A New Modulation for Intrinsically Secure Radio ... - Springer Link

Wireless Pers Commun (2009) 51:67–80 DOI 10.1007/s11277-008-9609-8

A New Modulation for Intrinsically Secure Radio Channel in Wireless Systems Lorenzo Mucchi · Luca Simone Ronga · Leonardo Cipriani

Published online: 18 September 2008 © Springer Science+Business Media, LLC. 2008

Abstract Due to the enormous spreading of applied wireless networks, security is actually one of the most important issues for telecommunications. One of the main issue in the field of securing wireless information exchanging is the initial common knowledge between source and destination. A shared secret is normally mandatory in order to decide the encryption (algorithm or code or key) of the information stream. It is usual to exchange this common a priori knowledge by using a “secure” channel. Nowadays a secure wireless channel is not possible. In fact normally the common a priori knowledge is already established (but this is not secure) or by using a non-radio channel (that implies a waste of time and resource). This contribution deals with the proposal of a new modulation technique ensuring secure communication in a full wireless environment. The information is modulated, at physical layer, by the thermal noise experienced by the link between two terminals. A loop scheme is designed for unique recovering of mutual information. The probability of error/detection is analytically derived for the legal users and for the third unwanted listener (passive or active attacker). Both the case of passive and active attacks have also been implemented and simulated by using Matlab-Simulink software. The analytical results have been compared to the simulated ones. All the results show that the performance of the proposed scheme yields the advantage of intrinsic security, i.e., the mutual information cannot be physically demodulated (passive attack) or denied (active attack) by a third terminal. Keywords

Security · Modulation · Noise loop · Wireless communications

L. Mucchi (B) · L. Cipriani Department of Electronics and Telecommunications, University of Florence, Italy, Via Santa Marta 3, 50139 Firenze, Italy e-mail: [email protected] L. S. Ronga CNIT – University of Florence Unit, Via Santa Marta 3, 50139 Firenze, Italy e-mail: [email protected]

123

68

L. Mucchi et al.

1 Introduction Along with the rapid development of wireless communication networks, wireless security has become a critical concern. Unfortunately, security risks are inherent in any wireless technology. Some of these risks are similar to those of wired networks, some are exacerbated by wireless connectivity and some other are completely new. First, the most significant source of risks in wireless networks is that the technology’s underlying communications medium, the airwave, is open to intruders. Second, mobile and handheld wireless devices are resource constrained (e.g.: battery life); hence such devices have limited transmission power and may use weaker cryptographic mechanisms for saving power, thereby making them easy targets for powerful adversaries. Third, the lack of trusted third party (TTP) or certification authority (CA) in ad hoc wireless networks pose serious challenges to identity and trust management. Fourth, multi-hop wireless network inherently assumes cooperation between nodes for packet routing and forwarding, whereas a compromised node may refuse to cooperate (by being greedy or malicious). Fifth, handheld mobile devices cannot afford the same level of physical security as an enterprise server and thus, may be easily stolen. A direct consequence of these risks is the loss of data confidentiality and integrity and the threat of denial of service (DoS) attacks to wireless communications. Unauthorized users may gain access to agency’s system and information, corrupt the agency’s data, consume network bandwidth, degrade network performance, launch attacks that prevent authorized users from accessing the network, or use agency’s resources to launch attacks on other networks. While many security techniques developed in wired networks can be applied, the special characteristics of wireless networks call for innovative wireless security design. Since physical-layer security techniques can address directly such special wireless characteristics, they are helpful to provide boundary control, to enhance efficiency, as well as to assist upper-layer security techniques for innovative cross-layer security designs. One of the fundamental issues for physical-layer built-in security is the capacity of the transmission channel when built-in security is guaranteed without relying on upper layer data encryption. Such capacity is named secret channel capacity (SCC). The secrecy is defined as information-theoretic secrecy, i.e., the adversary’s received signal gives no more information for eavesdropping than purely guessing. Information-theoretic secrecy is in fact equivalent to perfect secrecy [1]. Practically, it means null or negligibly low interception probability (LPI). Many existing physical-layer secure transmissions either can not withstand a strict LPI analysis, or rely on encryption keys so that the security is not in the physical layer. Securing a wireless communication means providing a set of privacy services to a confined set of users. The services include Authentication, Authorization, Accounting (AAA) as well as Cyphering and Integrity. Security services are mainly located at application level (es. Internet) but some solutions exist for link layer (as in WiMAX [2], Wi-Fi [3,4] and Bluetooth [5]), at network layer (as in IPSEC [6]) and at physical layer. Security at physical layer is nowadays mainly intended as the use of a spread spectrum techniques (frequency hopping, direct sequence coding, etc.) in order to avoid the eavesdropping. Eavesdropping at the physical layer refers to hiding the very existence of a node or the fact that communication was even taking place from an adversary. This means that the communication of the legal user is already on, i.e., that the authentication of the legal user has been already performed. Moreover, scrambling the information data with a code does not assure a totally secure channel, but just a long-time activity before getting the code by an unwanted listener, i.e., the security is moved on the quantity of resources (hardware, time, etc.) that the unwanted listener must have in order to get the information.

