Information-Theoretically Secure Communication Under Channel Uncertainty

Ly, Hung Dinh

2012 May 1900

Secure communication under channel uncertainty is an important and challenging problem in physical-layer security and cryptography. In this dissertation, we take a fundamental information-theoretic view at three concrete settings and use them to shed insight into efficient secure communication techniques for different scenarios under channel uncertainty. First, a multi-input multi-output (MIMO) Gaussian broadcast channel with two receivers and two messages: a common message intended for both receivers (i.e., channel uncertainty for decoding the common message at the receivers) and a confidential message intended for one of the receivers but needing to be kept asymptotically perfectly secret from the other is considered. A matrix characterization of the secrecy capacity region is established via a channel-enhancement argument and an extremal entropy inequality previously established for characterizing the capacity region of a degraded compound MIMO Gaussian broadcast channel. Second, a multilevel security wiretap channel where there is one possible realization for the legitimate receiver channel but multiple possible realizations for the eavesdropper channel (i.e., channel uncertainty at the eavesdropper) is considered. A coding scheme is designed such that the number of secure bits delivered to the legitimate receiver depends on the actual realization of the eavesdropper channel. More specifically, when the eavesdropper channel realization is weak, all bits delivered to the legitimate receiver need to be secure. In addition, when the eavesdropper channel realization is strong, a prescribed part of the bits needs to remain secure. We call such codes security embedding codes, referring to the fact that high-security bits are now embedded into the low-security ones. We show that the key to achieving efficient security embedding is to jointly encode the low-security and high-security bits. In particular, the low-security bits can be used as (part of) the transmitter randomness to protect the high-security ones. Finally, motivated by the recent interest in building secure, robust and efficient distributed information storage systems, the problem of secure symmetrical multilevel diversity coding (S-SMDC) is considered. This is a setting where there are channel uncertainties at both the legitimate receiver and the eavesdropper. The problem of encoding individual sources is first studied. A precise characterization of the entire admissible rate region is established via a connection to the problem of secure coding over a three-layer wiretap network and utilizing some basic polyhedral structure of the admissible rate region. Building on this result, it is then shown that the simple coding strategy of separately encoding individual sources at the encoders can achieve the minimum sum rate for the general S-SMDC problem.

