The Privacy-Preserving AI challenge for Critical Electrical Systems
The resilience of critical energy systems against cyber attacks increasingly relies on modern AI technology, which in turn depends on offline and real-time analysis of big data. However, much of the data that needs to be analyzed for securing energy systems is sensitive or private. For example, the detection of abnormal system behavior may depend on training a model over normal event logs, which may reveal usage patterns of individual users.
The collection of such personal data increases the system’s attack surface because it allows adversaries to have the opportunity of compromising the data, either in transit or where it resides while waiting to be analyzed. Moreover, the analysis of such big data is often carried out on the cloud, which implies that the cloud servers must be trusted with the storage and handling of private data. Such usage of cloud resources for the analysis computations again increases the attack surface and may actually be prohibited by regulatory restrictions.
Fully-Homomorphic-Encryption (FHE)[1] provides a solution for these privacy-preserving (PP) analytics challenges, and major advances in FHE technology in the past few years have made FHE solutions practical even for training and using very large models such as Transformer-based neural networks, while providing a quantum safe mathematical guarantee for the privacy of the data being analyzed.
Fully Homomorphic Encryption
Fully Homomorphic Encryption (FHE) enables a party to perform computations on ciphertexts while not being able to learn anything about the encrypted inputs to the computation nor on the resulting encrypted outputs. Most FHE schemes involve one or more public keys that can be used to encrypt private data and to perform computations over encryptions, and a secret key that is used to decrypt ciphertexts. Thus, only the owner of the secret key can decrypt the result of the FHE computation. This allows a party that owns private data to encrypt this data under FHE and then to send it to an analytics server that will perform the FHE computations privately and then send the encrypted result back to the data owner for decryption. A Homomorphic Encryption (HE) scheme is Fully Homomorphic when it can theoretically support any computation of unlimited depth. Computations under HE are usually limited in the number of sequential multiplication operations that they can include (due to noise accumulation in the ciphertexts or to scale issues). FHE schemes overcome this limitation by using the Bootstrap operation which brings back the computed ciphertext to a state where further multiplications are possible.
Recent years have seen dramatic advancements in FHE technology that have made it practicable for performing many useful types of privacy-preserving analytics, including training and inferencing with Neural-Networks, Logistic-Regression, Decision-Trees, and many other types of analytics. Several FHE scheme implementations are available, some as open source and some as products. For example TFHE[2] supports computations of binary circuits, BGV[3] supports FHE computations over integers, and CKSS[4] supports FHE computations over real and complex numbers, and is thus particularly applicable for performing machine learning over real values, such as Neural-Networks weights, or time-series analysis with real model parameters.
Time-Series analysis – an Example FHE-based PP analytics use-case
A time-series is a sequence of numeric values over time. A time-series model such as ARIMA is a mathematical formula that approximately provides the values of the series given the time, and that can also be used to predict future unknown values. ARIMA[5] is a well-known time series model in which the value at a point in time linearly depends on previous values and on previous residues (a.k.a. errors) from the model.
Time-series analysis can be used to detect possible cyber-attacks on an electrical system using a real-time behavioral model of the system that is maintained by analyzing sequences of values based on collected event logs. The continuously trained time-series model can be used to predict the future value as expected from the normally behaving system, and if the actual observed signal is too far from the expected value then an anomalous event can be reported and handled by a cyber security officer.
The event logs of an electrical system may include sensitive information and can therefore benefit from privacy-preserving FHE based technology. In the ELECTRON project we collected event logs originating from charging stations of Electrical-Vehicles (EV)[6] for the purpose of detecting possible misuse of the charging stations. These event logs may reveal private information related to an individual driver’s charging patterns, and therefore the anomaly detection system receives the logs in encrypted form without access to the decryption key. The anomaly detection system is still able to perform ARIMA-based time-series analysis on the encrypted event logs because the encryption is done using FHE (specifically IBM’s HELayers[7] FHE software development kit) which supports computations over encrypted data. The anomaly detection system continuously trains the behavioral (encrypted) model based on the collected (encrypted) event logs and produces an (encrypted) anomaly report, which is also only readable by the owner of the secret decryption key (e.g. the data owner).
The FHE encryption key used for encrypting the event logs and the resulting alert report is a public key and is thus also potentially accessible by a malicious actor who may send malicious or fake encrypted logs to the anomaly detection system or send malicious or fake alert reports to the cyber security officer. To address this risk the system signs and then authenticates all the FHE encrypted communication using a special Quantum Secure authentication system, developed by Thales as part of the ELECTRON project.
[1] Z. a. V. V. Brakerski, “Lattice-based FHE as secure as PKE,” in Proceedings of the 5th conference on Innovations in theoretical computer science, 2014.
[2] “TFHE: Fast Fully Homomorphic Encryption over the Torus”
https://tfhe.github.io/tfhe
[3] C. G. a. V. V. Z. Brakerski, “ Fully Homomorphic Encryption without Bootstrapping,” in ITCS , 2012.
[4] Cheon, J.H., Kim, A., Kim, M., Song, Y. (2017). Homomorphic Encryption for Arithmetic of Approximate Numbers. In: Takagi, T., Peyrin, T. (eds) Advances in Cryptology – ASIACRYPT 2017. ASIACRYPT 2017. Lecture Notes in Computer Science(), vol 10624. Springer, Cham. https://link.springer.com/chapter/10.1007/978-3-319-70694-8_15
[5] P. E. C. o. Science, “Applied Time Series Analysis,”
https://online.stat.psu.edu/stat510/
[6] https://electron-project.eu/use-cases/use-case-2/
[7] https://ibm.github.io/helayers/