123

A New Modulation for Intrinsically Secure Radio Channel

69

It is well known that classical encryption techniques have only unproven complexity-based secrecy [1]. We also know that strong information-theoretic secrecy or perfect secrecy is achievable by quantum cryptography based on some special quantum effects such as intrusion detection and impossibility of signal clone [7]. Unfortunately, the dependence on such effects results in extremely low transmission efficiency because weak signals have to be used. One of the recent attempts on specifying secret channel capacity is [8], where the MIMO secret channel capacity is analyzed under the assumption that the adversary does not know even his own channel. Unfortunately, such an assumption does not seem practical if considering deconvolution or blind deconvolution techniques. Moreover, such techniques are not low-complex, due to the fact that they need a high number of antennas on both sides of the radio link to correctly work. As a matter of fact, almost all existing results on secret channel capacity are based on some kinds of assumptions that appear impractical [9–11]. It has been a challenge in information theory for decades to find practical ways to realize information-theoretic secrecy [12–14]. Moreover, one of the most weak point of wireless networks is the initial data exchange for authentication and access procedures. Initially some data must be exchanged in a non-secure radio channel or anyway by sharing a common known cryptographic key. At the moment, no physical layer techniques are present in the literature which can efficiently create a secure wireless channel for initial data exchanging between two network nodes/terminals without a priori common knowledge. A novel idea for low-complex intrinsic secure radio link without any a priori knowledge is here presented. One of the main advantages of this new technique is the possibility to have a physically secure radio channel for wireless systems without any a priori common knowledge between legal source and destination. This feature is particularly useful for future wireless pervasive network scenarios. The thermal noise, received from a radio channel, has the unique property to be perfectly adapted to the transmission environment. In a traditional communication system, the information is carried by an artificial signal that is usually designed to fully exploit the available radio channel. The technique described in this paper employs a scaled and delayed version of the received noise to carry mutual information between two terminals. Potential applications of the proposed techniques are found in wireless communications systems where an initial shared secret is not available. In 4G systems as an example, roaming users accessing local services are usually able to provide a strong identity credential (via the manufacturer’s embedded certificate) but may not have any authorization agreement with the hosting system. In that case a secure channel cannot be established with ordinary techniques, while is possible with the proposed one. Moreover, since the initial coupling between terminals is obtained through delays, in a context where the desired user has a known geographical position (i.e. a tactical scenario), a secured channel can be established without any additional information. Once the secure channel is established, an unwanted listener is unable to decode the flowing information even if it reveals the user’s position. Due to the intrinsic unique nature of the thermal noise along each radio link between the specific transmitter and the specific receiver, this novel technique is particularly suitable for secure communications and privacy. Moreover, it acts at the physical layer level, reducing the costs compared to the (sometimes) complex security algorithms that levels 2 and 3 must apply to the information. Finally, it is important to highlight that the proposed technique does not assure any mechanism of identification of the user. The identification process must be controlled by the higher level, but nothing else than this because the information is made secure by the physical layer itself, i.e., the transmission cannot be demodulated by an unwanted user.

123

70

L. Mucchi et al.

The information is modulated, at physical layer, by the thermal noise experienced by the link between two terminals. A loop scheme is designed for unique recovering of mutual information. The probability of success detection (or equivalently error) is analytically derived for the third unwanted listener and for both the legal communicating users. Two MatlabSimulink based scenarios have been built for simulating both passive and active attack to the legal communication link. The analytical results have been compared to the simulated ones. All results show that the mutual information exchanged by the two legal terminals cannot be demodulated or denied by a third terminal. At the same time the two legal users do not suffer from the presence or not of a third unwanted user from the performance point of view.

