An official website of the United States government
Homomorphic Encryption is a relatively new cryptographic method which, unlike tra- ditional encryption, allows computations to be preformed on encrypted data. Robotic con- trollers can take advantage of these new techniques to increase system security by en- crypting the entire motion control scheme including: sensor signals, model parameters, feedback gains, and perform computation in the ciphertext space to generate motion com- mands without a security hole. However, numerous challenges exist which have limited the wide spread adoption of homomorphically encrypted control systems. The following thesis address several of these pressing issues–cryptographic overflow and heterogenous deployment. Cryptographic overflow is a phenomenon intrinsic to homomorphic ciphers. As en- crypted data is computed on the level of ‘noise’ inside the ciphertext increases, until it becomes too great making decryption impossible, this is known as ‘overflow’. The pri- mary contributor to noise growth is multiplication. Thus, this thesis explores topological sorting methods to find semantically equivalent but syntactically simpler control expres- sions. This allows an encrypted control scheme to preform the same calculation but with fewer multiplications, thus reducing the total amount of noise injected into the system. Furthermore, encrypted calculations impose a hefty computational burden as compared to its unencrypted counterparts. As such, heterogeneous mix of different computing tech- nologies (i.e. CPU, GPU, FPGA) are needed to achieve real-time signal processing. As such, this thesis explores which aspects of an encrypted control system is best suited for which computing technology and describes a deployment strategy to take advantage of these differences.
more »
« less
Secrecy Coding in the Integrated Network Enhanced Telemetry (iNET)
Data security plays a crucial role in all areas of data transmission, processing, and storage. This paper considers security in eavesdropping attacks over wireless communication links in aeronautical telemetry systems. Data streams in these systems are often encrypted by traditional encryption algorithms such as the Advanced Encryption Standard (AES). Here, we propose a secure coding technique for the integrated Network Enhanced Telemetry (iNET) communications system that can be coupled with modern encryption schemes. We consider a wiretap scenario where there are two telemetry links between a test article (TA) and a legitimate receiver, or ground station (GS). We show how these two links can be used to transmit both encrypted and unencrypted data streams while keeping both streams secure. A single eavesdropper is assumed who can tap into both links through its noisy channel. Since our scheme does not require encryption of the unencrypted data stream, the proposed scheme offers the ability to reduce the size of the required secret key while keeping the transmitted data secure.
more »
« less
- Award ID(s):
- 1910812
- PAR ID:
- 10490050
- Publisher / Repository:
- International Foundation for Telemetering
- Date Published:
- Journal Name:
- Proceedings International Telemetering Conference US
- ISSN:
- 0884-5123
- Format(s):
- Medium: X
- Location:
- Las Vegas, NV
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
One of the primary research challenges in Attribute-Based Encryption (ABE) is constructing and proving cryptosystems that are adaptively secure. To date the main paradigm for achieving adaptive security in ABE is dual system encryption. However, almost all such solutions in bilinear groups rely on (variants of) either the subgroup decision problem over composite order groups or the decision linear assumption. Both of these assumptions are decisional rather than search assumptions and the target of the assumption is a source or bilinear group element. This is in contrast to earlier selectively secure ABE systems which can be proven secure from either the decisional or search Bilinear Diffie-Hellman assumption. In this work we make progress on closing this gap by giving a new ABE construction for the subset functionality and prove security under the Search Bilinear Diffie-Hellman assumption. We first provide a framework for proving adaptive security in Attribute-Based Encryption systems. We introduce a concept of ABE with deletable attributes where any party can take a ciphertext encrypted under the attribute string and modify it into a ciphertext encrypted under any string where is derived by replacing any bits of with symbols (i.e. ``deleting" attributes of ). The semantics of the system are that any private key for a circuit can be used to decrypt a ciphertext associated with if none of the input bits read by circuit are symbols and . We show a pathway for combining ABE with deletable attributes with constrained psuedorandom functions to obtain adaptively secure ABE building upon the recent work of Tsabary. Our new ABE system will be adaptively secure and be a ciphertext-policy ABE that supports the same functionality as the underlying constrained PRF as long as the PRF is ``deletion conforming". Here we also provide a simple constrained PRF construction that gives subset functionality. Our approach enables us to access a broader array of Attribute-Based Encryption schemes support deletion of attributes. For example, we show that both the Goyal~et al.~(GPSW) and Boyen ABE schemes can trivially handle a deletion operation. And, by using a hardcore bit variant of GPSW scheme we obtain an adaptively secure ABE scheme under the Search Bilinear Diffie-Hellman assumption in addition to pseudo random functions in NC1. This gives the first adaptively secure ABE from a search assumption as all prior work relied on decision assumptions over source group elements.more » « less
-
Network-on-chip (NoC) is widely used as an efficient communication architecture in multi-core and many-core System-on-chips (SoCs). However, the shared communication resources in an NoC platform, e.g., channels, buffers, and routers, might be used to conduct attacks compromising the security of NoC-based SoCs. Most of the proposed encryption-based protection methods in the literature require leaving some parts of the packet unencrypted to allow the routers to process/forward packets accordingly. This reveals the source/destination information of the packet to malicious routers, which can be exploited in various attacks. For the first time, we propose the idea of secure, anonymous routing with minimal hardware overhead to encrypt the entire packet while exchanging secure information over the network. We have designed and implemented a new NoC architecture that works with encrypted addresses. The proposed method can manage malicious and benign failures at NoC channels and buffers by bypassing failed components with a situation-driven stochastic path diversification approach. Hardware evaluations show that the proposed security solution combats the security threats at the affordable cost of 1.5% area and 20% power overheads chip-wide.more » « less
-
Searchable Encryption (SE) has been extensively examined by both academic and industry researchers. While many academic SE schemes show provable security, they usually expose some query information (e.g., search patterns) to achieve high efficiency. However, several inference attacks have exploited such leakage, e.g., a query recovery attack can convert opaque query trapdoors to their corresponding keywords based on some prior knowledge. On the other hand, many proposed SE schemes require significant modification of existing applications, which makes them less practical, weak in usability, and difficult to deploy. In this paper, we introduce a secure and practical SE scheme with provable security strength for cloud applications, called IDCrypt, which improves the search efficiency and enhanced the security strength of SE using symmetric cryptography. We further point out the main challenges in securely searching on multiple indexes and sharing encrypted data between multiple users. To address the above issues, we propose a token-adjustment scheme to preserve the search functionality among multi-indexes, and a key sharing scheme which combines Identity-Based Encryption (IBE) and Public-Key Encryption (PKE). Our experimental results show that the overhead of IDCrypt is fairly low.more » « less
-
Cloud-based control is prevalent in many modern control applications. Such applications require security for the sake of data secrecy and system safety. The presented research proposes an encrypted adaptive control framework that can be secured for cloud computing with encryption and without issues caused by encryption overflow and large execution delays. This objective is accomplished by implementing a somewhat homomorphic encryption (SHE) scheme on a modified model reference adaptive controller with accompanying encryption parameter tuning rules. Additionally, this paper proposes a virtual false data injection attack (FDIA) trap based on the SHE scheme. The trap guarantees a probability of attack detection by the adjustment of encryption parameters, thus protecting the system from malicious third parties. The formulated algorithm is then simulated, verifying that after tuning encryption parameters, the encrypted controller produces desired plant outputs while guaranteeing detection or compensation of FDIAs. With the utilization of this novel control framework, adaptively controlled systems will maintain data confidentiality and integrity against malicious adversaries.more » « less
- Free Publicly Accessible Full Text
-
Accepted Manuscript1.0
- Conference Paper:
- The DOI is not currently available.