Channel uncertainty

secure communication

MIMO secure communication

security embedding

secure distributed storage systems

physical-layer security

Key Agreement over Wiretap Models with Non-Causal Side Information

Zibaeenejad, Ali

January 2012

The security of information is an indispensable element of a communication system when transmitted signals are vulnerable to eavesdropping. This issue is a challenging problem in a wireless network as propagated signals can be easily captured by unauthorized receivers, and so achieving a perfectly secure communication is a desire in such a wiretap channel. On the other hand, cryptographic algorithms usually lack to attain this goal due to the following restrictive assumptions made for their design. First, wiretappers basically have limited computational power and time. Second, each authorized party has often access to a reasonably large sequence of uniform random bits concealed from wiretappers. To guarantee the security of information, Information Theory (IT) offers the following two approaches based on physical-layer security. First, IT suggests using wiretap (block) codes to securely and reliably transmit messages over a noisy wiretap channel. No confidential common key is usually required for the wiretap codes. The secrecy problem investigates an optimum wiretap code that achieves the secrecy capacity of a given wiretap channel. Second, IT introduces key agreement (block) codes to exchange keys between legitimate parties over a wiretap model. The agreed keys are to be reliable, secure, and (uniformly) random, at least in an asymptotic sense, such that they can be finally employed in symmetric key cryptography for data transmission. The key agreement problem investigates an optimum key agreement code that obtains the key capacity of a given wiretap model. In this thesis, we study the key agreement problem for two wiretap models: a Discrete Memoryless (DM) model and a Gaussian model. Each model consists of a wiretap channel paralleled with an authenticated public channel. The wiretap channel is from a transmitter, called Alice, to an authorized receiver, called Bob, and to a wiretapper, called Eve. The Probability Transition Function (PTF) of the wiretap channel is controlled by a random sequence of Channel State Information (CSI), which is assumed to be non-causally available at Alice. The capacity of the public channel is C_P₁∈[0,∞) in the forward direction from Alice to Bob and C_P₂∈[0,∞) in the backward direction from Bob to Alice. For each model, the key capacity as a function of the pair (C_P₁, C_P₂) is denoted by C_K(C_P₁, C_P₂). We investigate the forward key capacity of each model, i.e., C_K(C_P₁, 0) in this thesis. We also study the key generation over the Gaussian model when Eve's channel is less noisy than Bob's. In the DM model, the wiretap channel is a Discrete Memoryless State-dependent Wiretap Channel (DM-SWC) in which Bob and Eve each may also have access to a sequence of Side Information (SI) dependent on the CSI. We establish a Lower Bound (LB) and an Upper Bound (UB) on the forward key capacity of the DM model. When the model is less noisy in Bob's favor, another UB on the forward key capacity is derived. The achievable key agreement code is asymptotically optimum as C_P₁→ ∞. For any given DM model, there also exists a finite capacity C⁰_P₁, which is determined by the DM-SWC, such that the forward key capacity is achievable if C_P₁≥ C⁰_P₁. Moreover, the key generation is saturated at capacity C_P₁= C⁰_P₁, and thus increasing the public channel capacity beyond C⁰_P₁ makes no improvement on the forward key capacity of the DM model. If the CSI is fully known at Bob in addition to Alice, C⁰_P₁=0, and so the public channel has no contribution in key generation when the public channel is in the forward direction. The achievable key agreement code of the DM model exploits both a random generator and the CSI as resources for key generation at Alice. The randomness property of channel states can be employed for key generation, and so the agreed keys depend on the CSI in general. However, a message is independent of the CSI in a secrecy problem. Hence, we justify that the forward key capacity can exceed both the main channel capacity and the secrecy capacity of the DM-SWC. In the Gaussian model, the wiretap channel is a Gaussian State-dependent Wiretap Channel (G-SWC) with Additive White Gaussian Interference (AWGI) having average power Λ. For simplicity, no side information is assumed at Bob and Eve. Bob's channel and Eve's channel suffer from Additive White Gaussian Noise (AWGN), where the correlation coefficient between noise of Bob's channel and that of Eve's channel is given by ϱ. We prove that the forward key capacity of the Gaussian model is independent of ϱ. Moreover, we establish that the forward key capacity is positive unless Eve's channel is less noisy than Bob's. We also prove that the key capacity of the Gaussian model vanishes if the G-SWC is physically degraded in Eve's favor. However, we justify that obtaining a positive key capacity is feasible even if Eve's channel is less noisy than Bob's according to our achieved LB on the key capacity for case (C_P₁, C_P₂)→ (∞, ∞). Hence, the key capacity of the Gaussian model is a function of ϱ. In this thesis, an LB on the forward key capacity of the Gaussian model is achieved. For a fixed Λ, the achievable key agreement code is optimum for any C_P₁∈[0,∞) in both low Signal-to-Interference Ratio (SIR) and high SIR regimes. We show that the forward key capacity is asymptotically independent of C_P₁ and Λ as the SIR goes to infinity, and thus the public channel and the interference have negligible contributions in key generation in the high SIR regime. On the other hand, the forward key capacity is a function of C_P₁ and Λ in the low SIR regime. Contributions of the interference and the public channel in key generation are significant in the low SIR regime that will be illustrated by simulations. The proposed key agreement code asymptotically achieves the forward key capacity of the Gaussian model for any SIR as C_P₁→ ∞. Hence, C_K(∞,0) is calculated, and it is suggested as a UB on C_K(C_P₁,0). Using simulations, we also compute the minimum required C_P₁ for which the forward key capacity is upper bounded within a given tolerance. The achievable key agreement code is designed based on a generalized version of the Dirty Paper Coding (DPC) in which transmitted signals are correlated with the CSI. The correlation coefficient is to be determined by C_P₁. In contrast to the DM model, the LB on the forward key capacity of a Gaussian model is a strictly increasing function of C_P₁ according to our simulations. This fact is an essential difference between this model and the DM model. For C_P₁=0 and a fixed Λ, the forward key capacity of the Gaussian model exceeds the main channel capacity of the G-SWC in the low SIR regime. By simulations, we show that the interference enhances key generation in the low SIR regime. In this regime, we also justify that the positive effect of the interference on the (forward) key capacity is generally more than its positive effect on the secrecy capacity of the G-SWC, while the interference has no influence on the main channel capacity of the G-SWC.