2 The Noise-Loop Transmission Chain In order to illustrate the proposed technique, let us suppose two terminals exchanging information: terminal 1 and terminal 2. Two different channels are considered: one for the link from terminal 1 to terminal 2 and one for the reverse link. The two channels are considered on different frequency bands and the thermal noise on one link is considered uncorrelated with the other.1 Each link is modeled as a conventional AWGN channel. 2.1 Symbols in the Paper The following symbols have been adopted in the paper: bi binary antipodal (bi ∈ {−1; +1}) information signal originating form terminal i, n i (t) Gaussian, white, continuous time random processes modeling the received noise at the receiver on terminal i, characterized by zero mean and variance σn2 , αi global link gain (0 < α < 1) for the signal generated from terminal i. It includes transmission gain, path loss and channel response. It is also supposed to be known by the receivers, τ p propagation delay for the channel. It is assumed without loss of generality that both forward (1 to 2) and reverse (2 to 1) links have the same delay, yi (t) baseband received signal available at the terminal i

2.2 Transmission Chain In this simple transmission system the terminal operations are described in the Fig. 1. The signal from the inbound channel is modulated by the information and re-transmitted on the outbound channel. The reception is obtained by extracting the sign of the 2τ p -delayed autocorrelation term of the incoming signal, multiplied by the own informative bit. The whole process is detailed in the following sections. Let us focalize without loss of generality on the user terminal 1. The reception, i.e., the extraction of the information bit b2 , is obtained by extracting the sign of the 2τ p -delayed autocorrelation term of the incoming signal, multiplied by the own informative bit b1 . Hence, the instantaneous 2τ p -delayed auto-correlation term is given by: 1 This is a very mild assumption in radio communications.

123

A New Modulation for Intrinsically Secure Radio Channel

71

n2(t)

forward RF channel

b1

tx gain

channel delay

+

channel delay

y1(t)

n1(t)

+

y2(t)

tx gain

b2

reverse RFchannel

TERMINAL 2

TERMINAL 1

Fig. 1 Noise-Loop chain scheme. Two terminals communicates by using the noise loop. The parameters in the scheme are explained at the beginning of the Sect. 2.1

⎡ y1 (t)y1 (t − 2τ p ) = ⎣

∞  (b1 b2 α1 α2 ) j n 1 (t − 2 jτ p ) j=0

⎤ ∞  j (b1 b2 α1 α2 ) b2 α2 n 2 (t − (2 j + 1)τ p )⎦ + j=0

⎡ ×⎣

∞  (b1 b2 α1 α2 ) j n 1 (t − 2( j + 1)τ p ) j=0

+

⎤

∞ 

(b1 b2 α1 α2 ) b2 α2 n 2 (t − (2 j + 3)τ p )⎦ j

(1)

j=0

2.3 Stationary Signal Analysis in Unlimited Bandwidth In this section a stationary condition on the system inputs is analysed.2 Due to the additive nature of the model, the received signals y1 (t) available at terminal 1, after infinite loop iterations, is defined by the following series: y1 (t) =

∞ ∞   (b1 b2 α1 α2 ) j n 1 (t − 2 jτ p ) + (b1 b2 α1 α2 ) j b2 α2 n 2 (t − (2 j + 1)τ p ) j=0

(2)

j=0

An analogue expression can be obtained for y2 (t) simply exchanging the subscript 1 and 2 in (2). The first term of (2) represents the recursive contribution of the received noise n 1 (t) through the transmission loop. The second series on the other hand, is due to the injection of the noise process n 2 (t) by the other terminal. It is important to note that each term appears with a different delay on the received signal. 2 By stationary we intend a constant behavior over time of the information bits b , of the link gains and of the i

statistic parameters of the random processes involved.

