Encrypted Dynamic Control exploiting Limited Number of Multiplications and a Method using Ring-LWE based Cryptosystem

In this paper, we present a method to encrypt dynamic controllers that can be implemented through most homomorphic encryption schemes, including somewhat, leveled fully, and fully homomorphic encryption. To this end, we represent the output of the given controller as a linear combination of a fixed number of previous inputs and outputs. As a result, the encrypted controller involves only a limited number of homomorphic multiplications on every encrypted data, assuming that the output is re-encrypted and transmitted back from the actuator. A guidance for parameter choice is also provided, ensuring that the encrypted controller achieves predefined performance for an infinite time horizon. Furthermore, we propose a customization of the method for Ring-Learning With Errors (Ring-LWE) based cryptosystems, where a vector of messages can be encrypted into a single ciphertext and operated simultaneously, thus reducing computation and communication loads. Unlike previous results, the proposed customization does not require extra algorithms such as rotation, other than basic addition and multiplication. Simulation results demonstrate the effectiveness of the proposed method.Comment: 11 pages, 4 figures, submitted to IEEE Transactions on Systems, Man, and Cybernetics: System

Fully Homomorphic Encryption-enabled Distance-based Distributed Formation Control with Distance Mismatch Estimators

This paper considers the use of fully homomorphic encryption for the realisation of distributed formation control of multi-agent systems via edge computer. In our proposed framework, the distributed control computation in the edge computer uses only the encrypted data without the need for a reset mechanism that is commonly required to avoid error accumulation. Simulation results show that, despite the use of encrypted data on the controller and errors introduced by the quantization process prior to the encryption, the formation is able to converge to the desired shape. The proposed architecture offers insight on the mechanism for realising distributed control computation in an edge/cloud computer while preserving the privacy of local information coming from each agent

동적제어계 제어신호의 인증된 계산

학위논문 (석사) -- 서울대학교 대학원 : 자연과학대학 수리과학부, 2020. 8. 천정희.Significant concerns on networked control system are security problems caused by the network or the controller, since a compromise on them can cause a devastating behavior or entire failure of the system. In this paper, we first propose a fundamental solution to this problem by exploiting the verifiable computation to prevent malicious behavior of controller. First, we propose a new authenticated computation to check the matrix-vector multiplications---the main arithmetic of a controller---and to check the updates on the states of the controller. It enables a plant-side not only to check computations of a controller with much less computational cost than that required for the computations itself, but also to detect any compromise on the network or the controller. In addition, the proposed authenticated computation can be applied to linear dynamic systems without any additional asymptotic computational overhead on the actuator and the controller, since the verification cost of the actuator is independent from the dimension of the states. To further reduce the cost of the actuator, we also propose a batch verification and multi-exponentiation method. These methods dramatically reduce the constant overhead of the controller so that the performance estimation of the proposed scheme demonstrates its applicability in practice.제어기나 네트워크에 대한 위조는 위험한 상태나 체계의 정지를 야기할 수 있기에, 제어기 및 네트워크에 대한 보안 문제는 네트워크화된 제어체계가 가진 큰 우려라 할 수 있다.\\ 본 학위 논문에서는 이런 악의적인 제어기 문제를 근본적으로 해결하기 위해 검증가능한 계산을 처음으로 도입한다. 우선, 제어기의 주 연산인 행렬-벡터간 곱셈을 확인하고 제어기의 상태 갱신을 확인하기 위해 인증된 계산을 새로이 제시한다. 이는 플랜트 측으로 하여금 제어기의 계산을 제어기가 행하는 계산량보다 더 적은 계산량으로 확인하게 할 뿐만 아니라, 제어기나 네트워크에 위조가 있는지도 확인 가능하게 해 준다.\\ 또한 제어기 상태의 차원과 액츄에이터의 검증 시 계산량은 독립적이기에, 인증된 계산은 액츄에이터나 제어기에 점근적으로 계산량을 추가하지 않은 채 선형동적제어계에 도입할 수 있다.\\ 이와 더불어 액츄에이터의 계산량을 줄이기 위해 본 논문에서는 묶음 검증과 다중 곱연산을 도입하였다. 이런 개념들은 제어기의 일정한 계산량을 크게 줄여주어서, 이 체계가 실제에 반영할 수 있을 정도로 성능 예측이 가능해지도록 하였다.1 Introduction 1 2 Problem Formulation and Preliminaries 5 2.1 Notation 5 2.2 Problem Formulation 6 2.3 Conversion of Real-valued Parameters to Integers 7 2.4 Verifiable Computation 9 2.5 Freivalds Algorithm: Verifying Matrix Multiplication 10 2.6 Discrete Logarithm Assumption on Finite Group 11 3 Verification of Controller Computation 13 3.1 Four points of proposed VC Scheme 14 3.1.1 Randomized Verification 14 3.1.2 Compressed Commitments 15 3.1.3 Knowledge of Exponent 15 3.1.4 Proof of Equality 16 3.2 VC schemes for linear dynamic system 17 3.3 Security of the proposed VC 19 3.4 Efficiency of the proposed VC 21 3.5 Improving Efficiency 23 3.6 Performance Estimation of proposed scheme 25 4 Conclusions 27 Appendix 32 4.1 Proof of Lemma 2 32 4.2 Necessity of Alternative Random Vector 33 4.3 Algorithms: Batch Verification 34 4.4 Algorithms: Multi-exponentiation 35 Abstract (in Korean) 37 Acknowledgement (in Korean) 38Maste

