Detection of Cyber Attacks in Encrypted Control Systems

Recently a resilient homomorphic encryption (RHE) scheme has been proposed in [1], which allows not only to carry out the evaluation process of an output feedback controller in an encrypted environment but also can neutralize the effect of additive attacks injected into the ciphertexts. However, the resilience to additive attacks has its limits.
In this paper, at first it will be shown that the resilience range of the RHE scheme to additive attacks is indeed much larger than shown in [1]. Then, a detection approach is proposed to give a twofold protection to control systems encrypted by the RHE scheme. A warning signal is triggered as soon as an additive attack is injected into the ciphertexts transmitted over the network, while an alarm signal is triggered when the attack is outside of the resilience range. This is achieved by exploiting the symmetric property of the inner product. Therefore, the RHE scheme can be combined with the proposed detection approach to ensure the integrity of the signals obtained after decryption in case of additive attacks. A simulation example of the well-established quadruple-tank benchmark process is used to demonstrate the proposed detection approach for encrypted control systems.