123

72

L. Mucchi et al.

forward RF channel

b1

b2

tx gain threshold detect

X

2 tau_p delay

y1(t)

+

Receiver 1

reverse RF channel

n1(t) TERMINAL 1

Fig. 2 Receiver scheme for terminal n.1. The first terminal demodulates the signal coming from terminal 2 (with who it is active the noise loop modulation) by using this receiver scheme colored in orange in the figure. The box named “2 tau p delay” simply acts as a delayer of 2τ p where τ p is the channel delay between terminals 1 and 2

If the noise processes n i (t) are white on a unlimited bandwidth, then:  δ(τ )σn2 i = j E[n i (t)n j (t − τ )] = 0 i = j

(3)

The structure of the signal in (2) draw our attention in the shifted correlation term y1 (t − 2τ p )y1 (t)

(4)

By resorting the terms obtained by the expansion of the above expression, the expectation of the autocorrelation in (4) can be written as following E[y1 (t − 2τ p )y1 (t)] = b1 b2 σn2 (1 + α22 )

∞  (α1 α2 )2 j+1 j=0

+E[residual cross correlation terms]

(5)

The last term in (5) is null for an ideal AWGN channel, so the described autocorrelation term is dominated by the information bearing b1 b2 term, weighted by a term which is constant in the stationary case. The term contains the information of both terminals. Since terminal 1 is depicted to detect information bits of terminal 2, it is sufficient to perform a post-multiplication by b1 in order to estimate the sign of b2 . The receiver at terminal 1 is illustrated in Fig. 2.

3 Performance Analysis on Ideal AWGN Channel The term in (4) represents the instantaneous decision metric for the mutual information term to be estimated: bˆ1 bˆ2 . The performance of the proposed receiver in terms of bit error probability is related to the first and second order statistics of (4). The distribution of the unpredictable noise process, however, is no longer Gaussian.

123

A New Modulation for Intrinsically Secure Radio Channel

73

The pdf of the stochastic process Z = X · Y , where X ∈ N (µx , σx ) and Y ∈ N (µ y , σ y ), is a zero-order modified K-Bessel function: 

+∞ p Z (z) =

pX Y −∞

y,

z y





∞

zρ σ 2 (1−ρ 2 )

1 e

dy = |y| 2πσ 2 1 − ρ 2

zρ     e σ 2 (1−ρ 2 ) z 

= K 0  2 2 σ (1 − ρ )  πσ 2 1 − ρ 2

e

1 σ 2 (1−ρ 2 )

−∞

−

|y|

z2 2y 2

2



− y2

dy

(6)

where K 0 (·) is the second kind modified Bessel function of order zero and σ = σx = σ y is the standard deviation of the Gaussian processes. In our system, where x = y1 (t) and y = y1 (t − 2τ p ), it is easy to derive that ρ = b1 b2 α1 α2 . The decision term in (4) is characterized by a probability density function defined by (6). The mean value of the decision variable (4) is E[y1 (t)y1 (t − 2τ p )] = b1 b2 α1 α2

σn2 (1 + α22 ) 1 − α12 α22

(7)

where σn2 = var[n 1 (t)] = var[n 2 (t)] is the variance of the thermal noise processes involved in the loop. The relation between σn and σ is σ 2 = var[y1 (t)] = var[y1 (t − 2τ p )] =

σn2 (1 + α22 ) 1 − α12 α22

For the sake of simplicity, let us assume hereby that α1 = α2 = α, assumed that 0 < α < 1. Supposing a binary antipodal signalling (BPSK) modulation, the receiver 1 demodulates the bit b2 by deciding on the sign of the decision variable d = b1 · s where s = E[z] = E[y1 (t)y1 (t − 2τ p )] = b1 b2 |ρ|σ 2 . Thus, an error occurs when d > 0 but b2 = −1 and d < 0 but b2 = 1. Due to the symmetry of the pdfs, the total probability of error Pe for the receiver terminal 1 can be written as ∞ Pe = Pe (α) = 2 α2

−α 2 z     z  e 1−α4   dz  K0  √ 1 − α4  π 1 − α4

(8)

As a first important result, it can be highlighted that the probability of error does not depend on the noise variance but only on the loop gain α.

