Secure motion control of micro-spacecraft using semi-homomorphic encryption

Yongxia Shi; Ehsan Nekouei; Qinglei Hu

doi:10.1051/sands/2023018

All issues

Volume 2 (2023)

Security and Safety, 2 (2023) 2023018

Full HTML

Security and Safety in Unmanned Systems

Open Access

Issue		Security and Safety Volume 2, 2023 Security and Safety in Unmanned Systems


Article Number		2023018
Number of page(s)		15
Section		Information Network
DOI		https://doi.org/10.1051/sands/2023018
Published online		23 August 2023

Security and Safety, Vol. 2, 2023018 (2023)

Research Article

Secure motion control of micro-spacecraft using semi-homomorphic encryption

Yongxia Shi¹, Ehsan Nekouei¹ and Qinglei Hu²^*

¹ Department of Electrical Engineering, City University of Hong Kong, Hong Kong, 999077, China
² School of Automation Science and Electrical Engineering, Beihang University, Beijing, 100191, China

^* Corresponding authors (email: huql_buaa@buaa.edu.cn)

Received: 28 February 2023
Revised: 25 April 2023
Accepted: 28 June 2023

Abstract

This paper studies the secure motion control problem for micro-spacecraft systems. A novel semi-homomorphic encrypted control framework, consisting of a logarithmic quantizer, two uniform quantizers, and an encrypted control law based on the Paillier cryptosystem is developed. More specifically, a logarithmic quantizer is adopted as a digitizer to convert the continuous relative motion information to digital signals. Two uniform quantizers with different quantization sensitivities are designed to encode the control gain matrix and digitized motion information to integer values. Then, we develop an encrypted state-feedback control law based on the Paillier cryptosystem, which allows the controller to compute the control input using only encrypted data. Using the Lyapunov stability theory and the homomorphic property of the Paillier cryptosystem, we prove that all signals in the closed-loop system are uniformly ultimately bounded. Different from the traditional motion control laws of spacecraft, the proposed encrypted control framework ensures the security of the exchanged data over the communication network of the spacecraft, even when communication channels are eavesdropped by malicious adversaries. Finally, we verify the effectiveness of the proposed encrypted control framework using numerical simulations.

Key words: Spacecraft relative motion / security protection / encrypted control / homomorphic encryption / quantization

Citation: Shi Y, Nekouei E and Hu Q. Secure motion control of micro-spacecraft using semi-homomorphic encryption. Security and Safety 2023; 2: 2023018. https://doi.org/10.1051/sands/2023018

© The Author(s) 2023. Published by EDP Sciences and China Science Publishing & Media Ltd.

This is an Open Access article distributed under the terms of the Creative Commons Attribution License (https://creativecommons.org/licenses/by/4.0), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

1. Introduction

Relative motion control of spacecraft is an enabling technology for many current and near-future space missions, such as orbital rendezvous, on-orbit assembly, formation flying, and reconnaissance and surveillance, which has received widespread attention in recent years [1–3]. These space missions usually involve an active spacecraft (chaser) and a passive spacecraft (target), and require the chaser to perform orbital maneuvers to track the specified position of the target or a virtual desired position. As the recent trend of space missions moves from human intervention towards autonomous operation, it is necessary to improve the autonomy, safety, and security of spacecraft control systems. In recent years, the autonomous relative motion control of spacecraft has received considerable attention from both academia and aerospace industrial sectors. Numerous control methods have been proposed in the literature, such as adaptive control [2], sliding mode control [3, 4], model predictive control [5], and distributed control [6].

With the prosperity of fast-integrated technology, light-weight spacecraft exhibit enormous popularity, such as CubSats [7] and plug-and-play satellite [8]. Compared with the traditional monolithic and complex spacecraft, these miniature spacecraft become more popular in large-scale space missions, since they possess greater flexibility, higher reliability, and less cost [9–11]. It is noted, however, that the information exchange inside these light-scale micro-satellites (e.g., data transmission from the sensor to the controller or from the controller to the actuator) usually hinges on the wireless communication network. In this case, two inescapable problems thereupon arise: signal quantization and data security. Since only digital signals are allowed to exchange through the wireless communication network, the continuous system states or control commands need to be encoded into digitized signals before transmission. Moreover, due to the limited communication resources, it is also desirable to avoid continuous information exchange. With this in mind, the spacecraft attitude control problem with input quantization was addressed in [12] using a logarithmic quantizer, where a quantization rule is provided for the feedback controller to reduce the information transmission over the communication channel. Later, Wu and Cao [12] extended the result in [13] with consideration of external disturbances. In [14], a fixed-time attitude-tracking control scheme with input quantization was designed, which adopts a hysteresis quantizer to regulate the information transmitted from the controller to the actuator. Further, the fault-tolerant control problem for flexible spacecraft attitude tracking was investigated in [15], where a logarithmic encoder-decoder scheme is developed for the control command transmitted from the controller to the actuator. On the other hand, the inter-satellite information exchange heavily relies on the wireless communication network, which makes the spacecraft vulnerable to cyber-attacks and privacy invasions, especially via eavesdropping. Thus, malicious adversaries or unauthorized users are able to easily extract the sensitive and valuable information of the underlying system using eavesdropping attacks. In this case, the spacecraft may suffer from more sophisticate cyber-attacks, such as replay attacks, message falsification attacks, and denial-of-service attacks (Dos) [16, 17]. Under such attacks, the control command might be falsified or manipulated, resulting in some adverse effects on the control objectives and closed-loop stability. In light of this, ensuring the control security and data privacy for the relative motion control of spacecraft is particularly important, especially when the controller is subject to cyber-physical attacks.