Channel with Random State

Gaussian Interference Channel

Key Capacity

Wiretap Channel

Key Agreement

Channel Coding

Information-Theoretic Security

Physical-Layer Security

Electrical and Computer Engineering

Communications with chaotic optoelectronic systems - cryptography and multiplexing

Rontani, Damien

20 October 2011

With the rapid development of optical communications and the increasing amount of data exchanged, it has become utterly important to provide effective ar- chitectures to protect sensitive data. The use of chaotic optoelectronic devices has already demonstrated great potential in terms of additional computational security at the physical layer of the optical network. However, the determination of the security level and the lack of a multi-user framework are two hurdles which have prevented their deployment on a large scale. In this thesis, we propose to address these two issues. First, we investigate the security of a widely used chaotic generator, the external cavity semiconductor laser (ECSL). This is a time-delay system known for providing complex and high-dimensional chaos, but with a low level of security regarding the identification of its most critical parameter, the time delay. We perform a detailed analysis of the influence of the ECSL parameters to devise how higher levels of security can be achieved and provide a physical interpretation of their origin. Second, we devise new architectures to multiplex optical chaotic signals and realize multi-user communications at high bit rates. We propose two different approaches exploiting known chaotic optoelectronic devices. The first one uses mutually cou- pled ECSL and extends typical chaos-based encryption strategies, such as chaos-shift keying (CSK) and chaos modulation (CMo). The second one uses an electro-optical oscillator (EOO) with multiple delayed feedback loops and aims first at transpos- ing coded-division multiple access (CDMA) and then at developing novel strategies of encryption and decryption, when the time-delays of each feedback loop are time- dependent.

Communication

Chaos

Nonlinear dynamics

Synchronization

Time-delay systems

Optoelectronic devices

Multiplexing

Physical layer security

Optical communications

Computer security

Chaotic behavior in systems

Wireless Channel Estimation With Applications to Secret Key Generation

Movahedian, Alireza

14 October 2014

This research investigates techniques for iterative channel estimation to maximize channel capacity and communication security. The contributions of this dissertation are as follows: i) An accurate, low-complexity approach to pilot-assisted fast-fading channel estimation for single-carrier modulation with a turbo equalizer and a decoder is proposed. The channel is estimated using a Kalman filter (KF) followed by a zero-phase filter (ZPF) as a smoother. The combination of the ZPF with the KF of the channel estimator makes it possible to reduce the estimation error to near the Wiener bound. ii) A new semi-blind channel estimation technique is introduced for multiple-input-multiple-output channels. Once the channel is estimated using a few pilots, a low-order KF is employed to progressively predict the channel gains for the upcoming blocks. iii) The capacity of radio channels is investigated when iterative channel estimation, data detection, and decoding are employed. By taking the uncertainty in decoded data bits into account, the channel Linear Minimum Mean Square Error (LMMSE) estimator of an iterative receiver with a given pilot ratio is obtained. The derived error value is then used to derive a bound on capacity. It is shown that in slow fading channels, iterative processing provides only a marginal advantage over non-iterative approach to channel estimation. Knowing the capacity gain from iterative processing versus purely pilot-based channel estimation helps a designer to compare the performance of an iterative receiver against a non-iterative one and select the best balance between performance and cost. iv) A Radio channel is characterized by random parameters which can be used to generate shared secret keys by the communicating parties when the channel is estimated. This research studies upper bounds on the rate of the secret keys extractable from iteratively estimated channels. Various realistic scenarios are considered where the transmission is half-duplex and/or the channel is sampled under the Nyquist rate. The effect of channel sampling interval, fading rate and noise on the key rate is demonstrated. The results of this research can be beneficial for the design and analysis of reliable and secure mobile wireless systems. / Graduate / 0544

