Encrypted control for networked systems

Control systems are rapidly evolving to utilize modern computation and communication tools, such as cloud computing and geographically distributed networks, in order to improve performance, coverage and scalability. However, control loops that outsource the computation over privacysensitive data to third-party platforms via public networks are already the subject of cyberattacks involving eavesdropping and data manipulation. Encrypted control addresses this security gap and provides confidentiality of the processed data in the entire control loop, by encrypting the data at each level of transmission (over the network) and of computation (on corrupted computing platforms). This paper presents a tutorial-style introduction to this young but emerging field in the framework of secure control for networked dynamical systems with encrypted data. We focus on the steps of deriving the encrypted formulations of some specific control algorithms from the standard formulations and discuss the challenges arising in this process, ranging from privacy-aware conceptualizations to changes in the computation flows and quantization issues. In conclusion, we provide a list of open problems and new directions to explore in order to consolidate the area of encrypted control. Cloud computing and distributed computing are becoming ubiquitous in many modern control systems such as smart grids, building automation, robot swarms or intelligent transportation systems. Compared to “isolated” control systems, the advantages of cloud-based and distributed control systems are, in particular, resource pooling and outsourcing, rapid scalability, and high performance. However, these capabilities do not come without risks. In fact, the involved communication and processing of sensitive data via public networks and on third-party platforms promote, among other cyberthreats, eavesdropping and manipulation of data. That these threats are relevant to real-world applications is apparent from an increasing number of cyberattacks explicitly addressing industrial control systems [90]. Prominent examples are the malwares Stuxnet, Duqu, Industroyer, or Triton (see, e.g., [16]) as well as inference attacks arising from smart meters used as surveillance devices (see, e.g. [60, 39]). Clearly, cyberattacks on control systems can be highly critical. In particular, unlike attacks on classical IT systems, attacks on control systems may influence physical processes through digital manipulations [88]. Moreover, networked control systems are the backbone of critical infrastructure such as electric power, transportation, and water distribution networks, with further applications illustrated in the sidebar “Prospective uses of encrypted control in industry”. Hence, future control schemes should counteract privacy and security threats and ensure confidentiality, integrity, and availability (see [11] or [88, Fig. S1] for details on these traditional security goals) of the involved process data. Secure control for networked systems has been intensively studied in the literature during the last decade. Comprehensive surveys can be found in [15, 68, 51, 20] and in the special issue of the IEEE Control Systems Magazin on “Cyberphysical Security” from 2015 (especially [88]). Two observations