Physical Layer Authentication Watermarks Through ... - CiteSeerX

Physical Layer Authentication Watermarks Through Synthetic Channel Emulation Nate Goergen † , T. Charles Clancy † , and Timothy R. Newman ‡ † Electrical

and Computer Engineering University of Maryland, College Park, MD, 20742, USA ‡ Wireless @ Virginia Tech Virginia Polytechnic and State Institution, Blacksburg, VA 24073, USA Abstract—We present an authentication device allowing for the validation of wireless transmissions by means of a watermark signal applied at the physical layer, and demonstrate how the method may be applied to digital broadcast television signals. The novel watermarking approach presented conveys the authentication signal through explicit emulation of innocuous channel responses, further preventing Primary User Emulation attacks in Dynamic Spectrum Access theaters. The undesirable effects of the watermark signal design are removed by the receiver by traditional channel equalization practices, resulting in nearly zero impact to the bit error rate (BER) of the primary signal received. The proposed mechanism may be implemented without modification to existing Digital Television (DTV) transmission equipment using a retrofitting approach, and does not require the modification of existing receivers or protocols. A key benefit of the proposed method is that the authentication signal may be received at a BER much lower than the primary-signal, all within original transmission power and bandwidth constraints. We discuss physical layer details of the new watermarking method, and demonstrate how proven cryptographic authentication measures may be applied to the problem.

I. I NTRODUCTION With the ubiquitous adoption of wireless communications, access to the electromagnetic spectrum has become increasingly competitive. To facilitate efficient access to shared spectrum, an arbitration method known as Dynamic Spectrum Access (DSA) was recently proposed [1]. Motivated by the FCC ruling regarding Wireless Regional Area Networks (WRAN), IEEE 802.22 [2], interest in spectral sensing and shared spectrum technologies has dramatically increased. Under this standard, access to the unused space between Digital Television (DTV) channels, or the white space spectrum, is granted to next-generation wireless broadband equipment. In shared spectrum scenarios such as those proposed by 802.22, licensed DTV stations are considered primary users and are given explicit first-right-of-access to the television spectrum, while broadband users are allowed access to the shared spectrum as secondary users in the absence of primary user signals only.

To ensure efficient use of white space spectrum under IEEE 802.22, spectrum allocations must first be sensed for primary users such as DTV and wireless microphone signals before secondary users exhibiting varying bandwidths and modulation types are granted access to an allocation. Since classification accuracy is exigently required for correct spectral usage, a number of methods have been proposed for the detection and classification of signals in DSA environments. Traditional approaches to unknown signal identification involving the computation of various statistical properties [3] or cyclostationary features [4], [5] have been proposed. Further detection and classification of signals using these features has been discussed, including machine learning and policy-based classification engines. In DSA environments such as the DTV spectrum, robust spectrum sensing devices are required for the interoperability, and correct operation of smart radios. Previous work has demonstrated the utility of machine learning approaches to signal classification particularly in DSA applications. However, recent work [6], [7] has shown potential weaknesses in these approaches. When using unsupervised learning in non-cooperative environments, adversaries may easily manipulate the learning process compromising security and exposing DSA systems to a number of node identity attacks. To prevent such attacks, the proposed physical layer authentication mechanism introduces an unambiguous and explicit feature to the transmitted signal, providing stronger user authentication capabilities to cognitive radios than those afforded by statistical and cyclostationary features alone. Additionally, physical layer approaches facilitate the authentication of unknown signals before higher layer processing, allowing smart radios to quickly identify its source. In this paper we describe a two faceted approach to primary user authentication (PUA) in the DTV spectrum, specifically targeting the Advanced Television Systems Committee (ATSC) broadcast standard. Since malicious nodes are motivated to conduct PUE attacks to obtain