In general, there are two common approaches to ensure secure control in the field of networked control systems: differential privacy [18] and homomorphic encryption [19]. The core idea of differential privacy is to inject random noise into the original data, so as to weaken the impact of a single data for the whole control system. By doing so, the attacker is unable to speculate whether the data belongs to the original information and, therefore, the security, privacy, and confidentiality of the original information are well protected and hidden. However, the differential privacy methods need to take some extra measures to balance data privacy and control performance. Differently, the homomorphic encryption methods are capable of directly performing computations on encrypted data without access to the real data; moreover, the encrypted results after decryption is exactly the same as performing computations using unencrypted data. Thus, such a method not only protects the security and privacy of the information but also allows performing operations only based on encrypted data. By means of homomorphic encryption, a new concept of the encrypted controller was presented in [19] to enhance the cyber-security of the networked control system, and the RSA and ElGamal encryption schemes were employed simultaneously. Later, the stability-guaranteed problem for encrypted control systems with dynamic ElGamal cryptosystem was studied in [21], and the feasibility of the theoretical results was validated through regulation control with a positioning table testbed. Further, Ref. [22] presented a systematic design procedure of the dynamic quantizer for the encrypted state-feedback control systems with a dynamic ElGamal cryptosystem, where the additive and multiplicative biases were considered for the quantizer. Besides, by virtue of the Paillier homomorphic encryption, the secure and private control problem of networked control systems has been addressed in [23–25]. However, most existing works on secure control via homomorphic encryption considers discrete-time linear systems. How to pre-process the continuous system signals before encryption deserves a detailed investigation.

Based on the above-mentioned discussion, homomorphic encryption provides a promising solution for securing closed-loop control systems. However, to the best of the author’s knowledge, secure motion control of micro-spacecraft systems using the homomorphic encryption method has not been studied in the literature. This is one of the main motivations for our work. To this end, we investigate the effective design of an encrypted control scheme to guarantee the security of the control loop of a micro-spacecraft in the proximity maneuvers mission. In this paper, we assume that the target spacecraft move in a circular reference orbit. The linearized relative position dynamics, i.e., the well-known Clohessy–Wiltshire (CW) equations, are used to describe the relative motion between the chaser and target. A Paillier-type encrypted control framework is proposed to protect the security and privacy of intra-system signals over the communication network whether from the sensor to controller or controller to actuator. A logarithmic quantizer and a uniform quantizer are introduced, the former of which is used to quantize the continuous system states (i.e., the relative position and velocity information), while the latter is utilized to pre-process the control gain matrix and the digitized system states before encryption. Due to the homomorphic properties, the encrypted controller is constructed only using the encrypted system signals rather than the actual measurable information, which ensures a secure exchange of sensitive information among different units of the spacecraft.

This paper is organized as follows. The preliminary knowledge about the dynamical model of spacecraft relative motion, Paillier cryptosystem, and logarithmic and uniform quantizers is provided in Section 2 along with the control objective of this paper. The main results of the encrypted control frame are presented in Section 3. Numerical simulations are carried out to demonstrate the effectiveness of the proposed encrypted control scheme in Section 4. Finally, some concluding remarks are given in Section 5.

2. System model and problem formulation

In this section, some standard notations are first defined. Then, the relative motion dynamics of the chase spacecraft in the Local-Vertical-Local-Horizontal (LVLH) frame is characterized as Clohessy–Wiltshire–Hill (CWH) equation and further transformed into the form of the general linear system. Later, Paillier encryption, logarithmic and uniform quantizers are successively introduced in order to ensure the security and privacy of the system signals over the communication network. Finally, the encrypted control problem for spacecraft proximity operations is formulated.

2.1. Notations

Throughout this paper, let ℝ, ℤ, and ℤ^* represent the sets of real numbers, integers, and non-negative integers, respectively. ℤ_n ^* = {z ∈ ℤ : 0 ≤ z < n} defines the set of non-negative integers less than n. ℝⁿ and ℝ^n × m are the sets of n-dimension vectors and n × m-size matrices, separately. The operators gcd(a, b) and lcm(a, b) stand for the greatest common divisor and the least common multiple of a ∈ ℤ^* ∖ {0} and b ∈ ℤ^* ∖ {0}. Besides, given a vector or a matrix , the correlated Euclidean norm for or the induced 2-norm for is indicated by or . Furthermore, given a symmetric matrix , its maximum and minimum eigenvalues are denoted by and , respectively. In addition, “" means modulo operation.

2.2. Dynamical model of spacecraft relative motion

Without any loss of generality, two typical reference coordinate systems, i.e, Earth-Centered-Inertial (ECI) and LVLH coordinate frames, are introduced first to describe the relative translation motion of the chase spacecraft with respect to the target spacecraft, as depicted in Figure 1. The ECI coordinate frame is denoted as , where its origin locates in the Earth center, X-axis points toward the vernal equinox, Z-axis is parallel to the rotational direction of the Earth and points to the north pole, and Y-axis lies in the equatorial plane and completes the orthogonal dextral frame. Let represent the LVLH coordinate frame, which is fixed at the target spacecraft. Moreover, the x-axis in the LVLH frame is the direction of the radius vector of the target from the Earth center, the z-axis coincides with the orbital normal direction, and the y-axis completes the orthogonal dextral frame. As shown in Figure 1, denote and as the position vector of the chase spacecraft in the LVLH frame and the position vector of the target spacecraft in the ECI frame, respectively. Here, it is assumed that the relative distance between the chase spacecraft and the target spacecraft is far smaller than the relative distance of the target spacecraft with respect to the Earth, that is, . Meanwhile, the target spacecraft is supposed to move in a circular orbit. Then, the linearized CWH equation can be used to describe the relative motion of the chase spacecraft in the LVLH frame [4], which is given by

(1)

Figure 1.

