Physical layer secret key generation for decentralized wireless networks / Génération de clés secrètes avec la couche physique dans les réseaux sans fil décentralisés

Tunaru, Iulia

27 November 2015

Dans cette thèse on s’est intéressé aux méthodes de génération de clés secrètes symétriques en utilisant la couche physique ultra large bande impulsionnelle (IR-UWB). Les travaux ont été réalisés selon trois axes, les deux premiers concernant la communication point-à-point et le dernier, les communications coopératives. Tout d’abord, la quantification des signaux typiques IR-UWB (soit directement échantillonnés, soit estimés) a été investiguée, principalement du point de vue du compromis entre la robustesse (ou réciprocité) des séquences binaires obtenues et leur caractère aléatoire. Différents algorithmes de quantification valorisant l’information temporelle offerte par les canaux IR-UWB pour améliorer ce compromis ont alors été proposés. Ensuite, des études concernant les échanges publics nécessaires à l’étape de réconciliation (visant la correction d’éventuels désaccords entre les séquences binaires générées de part et d’autre du lien) ont montré qu’il était possible d’être plus robuste face aux attaques passives en utilisant des informations de plus haut niveau, inhérentes à cette technologie et disponibles à moindre coût (ex. via une estimation précise du temps de vol aller-retour). Finalement, une nouvelle méthode a été développée afin d’étendre les schémas de génération de clé point-à-point à plusieurs nœuds (trois dans nos études) en utilisant directement la couche physique fournie par les liens radio entre les nœuds. / Emerging decentralized wireless systems, such as sensor or ad-hoc networks, will demand an adequate level of security in order to protect the private and often sensitive information that they carry. The main security mechanism for confidentiality in such networks is symmetric cryptography, which requires the sharing of a symmetric key between the two legitimate parties. According to the principles of physical layer security, wireless devices within the communication range can exploit the wireless channel in order to protect their communications. Due to the theoretical reciprocity of wireless channels, the spatial decorrelation property (e.g., in rich scattering environments), as well as the fine temporal resolution of the Impulse Radio - Ultra Wideband (IR-UWB) technology, directly sampled received signals or estimated channel impulse responses (CIRs) can be used for symmetric secret key extraction under the information-theoretic source model. Firstly, we are interested in the impact of quantization and channel estimation algorithms on the reciprocity and on the random aspect of the generated keys. Secondly, we investigate alternative ways of limiting public exchanges needed for the reconciliation phase. Finally, we develop a new signal-based method that extends the point-to-point source model to cooperative contexts with several nodes intending to establish a group key.

Sécurité avec la couche physique

Génération de clé secrète

Radio impulsionnelle ultra large bande

Génération de clé coopérative

Réseaux décentralisés

Distribution de clés symétriques

Quantification

Réciprocité

Caractère aléatoire

Physical layer security

Secret key generation

Impulse Radio - Ultra Wideband

Cooperative key generation

Decentralized networks

Symmetric key distribution

Quantization

Reciprocity

Randomness

Wireless secret key generation versus capable adversaries

Ghoreishi Madiseh, Masoud

22 December 2011

This dissertation applies theories and concepts of wireless communications and signal processing to the security domain to assess the security of a Wireless secret Key Generation (WKG) system against capable eavesdroppers, who employ all the feasible tools to compromise the system’s security. The security of WKG is evaluated via real wireless measurements, where adversary knows and applies appropriate signal processing tools in ordere to predict the generated key with the communicating pair. It is shown that in a broadband stationary wireless communication channel, (e.g. commercial off-the-shelf 802.11 WLAN devices), a capable eavesdropper can recover a large portion of the secret key bits. However, in an Ultra-wideband (UWB) communication, at the same stationary environment, secret key rates of 128 bits per channel probe are achievable. / Graduate

Wireless Secret Key Generation

Wireless Security

Point to Point Secure Communication

Secret Key Capacity

Wire-tap channel

Public Discussion

Wireless Channel Characterization

Ultrawide Band communication channels

WLAN

IEEE 802.11

Utilisation des propriétés électromagnétiques en sécurité des réseaux sans fil / Signal-Based security in wireless networks