increased bandwidth allotments and unfettered use of spectrum, the watermark message is used to expose attackers and protect primary user resources. The application of the watermark signal to existing ATSC signals is described, and simulation results demonstrating minimal impact to DTV coverage area are presented. Secondly, we describe the content of the watermark message using proven cryptographic primitives and trust hierarchies, discussing how such messages prevent PUE attacks. Lastly, we show how legacy DTV receivers will continue to function in the presence of the proposed authentication signal, allowing for reception of authenticated DTV signals using existing, unmodified television receivers. This paper is organized as follows. Section II introduces the DTV broadcast system and describes the proposed authentication device and its location in the system. Section III presents an embodiment of the proposed watermark signal. Section IV discusses the content of the watermark signal using existing cryptographic methods. In Section V we present simulation results for the proposed method. In Section VI we present our conclusions, and in Section VII future work is discussed. II. S YSTEM M ODEL AND P ROBLEM F ORMULATION A number of physical-layer watermarking methods appliciable to DTV transmissions have been investigated. In [8] the superposition of low-power pseudo random sequences on DTV transmissions is discussed. In [9], [10], [11] a number of multiresolution approaches are considered for narrowband signals, where a lowpower constellation is superimposed onto the constellation comprising the primary transmission. An example of a multresolution authentication approach would be the superpostion of a low-power, baud-synchronous QPSK signal on a regular QPSK constellation. Here, the authentication signal is carried on the low-power high resolution constellation while the main transmission is embodied by the low resolution constellation. General signal watermarking through low-power perturbations of the signal constellation are discussed in [12]. While these approaches are one method for adding an authentication signal, when using blind superposition methods the authentication component appears as noise in the primary signal and is present when the signal is decoded. Thus the introduction of the authentication signal results in decreased SNR for the transmitted signal and increased bit errors at the receiver. Additionally, these methods may require explicit modification of the transmitter to implement the authentication component. Instead, we investigate a watermarking method that exploits typical receiver preprocessing algorithms such as equalization, with a design approach closely resembling the Class 3 fingerprints described in [13]. Water-

Fig. 1. Example system diagram showing addition of authentication signal using IF retrofitted transmitter

marks in this class are designed using additional information regarding anticipated channel distortions and how the cover data will be perceived by the receiver, yielding a more optimal watermark signal. A key advantage of this class of watermarks is that the deleterious effects of the authentication signal will be partially filtered out by the receiver’s equalizer before decoding. Since very little capacity is required to convey the watermark message, the low-baud watermark in the proposed system is achieved without decreasing the SNR of the transmitted signal at the cost of a negligible increase to the meansquared error of the receiver’s channel estimate. We now introduce two general properties of a physical-layer authentication signal. In the proposed method we consider the case where the symbol rate of the authentication signal ra is much less than the symbol rate of the primary signal rp . Let the ratio of the authentication symbol rate to the primary signal rate be defined as ra (1) ASR = , ra ≪ rp , rp where the Authentication Symbol Rate ratio is labeled ASR. The second property we consider is the ratio of the authentication signal power Pa to the primary signal power Pp . Let this ratio be defined as ASP =

Pa , Pa ≪ P p , Pp

(2)

where the Authentication Symbol Power ratio is labeled ASP . This term describes the power of the authentication component of the signal in terms of the primary signal power. We define the alphabet for the authentication signal C, where each vector cl ∈ C is a finite length synthetic FIR channel response to be applied by the transmitter, and l is the length in primary-signal symbols of the maximum length impulse response of C. The authentication signal is transmitted by subjecting the primary signal to a synthesized channel response, whereby the response selected serves as the authentication signal symbol, and for each cl a mapping to a sequence of bits is defined. By introducing a synthetic channel response the transmitter effectively induces a small but deliberate amount of

The temporal model mismatch error experienced by the receiver is ˆ ε (t) = wo (t) − w(t). (8) The convolution of cl (t) and wa (t), the vector ka [i], may approximated as a Kronecker delta function ( 1 i = (l + m)/2 ka [i] = cl (t) ∗ wa (t) = , (9) 0 otherwise where m is the length of the transversal equalizer and i is the element index into the FIR vector. The signal at the receiver g(t) before channel equalization becomes g(t) = hH l (t)p(t) + n(t) H

= (cl (t) ∗ u(t)) p(t) + n(t), ˆ Fig. 2. Evolution of LMS equalizer taps w(t) exhibiting a modulated behavior in response to an exaggerated authentication signal

linear inter-symbol interference (ISI) to the transmitted signal, whereby the specific linear combination of symbols selected conveys the authentication signal. We now present the channel model describing the authentication method, and the role of channel equalization in the proposed device. Let cl (t) ∈ C be the FIR response representing an authentication symbol to be transmitted at time t, and p(t) be the primary-signal symbol. The transmitted signal x(t) with watermark component becomes x(t) = cH l (t)p(t).