Relative coordinate frames

where m _c is the mass of the chase spacecraft, denotes the control force acting on the chase spacecraft, is the mean orbital angular velocity, μ _c stands for the geocentric gravitational constant of the Earth, and .

Further, the dynamical equation (1) can be simplified in the following form of

(2)

where ,

(3)

The linear dynamical equation written by (2) will be exploited in the subsequent analysis. In particular, given the circular orbit of the target spacecraft, it is easy to certify that is controllable. Hence, the linear continuous system (2) is stabilized by using the following state-feedback control law

(4)

where denotes the control gain matrix. For ensuring the stability of (2), should be properly selected so that the eigenvalues of are in the left half-plane of the complex plane. A simple method for computing K is to pose the controller design as the linear quadratic regulator (LQR) problem [1].

Lemma 1.

[26] Consider the linear system (2) with the state-feedback controller (4). If the matrix pair is controllable, for given any positive-definite matrix , there always exists a symmetric positive-define matrix such that

(5)

2.3. Paillier cyrptosystem

The Paillier cryptosystem, a typical partially HE encryption scheme, is a probabilistic asymmetric algorithm for public key cryptography [27]. The detailed realization of the Paillier encryption scheme is summarized as follows [28]:

Key generation
- Select two large and independent prime numbers p and q randomly and ensure gcd(pq, (p − 1)(q − 1))=1;
- Calculate the public key (N, g), where N = pq and g ∈ ℤ_N²^* is a random integer;
- Calculate the private key (λ, μ), where λ = lcm(p − 1, q − 1) and μ = λ⁻¹modN;
Encryption
- Let m ∈ ℤ_N^* be a plaintext message;
- Choose r randomly such that 0 < r < N and gcd(r, N)=1;
- Compute the ciphertext message of m as c = E(m)=g^m ⋅ r^NmodN²;
Deccryption
- Let c be the ciphertext message;
- For any x ∈ ℤ_N²^*, define a function L(x)=(x − 1)/N;
- Compute the plaintext message of c as m = D(c)=L(c^λmodN²)μmodN.

Benefiting from the additively homomorphic property and non-deterministic encryption, Paillier cryptosystem possesses the following novel features [28]:

Property 1: The sum of the plaintext messages m₁ and m₂ can be calculated by decrypting the product of their corresponding ciphertext messages Enc(m₁) and Enc(m₂), which is formulated mathematically as

(6)

Property 2: The product of the plaintext messages m₁ and m₂ can be determined by decrypting the product of a ciphertext message Enc(m₁) or Enc(m₂) raising to the power of a plaintext message m₂ or m₁, which is formulated mathematically as

(7)

Property 3: Consider a more general case, the product of a plaintext message m and a constant k will be computed by decrypting the product of the ciphertext message Enc(m) rasing to the power of k, which is formulated mathematically as

(8)

2.4. Quantizer

In this subsection, the logarithmic quantizer q_l(⋅) and uniform quantizer q_u(⋅) are discussed. To be specific, the logarithmic quantizer in this paper is utilized as a digitizer to scale the state information in (2) so that can be transformed into a digital signal capable of transmitting over the communication network. Meanwhile, since the Paillier cryptosystem is only able to encrypt the positive integers, the digital signals in the system should be mapped to the appropriate positive integers. Considering the quantization property of the uniform quantizer, it is not difficult to see that it can be decomposed into an encoder part and a decoder part to pre-process the digital signals before encryption.

(1)
Logarithmic quantizer

Referring to [29], the logarithmic set of quantization levels is defined by

where ρ ∈ (0, 1) is a positive constant representing the quantization density of the logarithmic quantizer. Then, the static and time-invariant logarithmic quantizer is described as

(9)

where σ = (1 − ρ)/(1 + ρ). It is noted from (9) that every element of the quantization level is closely related to the segment (1/(1 + σ)w_i, 1/(1 − σ)w_i]. In this case, the logarithmic quantizer is able to map the entire segments to the quantizer level. Since the logarithmic quantizer satisfies the sector-bound condition, the quantizer q_l(x) is also written as

(10)

where Δ_l ∈ [ − σ, σ]. Based on (10), the quantization error associated with q_l(x) is defined as Δ_l x = q_l(x)−x, satisfying |Δ_l x|≤σ|x|. Similarly, given a vector , it has

(11)

where and is an identity matrix with appropriate dimensions.

(2)
Uniform quantizer

Given a positive integer q_m, the uniform quantizer is defined by [30]

(12)

where Δ_x > 0 denotes the sensitivity of the uniform quantizer and q_m represents the saturation value of the uniform quantizer. From (11), it is clearly analyzed that if x ∈ ((k − 1)/2Δ_x, (k + 1/2)Δ_x] where k ∈ ℤ and −q_m ≤ k ≤ q_m, then q_u(x) will takes on the value k. The quantization error associated with q_u(x) is defined as

(13)

which satisfies . Similarly, for any vector or any matrix , it follows that

(14)

Remark 1

Since q_u(x)∈ℤ, (11) can be applied as an encoder, where the real number x is encoded to an integer. Otherwise, Δ_xq_u(x) is regarded as the decoder, where the encoded q_u(x) is restored to approximate its original real number x.

