Enhanced Secure Error Correction Code Schemes in Time Reversal ...

Wireless Pers Commun (2012) 64:403–423 DOI 10.1007/s11277-010-0206-2

Enhanced Secure Error Correction Code Schemes in Time Reversal UWB Systems Dariush Abbasi-Moghadam · Vahid Tabataba Vakili

Published online: 14 December 2010 © Springer Science+Business Media, LLC. 2010

Abstract In this paper, secure channel coding schemes based on turbo codes are suggested for time reversal ultra wideband (TR-UWB) systems. Turbo code has the capability of error correction near Shannon’s limit. Adding security to turbo code is an attractive idea since it could reduce the overall processing cost of providing secure coded data and enjoys the advantages of high-speed encryption and decryption with high security, smaller encoder and decoder size and greater efficiency. The proposed turbo code schemes are labeled as follows: secure puncturing rate, secure frame length, and secure interleaving. Using these scenarios, secure turbo code is defined in a way that the redundant information used for error correction is not pre-determined by the nature of the error correction part of the algorithm but it can be chosen arbitrarily out of the whole set of possible strings. The lower bound of bit error probability for secure turbo code schemes in AWGN and TR-UWB systems are evaluated. Analytical and simulation results show secure turbo code performance is very satisfying. Various crypto-analytical attacks are investigated against these schemes. Based on this analysis, secure turbo code structures changed during the encryption procedure to increase the complexity of linear and differential cryptanalysis. It is seen that the performance of conventional turbo code and random frame length with Poisson distribution are the same. Comparing these schemes shows, secure interleaving approach has the best performance and secure puncturing rate the worst, but the latter provides the most security. The enhanced security of UWB, due to rich multipath nature of UWB channel, could be exploited. Due to space-time focusing property of time reversal UWB, there is an environmental confidentiality (or spatial security), which is additional security for secure turbo code in this system. Using secure turbo code, it is possible to increase the transmission range of UWB systems. Keywords

Secure turbo code · Time reversal · UWB · complexity

D. Abbasi-Moghadam (B) · V. T. Vakili School of Electrical Engineering, Department of Telecommunications, Iran University of Science & Technology (IUST), Narmak, Tehran, Iran e-mail: [email protected] V. T. Vakili e-mail: [email protected]

123

404

D. Abbasi-Moghadam, V. T. Vakili

1 Introduction Error control and security are important aspects of modern digital communications and it is desirable to have both in a single application. Coding has an important role when the energy efficiency is being optimized. The demand for a reliable, secure, and efficient digital data transmission system has been accelerated by the emergence of large scale and high speed communication networks. Merging security and channel coding processes is an attractive idea since it may reduce the overall processing cost of providing secure reliable data. A secret channel coding scheme is one that provides both data secrecy and data reliability in one process to combat problems in an insecure and unreliable channel. In 1978 McEliece proposed a public-key cryptosystem based on algebraic coding theory that revealed to have a very high security level [1]. The rationale of the McEliece algorithm, that adopts a generator matrix as the private key and one transformation of it as the public key, lies in the difficulty of decoding a linear large code with no visible structure. The idea behind this scheme was based on the fact that the decoding problem of an arbitrary linear code is an NP hard problem. A new secure channel coding scheme based on [2] introduces secret puncturing of a (parallel or serial) concatenated turbo code. It was shown that this secure puncturing scheme is vulnerable to key recovery attack [3]. A chosen ciphertext attack was proposed and showed that the key is completely recoverable. A combination for a public key cryptographic system, using turbo code and elliptic curve algorithms are suggested in [4]. Incoming data are embedded in the interleaver process of the turbo encoder and the security is derived from the one-way functions provided by elliptical curves. In this scheme, coding and elliptic curve algorithms are serial so its complexity is high and its speed is low. Cryptocoding is one of the more recently proposed techniques for joint error correction and encryption [5]. This technique is based on quasigroup (Latin square) string transformation. A quasigroup of order 16 is chosen over 2480 possibilities when encoding and decoding functions are generated. The space of quasigroup gives the security for such a technique. Although this technique achieves both security and error correction, the decoding procedure is extremely complicated and cannot be used in a resource constrained environment. Study of communications over large bandwidth/high delay spread channels is very promising. Ultra-wideband impulse radio is a scheme that uses very narrow pulses for information transmission. UWB has many benefits, including high data rate, availability of low-cost transceivers and low transmit power. Nevertheless the insufficient multipath energy captured by the receiver results in a poor system range and almost no tolerance to intersymbol interference (ISI) caused by multipath delay. Traditional ISI mitigation techniques include equalization, RAKE receiver and orthogonal frequency-division multiplexing (OFDM), and all of them are expensive solutions that use coherent detection and require channel estimation at the receivers. Normally a high data rate means a system with high complexity thus more expensive. The temporal focusing feature of time reversal UWB can soften the impact of ISI, while the spatial focusing feature can be utilized to transmit information to an intended location with limited signal leakage at other locations [6]. Time reversal takes advantage of rich scattering environments to achieve signal focusing both temporally and spatially. Due to the Shannon limit approaching performance, turbo codes are expected to play a key role in UWB systems. Turbo codes make it possible to increase data rate without increasing the power, or these codes could be employed to decrease the amount of power for a certain amount of data rate. The main challenge in implementing turbo codes in the UWB systems is the consequent complexity consideration in spite of high bit error rate (BER) and savings in transmission power consumption as pointed out above. One approaches for reducing the complexity of turbo code UWB system is turbo code TR-UWB. UWB is somewhat inherently secure, because