(3)

Let the total linear impulse response experienced by the transmitted signal be h(t), and the optimal transversal equalizer weight vector that minimizes ISI at the receiver be wo (t). The estimate of the optimal tap weight vector ˆ o (t). The aggregate channel at the receiver is denoted w impulse response h(t) is a convolution of the synthetic component of the authentication signal, cl (t), and the real FIR multipath component induced by the communication channel u(t) h(t) = cl (t) ∗ u(t),

(4)

where (∗) represents convolution. Let wa (t) be the tap weight vector of the optimal transversal equalizer associated with cl (t). The aggregate optimal equalizer weight vector associated with h(t) becomes wo (t) = wa (t) ∗ wu (t),

(5)

wa (t) = c−1 l (t),

(6)

wu (t) = u−1 (t).

(7)

where

and

(10)

where n(t) represents the zero-mean Gaussian noise component of the AWGN channel. An equalizer designed to mitigate linear multipath ˆ effects produces a tap-weight vector estimate w(t) as close to the real truncated response wo (t) as possible, to minimize (8). Thus, the equalization device employed by the receiver must evolve its estimate in response to the channel response h(t) described in (4). The authentication signal y(t) may then be recovered by applying a matched filter sl corresponding to the alphabet cl on ˆ w(t) for the response wa (t), after the estimate of the component corresponding to the real channel response ˆ u (t) is removed. A figure depicting the evolution of w an least mean squares (LMS) transversal equalizer tap ˆ weight vector w(t) in response to a modulated channel impulse response that has been exaggerated is given in Figure 2. We assume that the authentication signal is baudsynchronous, therefore correct time and phase synchronization is assumed by means of the synchronization method used by the primary signal. It may be noted, however, that in implementation the authentication signal may include an independent synchronization mechanism complete with a preamble sequence and timing recovery mechanism. The receiver’s estimate for the optimal weight vector is comprised of an estimate for wa (t) convolved with an estimate for wu (t), in addition to a zero-mean additive Gaussian noise component ν(t) introduced by the channel n(t) and equalizer self-noise. The overall tap-weight vector estimate produced by the equalizer becomes ˆ ˆ a (t) ∗ w ˆ u (t) + ν(t). w(t) =w

(11)

Considering that a finite-length transversal filter is used ˆ in implementation, w(t) will be a truncated approximation of (5). The tap weight response induced by the auˆ a (t), must be extracted from w(t). ˆ thentication signal, w This may be accomplished by one of two methods. The first method is to select the synthetic channel response

alphabet cl ∈ C such that the respective real channel ˆ u (t) will be as orthogonal to the matched components w filter alphabet sl as possible, that is h(wu ∗ wa ) − wa , sl i = 0,

(12)

where h·i represents an inner product. This method is impractical, since it it requires prior knowledge of h(t) in the design of C . A more practical method may be to design the authentication signal with a training phase. The training phase is merely a period for which no authentication signal is present, approximated as a Kronecker delta function ( 1 i = l/2 ctrain [i] = . (13) 0 otherwise Thus the channel tap weight vector wu (t) may be delineated from wa (t) through periodic transmission of the training sequence ctrain . Using this method, the receiver will produce an estimate for wu (t−1) during the training symbol and remove this component when extracting ˆ a (t) from w(t). ˆ w Under the assumption of channel coherence during u(t) and u(t − 1), the authentication ˆ u (t − 1) from signal may be obtained by deconvolving w ˆ ˆ a (t) to detect the w(t) and applying a match-filter on w authentication symbol transmitted. This method operates under the assumption that the ˆ u (t − 1) will remain stationary over channel response w the period of the training phase and the adjacent authentication signal symbol(s) so that the corresponding ˆ u (t) is accurate. This could require channel estimate w channel stationary over a large number of symbols when very low AP R values are used. Methods for detecting wa (t) with a high probability under more relaxed channel stationary assumptions remains future work. The model noise process ν(t) will also be present in ˆ a (t) and is a function of the SNR of the channel, the w step size of the adaptive equalizer µ(t), and the equalization algorithm employed. The relatively low baud rate of the authentication signal allows for a large number of observations of the authentication symbol, and the ˆ o (t) integration performed by the equalizer to produce w both help mitigate the effects of ν(t) by decreasing the variance of the estimate. Thus the authentication message may be transmitted at a BER advantage over the primary signal, allowing for the authentication of signals which may be too weak to demodulate. The additional robustness of an authentication message transmitted using this method allows DSA entities to preform correctly in low SNR scenarios, even when higher layer authentication devices would fail. III. S YNTHETIC C HANNEL WATERMARKING FOR DTV We now discuss how the method may be applied to DTV transmissions for use in 802.22 DSA environments,