Wireless networks

Secret key generation

Channel estimation

Kalman filter

MIMO channels

Wireless channel capacity

Turbo equalization

Physical-layer security

MIMO-OFDM

Key Agreement over Wiretap Models with Non-Causal Side Information

Zibaeenejad, Ali

January 2012

The security of information is an indispensable element of a communication system when transmitted signals are vulnerable to eavesdropping. This issue is a challenging problem in a wireless network as propagated signals can be easily captured by unauthorized receivers, and so achieving a perfectly secure communication is a desire in such a wiretap channel. On the other hand, cryptographic algorithms usually lack to attain this goal due to the following restrictive assumptions made for their design. First, wiretappers basically have limited computational power and time. Second, each authorized party has often access to a reasonably large sequence of uniform random bits concealed from wiretappers. To guarantee the security of information, Information Theory (IT) offers the following two approaches based on physical-layer security. First, IT suggests using wiretap (block) codes to securely and reliably transmit messages over a noisy wiretap channel. No confidential common key is usually required for the wiretap codes. The secrecy problem investigates an optimum wiretap code that achieves the secrecy capacity of a given wiretap channel. Second, IT introduces key agreement (block) codes to exchange keys between legitimate parties over a wiretap model. The agreed keys are to be reliable, secure, and (uniformly) random, at least in an asymptotic sense, such that they can be finally employed in symmetric key cryptography for data transmission. The key agreement problem investigates an optimum key agreement code that obtains the key capacity of a given wiretap model. In this thesis, we study the key agreement problem for two wiretap models: a Discrete Memoryless (DM) model and a Gaussian model. Each model consists of a wiretap channel paralleled with an authenticated public channel. The wiretap channel is from a transmitter, called Alice, to an authorized receiver, called Bob, and to a wiretapper, called Eve. The Probability Transition Function (PTF) of the wiretap channel is controlled by a random sequence of Channel State Information (CSI), which is assumed to be non-causally available at Alice. The capacity of the public channel is C_P₁∈[0,∞) in the forward direction from Alice to Bob and C_P₂∈[0,∞) in the backward direction from Bob to Alice. For each model, the key capacity as a function of the pair (C_P₁, C_P₂) is denoted by C_K(C_P₁, C_P₂). We investigate the forward key capacity of each model, i.e., C_K(C_P₁, 0) in this thesis. We also study the key generation over the Gaussian model when Eve's channel is less noisy than Bob's. In the DM model, the wiretap channel is a Discrete Memoryless State-dependent Wiretap Channel (DM-SWC) in which Bob and Eve each may also have access to a sequence of Side Information (SI) dependent on the CSI. We establish a Lower Bound (LB) and an Upper Bound (UB) on the forward key capacity of the DM model. When the model is less noisy in Bob's favor, another UB on the forward key capacity is derived. The achievable key agreement code is asymptotically optimum as C_P₁→ ∞. For any given DM model, there also exists a finite capacity C⁰_P₁, which is determined by the DM-SWC, such that the forward key capacity is achievable if C_P₁≥ C⁰_P₁. Moreover, the key generation is saturated at capacity C_P₁= C⁰_P₁, and thus increasing the public channel capacity beyond C⁰_P₁ makes no improvement on the forward key capacity of the DM model. If the CSI is fully known at Bob in addition to Alice, C⁰_P₁=0, and so the public channel has no contribution in key generation when the public channel is in the forward direction. The achievable key agreement code of the DM model exploits both a random generator and the CSI as resources for key generation at Alice. The randomness property of channel states can be employed for key generation, and so the agreed keys depend on the CSI in general. However, a message is independent of the CSI in a secrecy problem. Hence, we justify that the forward key capacity can exceed both the main channel capacity and the secrecy capacity of the DM-SWC. In the Gaussian model, the wiretap channel is a Gaussian State-dependent Wiretap Channel (G-SWC) with Additive White Gaussian Interference (AWGI) having average power Λ. For simplicity, no side information is assumed at Bob and Eve. Bob's channel and Eve's channel suffer from Additive White Gaussian Noise (AWGN), where the correlation coefficient between noise of Bob's channel and that of Eve's channel is given by ϱ. We prove that the forward key capacity of the Gaussian model is independent of ϱ. Moreover, we establish that the forward key capacity is positive unless Eve's channel is less noisy than Bob's. We also prove that the key capacity of the Gaussian model vanishes if the G-SWC is physically degraded in Eve's favor. However, we justify that obtaining a positive key capacity is feasible even if Eve's channel is less noisy than Bob's according to our achieved LB on the key capacity for case (C_P₁, C_P₂)→ (∞, ∞). Hence, the key capacity of the Gaussian model is a function of ϱ. In this thesis, an LB on the forward key capacity of the Gaussian model is achieved. For a fixed Λ, the achievable key agreement code is optimum for any C_P₁∈[0,∞) in both low Signal-to-Interference Ratio (SIR) and high SIR regimes. We show that the forward key capacity is asymptotically independent of C_P₁ and Λ as the SIR goes to infinity, and thus the public channel and the interference have negligible contributions in key generation in the high SIR regime. On the other hand, the forward key capacity is a function of C_P₁ and Λ in the low SIR regime. Contributions of the interference and the public channel in key generation are significant in the low SIR regime that will be illustrated by simulations. The proposed key agreement code asymptotically achieves the forward key capacity of the Gaussian model for any SIR as C_P₁→ ∞. Hence, C_K(∞,0) is calculated, and it is suggested as a UB on C_K(C_P₁,0). Using simulations, we also compute the minimum required C_P₁ for which the forward key capacity is upper bounded within a given tolerance. The achievable key agreement code is designed based on a generalized version of the Dirty Paper Coding (DPC) in which transmitted signals are correlated with the CSI. The correlation coefficient is to be determined by C_P₁. In contrast to the DM model, the LB on the forward key capacity of a Gaussian model is a strictly increasing function of C_P₁ according to our simulations. This fact is an essential difference between this model and the DM model. For C_P₁=0 and a fixed Λ, the forward key capacity of the Gaussian model exceeds the main channel capacity of the G-SWC in the low SIR regime. By simulations, we show that the interference enhances key generation in the low SIR regime. In this regime, we also justify that the positive effect of the interference on the (forward) key capacity is generally more than its positive effect on the secrecy capacity of the G-SWC, while the interference has no influence on the main channel capacity of the G-SWC.

