Physical-layer authentication Using chaotic maps

EVANGELISTA, João Victor de Carvalho

16 August 2016

Submitted by Fabio Sobreira Campos da Costa (fabio.sobreira@ufpe.br) on 2017-03-08T12:29:03Z No. of bitstreams: 2 license_rdf: 1232 bytes, checksum: 66e71c371cc565284e70f40736c94386 (MD5) JOAO VICTOR DE CARVALHO EVANGELISTA_DISSERTACAO_VERSAO_FINAL_2016.pdf: 4051425 bytes, checksum: c53a5039b8aa3054c77f2ee82a10849f (MD5) / Made available in DSpace on 2017-03-08T12:29:03Z (GMT). No. of bitstreams: 2 license_rdf: 1232 bytes, checksum: 66e71c371cc565284e70f40736c94386 (MD5) JOAO VICTOR DE CARVALHO EVANGELISTA_DISSERTACAO_VERSAO_FINAL_2016.pdf: 4051425 bytes, checksum: c53a5039b8aa3054c77f2ee82a10849f (MD5) Previous issue date: 2016-08-16 / Message authentication, which ensures that a received message comes from its acclaimed sender, is of fundamental importance for secure communication systems. We consider in this work a physical layer authentication system employing tag signals embedded in the message to provide a robust authentication method. This work diverges from previous work in the area when it comes to the tag generation method. While the previous works use methods based on cryptographic hash functions or on the channel side information our system employs unidimensional chaotic maps to generate these tags. Due to the loss of information about the initial condition of chaotic maps, we show that they are strong candidates for the tag generation process. We prove that chaotic tags provide a positive lower bound on the unconditional security of the system. Additionally, we calculate the probability of success for three possible attacks to the authentication system: impersonation, substitution and replay.Finally, we analyze how the system parameters affect these probabilities and some performance metrics (bit error rate, outage probability, probability of false negative) and explore the tradeoff between security and performance in order to provide guidelines to design the system. / A autenticação de mensagem, o que garante que uma mensagem recebida vem de seu aclamado remetente, é de fundamental importância para sistemas de comunicação seguros. Neste contexto, considera-se neste trabalho um sistema de autenticação em camada física empregando tags embutidos nas mensagens proporcionando um robusto método de autenticação. Este trabalho diverge de trabalhos anteriores na área no que se refere ao método de geração de tags. Enquanto os trabalhos anteriores utilizam métodos baseados em funções criptográficas de hash e na informação do estado do canal, nosso sistema emprega mapas caóticos unidimensionais para gerar os tags. Devido ao fato de que a informação sobre a condição inicial se perde ao longo de uma órbita caótica mostraremos que elas são fortes candidatas para o processo de geração de tags. Provamos que tags caóticos garantem um limitante inferior positivo na segurança incondicional do sistema. Adicionalmente, nós calculamos a probabilidade de sucesso de três tipos de ataque: de personificação, de substituição e de repetição. Para finalizar, analisamos como os parâmetros do sistema afetam essas probabilidades e algumas métricas de performance (taxa de erro por bit, probabilidade de interrupção e probabilidade de falso negativo) e os compromissos entre segurança e performance para prover um guia de projeto do sistema.

autenticação de mensagem

autenticação em camada física

mapascaóticos

probabilidade de outage

taxa de erro porbit

segurança incondicional

bit error rate

chaotic maps

message authentication

outage probability

physical layer authentication

unconditional securit

Bit-interleaved coded modulation for hybrid rf/fso systems

He, Xiaohui

05 1900

In this thesis, we propose a novel architecture for hybrid radio frequency (RF)/free–space optics (FSO) wireless systems. Hybrid RF/FSO systems are attractive since the RF and FSO sub–systems are affected differently by weather and fading phenomena. We give a thorough introduction to the RF and FSO technology, respectively. The state of the art of hybrid RF/FSO systems is reviewed. We show that a hybrid system robust to different weather conditions is obtained by joint bit–interleaved coded modulation (BICM) of the bit streams transmitted over the RF and FSO sub–channels. An asymptotic performance analysis reveals that a properly designed convolutional code can exploit the diversity offered by the independent sub–channels. Furthermore, we develop code design and power assignment criteria and provide an efficient code search procedure. The cut–off rate of the proposed hybrid system is also derived and compared to that of hybrid systems with perfect channel state information at the transmitter. Simulation results show that hybrid RF/FSO systems with BICM outperform previously proposed hybrid systems employing a simple repetition code and selection diversity. / Applied Science, Faculty of / Electrical and Computer Engineering, Department of / Graduate