Fig. 3. decoder

Example smart receiver system diagram, with watermark

in particular we focus on the ATSC DTV standard used in the United States. The diagram of a smart receiver capable of decoding the authentication signal is given in Figure 3. We note that in Figure 3, the smart receiver applies additional signal processing on the equalizer taps, allowing for detection of the watermark signal. Legacy receivers, i.e. regular ATSC televisions, have a similar signal processing chain, sans the watermark signal processing. The additional signal processing required by PHY-layer watermarking methods are one disadvantage to higher-layer authentication approaches. While the ASR property (1) is strictly upper bounded by 1/l, it is also practically limited by the channel equalization mechanism of the receiver. For example, in the case of the LMS equalizer, the length of an authentication symbol must be less than the convergence time of the equalizer, or the probably of detecting the authentication signal will be severely degraded. The deleterious effects of selecting ra such that ASR is too large are analogous to ISI in the authentication signal, since the receiver’s equalizer is not allowed adequate time to converge to the changing channel. In the proposed method the ASP property (2) is defined to be the ratio of the power of the synthesized channel responses in the authentication signal alphabet to the power of the training symbol. For all practical watermarking signals, the power of the authentication component of the composite signal should be much less than the power of the primary, since increasing Pa in the proposed watermarking method has the effect of increasing transient model mismatch error in the receiver’s equalizer. In general, increasing ASP has the effect of increasing the quality of the authentication signal via decreased BER, at the expense of increasing BER for the primary signal. To fairly evaluate the system, the authentication signal is designed according to the power constraint Pa + Pp = Po

(14)

where Po is the power of the original signal before augmentation of the authentication signal.

The ATSC standard [14] specifies an eight level PAM signal with a 10.76 MHz symbol rate. The resulting signal is then filtered with a linear phase root raised cosine filter with rolloff factor R = .1152 creating an bandlimited signal with an effective bandwidth of 5.38 MHz. This filtering creates a single sideband signal with a vestigial sideband component still present, thus giving rise to the 8-VSB modulation specified by the ATSC standard. IV. C RYPTOGRAPHIC P RIMITIVES FOR S IGNAL AUTHENTICATION The data modulated in the watermark is used to verify that the signal is authorized to transmit at that specific time, in that specific location, at that specific frequency. To accomplish this, a digital signature is embedded as the watermark.

5.1 × 109 attempts to achieve one collision using a brute force ’birthday’ attack. Current best practices for secure hashing algorithms is use of the Secure Hash Algorithm with a 256-bit output (SHA-256), further decreasing the probability of an authentication error and making the probability accepting a forgery impossible. Since the authentication message is transmitted as a digital signal, the probability of a detection miss is the same as the probability of incorrectly receiving the entire authentication message. Since a single bit error in either the authentication message or the signature will cause the authentication to fail, the probability of missing the authentication message is the same as the probability of a at least one bit error in the message. Therefore for an uncoded binary transmission, the probability that the authentication message msg ˆ a is received in error is simply

A. Basic Signature In general, the signature should contain three pieces of information: the frequency, location, and time the signal is authorized for transmission, respectively denoted F , L, and T . This information is then digitally signed using a certificate C owned by the transmitter. A timestamp, denoted T S, is also included to prevent replay of the message. The total authentication message msga is then msga = {T S, F, L, T, C, SignC (Hash(T S, F, L, T ))} . (15) A receiver decoding this watermark would then extract the various fields, verify the authenticity of C using an appropriate trust anchor, and then the signature. If the certificate and signature were both deemed valid, and the operating signal met the specifications of F , L, and T , it can be recognized as a primary user. In the United States, the FCC could establish a certificate authority (CA) used to sign certificates for individual licensed transmitters. This CA could be distributed to cognitive radio devices wishing to authenticate license holders. B. Security Evaluation Cryptographic protocols, in order to be secure, need to be robust against forgery, modification, deletion, and replay. Provided the hashing algorithm used is collisionresistant, forgery is not possible. Modification is prevented through use of the signature itself. If any of the fields, T S, F , L, T , or C are changed, then the signed hash is no longer valid. By leveraging proven cryptographic primitives, the probability of making an authentication error is reduced to the probability of a hash collision, which is extremely low, thus preventing the acceptance of erroneous authentication messages. For example, if a 64-bit uniform hash is used, a malicious node would require approximately