2.5. Control objective

This paper focuses on the encrypted control problem for spacecraft proximity operations. Since the control gain matrix can be determined offline, it does not convey sensitive information. Differently, the real-time relative position and velocity information are extremely sensitive due to some unexpected leakage or eavesdropping involved in the communication network. Hence, the relative state information should be concealed from the controller side before encryption, which implies that the state-feedback control law in (4) can not be calculated directly by using . In light of this, the purpose of this manuscript is to develop a Paillier-type encrypted control framework for (1), including a digitizer for continuous sampled state x and an encoder and a decoder for quantized state and control gain, and a Paillier-type encrypted state-feedback controller to achieve the following objectives:

(1)
ensure the ultimately uniformly bounded stability of the whole closed-loop system;
(2)
preserve the security of the state x from the controller.

3. Main results

In this section, an encrypted control algorithm by means of the Paillier encryption scheme is presented for spacecraft proximity operations. The detailed design procedure is summarized as follows: First, by using the uniform quantizer, the control gain is encoded to an integer and sent to the controller side for ease of further encryption operation. Meanwhile, the continuously measurable system states are quantized as digital signals by using the logarithmic quantizer because the communication network only allows the digital signals to be transmitted instead of the continuous ones. Similarly, for further encryption, the digitized system stats are encoded to the integer set with the aid of a uniform quantizer. Then, to guarantee data security, the system states are encrypted based on the Paillier cryptosystem and are sent to the controller side over the communication network. Next, by utilizing received encrypted system states and control gain, the encrypted control law is calculated according to the homomorphic properties in (6)–(8). Further, the resulting encrypted control law is sent to the system side without any information leakage. After Paillier-type decryption and simple decoding, a decrypted state-feedback control command is executed on the actuator of the spacecraft. The block diagram of the proposed encrypted control system is shown in Figure 2, where the solid line and dash line indicates the information exchange through the data buses or wireless communication network, respectively.

Figure 2.

The block diagram of the proposed encrypted control system

3.1. Encoding the control gain matrix

Since the Paillier encryption scheme only works the data in the form of integers, the control gain matrix in (4) should be first encoded into an integer before being sent over the communication network, as depicted in Figure 2. As stated in Remark ¹, the uniform quantizer can be regarded as an encoder and a decoder. Therefore, the uniform quantizer is adopted here to encode the control gain matrix into . The corresponding quantizer error for here is defined as , where Δ_K > 0 refers to the sensitivity associated with the quantizer q_u(K). For ease of convenience, define .

Theorem 1

Consider the general linear system (4) with the control law . Under Lemma ¹, if the sensitivity Δ_K is selected such that the inequality

(15)

holds trues, then the general linear system (2) is asymptotic stable, where and are positive-define matrices satisfying (5).

Proof. By implementing the quantized state-feedback control law , the closed-loop linear system (2) is rewritten as

(16)

Chose as the Lyapunov function candidate, where is a positive-definite matrix satisfying (5). Then, combining (5) and (16) yields

(17)

To proceed, it can be seen from (14) that always hold trues. Therefore, once Δ_K is chosen such that (15) satisfies, the following inequality always hold

(18)

which directly implies that

(19)

In summary, as long as Δ_K is selected by (15), it is straightforward to induce from (19) that the linear system (2) is asymptotic stable despite the quantization. This completes the proof of Theorem ¹. ▫

Additionally, on the basis of Theorem ¹ and the standard Lyapunov stability theory, there exist symmetric positive-define matrices and such that

(20)

3.2. Encrypted control law design

Let , , represent the system state after digitization, encoding, and encryption, respectively. Then, using semi-homomorphic encryption, we design the encrypted control law as follows

(21)

Theorem 2

Consider the general linear system described in (2) with the encrypted control law (21). Select the quantization parameters properly such that

(22)

holds, where σ is a positive constant related to the logarithmic quantizer . Then, under the proposed encrypted control scheme, summarized in Algorithm ¹, the general linear system (2) is ultimately uniformly stable. Moreover, the security of sensitive information transmitted over the spacecraft’s communication network is completely protected.

Remark 2

From Figure 2, it is observed that is sampled by the logarithmic quantizer in (9). So, one can get that the digitization error , where Δ_l ∈ ℝ^6 × 6 is the sensitivities of the logarithmic quantizer. Besides, is obtained by using the uniform quantizer with the sensitivity Δ_x > 0. Accordingly, let represent the quantizer error. After decryption and decoding for the encrypted control law (21), the control command acting on the actuator is given by

(23)

Proof. It is noted from Remark ² that the implementation of the encrypted control law (21) is equivalent to executing in (23). In light of this, driven by the encrypted control law (21), the closed-loop linear system (2) is rewritten as

(24)

Algorithm 1The proposed encrypted control scheme for spacecraft proximity operations

Initialize: choose p, q, g, r, K, P, Q, P̄, Q̄

Ensure: u

1: # Encode control gain matrix

2: select Δ_K so that (15) holds

3: compute q_u(K) and sent to the controller over communication network

4: # Digitize

5: chose Δ_l based on (22)

6: digitized the system state x and obtain x_k

7: # Encode the digitized system state

8: select Δ_x

9: obtain q_u(x_k)

10: # Encrypt

11: encrypt q_u(x_k) by using Paillier encryption as E(q_u(x_k))

12: transmit E(q_u(x_k)) to the controller over communication network

13: # Obtain encrypted control law

14: compute the encrypted controller E(u⁺) according to (21)

15: transmit E(u⁺) to the plant node over communication network

16: # Decrypt

17: compute u⁺ = D(E(u⁺)) = −q_u(K)q_u(x_k) based on (8)

18: # Decode the decrypted controller

19: obtain and implement the practical control command u in (23)

Similarly to Theorem ¹, chose as the Lyapunov function candidate, where is a symmetrical positive-definite matrix satisfying (20). Then, taking the differentiate V over time along (23) results in

(25)

where , , and are used in (24). Besides, reminding (11) and (14), it is easy to obtain that