Channel with Random State

Gaussian Interference Channel

Key Capacity

Wiretap Channel

Key Agreement

Channel Coding

Information-Theoretic Security

Physical-Layer Security

Electrical and Computer Engineering

Game-Theoretic Relay Selection and Power Control in Fading Wireless Body Area Networks

2015 December 1900

The trend towards personalized ubiquitous computing has led to the advent of a new generation of wireless technologies, namely wireless body area networks (WBANs), which connect the wearable devices into the Internet-of-Things. This thesis considers the problems of relay selection and power control in fading WBANs with energy-efficiency and security considerations. The main body of the thesis is formed by two papers. Ideas from probability theory are used, in the first paper, to construct a performance measure signifying the energy efficiency of transmission, while in the second paper, information-theoretic principles are leveraged to characterize the transmission secrecy at the wireless physical layer (PHY). The hypothesis is that exploiting spatial diversity through multi-hop relaying is an effective strategy in a WBAN to combat fading and enhance communication throughput. In order to analytically explore the problems of optimal relay selection and power control, proper tools from game theory are employed. In particular, non-cooperative game-theoretic frameworks are developed to model and analyze the strategic interactions among sensor nodes in a WBAN when seeking to optimize their transmissions in the uplink. Quality-of-service requirements are also incorporated into the game frameworks, in terms of upper bounds on the end-to-end delay and jitter incurred by multi-hop transmission, by borrowing relevant tools from queuing theory. The proposed game frameworks are proved to admit Nash equilibria, and distributed algorithms are devised that converge to stable Nash solutions. The frameworks are then evaluated using numerical simulations in conditions approximating actual deployment of WBANs. Performance behavior trade-offs are investigated in an IEEE 802.15.6-based ultra wideband WBAN considering various scenarios. The frameworks show remarkable promise in improving the energy efficiency and PHY secrecy of transmission, at the expense of an admissible increase in the end-to-end latency.