FSO

RF

BICM

Physical layer

Channel coding

Cut-off rate

Pairwise Error Probability

Codeword Error Probability

Ricean fading

Gamma-Gamma fading

Feasibility study: Implementation of a gigabit Ethernet controller using an FPGA

Fält, Richard

January 2003

Background: Many systems that Enea Epact AB develops for theirs customers communicates with computers. In order to meet the customers demands on cost effective solutions, Enea Epact wants to know if it is possible to implement a gigabit Ethernet controller in an FPGA. The controller shall be designed with the intent to meet the requirements of IEEE 802.3. Aim: Find out if it is feasible to implement a gigabit Ethernet controller using an FPGA. In the meaning of feasible, certain constraints for size, speed and device must be met. Method: Get an insight of the standard IEEE 802.3 and make a rough design of a gigabit Ethernet controller in order to identify parts in the standard that might cause problem when implemented in an FPGA. Implement the selected parts and evaluate the results. Conclusion: It is possible to implement a gigabit Ethernet controller using an FPGA and the FPGA does not have to be a state-of-the-art device.

Datorteknik

CRC

Data Link Layer

Ethernet

FPGA

gigabit

GMII

MAC

MDI

MII

OSI/BR model

RS

PHY

Physical Layer

Datorteknik

Computer Engineering

Datorteknik

PHYSICAL LAYER SECURITY USING PSEUDO-RANDOM SEQUENCE KEY GENERATION

Arolla, Srihari, Gurrala, Naga Venkata Sai Teja

January 2018

Nowadays, network security plays a major role in the field of wireless communications. Wired networks propagate electrical signals or pulses through cables. Whereas wireless signals propagate through the air. If wireless networks are left open and exposed to the outside world, there are high chances of being misused by others. The intruders take advantage of this, to intercept the wireless signals. This is the reason why an extra level of security is required for wireless networks. The physical layer is one of the important layers of the Open System Interconnection (OSI) model which plays an important role in the network’s physical connections like wireless transmission, cabling, connections etc. The physical layer supports the bit-level transmission between various devices by connecting to the physical medium for synchronized communication.In this thesis, a method is studied for exchanging secret key [1] bits using a pseudo-random sequence generator based on Frequency Division Duplex (FDD) systems. The principle of this method is to generate a secret key in a manner that produces low correlation at the intruder. By uniquely relating the secret key bits to the channel in a private version of the universal codebook, a robust key exchange between the transmitter and the receiver is then performed.

Physical Layer Security

Bit Error Rate

Key Error Rate

Pseudo Random Generator

Secret Key.

