisms to protect the users\u27 sensitive profiles while providing privacy-preserving authentication. For the second privacy-aware contribution, we designed a multi-stage privacy attack to smart home users using the wireless network traffic generated during the communication of the devices. The attack works even on the encrypted data as it is only using the metadata of the network traffic. Moreover, we also designed a novel solution based on the generation of spoofed traffic. Finally, we introduced two privacy-aware secure data exchange mechanisms, which allow sharing the data between multiple parties (e.g., companies, hospitals) while preserving the privacy of the individual in the dataset. These mechanisms were realized with the combination of Secure Multiparty Computation (SMC) and Differential Privacy (DP) techniques. In addition, we designed a policy language, called Curie Policy Language (CPL), to handle the conflicting relationships among parties. The novel methods, attacks, and countermeasures in this dissertation were verified with theoretical analysis and extensive experiments with real devices and users. We believe that the research in this dissertation has far-reaching implications on privacy-aware alternative complementary authentication methods, smart home user privacy research, as well as the privacy-aware and secure data exchange methods

Cryptographic Foundations For Control And Optimization: Making Cloud-Based And Networked Decisions On Encrypted Data

Advances in communication technologies and computational power have determined a technological shift in the data paradigm. The resulting architecture requires sensors to send local data to the cloud for global processing such as estimation, control, decision and learning, leading to both performance improvement and privacy concerns. This thesis explores the emerging field of private control for Internet of Things, where it bridges dynamical systems and computations on encrypted data, using applied cryptography and information-theoretic tools.Our research contributions are privacy-preserving interactive protocols for cloud-outsourced decisions and data processing, as well as for aggregation over networks in multi-agent systems, both of which are essential in control theory and machine learning. In these settings, we guarantee privacy of the data providers\u27 local inputs over multiple time steps, as well as privacy of the cloud service provider\u27s proprietary information. Specifically, we focus on (i) private solutions to cloud-based constrained quadratic optimization problems from distributed private data; (ii) oblivious distributed weighted sum aggregation; (iii) linear and nonlinear cloud-based control on encrypted data; (iv) private evaluation of cloud-outsourced data-driven control policies with sparsity and low-complexity requirements. In these scenarios, we require computational privacy and stipulate that each participant is allowed to learn nothing more than its own result of the computation. Our protocols employ homomorphic encryption schemes and secure multi-party computation tools with the purpose of performing computations directly on encrypted data, such that leakage of private information at the computing entity is minimized. To this end, we co-design solutions with respect to both control performance and privacy specifications, and we streamline their implementation by exploiting the rich structure of the underlying private data

Cryptography and Its Applications in Information Security

Nowadays, mankind is living in a cyber world. Modern technologies involve fast communication links between potentially billions of devices through complex networks (satellite, mobile phone, Internet, Internet of Things (IoT), etc.). The main concern posed by these entangled complex networks is their protection against passive and active attacks that could compromise public security (sabotage, espionage, cyber-terrorism) and privacy. This Special Issue “Cryptography and Its Applications in Information Security” addresses the range of problems related to the security of information in networks and multimedia communications and to bring together researchers, practitioners, and industrials interested by such questions. It consists of eight peer-reviewed papers, however easily understandable, that cover a range of subjects and applications related security of information

Theory and Practice of Cryptography and Network Security Protocols and Technologies

In an age of explosive worldwide growth of electronic data storage and communications, effective protection of information has become a critical requirement. When used in coordination with other tools for ensuring information security, cryptography in all of its applications, including data confidentiality, data integrity, and user authentication, is a most powerful tool for protecting information. This book presents a collection of research work in the field of cryptography. It discusses some of the critical challenges that are being faced by the current computing world and also describes some mechanisms to defend against these challenges. It is a valuable source of knowledge for researchers, engineers, graduate and doctoral students working in the field of cryptography. It will also be useful for faculty members of graduate schools and universities

An Approach to Guide Users Towards Less Revealing Internet Browsers

When browsing the Internet, HTTP headers enable both clients and servers send extra data in their requests or responses such as the User-Agent string. This string contains information related to the sender’s device, browser, and operating system. Previous research has shown that there are numerous privacy and security risks result from exposing sensitive information in the User-Agent string. For example, it enables device and browser fingerprinting and user tracking and identification. Our large analysis of thousands of User-Agent strings shows that browsers differ tremendously in the amount of information they include in their User-Agent strings. As such, our work aims at guiding users towards using less exposing browsers. In doing so, we propose to assign an exposure score to browsers based on the information they expose and vulnerability records. Thus, our contribution in this work is as follows: first, provide a full implementation that is ready to be deployed and used by users. Second, conduct a user study to identify the effectiveness and limitations of our proposed approach. Our implementation is based on using more than 52 thousand unique browsers. Our performance and validation analysis show that our solution is accurate and efficient. The source code and data set are publicly available and the solution has been deployed