4 Probability of Detection of a Third Unwanted Listener The main scope of an intrinsic secure communication is to provide that an unwanted third party is not able at all to demodulate the information exchanged by terminals 1 and 2. Normally this security is provided by complex cryptography and procedures at higher layers level. In a wireless network the initial access of a user implies the exchange of a crypting key from the base station (BS) to the mobile terminal (MS). This private key is sent by BS by using a public key, during the initial period of authentication. Once the user is authenticated, he’ll use the private key to encode its information. The weak point is the authentication period and the exchanging of the private key. An unwanted third listener could steel the private key during that period. In a future full-wireless world, where the user is seen to be always

123

74

L. Mucchi et al.

connected and immerse in multiple wireless networks, the problem of secure authentication throughout different wireless systems is a hard task to be provided by a procedure. To solve this problem, a new approach is here proposed. The main idea is to render intrinsically secure the physical link by modulating using the noise loop as discussed in the above sections. Let us assume hereby that a third unwanted user is listening the transmission of terminal 1. The terminal 3 can be supposed, without loss of generality, to have a different propagation delay τ p3  = τ p and an independent thermal noise process n 3 (t)  = {n 1 (t), n 2 (t)}. The terminal 3 tries to demodulate the information bit b2 coming from terminal 2 to terminal 1 by using a receiver scheme similar to the one depicted in Fig. 2. The best choice of the unwanted user is to perform a correlation y1 (t)y1 (t − 2τ p3 ) and decide on the sign of its mean value E[y1 (t)y1 (t − 2τ p3 )]. The signal received by the unwanted listener can be written as y¯1 (t) = y1 (t) + n 3 (t) = n 3 (t) + n 1 (t)b2 α2 n 2 (t − τ p ) + b1 b2 α1 α2 n 1 (t − 2τ p ) + b1 α1 b22 α22 n 2 (t − 3τ p ) + b12 b22 α12 α22 n 1 (t − 4τ p ) + b12 b23 α12 α23 n 2 (t − 5τ p ) + · · ·

(9)

The mean value of the 2τ p3 -shifted correlation y¯1 (t) y¯1 (t − 2τ p3 ) can be derived to be k k 2 b1 b2 σn (α1 α2 )k (1+α22 ) if τ p3 = kτ p , k ∈ N 1−α12 α22 (10) E[ y¯1 (t) y¯1 (t − 2τ p3 )] = 0 if τ p3  = kτ p , k ∈ N Another important result can be highlighted here: the decision variable of the third unwanted party depends on the multiplication of the information bits b1 and b2 , both unknown at the unwanted listener. In the best case (for user 3), i.e., when τ p3 = kτ p , the decision variable of the third user is z 3 =

b1k b2k σn2 (α1 α2 )k (1+α22 ) 1−α12 α22

= b1k b2k z¯ 3 . Thus, the probability of error of terminal 3 on the

information bit b2 is

Pe3 = Prob[z 3 > 0|b2 = −1] + Prob[z < 0|b2 = 1]

(11)

Since z¯ 3 > 0, because the gains 0 < α1 = α2 = α < 1, Eq. 11 can be written as Pe3 = Prob[(−1)k b1k > 0|b2 = −1] + Prob[b1k < 0|b2 = 1] ⎧ 1 1 1 ⎪ ⎪ for k even ⎨1 · + 0 · = 2 2 2 = ⎪ 1 1 1 1 1 ⎪ ⎩ · + · = for k odd 2 2 2 2 2

(12)

This result means exactly that the third unwanted listener is not able at all to demodulate the information exchanged between users 1 and 2. This impossibility is intrinsic in the modulation method at physical layer level. Due to the fact that the third unwanted party experiences a different delay τ p3  = τ p and a different noise process n 3 (t)  = n 1 (t)  = n 2 (t), the delayed (shifted) autocorrelation of the receiving signal has no possibility to take the knowledge of the information bit b2 or, symmetrically, b1 . In fact, the decision variable is permanently zero (that implies a probability of error equal to 1/2) or, in the lucky case, the decision variable is always dependent on the product between the unknown information bits b1 · b2 and hence to know an information stream (for example b2 ) is mandatory to know the other b1 .