Elektroteknik och elektronik

On Physical Layer Abstraction Modeling for 5G and Beyond Communications

Anwar, Waqar

09 November 2021

This thesis aims to abstract the physical layer (PHY) performance of current and upcoming technologies, so that, their suitability for various use cases and scenarios could be evaluated within an affordable time. For the said purpose, a new effective SINR mapping technique eEESM along with the dynamic optimization of the fitting parameter is proposed. The mapping accuracy of proposed eEESM techniques is analyzed and compared against the other state-of-the-art methods in the doubly selective channel. The results show that the proposed technique is more accurate and map closest to the reference packet error rate (PER) curves. Moreover, the mapping error of eEESM is the lowest for all considered MCSs. The justification for its better performance is the tighter symbol error rate (SER) approximation used to derive effective SINR and the proposed optimization approach. The main purpose of using PLA instead of full PHY simulations is to reduce simulation time. Therefore, a novel concept is presented to abstract PHY performance depending on the time and frequency selectivity of the channel. This further reduces the number of computations required to estimate performance using PLA. To demonstrate the gain in terms of simulation time, the computation complexity of PLA is compared against full PHY simulations. Results show that PLA is roughly 1000 to 1000000 times faster (depending on the abstracted fading conditions) compared to the PHY simulator. The effective SINR mapping approach is then further extended for future candidate multi-carrier techniques (i.e., OFDM, DFT-s-OFDM, GFDM, OTFS), which could be adopted by the upcoming technologies. For this purpose, the received SINR of symbols received through these multi-carrier techniques is derived. The resultant received SINR also considers the impact of ICI due to Doppler. Subsequently, the received SINR of symbols is mapped to effective SINR considering the selectivity of the channel. By comparing the effective SINR, OTFS outperforms other techniques. The reason for the better performance of OTFS is due to the spread of symbol energy over time and frequency, which results in higher effective SINR due to higher diversity. Furthermore, evaluation results show that the proposed PLA can accurately model the performance of these multi-carrier techniques under various fading conditions. Multi-connectivity is another enhancement being considered for future technologies, as an enabler for ultra-reliable communications under harsh channel conditions. Therefore, multi-connectivity communications are also studied in this thesis. Specifically, the frequency domain multi-connectivity networks are presented. To fully exploit frequency diversity under frequency selective channels, the subcarrier-based link combing scheme is proposed. The earlier derived received SINR is then extended for the state-of-the-art link combining schemes, i.e., SC, EGC, and MRC. The multi-connectivity gain in terms of the average received SINR is derived and compared for the above-mentioned combining schemes. To abstract the performance of multi-connectivity communications, the post-combined effective SINR mapping is proposed, where effective SINR represents the combined performance of connected links. The developed PLA performance is validated against the PHY simulations for the case of MRC. Results reveal that with the increase in multi-connectivity order, the RMSE error decreases due to the decrease in the variance of mapping SINRs. In the end, various applications of PLA are demonstrated. The developed multi-carrier PLAs are used to compare the performance of multi-carrier techniques under various fading conditions. Results depict that PER of multi-carrier techniques generally decreases with the increase in time or frequency selectivity, given that, the ideal channel estimation, ICI, and inter-symbol interference (ISI) cancellation is used. The multi-connectivity evaluation results depict that with the increase in channel selectivity higher diversity gain could be achieved. Besides, the proposed subcarrier-wise combining scheme achieves better performance compared to the traditional link combining approach. The next PLA application demonstrated is the performance comparison of V2X technologies, i.e., IEEE~802.11p, LTE-V2V, IEEE~802.11bd, and NR-V2X, in an Urban NLOS communications scenario. It is observed that 802.11bd outperforms other technologies in terms of PER and packet reception ratio (PRR). Its better performance is due to lower ICI compared to LTE-V2X and NR-V2X, and due to the use of LDPC codes compared to 802.11p. In contrast, NR-V2X outperforms other technologies in terms of data rates and packet inter-arrival time. The last PLA application shown is the link adaptation for single-link and multi-connectivity communications. In single-link communication, the performance of various PLA techniques is compared in terms of achieved data rates and outage probability against the case of perfect CQI. The CQI based on the proposed eEESM technique improves the data rates and reliability of the link, compared to other schemes. Further, in the case of multi-connectivity, the post-combined effective SINR mapping proposed in this thesis is used for link adaptation in terms of both MCS selection and adapting the number of links. The proposed scheme optimizes multi-connectivity data rates while using the lowest possible number of links required for the desired quality of service.

info:eu-repo/classification/ddc/621.3

ddc:621.3

Model fyzické vrstvy komunikačního systému IEEE 802.11ah / Model of physical layer of communication system IEEE 802.11ah

Jurák, Petr

January 2018

This diploma thesis deals with the analysis of the IEEE 802.11ah wireless communication system. For such a purpose, an appropriate simulation model in program environment MATLAB is created. The first part of thesis focuses on the IEEE 802.11 standard. Basic blocks of the transmitter and receiver are described. Attention is also devoted on the brief description of considered transmission channels. The second part contains the description of the proposed and realized simulation model in MATLAB. Individual blocks of the simulation model are described in details. Finally, the obtained simulation results are evaluated and discussed.

