Homomorphic vs Functional Encryption in Intrusion Detection Systems for OT Networks

Abstract

As the number and complexity of cybersecurity threats against Operational Technology (OT) systems rise, the need for effective countermeasures becomes increasingly critical. One such countermeasure is the deployment of Intrusion Detection Systems (IDS) that monitor for signs of malicious activity. However, the implementation of IDSs can present several challenges. OT devices can be resource-constrained, and personnel with expertise in IDS can be difficult to find. For these reasons, IDS functionality is frequently outsourced to external parties. While effective, this solution raises concerns due to the large amount of potentially sensitive data that is shared with the external party. To address the privacy risks of data sharing, a surge in research has focused on cryptographic techniques that enable privacy-preserving external IDSs. While many interesting techniques have been presented, few studies include rigorous performance evaluations and technical comparisons between different approaches. This thesis aims to fill this gap by comparing two cryptographic techniques in an OT setting.

The first technique uses Cheon-Kim-Kim-Song (CKKS), an instance of homomorphic encryption (HE) that allows an IDS server to perform computations on encrypted data. The resulting values are then decrypted by the client to determine whether the system has been compromised. The second approach uses function-hiding inner product encryption (FHIPE), an instance of functional encryption (FE). It enables an external IDS server to calculate the distance between a client system’s normal state and current state without revealing either. This distance is then used for intrusion detection. The HE and FE techniques are evaluated on the Secure Water Treatment (SWaT) dataset using a neural network-based IDS. The results show that both methods achieve threat detection accuracy comparable to their unencrypted counterpart. The additional detection latency introduced by the systems is found to be less than 125 ms. The client-side memory demands are less than 4 MB for the HE approach and less than 82 kB for the FE approach. Lastly, while both schemes increase the average network payload size significantly, the overall bandwidth usage remains manageable for most modern systems.