(26)

Then, inserting (20) and (26) into (25), it follows that

(27)

Further, recalling the parameter condition in (23), it has

(28)

To proceed, it is clearly seen from (28) that when evolves outside of the following set

(29)

It is concluded from (29) that once the system state moves in the out of 𝕊_x, it will be attracted back to 𝕊_x immediately. Therefore, the closed-loop system is ultimately uniformly bounded stable. Moreover, the convergence set 𝕊_x can be made enough small by choosing Δ_x as small as possible and choosing σ as big as possible. This completes the proof of Theorem ². ▫

Remark 3

Following Figure 2, the information sent from the sensor to the controller has been encoded and encrypted before transmission over the communication network. Moreover, it is obviously seen from (21) that the encrypted control law is computed by using the encrypted relevant relative state rather than the real-time measured value of sensor . Therefore, there is also no sensitive relative state information that is leaked when the encrypted controller is transmitted from the controller to the actuator over the communication channel. Besides, exploiting the properties of the Pailliar cryptosystem, the proposed encrypted framework can secure the communication network of the spacecraft against false data injection attacks. For example, if the attacker injects a random real-valued noise, the controller will easily detect the false data injection attack as the transmitted signals under the Paillier scheme are integer-valued. When the attacker injects an integer-valued random noise into the communication channel, the attack cannot be detected by the controller. However, a slight change in the ciphertext results in a significant change in the computed control input (after decryption) due to the highly nonlinear operations of the Paillier cryptosystem. In this case, the actuator can detect the false data injection attack by comparing the current control input with the past control input. Consequently, the security of the spacecraft’s relative motion control system is successfully protected.

Remark 4

Note that the encrypted control framework is designed based on the linear CWH equation and additive homomorphic encryption of Paillier. Although the linear CWH equation can clearly describe the relative motion between two spacecraft, a more precise control scheme can be generated by resorting to the more detailed nonlinear dynamical model. Besides, although the security and privacy of the sensitive relative motion information and control input signal are preserved, the proposed encrypted control scheme does not guarantee the security of the control gain matrix due to the inherent limitation of the Paillier encryption scheme. Therefore, the secure motion control scheme of micro-spacecraft based on the nonlinear dynamical model deserves to be investigated in future work, especially using the fully homomorphic encryption method.

4. Simulations

In this section, numerical simulations are performed to verify the performance of the encrypted control framework proposed in Figure 2. Assume that the target spacecraft moves on a circular orbit with r_c = 6.5867 × 10⁶ m. The geocentric gravitational constant of the Earth is μ_c = 3.986 × 10¹⁴ m³/s². The mass of chase spacecraft is m_c = 10 kg. In this setting, the matrices A and B in (3) are given by

respectively. Besides, the initial relative position and relative velocity of the chase spacecraft are set as and , separately. Moreover, it is assumed that the maximum control force generated by the chase spacecraft is 0.2N. Further, the state-feedback control law (4) is determined by solving the linear quadratic regulator (LQR) problem, where the cost function is defined by

with and . Then, the control gain matrix can be calculated as

The parameter relevant to the logarithmic quantizer is σ = 0.05. The sensitivity and saturation value of the uniform quantizer are chosen as Δ_x = 0.01 and q_m
x = 3000, while these two parameters for the uniform quantizer are selected as Δ_K = 0.001 and q_m
K = 2000, respectively. The implementation of the Paillier cryptosystem is referred to [31]. More specifically, two large prime numbers p and q are selected as p = 3470023813 and q = 3315231457; the random integer g in the public key is selected as g = 15314181315756238939627282471832570258; the private key (λ, μ) are selected as λ = 958661007884285856 and μ = 1687557451384170425.

The simulation results are shown in Figures 3–6. More specifically, the evolution of the relative position and relative velocity of the chase spacecraft is illustrated in Figure 3. Figure 4 depicts the quantization error of the relative position and velocity for the chase spacecraft after digitization using the logarithmic quantizer. Figure 5 displays the error of the relative position and velocity of the chase spacecraft after encoding and decoding using a uniform quantizer. From Figures 3 to 5, it is concluded that although the quantization errors exist, the chase spacecraft under the proposed encrypted control framework is still able to achieve the desired tracking mission with acceptable accuracy. The time history of the control force of the chase spacecraft is illustrated in Figure 6, which always is limited within 0.2N. In addition, the trajectories of the encrypted relative position, relative velocity, and control input are shown in Figures 7–9. Based on these figures, it is impossible for malicious to infer the actual relative motion information (Figs. 3 and 4) and the actual control command (Fig. 5) only by eavesdropping the encrypted signals (Figs. 7–9). Therefore, the proposed encrypted control framework not only achieves the desired relative motion of micro-spacecraft with graceful control performance but also ensures the secure information exchange among different components of the spacecraft.

Figure 3.

Time response of relative position and velocity of the chaser spacecraft. (a) Evolution of relative position and (b) Evolution of velocity

Figure 4.

Quantization error of the chaser spacecraft under the logarithmic quantizer. (a) Error for relative position and (b) Error for relative velocity

Figure 5.

Quantization error of the chaser spacecraft under the uniform quantizer. (a) Error for relative position and (b) Error for relative velocity

Figure 6.

Time response of control force of the chaser spacecraft

Figure 7.

The encrypted relative position

Figure 8.

The encrypted relative velocity

Figure 9.