OFDM Precoding for Filter-Bank based Waveforms / Techniques de précodage OFDM pour formes d'onde à base de bancs de filtres

Demmer, David

06 June 2019

De nouveaux usages des systèmes de communications sans fils, tels que les réseaux de capteurs ou les voitures autonomes, ont émergé au cours des dernières années. Ces usages sont fondamentalement différents des applications haut-débit actuelles des réseaux cellulaires. La future technologie mobile, la 5G New Radio, introduit donc le concept de numérologie du signal afin de pouvoir satisfaire aux besoin hétérogènes des multiples applications supportées. En effet en supportant différentes numérologies de signaux, l'allocation temps/fréquence des signaux devient plus flexible et le signal transmis peut être adapté en conséquence. Cependant, supporte simultanément différentes numérologies génère de l'interférence et donc distord les signaux. Les filtrages spatiaux, comme la formation de faisceaux, est envisagée en 5G pour limiter l'interférence générée mais pour les communications au-dessus de 6 GHz. Il n'y a cependant pas de solutions proposées pour mes communications en-dessous de 6 GHz. Dans ce travail, des techniques d'atténuation des lobes secondaires sont étudiées pour faciliter le multiplexage des services pour les communications sous 6 GHz. L’interférence entre-utilisateurs est alors contrôlée mais la bande est également mieux utilisée. Une solution innovante, combinant bancs de filtres et orthogonalité complexe, est proposée. L'orthogonalité complexe est garanti grâce à un précodage OFDM qui remplace le précodage OQAM communément utilisé. De plus, le système développé, le Block-Filtered OFDM, utilise un récepteur 5G classique ce qui garantit la retro-compatibilité avec les techniques déjà déployée. Le modèle du BF-OFDM est entièrement décrit et adapté aux normes des réseaux mobiles. De plus, de multiples méthodes de conception des filtres prototypes sont proposées afin de mieux répondre aux besoins des systèmes. La forme d'onde étudiée est également comparée avec les autres solutions de l'état de l'art sur des scénarios d'étude classiques mais également adaptés aux nouveaux enjeux des technologies sans fils. / New use cases for wireless communications recently emerged ranging from massive sensor networks to connected cars. These applications highly differ from typical signals supported by already deployed mobile technologies, which are mainly high data rate pipes. The forthcoming generation of mobile technology, 5G New Radio, introduces the concept of signal numerology so as to properly serve the requirements of the diverse applications it will support. Indeed by considering different numerologies, the time/frequency signal allocation is made more flexible which allows to shape the transmitted signal according to its needs. However, multiplexing signals with different numerologies generates interference and therefore signal distortion. Spatial filtering, such as beamforming, is envisioned for 5G above 6-GHz communications to limit inter-user interference. However, this issue still holds for sub-6 GHz systems where spatial filtering is not considered in 5G.In this work, we consider side lobe rejection techniques to ease service multiplexing in sub-6 GHz bands. Not only it provides inter-user interference mitigation but it also improves the bandwidth use efficiency in bands where frequency is a scarce resource. A novel solution, mixing filter-bank for confined spectrum and complex orthogonality for a straightforward re-use of known-how 4G/5G techniques, is proposed. The complex orthogonality is restored thanks to an OFDM precoding substituting the commonly used Offset-QAM signaling which limits the orthogonality to the real field. Moreover, the proposed solution, named Block-Filtered Orthogonal Frequency Division Multiplexing (BFOFDM), relies on a simple 5G receiver scheme which makes it backward compatible with already deployed technologies.The BF-OFDM system model is fully described and adapted to cellular standards. Besides, different prototype filter designs methods are proposed to either improve the intrinsic interference attenuation or to better confined the spectrum of the transmitted signal. Last but not least, the proposed waveform will be compared with state-of-the-art solutions for both typical and 5G oriented evaluation scenarios such as multi-service coexistence.

Modulations

5G

Mimo

Banc de filtres

Couche physique

OFDM

BF-OFDM

Modulation Schemes

Mimo

5G

FBMC

Physical layer

OFDM

Filter banks

BF-OFDM

621.382 16

Analyse et modélisation du canal radio pour la génération de clés secrètes / Analysis and modeling of the radio channel for secret key generation

