A Verifiable Computing Scheme for Encrypted Control Systems
Francesca Stabile, Walter Lucia, Amr Youssef, Giuseppe Franze
TL;DR
The paper addresses the challenge of verifying the integrity of cloud-computed controls in encrypted networked control systems. It introduces a probabilistic verifiable computing scheme based on a cut-and-choose paradigm, using an offline decoy set and random permutation to enable the plant to validate cloud computations without incurring large overheads, and it proves asymptotic detection of integrity attacks. The approach achieves real-time performance with minimal overhead (e.g., decoy processing under a few milliseconds) and demonstrates attack detection in a remote Khepera IV robot experiment, with detection occurring at $t=30$ s. This work provides a practical security mechanism for CPS that preserves control performance while offering strong probabilistic guarantees against stealthy integrity breaches.
Abstract
The proliferation of cloud computing technologies has paved the way for deploying networked encrypted control systems, offering high performance, remote accessibility and privacy. However, in scenarios where the control algorithms run on third-party cloud service providers, the control logic might be changed by a malicious agent on the cloud. Consequently, it is imperative to verify the correctness of the control signals received from the cloud. Traditional verification methods, like zero-knowledge proof techniques, are computationally demanding in both proof generation and verification, may require several rounds of interactions between the prover and verifier and, consequently, are inapplicable in realtime control system applications. In this paper, we present a novel computationally inexpensive verifiable computing solution inspired by the probabilistic cut-and-choose approach. The proposed scheme allows the plant's actuator to validate the computations accomplished by the encrypted cloud-based networked controller without compromising the control scheme's performance. We showcase the effectiveness and real-time applicability of the proposed verifiable computation scheme using a remotely controlled Khepera IV differential-drive robot.