The encrypted control input E(u⁺)

5. Conclusions

This study proposed a novel encrypted control framework for spacecraft relative motion control using a logarithmic quantizer, two uniform quantizers, and a semi-homomorphic cryptosystem. The logarithmic quantizer was used to quantize the continuous relative state information, while the uniform quantizer was regarded as the encoder and decoder before encryption and after decryption, respectively. By selecting the proper quantization parameter, it is shown that the proposed encrypted control is capable of guaranteeing ultimately uniformly bounded stability of the spacecraft relation motion system. Moreover, the security of the sensitive relative state information was ensured by the Paillier cryptosystem. Possible future work will concentrate on the encrypted control problem of spacecraft relative motion with more practical constraints, such as unknown parameter uncertainties, exogenous disturbances, and with a less conservative fully homomorphic encryption scheme.

Conflict of Interest

The authors declare that they have no conflict of interest.

Data Availability

No data are associated with this article.

Authors’ Contributions

Yongxia Shi proposed the overall control framework and wrote this paper. Ehsan Nekouei verified the feasibility of the proposed control framework and improved the presentation of the results; Qinglei Hu participated in manuscript preparation. All authors read and approved the final manuscript.

Acknowledgments

We thank the Associate editor and the anonymous reviewers for their helpful comments.

Funding

The work was supported partly by the National Natural Science Foundation of China under Grants 62227812 and 61960206011, partly by the Zhejiang Provincial Natural Science Foundation under Grant LD22E050004, partly by the Research Grants Council of Hong Kong under Project CityU 21208921, and partly by the Chow Sang Sang Group Research Fund Sponsored by Chow Sang Sang Holdings International Ltd.

References

McCamish SB, Romano M and Yun X. Autonomous distributed control of simultaneous multiple spacecraft proximity maneuvers. IEEE Trans Autom Sci Eng 2010; 7: 630–44. [CrossRef] [Google Scholar]
Yoon H and Agrawal BN. Novel expressions of equations of relative motion and control in Keplerian orbits. J Guid Control Dyn 2009; 32: 664–9. [CrossRef] [Google Scholar]
Capello E, Punta E and Dabbene F et al. Sliding-mode control strategies for rendezvous and docking maneuvers. J Guid Control Dyn 2017; 40: 1481–7. [CrossRef] [Google Scholar]
Weiss A, Petersen C and Baldwin M et al. Safe positively invariant sets for spacecraft obstacle avoidance. J Guid Control Dyn 2015; 38: 720–32. [CrossRef] [Google Scholar]
Di Cairano S, Park H and Kolmanovsky I. Model predictive control approach for guidance of spacecraft rendezvous and proximity maneuvering. Int J Robust Nonlinear Control 2012; 22: 1398–427. [CrossRef] [Google Scholar]
McCamish SB, Romano M and Yun X. Autonomous distributed control of simultaneous multiple spacecraft proximity maneuvers. IEEE Trans Autom Sci Eng 2010; 7: 630–44. [CrossRef] [Google Scholar]
Reynolds TP, Kelly CL and Morgan C et al. SOC-i: a CubeSat demonstration of optimization-based real-time constrained attitude control. In: 2021 IEEE Aerospace Conference (50100). IEEE, 2021, 1–18. [Google Scholar]
Morphopoulos T, Hansen LJ and Pollack J, et al. Plug-and-play-an enabling capability for responsive space missions. In: Paper No. RS2-2004-5002, Presented at 2nd Responsive Space Conference. Los Angeles, CA, 2004. [Google Scholar]
Lyke J, Cannon S and Fronterhouse D et al. A plug-and-play system for spacecraft components based on the USB standard. 2005. [Google Scholar]
Lyke JC. Plug-and-play satellites. IEEE Spect 2012; 49: 36–42. [CrossRef] [Google Scholar]
Bandyopadhyay S, Subramanian GP and Foust R et al. A review of impending small satellite formation flying missions. In: 53rd AIAA Aerospace Sciences Meeting. 2015, 1623. [Google Scholar]
Wu B. Spacecraft attitude control with input quantization. J Guid Control Dyn 2016; 39: 176–81. [CrossRef] [Google Scholar]
Wu B and Cao X. Robust attitude tracking control for spacecraft with quantized torques. IEEE Trans Aerosp Electron Syst 2017; 54: 1020–8. [Google Scholar]
Sun H, Hou L and Zong G et al. Fixed-time attitude tracking control for spacecraft with input quantization. IEEE Trans Aerosp Electron Syst 2018; 55: 124–34. [Google Scholar]
Liu Q, Liu M and Yu J. Adaptive fault-tolerant control for attitude tracking of flexible spacecraft with limited data transmission. IEEE Trans Syst Man Cybern Syst 2019; 51: 4400–8. [Google Scholar]
Sun H and Hou L. Adaptive attitude control for spacecraft systems with sensor and actuator attacks. Int J Adapt Control Signal Process 2022; 36: 448–68. [CrossRef] [Google Scholar]
Tran J, Farokhi F and Cantoni M et al. Implementing homomorphic encryption based secure feedback control. Control Eng Pract 2020; 97: 104350. [CrossRef] [Google Scholar]
Cortes J, Dullerud GE and Han S et al. Differential privacy in control and network systems. In: 2016 IEEE 55th Conference on Decision and Control (CDC). IEEE, 2016, 4252–72. [CrossRef] [Google Scholar]
Zhang C, Wu J and Huang Y et al. Constructive schemes to spacecraft attitude control with low communication frequency using sampled-data and encryption approaches. Aircr Eng Aerosp Technol 2021; 93: 267–74. [CrossRef] [Google Scholar]
Kogiso K and Fujita T. Cyber-security enhancement of networked control systems using homomorphic encryption. In: 2015 54th IEEE Conference on Decision and Control (CDC). IEEE, 2015, 6836–43. [CrossRef] [Google Scholar]
Teranishi K, Shimada N and Kogiso K. Stability-guaranteed dynamic ElGamal cryptosystem for encrypted control systems. IET Control Theory Appl 2020; 14: 2242–52. [CrossRef] [Google Scholar]
Kawase H, Teranishi K and Kogiso K. Dynamic quantizer synthesis for encrypted state-feedback control systems with partially homomorphic encryption. In: 2022 American Control Conference (ACC), IEEE, 2022, 75–81. [CrossRef] [Google Scholar]
Farokhi F, Shames I and Batterham N. Secure and private control using semi-homomorphic encryption. Control Eng Pract 2017; 67: 13–20. [CrossRef] [Google Scholar]
Kishida M. Encrypted control system with quantiser. IET Control Theory Appl 2019; 13: 146–51. [CrossRef] [Google Scholar]
Murguia C, Farokhi F and Shames I. Secure and private implementation of dynamic controllers using semihomomorphic encryption. IEEE Trans Autom Control 2020; 65: 3950–7. [CrossRef] [Google Scholar]
Garcia E and Antsaklis PJ. Model-based event-triggered control for systems with quantization and time-varying network delays. IEEE Trans Autom Control 2012; 58: 422–34. [Google Scholar]
Paillier P. Public-key cryptosystems based on composite degree residuosity classes. In: Advances in Cryptology- EUROCRYP’99: International Conference on the Theory and Application of Cryptographic Techniques Prague, Czech Republic, May 2–6, 1999 Proceedings 18. Springer Berlin Heidelberg, 1999, 223–8. [Google Scholar]
Acar A, Aksu H and Uluagac AS et al. A survey on homomorphic encryption schemes: theory and implementation. ACM Comput Surv 2018; 51: 1–35. [Google Scholar]
Shi P, Wang H and Lim CC. Network-based event-triggered control for singular systems with quantizations. IEEE Trans Ind Electron 2016; 63: 1230–8. [CrossRef] [Google Scholar]
Brockett RW and Liberzon D. Quantized feedback stabilization of linear systems. IEEE Trans Autom Control 2000; 45: 1279–89. [CrossRef] [Google Scholar]
https://github.com/martin-kaluz/PaillierCrypto-matlab. [Google Scholar]