Wireless Body Area Network (WBAN)

Fading

Power Control

Relay Selection

Spatial Diversity

Energy Efficiency

Physical Layer Security

Quality of Service (QoS)

Delay

Game Theory

Nash Equilibrium

PHYSICAL LAYER SECURITY USING PSEUDO-RANDOM SEQUENCE KEY GENERATION

Arolla, Srihari, Gurrala, Naga Venkata Sai Teja

January 2018

Nowadays, network security plays a major role in the field of wireless communications. Wired networks propagate electrical signals or pulses through cables. Whereas wireless signals propagate through the air. If wireless networks are left open and exposed to the outside world, there are high chances of being misused by others. The intruders take advantage of this, to intercept the wireless signals. This is the reason why an extra level of security is required for wireless networks. The physical layer is one of the important layers of the Open System Interconnection (OSI) model which plays an important role in the network’s physical connections like wireless transmission, cabling, connections etc. The physical layer supports the bit-level transmission between various devices by connecting to the physical medium for synchronized communication.In this thesis, a method is studied for exchanging secret key [1] bits using a pseudo-random sequence generator based on Frequency Division Duplex (FDD) systems. The principle of this method is to generate a secret key in a manner that produces low correlation at the intruder. By uniquely relating the secret key bits to the channel in a private version of the universal codebook, a robust key exchange between the transmitter and the receiver is then performed.

Physical Layer Security

Bit Error Rate

Key Error Rate

Pseudo Random Generator

Secret Key.

Elektroteknik och elektronik

Analyse et modélisation du canal radio pour la génération de clés secrètes / Analysis and modeling of the radio channel for secret key generation

Mazloum, Taghrid

12 February 2016

La sécurité des communications sans fil omniprésentes devient, ces dernières années, de plus en plus une exigence incontournable. Bien que la cryptographie symétrique assure largement la confidentialité des données, la difficulté concerne la génération et la distribution de clés secrètes. Récemment, des études indiquent que les caractéristiques inhérentes du canal de propagation peuvent être exploitées afin de consolider la sécurité. En particulier, le canal radio fournit en effet une source d'aléa commune à deux utilisateurs à partir de laquelle des clés secrètes peuvent être générées. Dans la présente dissertation, nous nous intéressons au processus de génération de clés secrètes (SKG), tout en reliant les propriétés du canal radio à la qualité des clés générées. D'abord nous développons un modèle du canal stochastique, traitant la sécurité du point de vue de l'espion, qui montre une mémoire de canal résiduelle bien au-delà d'une distance de quelques longueurs d'onde (scénarios spatialement non-stationnaires). Ensuite, nous exploitons les degrés de liberté (DOF) du canal et analysons leur impact sur la performance de SKG dans différentes conditions, tout en considérant des canaux plus réalistes en environnements extérieur et intérieur (respectivement grâce à des données déterministes simulées et à des mesures). Les résultats montrent que, même pour des bandes modérées (comme standardisées dans la norme IEEE 802.11), le seul DoF de fréquence ou de son association avec le DoF spatial est souvent suffisant pour générer des longues clés, à condition d'utiliser une méthode efficace de quantification des coefficients complexes du canal. / Nowadays, the security of ubiquitous wireless communications becomes more and more a crucial requirement. Even though data is widely protected via symmetric ciphering keys, a well-known difficulty is the generation and distribution of such keys. In the recent years therefore, a set of works have addressed the exploitation of inherent characteristics of the fading propagation channel for security. In particular, secret keys could be generated from the wireless channel, considered as a shared source of randomness, available merely to a pair of communicating entities. ln the present dissertation, we are interested in the approach of secret key generation (SKG) from wireless channels, especially in relating the radio channel properties to the generated keys quality. We first develop a stochastic channel model, focusing on the security with respect to the eavesdropper side, which shows a residual channel memory weil beyond a few wavelengths distance (spatially nonstationary scenarios). Then, we analyze the channel degrees of freedom (DoF) and their impact on the SKG performance in different channel conditions, especially by considering more realistic channels in both outdoor and indoor environments (respectively through simulated ray tracing data and through measurements). The results show that, even for moderately wide band (such as standardized in IEEE 802.11), the sole frequency DOF or its association with the spatial DOF is often enough for generating long keys, provided an efficient quantization method of the complex channel coefficients is used.