Ben Hamida, Sana

27 February 2012

La sécurité des systèmes de communication mobiles/sans fil est problématique, car ceux-ci sont généralement construits suivant une topologie répartie ou arborescente. Les noeuds qui composent ces réseaux sont caractérisés par des ressources limitées et connectés généralement entre eux d'une manière ad-hoc sans l'aide d'une tierce personne de confiance. Les méthodes de sécurité matures issues du monde des réseaux filaires s'appuient souvent sur des procédés nécessitant des systèmes centralisés et des ressources importantes qui sont difficiles à mettre en place dans des réseaux à fortes contraintes. Dans le cadre de cette thèse, on propose de nouvelles solutions de sécurité qui exploitent les propriétés du médium électromagnétique et de l'interface de radiocommunication dans le but d'assurer des communications sécurisées. La thèse est structurée en deux parties. La première est dédiée au problème de génération de clés de cryptage en exploitant les propriétés des systèmes de communication à bande de fréquence ultra large (ULB). Trois phases sont nécessaires pour convertir le canal radio en clés secrètes: l'estimation du canal, la quantification et l'accord mutuel entre noeuds. Des expérimentations ont été effectuées pour valider les hypothèses sur lesquelles se fondent les méthodes de génération de clés (c.-à-d. la réciprocité et la décorrélation spatiale du canal). Notre étude a montré que la robustesse de ces techniques de sécurité repose sur le choix des algorithmes de numérisation utilisés pour la conversion de la signature du canal ULB vers un format de clé. Une solution adaptative d'extraction a été proposée, évaluée et testée. La robustesse contre les attaques de prédiction du canal a été également examinée. La deuxième partie traite le problème des intrusions illégitimes aux réseaux sans fil. Dans un premier temps, nous testons expérimentalement une méthode basée sur les variations électromagnétiques afin de détecter l'attaque d'écoute passive "eavesdropping" dans les réseaux de capteurs. Par la suite, nous présentons nos travaux concernant l'attaque relais qui est une variante de l'attaque de l'homme-du-milieu et qui est considérée comme un grand défi en particulier pour les systèmes d'authentification. Une nouvelle approche basée sur la détection de la variation des caractéristiques du bruit a été proposée. Des études théoriques et expérimentales ont été conduites pour vérifier la validité de la proposition dans les systèmes de communication de type RFID. / Security in mobile wireless networks is considered a major impediment since these environments are a collection of low-cost devices. They are generally collected in ad hoc manner without the help of trusted third party. Therefore, conventional security methods are always inappropriate. Recent contributions propose to explore the radio communication interface and to turn the radio propagation problems into advantages by providing new alternatives to enhance security. In this thesis, we investigate the signal-based security concept and study its effectiveness through experiments. The first part of this dissertation discusses the problem of key generation from Ultra Wide Band channel. To derive secret keys from channel measurements three stages are required: channel estimation, quantization and key agreement. A campaign of measurements has been performed to confirm the fundamental channel requirements for key generation (i.e., the reciprocity and the spatial decorrelation). Results show that the robustness of such techniques depends on the channel information used as source of randomness as well as on the underlying algorithms. Analysis on the impact of each stage (i.e. the quantization and the key agreement) on the security has been presented. An adaptive key extraction method is proposed, performances are evaluated and robustness against deterministic channel prediction attacks is presented. The second part of the dissertation considers the problem of intrusion detection. First, we test a method based on electromagnetic radiation to discover the presence of an adversary in the receiver/emitter vicinity. Then, the problem of relay attack detection is investigated in RFID systems. A relay attack is a man-in-the middle attack, where the adversary is able to successfully pass the authentication phase by relaying messages between the legitimate verifier and the prover. A new solution based on the noise channel is proposed to detect this attack. Experimental and theoretical results are provided to test the effectiveness of the new proposition.

Sécurité

Réseaux mobiles sans fil

Génération de clés secrètes

Attaque d'écoute passive

Propriétés électromagnétiques

Canal Ultra Large Bande

Security

Wireless mobile networks

Secret key generation

Eavesdropping

Electromagnetic properties

Ultra Wide Band Channel

Autonomous email notification- and booking management system : In a property administration environment / Autonomt notifikationssystem och bokningshanteringssystem : Inom fastighetsadministration

