Abstract

The advent of Cyber-Physical Systems (CPS)s is considered a revolution in the industry’s modern history. CPSs are anticipated to have a rapid diffusion in safety-critical domains such as intelligent transportation, energy distribution, and industry 4.0. Control systems are the core of any CPS since they are in charge of deciding the control inputs given the measurements provided by distributed sensors. Advanced control algorithms require a significant amount of computational power that might not be available on-site. In these scenarios, cloud computing represents a possible solution. Ensuring the cyber-security of cloud-enabled CPSs is an important concern, especially when they are used in safety-critical applications. Indeed, a malicious cloud provider can misuse the sensor measurements and/or control inputs or sabotage the control algorithm.
In this thesis, we investigate different security and privacy issues in cloud-based control systems and provide different control-theoretical solutions to enhance their cyber security.
By assuming a cloud-based CPS, we show three different approaches to ensure the privacy of the controller operations, sensor measurements, and control inputs. In particular, we propose solutions based on (i) an outsourced transformed control problem, (ii) an encrypted control strategy, and (iii) a trusted execution environment. While the first two approaches are effective against passive attackers, the third one is effective also against active ones.
Then, we consider networked control systems where the controller operations are implemented on encrypted data exploiting homomorphic cryptosystems. In this setup, we show that an active attacker with access to the control logic in the cloud can exploit the small domain of the message space and the randomization process required to make the utilized ciphers semantically secure to break the secrecy of the cryptosystem and/or establish a covert channel between the cloud and an eavesdropper on the measurement channel.
Finally, we address the problem of establishing a secret key between the plant and a remote controller without resorting to traditional cryptographic techniques.
By considering, as case of study, a remotely controlled mobile robot, we show that an observer-based protocol can be used to securely agree on a secret key. The validity of the proposed solution has been tested on a laboratory robot.