123

Enhanced Secure Error Correction Code Schemes

405

its low output power and short pulses make its transmission appear to be white noise from a distance. Nevertheless, UWB signals could be listened by a determined attacker who is located close to the transmitter; this requires the use of security algorithm. In this paper, the weakness of [2] is explained first and then some methods are proposed to overcome the weak features. Also application of these schemes in TR-UWB system is evaluated for the first time. The main features of the current paper are as follows: • Secure turbo code based on secure puncturing rate, secure interleaving, secure frame length and dynamic structure are proposed. • Performance of all cases is analyzed based on code and channel parameters. • Security level of these schemes is evaluated and compared with standard RSA (Rivest, Shamir and Adleman), Elliptic curve and advanced encryption standard (AES) algorithms. • The time delay of proposed schemes are computed and compared with separate implementation of coding and cryptography. • Secure turbo code schemes are used in TR-UWB systems and its performance are analyzed. Also range extension of proposed scheme is shown by simulation. The paper is organized as follows. The second section gives the secure turbo code schemes and their performance analysis. Then security of these schemes is investigated in Sect. 3 and its overall delay is presented in Sect. 4. In Sect. 5, application of secure turbo code schemes in TR-UWB systems are presented. Finally, in Sect. 6 analytical and simulation analysis of secure turbo code schemes are presented. A concluding summary in Sect. 7 contains statements to the key contributions of this paper.

2 Secure Turbo Code Schemes Turbo code has raised great interest in the coding community with its astonishing performance. Its encoder is formed by two or more constituent recursive systematic convolutional (RSC) encoders joined by interleaver. The input information bits feed the first encoder and, after having been scrambled by the interleaver, enter the second encoder. Adding security to channel coding is an attractive topic, as it could reduce the overall processing cost of providing secure encoded data. A secret channel coding scheme is one that provides both data secrecy and data reliability in one process, to deal with problems in an insecure and unreliable channel. An adaptive secure channel coding scheme was proposed based on secret puncturing of a (parallel or serial) concatenated turbo code and adaptation with channel noise conditions [2]. In this scheme when the channel state is bad, the transmitter picks more redundant bits for protection. As the channel condition gets better, less redundancy is needed for protection. The proposed puncturing scheme uses linear feedback shift register. This scheme is based on a pseudo-random number generator algorithm for selecting N bits from M turbo encoded bits. The weakness of this proposal is that the code sequence bits generated by linear feedback shift register (LFSR) can be recovered by Berlekamp-Massy algorithm. As a result, the user’s signal could be recovered through various signal separations and extraction algorithms. Furthermore it was shown that this secure puncturing scheme is vulnerable to key recovery attack [3]. A chosen ciphertext attack was proposed on the mentioned scheme. In this method, having L c /log MC chosen ciphertexts obtained from puncturing output of a code with length MC by a linear shift register with length L c , whole key can be exposed. Furthermore, if the proposed scheme uses non-linear shift register, inner state of the non-linear shift register is

