“A Cryptographic Toolbox for Feedback Control Systems”

Authors: Petter Solnør,
Affiliation: NTNU, Department of Engineering Cybernetics
Reference: 2020, Vol 41, No 4, pp. 313-332.

Keywords: Cryptography, Feedback Control System, Networked Control System, Authenticated Encryption

Abstract: Feedback control systems consist of components such as sensory systems, state estimators, controllers, and actuators. By transmitting signals between these components across insecure transmission channels, feedback control systems become vulnerable to cyber-physical attacks. For example, passive eavesdropping attacks may result in a leak of confidential system and control parameters. Active deception attacks may manipulate the behavior of the state estimators, controllers, and actuators through the injection of spoofed data. To prevent such attacks, we must ensure that the transmitted signals remain confidential across the transmission channels, and that spoofed data is not allowed to enter the feedback control system. We can achieve both these goals by using cryptographic tools. By encrypting the signals, we achieve confidential signal transmission. By applying message authentication codes (MACs), we assert the authenticity of the data before allowing it to enter the components of the feedback control system. In this paper, a toolbox containing implementations of state-of-the-art high-performance algorithms such as the Advanced Encryption Standard (AES), the AEGIS stream cipher, the Keyed-Hash Message Authentication Code (HMAC), and the stream ciphers from the eSTREAM portfolio, is introduced. It is shown how the algorithm implementations can be used to ensure secure signal transmission between the components of the feedback control system, and general guidelines that the users must adhere to for safe operation are provided.

PDF PDF (1028 Kb)        DOI: 10.4173/mic.2020.4.3

[1] Anderson, R., Biham, E., and Knudsen, L. (2000). The case for serpent, 2000.
[2] Bellare, M. and Namprempre, C. (2008). Authenticated encryption: Relations among notions and analysis of the generic composition paradigm, J. Cryptol.. 21(4):469–491. doi:10.1007/s00145-008-9026-x
[3] Berbain, C., Billet, O., Canteaut, A., Courtois, N., Gilbert, H., Goubin, L., Gouget, A., Granboulan, L., Lauradoux, C., Minier, M., Pornin, T., and Sibert, H. (2008). Sosemanuk, a fast software-oriented stream cipher, page 98–118, Springer-Verlag, Berlin, Heidelberg.
[4] Bernstein, D. (2008). Chacha, a variant of salsa20, 2008.
[5] Biryukov, A. and Wagner, D. (1999). Slide attacks, In L.Knudsen, editor, Fast Software Encryption. Springer Berlin Heidelberg, Berlin, Heidelberg, pages 245--259.
[6] Boesgaard, M., Vesterager, M., and Zenner, E. (2008). The Rabbit Stream Cipher, page 69–83, Springer-Verlag, Berlin, Heidelberg.
[7] Crutchfield, C. (2014). Implementing and Optimizing Encryption Algorithms for the ARMv8-A Architecture, Master's thesis, California State University - Sacramento, 6000 J St, Sacramento, CA 95819, USA.
[8] Dai, W. (2020). Crypto++, 2020. https://www.cryptopp.com/. Accessed: 2020-12-16.
[9] Dang, Q.H. (2008). The keyed-hash message authentication code (hmac) - fips 198-1, Technical report, Gaithersburg, MD, USA.
[10] Dang, Q.H. (2015). Secure hash standard - fips 180-4, Technical report, Gaithersburg, MD, USA.
[11] de Sá, A.O., d.C.Carmo, L. F.R., and Machado, R. C.S. (2017). Covert attacks in cyber-physical control systems, IEEE Transactions on Industrial Informatics. 13(4):1641--1651. doi:10.1109/TII.2017.2676005
[12] Duong, T. and Rizzo, J. (2011). Here come the oplus ninjas, Unpublished.
[13] Dworkin, M.J. (2001). Sp 800-38a 2001 edition, recommendation for block cipher modes of operation: Methods and techniques. Technical report, Gaithersburg, MD, USA.
[14] Gupta, R.A. and Chow, M. (2008). Performance assessment and compensation for secure networked control systems, In 2008 34th Annual Conference of IEEE Industrial Electronics. pages 2929--2934. doi:10.1109/IECON.2008.4758425
[15] Hespanha, J.P., Naghshtabrizi, P., and Xu, Y. (2007). A survey of recent results in networked control systems, Proceedings of the IEEE. 95(1):138--162. doi:10.1109/JPROC.2006.887288
[16] Jithish, J. and Sankaran, S. (2017). Securing networked control systems: Modeling attacks and defenses, In 2017 IEEE International Conference on Consumer Electronics-Asia (ICCE-Asia). pages 7--11. doi:10.1109/ICCE-ASIA.2017.8309317
[17] Lera, F. J.R., Balsa, J., Casado, F., Fernandez, C., Rico, F.M., and Matellan, V. (2016). Cybersecurity in autonomous systems: Evaluating the performance of hardening ros, Malaga, Spain. 47.
[18] Maritime Robotics. (2020). The portable usv system, 2020. https://www.maritimerobotics.com/otter. Accessed: 2020-12-18.
[19] NIST. (2001). Specification for the advanced encryption standard (aes), Federal Information Processing Standards Publication 197.
[20] OpenSSL Software Foundation. (2020). OpenSSL, 2020. https://www.openssl.org/. Accessed: 2020-12-20.
[21] Osvik, D.A. (2000). Speeding up serpent, In AES Candidate Conference. 2000.
[22] Pang, Z., Zheng, G., Liu, G., and Luo, C. (2011). Secure transmission mechanism for networked control systems under deception attacks, In 2011 IEEE International Conference on Cyber Technology in Automation, Control, and Intelligent Systems. pages 27--32. doi:10.1109/CYBER.2011.6011758
[23] Rodríguez-Lera, F.J., Matellán-Olivera, V., Balsa-Comerón, J., Guerrero-Higueras, n.M., and Fernández-Llamas, C. (2018). Message encryption in robot operating system: Collateral effects of hardening mobile robots, Frontiers in ICT. 5:11. doi:10.3389/fict.2018.00002
[24] Solnor, P. (2020). CryptoToolbox, https://github.com/pettsol/CryptoToolbox.
[25] Teixeira, A., Sou, K.C., Sandberg, H., and Johansson, K.H. (2013). Quantifying Cyber-Security for Networked Control Systems, pages 123--142, Springer International Publishing, Heidelberg. doi:10.1007/978-3-319-01159-2_7
[26] Volden, O. and Solnor, P. (2020). Crypto ROS: Real-time authenticated encryption of vision-based sensor signals in ROS, https://github.com/oysteinvolden/Real-time-sensor-encryption, 2020.
[27] wolfSSL Inc. (2020). wolfCrypt, 2020. https://www.wolfssl.com/products/wolfcrypt-2/. Accessed: 2020-12-20.
[28] Wu, H. (2008). The stream cipher hc-128, In The eSTREAM Finalists. 2008.
[29] Wu, H. and Preneel, B. (2014). Aegis: A fast authenticated encryption algorithm, In T.Lange, K.Lauter, and P.Lisonek, editors, Selected Areas in Cryptography -- SAC 2013. Springer Berlin Heidelberg, Berlin, Heidelberg, pages 185--201.

  title={{A Cryptographic Toolbox for Feedback Control Systems}},
  author={Solnør, Petter},
  journal={Modeling, Identification and Control},
  publisher={Norwegian Society of Automatic Control}