123

A New Modulation for Intrinsically Secure Radio Channel

75

5 Probability of Denial of Service by a Third Unwanted User Another very important task for wireless security is the avoidance of the denial of service by an unwanted third user. A third user could insert into the communication system and although it is not able to correctly detect the information exchanged between the two legal users, it could actively trying to communicate (in some ways) aiming to disturb/deny the radio link between the legal users. We have studied the case of a third unwanted user which actively starts a communication (using the noise loop itself) with one of the legal user. The scheme provides that the user n.3 (unwanted) tried to actively connect to the user n.1 in order to demodulate or deny the communication between legal user n.1 and n.2. The user n.3 tries to disturb as much as possible the radio link between legal users n.1 and n.2 by actively starting a noise loop modulated communication towards user n.1. The received signal of user n.1 is now y1 (n) − K 12 y1 (n − 2k) − K 13 y1 (n − 2h) = n 1 (n) + K 2 n 2 (n − k) + K 3 n 3 (n − h) (13) where K i j = K i K j with K i = bi αi , while k and h are the propagation delays of the radio links between user 1–2 and 1–3, respectively. In this case the noise term is e(n) = n 1 (n) + K 2 n 2 (n − k) + K 3 n 3 (n − h) and it is still a white Gaussian process e(n) ∼ N (0, σe2 ) with σe2 = (1 + K 22 + K 32 )σn2 = (1 + α22 + α32 )σn2

(14)

Equation 13 can be written as a stochastic autoregressive process y1 (n) − K 12 y1 (n − 2k) − K 13 y1 (n − 2h) = e(n)

(15)

that can be solved by using the Yule-Walker equations [15] ⎧ ⎪ ⎪ R y1 y1 (2k) − K 13 R y1 y1 (2(h − k)) − K 12 R y1 y1 (0) = 0 ⎨ R y1 y1 (2h) − K 12 R y1 y1 (2(h − k)) − K 13 R y1 y1 (0) = 0 ⎪ −K 13 R y1 y1 (2k) − K 12 R y1 y1 (2h) + R y1 y1 (2(h − k)) = 0 ⎪ ⎩ −K 12 R y1 y1 (2k) − K 13 R y1 y1 (2h) + R y1 y1 (0) = σe2

(16)

We aim to extract the decision variable of user n.1 R y1 y1 (2k) in order to see if the legal user n.1 suffers from the presence of the unwanted user n.3 communication. By solving the system we have ⎧ α1 α2 (1 + α22 + α32 )(1 + α12 α32 − α12 α22 ) 2 ⎪ b b σn if h  = k, h  = 2k, h  = k/2 1 2 ⎪ ⎪ (1 − α12 α22 − α12 α32 )2 ⎪ ⎪ ⎪ ⎨ σ2 if h = k b1 α1 (b2 α2 + b3 α3 ) 1 − α 2 α 2e − α 2 α 2 R y1 y1 (2k) = (17) 1 2 1 3 ⎪ 2 ⎪ σe ⎪ ⎪ b1 b2 α1 α2 if h = 2k ⎪ (1 − b1 b3 α1 α3 )(1 − α12 α22 − α12 α32 ) ⎪ ⎩ 0 if h = k/2 The sign of the first term of Eq. 17 depends on the sign of b1 b2 and not on b3 , so the legal user n.1 can correctly demodulate the information coming from user n.2 without any disturb σ2

from user n.3. The second term of Eq. 17 R y1 y1 (2k) = b1 α1 (b2 α2 + b3 α3 ) 1−α 2 α 2e−α 2 α 2 1 2

1 3

depends on the information bit b3 so invalidating the radio link 1–2, but it is valid only when the propagation delay of the radio link between users 1–2 and 1–3 is exactly the same. This condition is almost impossible in real wireless scenarios. The third termR y1 y1 (2k) =

123

76

b1 b2 α1 α2 (1−b

L. Mucchi et al. σe2 2 2 2 2 b α α )(1−α 1 3 1 3 1 α2 −α1 α3 )

does not imply any denial of service, while the fourth

term does because the improbable condition h = k/2 causes the decision variable to be zero. The presence of two very particular points which can cause denial of service (DoS) should not create panic because those situations are incredibly improbable and moreover the two legal users, once the noise loop modulation is started, can exchange a locally generated additional delay in order to avoid such dangerous situations.