123

406

D. Abbasi-Moghadam, V. T. Vakili

Fig. 1 Dynamic Secure turbo code based on cryptographic system



  NC (NC − log MC + 1) number of ciphertexts, where NC is the log MC length of ciphertext. Considering linear/non-linear shift registers and fixed structure of the code, the key is precisely revealed. In this paper, following methods is proposed to overcome the mentioned weak points. found by having

(1) Since mentioned attacks are based on linear or non-linear shift registers, a method is proposed which takes advantage of AES cryptography; therefore, resistance against these attacks is greatly increased (Fig. 1). (2) To increase immunity of the proposed method against attacks, a dynamic scheme is proposed and analyzes in individual subsections. In section III, security of proposed schemes are discussed and shown that finding structure of the dynamic code is difficult and attacks based on redundancy are an NP-complete problem and barely will succeed due to the changing structure of the code. (3) Presuming a code with length greater than 600 bits, probability of having Hamming code with small distance is significantly decreased. Thus, the code is immune against these attacks and performance of the system is enhanced. (4) In addition, a look-up table is used and weak Hamming codes with small distances from this table are eliminated. As simulation results show in Sect. 6, considering these steps may lead to degradation in performance. However, this degradation is not considerable, for example, required signal-tonoise ratio (SNR) of the dynamic structure for BER = 10−5 is 1dB more than the proposed secure coding based on variable rate. In this section, secure turbo code schemes are discussed and their performance are analysed in additive white Gaussian noise (AWGN) channel. The advantages of these schemes are reliable security without requiring a large size key and high efficiency of data transmission system.

123

Enhanced Secure Error Correction Code Schemes

407

2.1 Secure Puncturing Rate The first scheme of secure turbo code is based on secure puncturing rate; in this scheme puncturing rate and its puncturing matrix is changed by nonlinear shift register. Secure puncturing matrix which is introduced in [3] is a special case of this scheme in which code rate is not changed. The bit error rate of the channel depends on the instantaneous receiver SNR, code rate, frame length (K ) and constraint length (υ). An estimated error-floor bound (free-distance asymptote) for the bit error probability over AWGN channel in parallel concatenated convolutional code (PCCC) turbo code and secure puncturing matrix may be considered as follows [2]:   N f r ee W f r ee Eb Pb (e) ≥ 2d f r ee R Q (1) K N0 where d f r ee is the free distance of the code, N f r ee is the number of code words with output weight d f r ee , W f r ee represents the weight of input sequence associated with output weight d f r ee , K is the input block length, R is the code rate and NE b0 is the bit energy to noise density ratio. The bit error probability bound of serial concatenated convolutional code (SCCC) turbo code for high NE b0 is given by [7],   Eb Pb (e) ≤ Bm K 1−d f ree × exp −h m R N0

(2)

where, Bm is a constant, h m is the minimum weight of code words. For free distance of the outer code (d of r ee ), Pb (e) is ⎧   o i −d i d d f ree ⎪ Eb f ree f,e f f ⎪ 2 ⎪ B dofree is even K × exp − R ⎨ even 2 N0    

Pb (e) ≤ −d of ree d o −3 d i ⎪ f ree f,e f f ⎪ ⎪ Bodd K 2 exp − + h m R NE b0 dofree is odd ⎩ 2