Génération de clés secrètes

Sécurité de la couche physique

Canal radio

Réseau sans fil

Secret key generation (SKG)

Physical layer security

Radio channel

Wireless network

Towards Practical and Secure Channel Impulse Response-based Physical Layer Key Generation

Walther, Paul

03 January 2022

Der derzeitige Trend hin zu “smarten” Geräten bringt eine Vielzahl an Internetfähigen und verbundenen Geräten mit sich. Die entsprechende Kommunikation dieser Geräte muss zwangsläufig durch geeignete Maßnahmen abgesichert werden, um die datenschutz- und sicherheitsrelevanten Anforderungen an die übertragenen Informationen zu erfüllen. Jedoch zeigt die Vielzahl an sicherheitskritischen Vorfällen im Kontext von “smarten” Geräten und des Internets der Dinge auf, dass diese Absicherung der Kommunikation derzeit nur unzureichend umgesetzt wird. Die Ursachen hierfür sind vielfältig: so werden essentielle Sicherheitsmaßnahmen im Designprozess mitunter nicht berücksichtigt oder auf Grund von Preisdruck nicht realisiert. Darüber hinaus erschwert die Beschaffenheit der eingesetzten Geräte die Anwendung klassischer Sicherheitsverfahren. So werden in diesem Kontext vorrangig stark auf Anwendungsfälle zugeschnittene Lösungen realisiert, die auf Grund der verwendeten Hardware meist nur eingeschränkte Rechen- und Energieressourcen zur Verfügung haben. An dieser Stelle können die Ansätze und Lösungen der Sicherheit auf physikalischer Schicht (physical layer security, PLS) eine Alternative zu klassischer Kryptografie bieten. Im Kontext der drahtlosen Kommunikation können hier die Eigenschaften des Übertragungskanals zwischen zwei legitimen Kommunikationspartnern genutzt werden, um Sicherheitsprimitive zu implementieren und damit Sicherheitsziele zu realisieren. Konkret können etwa reziproke Kanaleigenschaften verwendet werden, um einen Vertrauensanker in Form eines geteilten, symmetrischen Geheimnisses zu generieren. Dieses Verfahren wird Schlüsselgenerierung basierend auf Kanalreziprozität (channel reciprocity based key generation, CRKG) genannt. Auf Grund der weitreichenden Verfügbarkeit wird dieses Verfahren meist mit Hilfe der Kanaleigenschaft des Empfangsstärkenindikators (received signal strength indicator, RSSI) realisiert. Dies hat jedoch den Nachteil, dass alle physikalischen Kanaleigenschaften auf einen einzigen Wert heruntergebrochen werden und somit ein Großteil der verfügbaren Informationen vernachlässigt wird. Dem gegenüber steht die Verwendung der vollständigen Kanalzustandsinformationen (channel state information, CSI). Aktuelle technische Entwicklungen ermöglichen es zunehmend, diese Informationen auch in Alltagsgeräten zur Verfügung zu stellen und somit für PLS weiterzuverwenden. In dieser Arbeit analysieren wir Fragestellungen, die sich aus einem Wechsel hin zu CSI als verwendetes Schlüsselmaterial ergeben. Konkret untersuchen wir CSI in Form von Ultrabreitband-Kanalimpulsantworten (channel impulse response, CIR). Für die Untersuchungen haben wir initial umfangreiche Messungen vorgenommen und damit analysiert, in wie weit die grundlegenden Annahmen von PLS und CRKG erfüllt sind und die CIRs sich grundsätzlich für die Schlüsselgenerierung eignen. Hier zeigen wir, dass die CIRs der legitimen Kommunikationspartner eine höhere Ähnlichkeit als die eines Angreifers aufzeigen und das somit ein Vorteil gegenüber diesem auf der physikalischen Schicht besteht, der für die Schlüsselgenerierung ausgenutzt werden kann. Basierend auf den Ergebnissen der initialen Untersuchung stellen wir dann grundlegende Verfahren vor, die notwendig sind, um die Ähnlichkeit der legitimen Messungen zu verbessern und somit die Schlüsselgenerierung zu ermöglichen. Konkret werden Verfahren vorgestellt, die den zeitlichen Versatz zwischen reziproken Messungen entfernen und somit die Ähnlichkeit erhöhen, sowie Verfahren, die das in den Messungen zwangsläufig vorhandene Rauschen entfernen. Gleichzeitig untersuchen wir, inwieweit die getroffenen fundamentalen Sicherheitsannahmen aus Sicht eines Angreifers erfüllt sind. Zu diesem Zweck präsentieren, implementieren und analysieren wir verschiedene praktische Angriffsmethoden. Diese Verfahren umfassen etwa Ansätze, bei denen mit Hilfe von deterministischen Kanalmodellen oder durch ray tracing versucht wird, die legitimen CIRs vorherzusagen. Weiterhin untersuchen wir Machine Learning Ansätze, die darauf abzielen, die legitimen CIRs direkt aus den Beobachtungen eines Angreifers zu inferieren. Besonders mit Hilfe des letzten Verfahrens kann hier gezeigt werden, dass große Teile der CIRs deterministisch vorhersagbar sind. Daraus leitet sich der Schluss ab, dass CIRs nicht ohne adäquate Vorverarbeitung als Eingabe für Sicherheitsprimitive verwendet werden sollten. Basierend auf diesen Erkenntnissen entwerfen und implementieren wir abschließend Verfahren, die resistent gegen die vorgestellten Angriffe sind. Die erste Lösung baut auf der Erkenntnis auf, dass die Angriffe aufgrund von vorhersehbaren Teilen innerhalb der CIRs möglich sind. Daher schlagen wir einen klassischen Vorverarbeitungsansatz vor, der diese deterministisch vorhersagbaren Teile entfernt und somit das Eingabematerial absichert. Wir implementieren und analysieren diese Lösung und zeigen ihre Effektivität sowie ihre Resistenz gegen die vorgeschlagenen Angriffe. In einer zweiten Lösung nutzen wir die Fähigkeiten des maschinellen Lernens, indem wir sie ebenfalls in das Systemdesign einbringen. Aufbauend auf ihrer starken Leistung bei der Mustererkennung entwickeln, implementieren und analysieren wir eine Lösung, die lernt, die zufälligen Teile aus den rohen CIRs zu extrahieren, durch die die Kanalreziprozität definiert wird, und alle anderen, deterministischen Teile verwirft. Damit ist nicht nur das Schlüsselmaterial gesichert, sondern gleichzeitig auch der Abgleich des Schlüsselmaterials, da Differenzen zwischen den legitimen Beobachtungen durch die Merkmalsextraktion effizient entfernt werden. Alle vorgestellten Lösungen verzichten komplett auf den Austausch von Informationen zwischen den legitimen Kommunikationspartnern, wodurch der damit verbundene Informationsabfluss sowie Energieverbrauch inhärent vermieden wird.