Yongxia Shi received a Ph.D. degree in navigation, guidance, and control from Beihang University, Beijing, China, in 2022. From Dec. 2020 to Nov. 2021, she was a joint Ph.D. Student with the Delft Center for Systems and Control, Delft University of Technology, the Netherlands. She is currently a Postdoctoral Researcher at the Department of Electrical Engineering, City University of Hong Kong. Her research interests include spacecraft formation flying, networked control systems, distributed control, event-triggered control, and homomorphic encryption control.

Ehsan Nekouei is currently an Assistant Professor at the Department of Electrical Engineering, City University of Hong Kong. From 2014 to 2019, he held postdoctoral positions at the KTH Royal Institute of Technology, Stockholm, Sweden, and The University of Melbourne, Australia. His current research interests include privacy and security of networked control systems.

Qinglei Hu received a B.Eng. degree in electrical and electronic engineering from Zhengzhou University, Zhengzhou, China, in 2001, and a Ph.D. degree in control science and engineering with a specialization in guidance and control from the Harbin Institute of Technology, Harbin, China, in 2006. From 2003 to 2014, he was with the Department of Control Science and Engineering, Harbin Institute of Technology. He joined Beihang University, Beijing, China, in 2014, as a Full Professor. His current research interests include variable structure control and applications, and fault-tolerant control and applications.

All Figures

	Figure 1. Relative coordinate frames
In the text

	Figure 2. The block diagram of the proposed encrypted control system
In the text

	Figure 3. Time response of relative position and velocity of the chaser spacecraft. (a) Evolution of relative position and (b) Evolution of velocity
In the text

	Figure 4. Quantization error of the chaser spacecraft under the logarithmic quantizer. (a) Error for relative position and (b) Error for relative velocity
In the text

	Figure 5. Quantization error of the chaser spacecraft under the uniform quantizer. (a) Error for relative position and (b) Error for relative velocity
In the text

	Figure 6. Time response of control force of the chaser spacecraft
In the text

	Figure 7. The encrypted relative position
In the text

	Figure 8. The encrypted relative velocity
In the text

	Figure 9. The encrypted control input E(u⁺)
In the text

Current usage metrics show cumulative count of Article Views (full-text article views including HTML views, PDF and ePub downloads, according to the available data) and Abstracts Views on Vision4Press platform.

Data correspond to usage on the plateform after 2015. The current usage metrics is available 48-96 hours after online publication and is updated daily on week days.

Initial download of the metrics may take a while.

[1] McCamish SB, Romano M and Yun X. Autonomous distributed control of simultaneous multiple spacecraft proximity maneuvers. IEEE Trans Autom Sci Eng 2010; 7: 630–44. [CrossRef] [Google Scholar]

[2] Yoon H and Agrawal BN. Novel expressions of equations of relative motion and control in Keplerian orbits. J Guid Control Dyn 2009; 32: 664–9. [CrossRef] [Google Scholar]

[3] Capello E, Punta E and Dabbene F et al. Sliding-mode control strategies for rendezvous and docking maneuvers. J Guid Control Dyn 2017; 40: 1481–7. [CrossRef] [Google Scholar]

[4] Weiss A, Petersen C and Baldwin M et al. Safe positively invariant sets for spacecraft obstacle avoidance. J Guid Control Dyn 2015; 38: 720–32. [CrossRef] [Google Scholar]

[5] Di Cairano S, Park H and Kolmanovsky I. Model predictive control approach for guidance of spacecraft rendezvous and proximity maneuvering. Int J Robust Nonlinear Control 2012; 22: 1398–427. [CrossRef] [Google Scholar]