6 Simulation Results The noise loop depicted in Fig. 1 has been also implemented by using MATLABSimulink software. In particular, both the passive attack (the third unwanted user trying to simply demodulate the data exchanged by the two legal users and the active attack (the third unwanted user now actively transmits into the radio link of the two legal user in order to deny the service or demodulate the information have been simulated as they should be in the real. The simulation results have been compared to the analytical results previously illustrated. Simulations have been run with the following parameters: – a ratio between the bit time and the propagation delay equal to σn2

Tb τp

= 10,

– a thermal noise variance = 0.125, – a propagation delay for the third unwanted user τ p3 randomly chosen in the interval (τ p , 5τ p ) following a uniform distribution, – a number of bit equal to 80,000 and – 100 Monte Carlo runs for each simulation. The passive attack simulation has been built by simply feeding the signal exchanged between the two legal users, which are using the noise loop scheme (Fig. 1), to a third party receiver. The unwanted listener tried to demodulate the received signal. The active attack has been built by supposing that the third party tried to connect with one of the two legal user. The unwanted user in this case aims to demodulate or even deny the signal between the legal users. The analytical pdf of the variable z has been compared to the distribution of the simulated vector z, showing a perfect match between simulation and theory. In Fig. 3 the probability of error analytically derived is compared to the simulated one. Again, the simulated system performance significantly fits the theoretical analysis. A performance comparison between the traditional BPSK modulation and the proposed noise loop modulation has been also made by computer simulations. No third party is present in this case. The result is reported in Fig. 4. As it can be seen the noise loop scheme has a probability of error independent by the thermal noise power. Moreover, increasing the noise loop gain α the performance of the noise loop scheme can overcome the traditional modulations for low SNRs. When a third party is present in the system, it can be passive or active. If passive, it simply stores the signal exchanged between the two legal users and tries to demodulate it. In Fig. 5 the probability of error of the third party receiver is reported. The user n.3 experiences a constant probability of incorrect decision equal to 4.5 · 10−1 that means the impossibility of detection of the symbols. On the contrary, the legal user, e.g. user n.1, has a decreasing probability of error with the noise loop gain α.

123

A New Modulation for Intrinsically Secure Radio Channel

77

0

10

NOISE LOOP (theory) NOISE LOOP (simulation)

10

Pe NOISE LOOP

10

10

10

10

10

0

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

Fig. 3 Simulated versus theoretical performance for the propose noise loop modulation BPSK vs. Simulation of NOISE LOOP

0

10

10

Pe

10

10

10 BPSK

10

10

0

1

Noise Loop

=0.5

Noise Loop Noise Loop

=0.2 =0.6

Noise Loop

=0.75

Noise Loop

=0.9

2

3

4

5

6

7

8

9

10

Eb/No (dB) (Note: valid only for BPSK modulation)

Fig. 4 Simulated performance comparison between the traditional BPSK and the proposed noise loop modulation. Note that noise loop scheme is independent of the noise power, but depends only of the noise loop gain α

As it can be seen a third unwanted listener experiences an almost constant probability of error Pe3  0.5 for antipodal signalling, as depicted in Fig. 5. A probability of error equal to 0.5 means a probability of correct detection of the information equal to 0.5, that in the case of BPSK modulation (bit b = ±1 with probability 0.5) of the information means a total uncertain, i.e., a perfect SCC or information-theoretic secrecy. When the third party is active, it transmits its unwanted signal towards one of the two legal user in order to deny the service or degrade the demodulation of the signal by the other legal receiver.

123

78

L. Mucchi et al. 0

10

−1

10

−2

Pe NOISE LOOP

10

−3

10

−4

10

NOISE LOOP (simulation) Unwanted Listener

−5

10

−6

10

0

0.1

0.2

0.3

0.4

0.5 α

0.6

0.7

0.8

0.9

1

Fig. 5 Simulated performance comparison between the probability of error of the legal user using noise loop modulation, e.g. user n.1, and the third unwanted listener, user n.3

The performance of the legitimate receiver has been simulated with and without the active attacker. The results show that an active attacker does not cause the performance degradation of the legal user, i.e., no denial of service is possible.

7 Conclusion A novel modulation technique based on thermal noise loop between transmitter and receiver has been presented. The probability of error in the AWGN environment showed that the performance of the proposed scheme is very closed to the traditional BPSK transmission, but the thermal noise modulation offers an intrinsic secure information exchange at physical layer level. This new property can be used to create a secure radio channel between a source and a destination without any a priori common knowledge. A common a priori knowledge is normally mandatory in order to decide the encryption (algorithm or code or key) of the information stream. It is usual to exchange this common a priori knowledge by using a “secure” channel. Nowadays a secure wireless channel is not possible. In fact normally the common a priori knowledge is already established (but this is not secure) or by using a non-radio channel (that implies a waste of time and resource). The main advantages of the thermal noise modulation can be summarized as follows: – security, i.e., the information cannot be demodulated or denied by unwanted users; moreover, a wireless secure channel without any a priori knowledge between source and destination is possible; – multiple access, i.e., different users can be separated by a thermal noise basis (noise division multiple access); – applicability, i.e., thermal noise is always present independently by the environments, devices, etc.