Mazloum, Taghrid

12 February 2016

La sécurité des communications sans fil omniprésentes devient, ces dernières années, de plus en plus une exigence incontournable. Bien que la cryptographie symétrique assure largement la confidentialité des données, la difficulté concerne la génération et la distribution de clés secrètes. Récemment, des études indiquent que les caractéristiques inhérentes du canal de propagation peuvent être exploitées afin de consolider la sécurité. En particulier, le canal radio fournit en effet une source d'aléa commune à deux utilisateurs à partir de laquelle des clés secrètes peuvent être générées. Dans la présente dissertation, nous nous intéressons au processus de génération de clés secrètes (SKG), tout en reliant les propriétés du canal radio à la qualité des clés générées. D'abord nous développons un modèle du canal stochastique, traitant la sécurité du point de vue de l'espion, qui montre une mémoire de canal résiduelle bien au-delà d'une distance de quelques longueurs d'onde (scénarios spatialement non-stationnaires). Ensuite, nous exploitons les degrés de liberté (DOF) du canal et analysons leur impact sur la performance de SKG dans différentes conditions, tout en considérant des canaux plus réalistes en environnements extérieur et intérieur (respectivement grâce à des données déterministes simulées et à des mesures). Les résultats montrent que, même pour des bandes modérées (comme standardisées dans la norme IEEE 802.11), le seul DoF de fréquence ou de son association avec le DoF spatial est souvent suffisant pour générer des longues clés, à condition d'utiliser une méthode efficace de quantification des coefficients complexes du canal. / Nowadays, the security of ubiquitous wireless communications becomes more and more a crucial requirement. Even though data is widely protected via symmetric ciphering keys, a well-known difficulty is the generation and distribution of such keys. In the recent years therefore, a set of works have addressed the exploitation of inherent characteristics of the fading propagation channel for security. In particular, secret keys could be generated from the wireless channel, considered as a shared source of randomness, available merely to a pair of communicating entities. ln the present dissertation, we are interested in the approach of secret key generation (SKG) from wireless channels, especially in relating the radio channel properties to the generated keys quality. We first develop a stochastic channel model, focusing on the security with respect to the eavesdropper side, which shows a residual channel memory weil beyond a few wavelengths distance (spatially nonstationary scenarios). Then, we analyze the channel degrees of freedom (DoF) and their impact on the SKG performance in different channel conditions, especially by considering more realistic channels in both outdoor and indoor environments (respectively through simulated ray tracing data and through measurements). The results show that, even for moderately wide band (such as standardized in IEEE 802.11), the sole frequency DOF or its association with the spatial DOF is often enough for generating long keys, provided an efficient quantization method of the complex channel coefficients is used.

Génération de clés secrètes

Sécurité de la couche physique

Canal radio

Réseau sans fil

Secret key generation (SKG)

Physical layer security

Radio channel

Wireless network

Communications multi-utilisateurs dans les réseaux d’accès radio centralisés : architecture, coordination et optimisation / Multi-user Communication in Cloud Radio Access Network : Architecture, Coordination and Optimization

Boviz, Dora

19 June 2017

Dans les réseaux mobiles du future, un déploiement plus dense des points d’accés radio est prévu pour satisfaire la demande accrue de débit, mais les terminaux utilisateurs peuvent être affectés par une interférence inter-cellulaire plus forte. Par chance, la centralisation des traitements de signal en bande de base dans l’achitecture Cloud RAN (C-RAN) offre la possibilité de la coordination et du traitement conjoint de plusieurs cellules. Pour réellement permettre de déployer ces techniques, une étude bout-à-bout du CRAN est nécessaire selon plusieurs aspects, notamment l’architecture fonctionnelle, la stratégie de coordination, l’implémentation du traitement de signal multiutilisateur et les optimisations possibles pour un fonctionnement plus efficace.Dans cette thèse, nous proposons en premier une architecture qui définit le placement des fonctions du traitement en bande de base entre les unités distribuées et le serveur central. Le but de ce design est de permettre la réalisation des fonctions multi-utilisateurs en transmettant avec la moins de débit possible sur les liens de fronthaul reliant les différentes entités. Dans un second temps, nous présentons comment il est possible de coordiner les différentes cellules servies par le C-RAN en utilisant le concept de réseaux définis par logiciels adapté pour les réseaux d’accès radio. Nous avons mis en place un prototype démontrant la faisabilité de la méthode de contrôle proposée. Finalement, nous étudions l’allocation adaptative du débit sur les liens de fronthaul transportant les symboles numériques quantifiés des utilisateurs en besoin de traitement multi-cellulaire sur la voie montante pour exploiter l’interférence entre eux. Nous proposons un modèle d’optimisation qui inclut le coût des transmissions fronthaul pour maximiser ainsi le gain obtenu par l’opérateur du réseau où la communication multiutilisateur a lieu. Nous réalisons l’optimisation pour différents modèles de coût et en utilisants deux types de données: d’abord les estimations de canal supposées parfaites et disponibles en temps réel, puis seulement les statistiques du canal. Nous montrons que la méthode d’optimisation proposée permet d’exploiter plus efficacement les liens de fronthaul dans l’architecture précedemment définie. / In future mobile networks denser deployment of radio access points is planned to satisfy demand of higher throughput, but an increased number of mobile users can suffer from inter-cell interference. Fortunately, the centralization of base-band processing offered by Cloud Radio Access Network (C-RAN) architecture enables coordination and joint physical layer processing between cells. To make practical deployment of these techniques possible, we have to study C-RAN in an end-to-end view regarding several aspects: the functional architecture of a deployment, the multi-cell coordination strategy, the implementation of multi-user signal processing and possibilities for optimization to increase operational efficiency.In this thesis, first, we propose an architecture defining the placement of base-band processing functions between the distributed remote units and the central processing unit. The aim of this design is to enable multi-cell processing both on the uplink and the downlink while requiring low data rate between the involved entities. Secondly, we study how low latency coordination can be realized inside the central unit using software defined networking adapted to radio access networks. Our demonstration through a real-time prototype deployment shows the feasibility of the proposed control framework. Finally, we investigate adaptive allocation of fronthaul rate that is used for transferring quantized base-band symbols for users participating in uplink multi-cell reception in order to exploit interference between them. We propose an optimization model that includes the cost of fronthaul tranmissions and aims to maximize the gain of network operators from multi-user transmissions in C-RAN. We solve the optimization problem for different fronthaul pricing models, in a scenario where real-time and accurate channel estimates are available and in another where only channel statistics are exploited. Using our method - fitting in the architecture that we have defined - cost efficiency of fronthaul usage can be significantly improved.