P [msg ˆ a 6= msga ] = 1 − (1 − Pe )M +N ,

(16)

where Pe is the probability of a bit error in the authentication signal, M = length{T S, F, L, T, C} and N = length{SignC (Hash(T S, F, L, T ))}. The use of forward error correction (FEC) on the authentication signal, combined with a continuously repeated message (i.e. repetition encoding), can further decrease the probability of an authentication miss. V. S IMULATION R ESULTS We now present simulation results for the proposed watermarking method. In each run of the simulation, 80, 000 uncoded symbols of an 8-VSB ATSC signal were generated and filtered according to the VSB filter specifications of the ATSC standard, using 5 samples per symbol. The authentication watermark signal consisting of a symbol alphabet with two synthetic FIR channels was then applied at IF onto the transmitted signal at the rate of one authentication symbol for every 10, 000 symbols of the primary signal, for an ASR of 1/10000. The augmented signal was then subjected to a AWGN channel. At the receiver, a decision directed LMS equalizer using a 21 tap transversal filter and step-size parameter µ = .002 was used to reverse the ISI introduced by the watermarking signal. Realistic receiver timing recovery was simulated using a DLL timing recovery algorithm, however explicit timing offsets were not introduced in the simulations conducted. Synthetic channels using ASP ′ s of .0015, .0025, and .004 were used, using the impulse response alphabet depicted in Figure 4. The responses in Figure 4 are shown with an exaggerated ASP of .15 to show secondary impulse tap definition. System BER results for the authentication signal and the primary signal were obtained via Monte Carlo simulation. A second, independent simulation was also

1.2

1.2

−3

1

1

1

0.8

0.8

ASR = 0.0001 |C|=2

x 10

Auth. Not Present Auth. Present − ASP 0.0015 Auth. Present − ASP 0.0025 Auth. Present − ASP 0.004

0.9

0.8

0.6

0.6

0.4

0.4

0.2

0.2

0

0

channel estimate MSE

0.7

0.6

0.5

0.4

0.3

0.2

0.1

−0.2

0

2

4

Fig. 4.

6

8

10

−0.2

0

2

4

6

8

10

0

0

2

4

6

8 SNR dB

10

12

14

16

Synthetic channel impulse responses (exaggerated) Fig. 6.

Channel Estimate MSE

ASR = 0.0001 |C|=2

−1

BER

10

−2

10

−3

Pri Signal w/o Auth. Auth. Signal − ASP 0.0015 Pri. Signal − ASP 0.0015 Auth. Signal − ASP 0.0025 Pri Signal − ASP 0.0025 Auth. Signal − ASP 0.004 Pri. Signal − ASP 0.004

10

0

Fig. 5.

2

4

6

8 SNR dB

10

12

14

16

BER Authentication and ATSC Signals (overlapping series)

conducted, producing BER results for a primary signal where the authentication watermark was not present. For each value of channel SNR, 50 sub-experiments were conducted and bit error results accumulated. Each subexperiment consisted of repeated runs of the 80, 000 symbol Monte Carlo experiment described above, terminating when 100 authentication signal bit errors were accumulated or 8, 000 total authentication symbols were received, whichever came first. Bit error rate results are presented in Figure 5 for the authentication signal, the primary signal, and for the original primary signal with the watermark not present. From these results we see that the authentication signal is received with a slight BER improvement over the primary VSB signal, for ASP values greater than about .002. The ASP required to yield a BER advantage

over the primary signal will depend on the equalizer step size parameter µ, and other properties of the equalization algorithm. Additionally, we notice that the primary signal BER is negligibly impacted by the presence of the authentication signal, since the BER curve for the primary signals with and without the authentication signal are indistinguishable, since these series overlap. We observe that the impact to primary signal BER is negligible for all values of ASP used, as these series are overlapping in Figure 5. This result implies negligible impact to ATSC coverage area when the authentication signal is present. We note that a naive authentication signal detector was used in this simulation, which weighted every observation of the authentication signal over an entire baud equally. A more correct detector considering the learning curve of an LMS equalizer and employing maximum ratio combining of the observations would yield even better results in practice. Decreasing the ASR of the authentication signal will improve its BER, at the expense of decreasing capacity. Since the watermark signal introduces additional model mismatch in the receiver’s channel estimate, we note that decreasing the relative baud rate of the authentication channel has the effect of decreasing the frequency at which synthetic model mismatch error is introduced into the primary VSB signal. Thus the quality of the primary signal increases accordingly. Conversely, an increase in ASP will result in decreased BER for the authentication signal, however this has the effect of increasing the MSE of the receiver’s channel estimate. This increase in model mismatch error results in decreased capacity for the primary signal. Average channel model MSE results for the experiment described above are presented in Figure 6. We note a negligible impact to the the receiver’s