info:eu-repo/classification/ddc/004

ddc:004

Physical-layer security: practical aspects of channel coding and cryptography

Harrison, Willie K.

21 June 2012

In this work, a multilayer security solution for digital communication systems is provided by considering the joint effects of physical-layer security channel codes with application-layer cryptography. We address two problems: first, the cryptanalysis of error-prone ciphertext; second, the design of a practical physical-layer security coding scheme. To our knowledge, the cryptographic attack model of the noisy-ciphertext attack is a novel concept. The more traditional assumption that the attacker has the ciphertext is generally assumed when performing cryptanalysis. However, with the ever-increasing amount of viable research in physical-layer security, it now becomes essential to perform the analysis when ciphertext is unreliable. We do so for the simple substitution cipher using an information-theoretic framework, and for stream ciphers by characterizing the success or failure of fast-correlation attacks when the ciphertext contains errors. We then present a practical coding scheme that can be used in conjunction with cryptography to ensure positive error rates in an eavesdropper's observed ciphertext, while guaranteeing error-free communications for legitimate receivers. Our codes are called stopping set codes, and provide a blanket of security that covers nearly all possible system configurations and channel parameters. The codes require a public authenticated feedback channel. The solutions to these two problems indicate the inherent strengthening of security that can be obtained by confusing an attacker about the ciphertext, and then give a practical method for providing the confusion. The aggregate result is a multilayer security solution for transmitting secret data that showcases security enhancements over standalone cryptography.

Wire-tap channel

Wiretap channel

Low-density parity-check codes

Stopping sets

Multi-layer security

Wiretap codes

Wire-tap codes

Physical-layer security

LDPC codes

Information-theoretic security

Coding theory

Cryptography

Digital communications

Computer security

Computer networks Security measures