Dynamic controller that operates over homomorphically encrypted data for infinite time horizon

In this paper, we present a dynamic feedback controller that computes the next state and the control signal over encrypted data using homomorphic properties of cryptosystems, whose performance is equivalent to the linear dynamic controllers over real-valued data. Assuming that the input as well as the output of the plant is encrypted and transmitted back to the controller, it is shown that the state matrix of any linear time-invariant controller can be always converted to a matrix of integer components. This allows the dynamic feedback controller to operate for infinite time horizon without decryption or reset of its internal state. For implementation in practice, we illustrate the use of a cryptosystem that is based on the Learning With Errors problem, which allows both multiplication and addition over encrypted data. It is also shown that the effect of injected random numbers during encryption for security can be maintained within a small bound by way of the closed-loop stability.Comment: 12 pages, 3 figure

Cryptographic Foundations For Control And Optimization: Making Cloud-Based And Networked Decisions On Encrypted Data

Advances in communication technologies and computational power have determined a technological shift in the data paradigm. The resulting architecture requires sensors to send local data to the cloud for global processing such as estimation, control, decision and learning, leading to both performance improvement and privacy concerns. This thesis explores the emerging field of private control for Internet of Things, where it bridges dynamical systems and computations on encrypted data, using applied cryptography and information-theoretic tools.Our research contributions are privacy-preserving interactive protocols for cloud-outsourced decisions and data processing, as well as for aggregation over networks in multi-agent systems, both of which are essential in control theory and machine learning. In these settings, we guarantee privacy of the data providers\u27 local inputs over multiple time steps, as well as privacy of the cloud service provider\u27s proprietary information. Specifically, we focus on (i) private solutions to cloud-based constrained quadratic optimization problems from distributed private data; (ii) oblivious distributed weighted sum aggregation; (iii) linear and nonlinear cloud-based control on encrypted data; (iv) private evaluation of cloud-outsourced data-driven control policies with sparsity and low-complexity requirements. In these scenarios, we require computational privacy and stipulate that each participant is allowed to learn nothing more than its own result of the computation. Our protocols employ homomorphic encryption schemes and secure multi-party computation tools with the purpose of performing computations directly on encrypted data, such that leakage of private information at the computing entity is minimized. To this end, we co-design solutions with respect to both control performance and privacy specifications, and we streamline their implementation by exploiting the rich structure of the underlying private data

Privacy-aware Security Applications in the Era of Internet of Things

In this dissertation, we introduce several novel privacy-aware security applications. We split these contributions into three main categories: First, to strengthen the current authentication mechanisms, we designed two novel privacy-aware alternative complementary authentication mechanisms, Continuous Authentication (CA) and Multi-factor Authentication (MFA). Our first system is Wearable-assisted Continuous Authentication (WACA), where we used the sensor data collected from a wrist-worn device to authenticate users continuously. Then, we improved WACA by integrating a noise-tolerant template matching technique called NTT-Sec to make it privacy-aware as the collected data can be sensitive. We also designed a novel, lightweight, Privacy-aware Continuous Authentication (PACA) protocol. PACA is easily applicable to other biometric authentication mechanisms when feature vectors are represented as fixed-length real-valued vectors. In addition to CA, we also introduced a privacy-aware multi-factor authentication method, called PINTA. In PINTA, we used fuzzy hashing and homomorphic encryption mechanisms to protect the users\u27 sensitive profiles while providing privacy-preserving authentication. For the second privacy-aware contribution, we designed a multi-stage privacy attack to smart home users using the wireless network traffic generated during the communication of the devices. The attack works even on the encrypted data as it is only using the metadata of the network traffic. Moreover, we also designed a novel solution based on the generation of spoofed traffic. Finally, we introduced two privacy-aware secure data exchange mechanisms, which allow sharing the data between multiple parties (e.g., companies, hospitals) while preserving the privacy of the individual in the dataset. These mechanisms were realized with the combination of Secure Multiparty Computation (SMC) and Differential Privacy (DP) techniques. In addition, we designed a policy language, called Curie Policy Language (CPL), to handle the conflicting relationships among parties. The novel methods, attacks, and countermeasures in this dissertation were verified with theoretical analysis and extensive experiments with real devices and users. We believe that the research in this dissertation has far-reaching implications on privacy-aware alternative complementary authentication methods, smart home user privacy research, as well as the privacy-aware and secure data exchange methods