Multi-antennes

Réseaux d’accès radio

Traitement de signal

Fronthaul

Couche physique

Multiple input multiple output

Radio access network

Signal processing

Fronthaul

Physical layer

Towards Practical and Secure Channel Impulse Response-based Physical Layer Key Generation

Walther, Paul

03 January 2022

Der derzeitige Trend hin zu “smarten” Geräten bringt eine Vielzahl an Internetfähigen und verbundenen Geräten mit sich. Die entsprechende Kommunikation dieser Geräte muss zwangsläufig durch geeignete Maßnahmen abgesichert werden, um die datenschutz- und sicherheitsrelevanten Anforderungen an die übertragenen Informationen zu erfüllen. Jedoch zeigt die Vielzahl an sicherheitskritischen Vorfällen im Kontext von “smarten” Geräten und des Internets der Dinge auf, dass diese Absicherung der Kommunikation derzeit nur unzureichend umgesetzt wird. Die Ursachen hierfür sind vielfältig: so werden essentielle Sicherheitsmaßnahmen im Designprozess mitunter nicht berücksichtigt oder auf Grund von Preisdruck nicht realisiert. Darüber hinaus erschwert die Beschaffenheit der eingesetzten Geräte die Anwendung klassischer Sicherheitsverfahren. So werden in diesem Kontext vorrangig stark auf Anwendungsfälle zugeschnittene Lösungen realisiert, die auf Grund der verwendeten Hardware meist nur eingeschränkte Rechen- und Energieressourcen zur Verfügung haben. An dieser Stelle können die Ansätze und Lösungen der Sicherheit auf physikalischer Schicht (physical layer security, PLS) eine Alternative zu klassischer Kryptografie bieten. Im Kontext der drahtlosen Kommunikation können hier die Eigenschaften des Übertragungskanals zwischen zwei legitimen Kommunikationspartnern genutzt werden, um Sicherheitsprimitive zu implementieren und damit Sicherheitsziele zu realisieren. Konkret können etwa reziproke Kanaleigenschaften verwendet werden, um einen Vertrauensanker in Form eines geteilten, symmetrischen Geheimnisses zu generieren. Dieses Verfahren wird Schlüsselgenerierung basierend auf Kanalreziprozität (channel reciprocity based key generation, CRKG) genannt. Auf Grund der weitreichenden Verfügbarkeit wird dieses Verfahren meist mit Hilfe der Kanaleigenschaft des Empfangsstärkenindikators (received signal strength indicator, RSSI) realisiert. Dies hat jedoch den Nachteil, dass alle physikalischen Kanaleigenschaften auf einen einzigen Wert heruntergebrochen werden und somit ein Großteil der verfügbaren Informationen vernachlässigt wird. Dem gegenüber steht die Verwendung der vollständigen Kanalzustandsinformationen (channel state information, CSI). Aktuelle technische Entwicklungen ermöglichen es zunehmend, diese Informationen auch in Alltagsgeräten zur Verfügung zu stellen und somit für PLS weiterzuverwenden. In dieser Arbeit analysieren wir Fragestellungen, die sich aus einem Wechsel hin zu CSI als verwendetes Schlüsselmaterial ergeben. Konkret untersuchen wir CSI in Form von Ultrabreitband-Kanalimpulsantworten (channel impulse response, CIR). Für die Untersuchungen haben wir initial umfangreiche Messungen vorgenommen und damit analysiert, in wie weit die grundlegenden Annahmen von PLS und CRKG