(3)

where h m is the minimum weight of sequences of the inner code generated by a weight– input sequence, d if r ee is the free distance of the inner code. Obviously, the lack of knowledge about the frame length along with the presence of random puncturing matrix improves the security of the proposed system even further with respect to secure puncturing matrix. Secure turbo code performance varies according to the distribution of R. If probability density function (PDF) of R is f R (r ), then BER of Eq. 1 (the best performance) will be:   N f r ee W f r ee Eb Pb (e |R ) ≈ 2d f r ee R Q (4) K N0

N f r ee W f r ee Pb (e) ≈ K



1 Q 0

Eb 2d f r ee r N0

 f R (r )dr

(5)

123

408

D. Abbasi-Moghadam, V. T. Vakili

Assuming γ = Substituting (6) in (5) N f r ee W f r ee Pb (e) ∼ = K

Eb N0

 Q



(6)

2d f r ee r γ



f R (r )dr

(7)

r

An alternative representation for Gaussian Q-function is [8] 1 Q(x) = π

 π/2 exp −

 x2 dθ, x > 0 2 sin2 (θ )

(8)

   π/2 d f r ee γ exp − 2 r f R (r )dθ dr sin (θ )

(9)

0

Substituting (8) in (7) N f r ee W f r ee Pb (e) ≈ Kπ

r ∈R 0

 Remembering that φ(s) = E (esx ) = esx f X (x)d x is moment generating function, where f X (x) is the PDF of x, therefore Pb (e) will be N f r ee W f r ee Pb (e) ≈ Kπ

 π/2  γ d f r ee φ − 2 dθ sin (θ )

(10)

0

We can obtain the following upper bound by noting that the integral is maximized for sin2 (θ ) = 1, so that    N f r ee W f r ee Pb (e) ≤ exp −d f r ee γ r f R (r )dr (11) 2K r ∈R

or  N f r ee W f r ee  φ −d f r ee γ 2K For uniform distribution of R in interval of [a , b], Pb (e) is Pb (e) ≤

Pb (e) ≈

(12)

N f r ee W f r ee (e−ad f ree γ − e−bd f ree γ ) 2K (b − a)d f r ee γ

(13)

N f r ee W f r ee (1 − e−d f ree γ ) 2K d f r ee γ

(14)

If [a, b] = [0, 1], Pb (e)is Pb (e) ∼ =

It is observed that the error rates decrease almost inversely with SNR. In contrast, the decrease in error rate on a secure puncturing rate turbo code with low variance is exponential in terms of SNR. This means that, on a system with high variance puncturing rate, the transmitter must transmit a large amount of power in order to obtain a low probability of error. By the same way, performance of a secure SCCC turbo code is Pb (e) ≤ Bm K (1−d f ree ) φ (−h m γ )

123

(15)

Enhanced Secure Error Correction Code Schemes

409

Equations 14 and 15 show that the performance of secure puncturing rate is not as good as the conventional turbo code and its performance degrades due to low free distance of some punctured matrix. 2.2 Secure Frame Length This scheme is based on random frame length. Large frame length will increase complexity. By randomly changing frame length, security is enhanced dramatically. In this scheme BER of PCCC turbo code is Pb (e) ≤

Nc 

A(d)P(d)

(16)

d=1

where Nc is block length of turbo codeword, A(d)is the number of codeword with Hamming distance d, and P(d) is decoding error probability of a codeword with weight d. By averaging over all possible interleavers, average weight distribution is obtained by Vucetic et al. [9] N     N A(d) = p(d |i ) (17) i i=1

where p(d |i ) is the probability that an input codeword with Hamming weight i produces a codeword with Hamming weight d, N  is the interleaver size. The average upper bound for bit error probabilities is given by   n N   i N p(d |i ) p(d) (18) P(d, i) ≤  i N  i=1 d=d

f ree

d

where f ree is a minimum distance between codewords. For secure random code length with PN (n) distribution, upper bound of BER (Eq. 18) is  P(d, i |n )PN (n) (19) Pb (e) = n

  n N    i N Pb (e) ≤ p(d |i ) p(d)PN (n)  i N  n d=d

f ree

Alternatively, performance for high Therefore,

Eb N0

could be approximated by combining Eqs. 1 and 8.