Söderlund, Henrik

January 2017

The contracting company is in the desire of an autonomous system that can do tedious administrative work that is today done manually. They would like to autonomically notify customers about incoming alarms from the customers’ real estates’ Data Under Centrals and to notify about bookings, in which a complete booking system has to be created, together with a file system analyzer that notifies about new files in the customers’ project folders. A notification system was made that was easily deployable and ready to use. The system had to be completely configurable for the contracting company to use it to its full potential. The notification system was to send notifications when a new alarm had entered the database, a booking had to be reminded of, a rebooking was made or a file had been added to the file system in a designated project folder. The contracting company had a web portal that was further developed in ASP.net in which a booking calendar and booking viewer page was added together with a form creation and management system. A demo buttons page was also added for generating demo notifications for the company to show it’s customers how the system responds to certain events. The employees at GATE IBS feel confident that this system will help them in their working environment to further strengthen their position as an industry leading business in control- and monitoring technology. / Det uppdragsgivande företaget önskar ett autonomt system som kan utföra tidskrävande administrativt arbete som idag utförs manuellt. De vill autonomt informera kunderna om inkommande larm från kundens fastigheters "Data Under Centrals" samt meddela om bokningar där ett komplett bokningssystem måste skapas tillsammans med en filsystemanalysator som meddelar om nya filer i kundens projektmapp. Ett notifikationssystem gjordes som var enkelt att distribuera och redo att använda. Systemet måste vara helt konfigurerbart för att det uppdragsgivande bolaget ska kunna använda programmet till sin fulla potential. Anmälningssystemet skulle skicka meddelanden när ett nytt larm hade kommit in i databasen, en bokning måste påminnas om, ombokning gjordes eller en fil hade lagts till filsystemet i en utsedd projektmapp. Kontraktsföretaget hade en webbportal som vidareutvecklades i ASP.net där en bokningskalender och bokningsvisningssida lagts till tillsammans med ett formulärgenererings- och formulärhanteringssystem och en demoknappssida för att generera demonotifikationer för att företaget ska kunna visa kunderna hur systemet svarar på vissa händelser. De anställda på GATE IBS är övertygade om att detta system kommer att hjälpa dem i sin arbetsmiljö för att ytterligare stärka sin ställning som branschledande företag inom kontroll- och övervakningsteknik.

Notification

Autonomous

Email

Software

Booking management

Encrypted key generation

Data Under Central

Notifikation

Autonomt

Email

Mjukvara

Bokningshantering

Enkrypterad nyckelgenerering

Data Under Central

Engineering and Technology

Teknik och teknologier

Annan elektroteknik och elektronik

Software Engineering

Programvaruteknik

Lattice Codes for Secure Communication and Secret Key Generation

Vatedka, Shashank

January 2017

In this work, we study two problems in information-theoretic security. Firstly, we study a wireless network where two nodes want to securely exchange messages via an honest-but-curious bidirectional relay. There is no direct link between the user nodes, and all communication must take place through the relay. The relay behaves like a passive eavesdropper, but otherwise follows the protocol it is assigned. Our objective is to design a scheme where the user nodes can reliably exchange messages such that the relay gets no information about the individual messages. We first describe a perfectly secure scheme using nested lattices, and show that our scheme achieves secrecy regardless of the distribution of the additive noise, and even if this distribution is unknown to the user nodes. Our scheme is explicit, in the sense that for any pair of nested lattices, we give the distribution used for randomization at the encoders to guarantee security. We then give a strongly secure lattice coding scheme, and we characterize the performance of both these schemes in the presence of Gaussian noise. We then extend our perfectly-secure and strongly-secure schemes to obtain a protocol that guarantees end-to-end secrecy in a multichip line network. We also briefly study the robustness of our bidirectional relaying schemes to channel imperfections. In the second problem, we consider the scenario where multiple terminals have access to private correlated Gaussian sources and a public noiseless communication channel. The objective is to generate a group secret key using their sources and public communication in a way that an eavesdropper having access to the public communication can obtain no information about the key. We give a nested lattice-based protocol for generating strongly secure secret keys from independent and identically distributed copies of the correlated random variables. Under certain assumptions on the joint distribution of the sources, we derive achievable secret key rates. The tools used in designing protocols for both these problems are nested lattice codes, which have been widely used in several problems of communication and security. In this thesis, we also study lattice constructions that permit polynomial-time encoding and decoding. In this regard, we first look at a class of lattices obtained from low-density parity-check (LDPC) codes, called Low-density Construction-A (LDA) lattices. We show that high-dimensional LDA lattices have several “goodness” properties that are desirable in many problems of communication and security. We also present a new class of low-complexity lattice coding schemes that achieve the capacity of the AWGN channel. Codes in this class are obtained by concatenating an inner Construction-A lattice code with an outer Reed-Solomon code or an expander code. We show that this class of codes can achieve the capacity of the AWGN channel with polynomial encoding and decoding complexities. Furthermore, the probability of error decays exponentially in the block length for a fixed transmission rate R that is strictly less than the capacity. To the best of our knowledge, this is the first capacity-achieving coding scheme for the AWGN channel which has an exponentially decaying probability of error and polynomial encoding/decoding complexities.

Secret Key Generation

Secure Communication

Nested Lattice Codes

Information Theoretic Security

Secure Bidirectional Relaying

LDA Lattices

Secure Computation

Bidirectional Relay

Lattice Coding Scheme

Gaussian Markov Tree Sources

Electrical Communication Engineering