erfüllt sind und die CIRs sich grundsätzlich für die Schlüsselgenerierung eignen. Hier zeigen wir, dass die CIRs der legitimen Kommunikationspartner eine höhere Ähnlichkeit als die eines Angreifers aufzeigen und das somit ein Vorteil gegenüber diesem auf der physikalischen Schicht besteht, der für die Schlüsselgenerierung ausgenutzt werden kann. Basierend auf den Ergebnissen der initialen Untersuchung stellen wir dann grundlegende Verfahren vor, die notwendig sind, um die Ähnlichkeit der legitimen Messungen zu verbessern und somit die Schlüsselgenerierung zu ermöglichen. Konkret werden Verfahren vorgestellt, die den zeitlichen Versatz zwischen reziproken Messungen entfernen und somit die Ähnlichkeit erhöhen, sowie Verfahren, die das in den Messungen zwangsläufig vorhandene Rauschen entfernen. Gleichzeitig untersuchen wir, inwieweit die getroffenen fundamentalen Sicherheitsannahmen aus Sicht eines Angreifers erfüllt sind. Zu diesem Zweck präsentieren, implementieren und analysieren wir verschiedene praktische Angriffsmethoden. Diese Verfahren umfassen etwa Ansätze, bei denen mit Hilfe von deterministischen Kanalmodellen oder durch ray tracing versucht wird, die legitimen CIRs vorherzusagen. Weiterhin untersuchen wir Machine Learning Ansätze, die darauf abzielen, die legitimen CIRs direkt aus den Beobachtungen eines Angreifers zu inferieren. Besonders mit Hilfe des letzten Verfahrens kann hier gezeigt werden, dass große Teile der CIRs deterministisch vorhersagbar sind. Daraus leitet sich der Schluss ab, dass CIRs nicht ohne adäquate Vorverarbeitung als Eingabe für Sicherheitsprimitive verwendet werden sollten. Basierend auf diesen Erkenntnissen entwerfen und implementieren wir abschließend Verfahren, die resistent gegen die vorgestellten Angriffe sind. Die erste Lösung baut auf der Erkenntnis auf, dass die Angriffe aufgrund von vorhersehbaren Teilen innerhalb der CIRs möglich sind. Daher schlagen wir einen klassischen Vorverarbeitungsansatz vor, der diese deterministisch vorhersagbaren Teile entfernt und somit das Eingabematerial absichert. Wir implementieren und analysieren diese Lösung und zeigen ihre Effektivität sowie ihre Resistenz gegen die vorgeschlagenen Angriffe. In einer zweiten Lösung nutzen wir die Fähigkeiten des maschinellen Lernens, indem wir sie ebenfalls in das Systemdesign einbringen. Aufbauend auf ihrer starken Leistung bei der Mustererkennung entwickeln, implementieren und analysieren wir eine Lösung, die lernt, die zufälligen Teile aus den rohen CIRs zu extrahieren, durch die die Kanalreziprozität definiert wird, und alle anderen, deterministischen Teile verwirft. Damit ist nicht nur das Schlüsselmaterial gesichert, sondern gleichzeitig auch der Abgleich des Schlüsselmaterials, da Differenzen zwischen den legitimen Beobachtungen durch die Merkmalsextraktion effizient entfernt werden. Alle vorgestellten Lösungen verzichten komplett auf den Austausch von Informationen zwischen den legitimen Kommunikationspartnern, wodurch der damit verbundene Informationsabfluss sowie Energieverbrauch inhärent vermieden wird.

info:eu-repo/classification/ddc/004

ddc:004