123

A New Modulation for Intrinsically Secure Radio Channel

79

References 1. Shannon, C. (1949). Communication theory of secrecy systems. Bell System Technical Journal, 29, 656–715. 2. IEEE 802.16-2004. (2004). IEEE standard for local and metropolitan area networks part 16: Air interface for fixed broadband wireless access systems, October 1. 3. ANSI/IEEE Std 802.11. (1999). Wireless LAN medium access control (MAC) and physical layer (PHY) specifications. 4. IEEE Std 802.11i. (July 2004). Part 11: Wireless LAN medium access control (MAC) and physical layer (PHY) specifications, amendment 6: Medium access control (MAC) security enhancements. 5. IEEE Std 802.15.1-2005. (2005). IEEE standard local and metropolitan area networks—Part 15.1: Wireless medium access control (MAC) and physical layer (PHY) specifications for wireless personal area networks (WPANs). 6. Kent, S., & Seo, K. (2005). Security architecture for the Internet protocol, Internet Engineering Task Force, RFC 4301. 7. Bennett, C. H., & Brassard, G. (1984). IEEE International Conference on Computers, Systems and Signal Processing (pp. 175–179). Bangalore, India. 8. Hero, A. O., III. (2003). Secure space-time communication. IEEE Transactions on Information Theory, 49(12), 3235–3249. 9. Maurer, U. (1993). Secret key agreement by public discussion from common information. IEEE Transactions on Information Theory, 39(3), 733–742. 10. Wyner, A. D. (1975). The wire-tap channel. Bell System Technical Journal, 54(8), 1355–1387. 11. Csiszar, I., & Korner, J. (1978). Broadcast channels with confidential messages. IEEE Transactions on Information Theory, 24(3), 339–348. 12. Yang, H., Luo, H., Ye, F., Lu, S., & Zhang, L. (2004). Security in mobile ad hoc networks: Challenges and solutions. Wireless Communications, IEEE, 11(1), 38–47. 13. Gruteser, M., & Xuan, L. (2004). Protecting privacy, in continuous location tracking applications. Security and Privacy Magazine, IEEE, 2(2), 28–34. 14. Yongsun, H., & Papadopoulos, H. C. (2004). Physical-layer secrecy in AWGN via a class of chaotic DS/SS systems: Analysis and design. IEEE Transactions on Signal Processing, 52(9), 2637–2649. 15. Pollock, D. S. G. (1999). A handbook of time-series analysis, signal processing and dynamics. London: Academic Press. ISBN 0-12-560990-6.

Author Biographies Lorenzo Mucchi ([email protected]) received the Dr. Ing. Degree (Laurea) in Telecommunications Engineering from the University of Florence (Italy) in 1998 and the Ph.D. in Telecommunications and Information Society in 2001. His main research areas are spread spectrum techniques (UWB, CDMA, etc.), cooperative communication systems, cognitive radio, wireless security, MIMO and diversity techniques and multi-satellite communications. He has published a chapter in three international books, 12 papers in international journals and several papers (53) in international conferences during his research activity. Lorenzo Mucchi is also a full member of the Institute of Electrical and Electronics Engineers (IEEE).

123

80

L. Mucchi et al. Luca Simone Ronga [IEEE S89-M94-SM04] received his M.S. Degree in Electronic Engineering in 1994 and his Ph.D. Degree in Telecommunications in 1998 from the University of Florence, Italy. In 1997 joined the International Computer Science Institute of Berkeley, California, as a visiting scientist. In 1998 obtained a post-doc position in the engineering faculty of the University of Florence. In 1999 he joined Italian National Consortium for Telecommunications, where he is currently head of research. He has been leader of national and international research groups. He authored over 50 papers published in international journals and conference proceedings. He has been editor of EURASIP Newsletter for 4 years.

123