Speaker Recognition in Unconstrained Environments

Speaker recognition is applied in smart home devices, interactive voice response systems, call centers, online banking and payment solutions as well as in forensic scenarios. This dissertation is concerned with speaker recognition systems in unconstrained environments. Before this dissertation, research on making better decisions in unconstrained environments was insufficient. Aside from decision making, unconstrained environments imply two other subjects: security and privacy. Within the scope of this dissertation, these research subjects are regarded as both security against short-term replay attacks and privacy preservation within state-of-the-art biometric voice comparators in the light of a potential leak of biometric data. The aforementioned research subjects are united in this dissertation to sustain good decision making processes facing uncertainty from varying signal quality and to strengthen security as well as preserve privacy. Conventionally, biometric comparators are trained to classify between mated and non-mated reference,--,probe pairs under idealistic conditions but are expected to operate well in the real world. However, the more the voice signal quality degrades, the more erroneous decisions are made. The severity of their impact depends on the requirements of a biometric application. In this dissertation, quality estimates are proposed and employed for the purpose of making better decisions on average in a formalized way (quantitative method), while the specifications of decision requirements of a biometric application remain unknown. By using the Bayesian decision framework, the specification of application-depending decision requirements is formalized, outlining operating points: the decision thresholds. The assessed quality conditions combine ambient and biometric noise, both of which occurring in commercial as well as in forensic application scenarios. Dual-use (civil and governmental) technology is investigated. As it seems unfeasible to train systems for every possible signal degradation, a low amount of quality conditions is used. After examining the impact of degrading signal quality on biometric feature extraction, the extraction is assumed ideal in order to conduct a fair benchmark. This dissertation proposes and investigates methods for propagating information about quality to decision making. By employing quality estimates, a biometric system's output (comparison scores) is normalized in order to ensure that each score encodes the least-favorable decision trade-off in its value. Application development is segregated from requirement specification. Furthermore, class discrimination and score calibration performance is improved over all decision requirements for real world applications. In contrast to the ISOIEC 19795-1:2006 standard on biometric performance (error rates), this dissertation is based on biometric inference for probabilistic decision making (subject to prior probabilities and cost terms). This dissertation elaborates on the paradigm shift from requirements by error rates to requirements by beliefs in priors and costs. Binary decision error trade-off plots are proposed, interrelating error rates with prior and cost beliefs, i.e., formalized decision requirements. Verbal tags are introduced to summarize categories of least-favorable decisions: the plot's canvas follows from Bayesian decision theory. Empirical error rates are plotted, encoding categories of decision trade-offs by line styles. Performance is visualized in the latent decision subspace for evaluating empirical performance regarding changes in prior and cost based decision requirements. Security against short-term audio replay attacks (a collage of sound units such as phonemes and syllables) is strengthened. The unit-selection attack is posed by the ASVspoof 2015 challenge (English speech data), representing the most difficult to detect voice presentation attack of this challenge. In this dissertation, unit-selection attacks are created for German speech data, where support vector machine and Gaussian mixture model classifiers are trained to detect collage edges in speech representations based on wavelet and Fourier analyses. Competitive results are reached compared to the challenged submissions. Homomorphic encryption is proposed to preserve the privacy of biometric information in the case of database leakage. In this dissertation, log-likelihood ratio scores, representing biometric evidence objectively, are computed in the latent biometric subspace. Conventional comparators rely on the feature extraction to ideally represent biometric information, latent subspace comparators are trained to find ideal representations of the biometric information in voice reference and probe samples to be compared. Two protocols are proposed for the the two-covariance comparison model, a special case of probabilistic linear discriminant analysis. Log-likelihood ratio scores are computed in the encrypted domain based on encrypted representations of the biometric reference and probe. As a consequence, the biometric information conveyed in voice samples is, in contrast to many existing protection schemes, stored protected and without information loss. The first protocol preserves privacy of end-users, requiring one public/private key pair per biometric application. The latter protocol preserves privacy of end-users and comparator vendors with two key pairs. Comparators estimate the biometric evidence in the latent subspace, such that the subspace model requires data protection as well. In both protocols, log-likelihood ratio based decision making meets the requirements of the ISOIEC 24745:2011 biometric information protection standard in terms of unlinkability, irreversibility, and renewability properties of the protected voice data

LIPIcs, Volume 261, ICALP 2023, Complete Volume

LIPIcs, Volume 261, ICALP 2023, Complete Volum