Login | Register

Security and Privacy in Cloud-Enabled Cyber-Physical Systems


Security and Privacy in Cloud-Enabled Cyber-Physical Systems

Naseri, Amir Mohammad (2022) Security and Privacy in Cloud-Enabled Cyber-Physical Systems. Masters thesis, Concordia University.

[thumbnail of Naseri_MASc_F2022.pdf]
Text (application/pdf)
Naseri_MASc_F2022.pdf - Accepted Version
Available under License Spectrum Terms of Access.


The advent of Cyber-Physical Systems (CPS)s is considered a revolution in the industry’s modern history. CPSs are anticipated to have a rapid diffusion in safety-critical domains such as intelligent transportation, energy distribution, and industry 4.0. Control systems are the core of any CPS since they are in charge of deciding the control inputs given the measurements provided by distributed sensors. Advanced control algorithms require a significant amount of computational power that might not be available on-site. In these scenarios, cloud computing represents a possible solution. Ensuring the cyber-security of cloud-enabled CPSs is an important concern, especially when they are used in safety-critical applications. Indeed, a malicious cloud provider can misuse the sensor measurements and/or control inputs or sabotage the control algorithm.
In this thesis, we investigate different security and privacy issues in cloud-based control systems and provide different control-theoretical solutions to enhance their cyber security.
By assuming a cloud-based CPS, we show three different approaches to ensure the privacy of the controller operations, sensor measurements, and control inputs. In particular, we propose solutions based on (i) an outsourced transformed control problem, (ii) an encrypted control strategy, and (iii) a trusted execution environment. While the first two approaches are effective against passive attackers, the third one is effective also against active ones.
Then, we consider networked control systems where the controller operations are implemented on encrypted data exploiting homomorphic cryptosystems. In this setup, we show that an active attacker with access to the control logic in the cloud can exploit the small domain of the message space and the randomization process required to make the utilized ciphers semantically secure to break the secrecy of the cryptosystem and/or establish a covert channel between the cloud and an eavesdropper on the measurement channel.
Finally, we address the problem of establishing a secret key between the plant and a remote controller without resorting to traditional cryptographic techniques.
By considering, as case of study, a remotely controlled mobile robot, we show that an observer-based protocol can be used to securely agree on a secret key. The validity of the proposed solution has been tested on a laboratory robot.

Divisions:Concordia University > Gina Cody School of Engineering and Computer Science > Concordia Institute for Information Systems Engineering
Item Type:Thesis (Masters)
Authors:Naseri, Amir Mohammad
Institution:Concordia University
Degree Name:M.A. Sc.
Program:Information Systems Security
Date:December 2022
Thesis Supervisor(s):Lucia, Walter
ID Code:991395
Deposited By: Amir Mohammad Naseri
Deposited On:21 Jun 2023 14:36
Last Modified:01 Jan 2024 01:00
All items in Spectrum are protected by copyright, with all rights reserved. The use of items is governed by Spectrum's terms of access.

Repository Staff Only: item control page

Downloads per month over past year

Research related to the current document (at the CORE website)
- Research related to the current document (at the CORE website)
Back to top Back to top