[6] McCamish SB, Romano M and Yun X. Autonomous distributed control of simultaneous multiple spacecraft proximity maneuvers. IEEE Trans Autom Sci Eng 2010; 7: 630–44. [CrossRef] [Google Scholar]

[7] Reynolds TP, Kelly CL and Morgan C et al. SOC-i: a CubeSat demonstration of optimization-based real-time constrained attitude control. In: 2021 IEEE Aerospace Conference (50100). IEEE, 2021, 1–18. [Google Scholar]

[8] Morphopoulos T, Hansen LJ and Pollack J, et al. Plug-and-play-an enabling capability for responsive space missions. In: Paper No. RS2-2004-5002, Presented at 2nd Responsive Space Conference. Los Angeles, CA, 2004. [Google Scholar]

[9] Lyke J, Cannon S and Fronterhouse D et al. A plug-and-play system for spacecraft components based on the USB standard. 2005. [Google Scholar]

[10] Lyke JC. Plug-and-play satellites. IEEE Spect 2012; 49: 36–42. [CrossRef] [Google Scholar]

[11] Bandyopadhyay S, Subramanian GP and Foust R et al. A review of impending small satellite formation flying missions. In: 53rd AIAA Aerospace Sciences Meeting. 2015, 1623. [Google Scholar]

[12] Wu B. Spacecraft attitude control with input quantization. J Guid Control Dyn 2016; 39: 176–81. [CrossRef] [Google Scholar]

[13] Wu B and Cao X. Robust attitude tracking control for spacecraft with quantized torques. IEEE Trans Aerosp Electron Syst 2017; 54: 1020–8. [Google Scholar]

[14] Sun H, Hou L and Zong G et al. Fixed-time attitude tracking control for spacecraft with input quantization. IEEE Trans Aerosp Electron Syst 2018; 55: 124–34. [Google Scholar]

[15] Liu Q, Liu M and Yu J. Adaptive fault-tolerant control for attitude tracking of flexible spacecraft with limited data transmission. IEEE Trans Syst Man Cybern Syst 2019; 51: 4400–8. [Google Scholar]

[16] Sun H and Hou L. Adaptive attitude control for spacecraft systems with sensor and actuator attacks. Int J Adapt Control Signal Process 2022; 36: 448–68. [CrossRef] [Google Scholar]

[17] Tran J, Farokhi F and Cantoni M et al. Implementing homomorphic encryption based secure feedback control. Control Eng Pract 2020; 97: 104350. [CrossRef] [Google Scholar]

[18] Cortes J, Dullerud GE and Han S et al. Differential privacy in control and network systems. In: 2016 IEEE 55th Conference on Decision and Control (CDC). IEEE, 2016, 4252–72. [CrossRef] [Google Scholar]

[19] Zhang C, Wu J and Huang Y et al. Constructive schemes to spacecraft attitude control with low communication frequency using sampled-data and encryption approaches. Aircr Eng Aerosp Technol 2021; 93: 267–74. [CrossRef] [Google Scholar]

[20] Kogiso K and Fujita T. Cyber-security enhancement of networked control systems using homomorphic encryption. In: 2015 54th IEEE Conference on Decision and Control (CDC). IEEE, 2015, 6836–43. [CrossRef] [Google Scholar]

[21] Teranishi K, Shimada N and Kogiso K. Stability-guaranteed dynamic ElGamal cryptosystem for encrypted control systems. IET Control Theory Appl 2020; 14: 2242–52. [CrossRef] [Google Scholar]

[22] Kawase H, Teranishi K and Kogiso K. Dynamic quantizer synthesis for encrypted state-feedback control systems with partially homomorphic encryption. In: 2022 American Control Conference (ACC), IEEE, 2022, 75–81. [CrossRef] [Google Scholar]

[23] Farokhi F, Shames I and Batterham N. Secure and private control using semi-homomorphic encryption. Control Eng Pract 2017; 67: 13–20. [CrossRef] [Google Scholar]

[24] Kishida M. Encrypted control system with quantiser. IET Control Theory Appl 2019; 13: 146–51. [CrossRef] [Google Scholar]

[25] Murguia C, Farokhi F and Shames I. Secure and private implementation of dynamic controllers using semihomomorphic encryption. IEEE Trans Autom Control 2020; 65: 3950–7. [CrossRef] [Google Scholar]

[26] Garcia E and Antsaklis PJ. Model-based event-triggered control for systems with quantization and time-varying network delays. IEEE Trans Autom Control 2012; 58: 422–34. [Google Scholar]

[27] Paillier P. Public-key cryptosystems based on composite degree residuosity classes. In: Advances in Cryptology- EUROCRYP’99: International Conference on the Theory and Application of Cryptographic Techniques Prague, Czech Republic, May 2–6, 1999 Proceedings 18. Springer Berlin Heidelberg, 1999, 223–8. [Google Scholar]

[28] Acar A, Aksu H and Uluagac AS et al. A survey on homomorphic encryption schemes: theory and implementation. ACM Comput Surv 2018; 51: 1–35. [Google Scholar]

[29] Shi P, Wang H and Lim CC. Network-based event-triggered control for singular systems with quantizations. IEEE Trans Ind Electron 2016; 63: 1230–8. [CrossRef] [Google Scholar]

[30] Brockett RW and Liberzon D. Quantized feedback stabilization of linear systems. IEEE Trans Autom Control 2000; 45: 1279–89. [CrossRef] [Google Scholar]

[31] https://github.com/martin-kaluz/PaillierCrypto-matlab. [Google Scholar]