channel model estimate MSE in the presence of the authentication signal for the chosen system parameters, and that increasing ASP has negligible impact to the channel estimate MSE. VI. C ONCLUSIONS We have presented a method for adding a watermark signal to digital transmissions and further described how the watermark signal allows cognitive radio receivers to authenticate the signal being transmitted. We have demonstrated that cryptographic authentication primitives may be employed in generating the content of the watermark, allowing for user authentication at the strength of the primitive. We have also discussed how the watermarking signal may be applied to DTV signals adhering to the ATSC standard, in support of the IEEE 802.22 dynamic spectrum access standard, and how a watermark authentication device prevents a number of attacks against cognitive radio signal classifiers. In addition to preventing primary user authentication attacks, the watermarking method presented may be applied to the primary signal at IF, enabling its use on legacy equipment without modification to the transmitter. In retrofitting existing DTV transmitters for use in 802.22 theaters, the watermarking device may be implemented as a preconditioning component in the IF chain of the transmitter, before signal up-conversion and power amplification. VII. F UTURE W ORK The extension of this work to other signals, such as the COFDM modulation used in Europe, remains future work. Also, while the synthetic linear channels discussed in this paper were chosen arbitrarily as a fixed alphabet of impulse responses, formalizing the design of optimal synthetic channel alphabets and exploring spread spectrum alphabets remains future work. It is anticipated that the application of a pseudorandom alphabet will produce improved results over the fixed linear channel alphabet, for general channel multipath conditions. Analytical results for optimal detection of the authentication signal will be presented in future work, as well as analytical derivation of authentication signal capacity and impact to primary signal BER. R EFERENCES [1] I. Akyildiz, W. Lee, M. Vuran, and S. Mohanty, “Next generation/dynamic spectrum access/cognitive radio wireless networks: A survey,” Computer Networks: The International Journal of Computer and Telecommunication Networking, vol. 50, pp. 2127–2159, 2006. [2] FCC, “FCC adopts rules for unlicensed use of television white spaces.” http://hraunfoss.fcc.gov/edocs public/attachmatch/DOC286566A1.pdf.

[3] B. Le, T. Rondeau, D. Maldonado, and C. Bostian, “Modulation identification using neural networks for cognitive radios,” in SDR Forum Technical Conference (SDR’05), November 2005. [4] A. Fehske, J. Gaeddert, and J. Reed, “A new approach to signal classification using signal correlation and neural networks,” in New Frontiers in Dynamic Spectrum Access Networks (DySPAN’05), November 2005. [5] P. Sutton, K. Nolan, and L. Doyle, “Cyclostationary signatures for rendezvous in ofdm-based dynamic spectrum access networks,” New Frontiers in Dynamic Spectrum Access Networks, 2007. DySPAN 2007. 2nd IEEE International Symposium on, pp. 220– 231, April 2007. [6] T. Clancy and N. Goergen, “Security in cognitive radio networks: Threats and mitigation,” in International Conference on Cognitive Radio Oriented Wireless Networks and Communications (Crowncom’08), May 2008. [7] T. Newman and T. Clancy, “Security threats to cognitive radio signal classifiers,” in Virginia Tech Wireless Personal Communications Symposium, June 2009. [8] Y. W. X. Wang and B. Caron, “Transmitter identification using embedded pseudo random sequences,” IEEE Transactions on Broadcasting, vol. 50, pp. 244–252, September 2004. [9] M. O. M. Morimoto and S. Komaki, “A hierarchical image transmission system in fading channel,” IEEE Proceedings 4th IEEE International confrence on Universal Personal Communications, pp. 769–772, November 1995. [10] P. K. Vitthaladevuni and M. S. Alonini, “Exact ber computation of generalized hierarchical psk constellations,” IEEE Transactions on Communication, vol. 51, pp. 2030–2037, December 2003. [11] L. F. Wei, “Coded modulation with unequal error protection,” IEEE Transactions on Communication, vol. 41, pp. 1439–1449, October 1993. [12] J. B. P. Yu and B. Sadler, “Physical-layer authentication,” IEEE Transactions on Information Forensics and Security, vol. 3, pp. 38–51, March 2008. [13] M. M. I. Cox and A. McKellips, “Watermarking as communications with side information,” Proceedings of the IEEE, vol. 87, pp. 1127–1141, July 1999. [14] American Television Systems Committee, ATSC Digital Television Standard Part 2 RF/Transmission System Characteristics, January 2007. A/53, Part 2:2007.