Encrypted control systems were introduced to enhance the security of cyber-physical systems which outsource their computation of the control actions to a third-party platform. To protect the con dentiality of the transmitted data (i.e., sensor measurements and control inputs), homomorphic encryption schemes are particularly appealing, given their capability of allowing computation of the control inputs directly on the encrypted measurement data. This paper shows that encrypted control systems based on homomorphic encryptions are vulnerable to attackers leveraging the inherently small domains of the plaintext data in control systems and the randomization process required to make the utilized ciphers semantically secure. In particular, by considering the popular ElGamal and Paillier encryption schemes, we investigate di erent attacks that enable a malware, which compromises the random number generator used by the randomized encryption schemes, to covertly leak the private decryption key and/or the measurements to an eavesdropper who has access to the measurement channel. Finally, we present some countermeasures to defend against these attacks.
Amir Mohammad Naseri, Walter Lucia and Amr Youssef, "Confidentiality Attacks against Encrypted Control Systems", Cyber-Physical Systems, https://doi.org/10.1080/23335777.2022.2051209, 2022