N f r ee W f r ee Pb (e |K ) ≈ Q K Pb (e) ≈ N f r ee W f r ee Q We know that (z) = E (z n ) = 1 (z)dz = 0



 n

n

(20)

i=1





Eb 2d f r ee R N0

2d f r ee Rγ

 (21)

 1 f N (n) n n

(22)

z n f N (n) is moment generating function [10] and

1 1 f N (n) ∼ f N (n), for large n = n+1 n n

(23)

123

410

D. Abbasi-Moghadam, V. T. Vakili

Substituting (23) in (22), Pb (e) is Pb (e) ≈ N f r ee W f r ee Q



 1 2d f r ee Rγ

(z)dz

(24)

0

Using a similar method, Pb (e) for combined secure frame length and secure puncturing rate in SCCC turbo code is  N f r ee W f r ee  Pb (e) ≈ φ −d f r ee γ 2

1 (z)dz

(25)

0

If K is a Poisson variable with parameter λ then Pb (e)of secure frame length is f K (k) = P(x = k) = e−λ

λk , k = 0, 1, 2, . . . k!

(26)

Then Pb (e) ≈ N f r ee W f r ee ×

 (1 − e−λ )  2d f r ee Rγ Q λ

(27)

If code length is large enough, then e−λ ≈ 0 and Eqs. 27 and 1 are the same for λ = K , therefore the code performance is not degraded. Hence it could be concluded that the performance of secure turbo code based on random frame length with Poisson distribution and high Poisson parameter (λ) is the same as conventional turbo code. For SCCC, Pb (e) is    E b  (1−d f ree ) Pb (e |K )P(K ) ≤ Bm exp −h m R K Pb (e) = P(K ) (28) N0 K

K

If K is a uniform random variable in interval [a, b], then  1 N f r ee W f r ee  Q 2d f r ee Rγ b−a K b

Pb (e) ≈

(29)

K =a

In mathematics,

n

1 k=1 k is

Hn =

the n-th harmonic number, it is shown that [11]

n  1 1 1 1 + ≈ ς + ln(n) + − K 2n 12n 2 120n 4

(30)

k=1

whereς = 0.57722. Substituting (30) in (29) Pb (e)is Pb (e) ≈

  Hb − Ha 2d f r ee Rγ N f r ee W f r ee Q b−a

(31)

where Ha and Hb is the a-th and b-th harmonic numbers respectively. For SCCC turbo code and uniform frame length,  Bm K (1−d f ree ) exp (−h m Rγ ) b−a b

Pb (e) ≈

K=a

123

(32)

Enhanced Secure Error Correction Code Schemes

411

The generalized harmonic number of order n of m is given by [11] Hn,m =

n  1 km

(33)

k=1

Substituting (33) in (32), Pb (e) is Pb (e) ≈

Hb,1−d f ree − Ha,1−d f ree b−a

Bm exp (−h m Rγ )

(34)

In the limit as n → ∞, the generalized harmonic number converges to the Riemann Zeta function, i.e. ζ (.). b 

K (1−d f ree ) < ζ (1 − d f r ee ) =

K=a

∞ 

K (1−d f ree )

(35)

K=1

Therefore Pb (e) is Pb (e) ≤

Bm ζ (1 − d f r ee ) × exp (−h m Rγ ) b−a

(36)

For d f r ee = 2 Riemann Zeta function is equal to generalized harmonic number and for d f r ee ≥ 3, ζ (1 − d f r ee ) < 1.645, hence for secure frame length SSCC turbo code, Pb (e) will be 1.645Bm exp (−h m Rγ ) (37) Pb (e) ≤ b−a As it is seen from (37) performance is degraded, but for high SNR, performance of conventional turbo code and secure frame length with Poisson distribution are the same. 2.3 Adding Security by Random Interleaving In a turbo code scheme, interleaving is employed before the information data is encoded by the second component encoder. The first role of the interleaver is to construct a long random code, because long codes can approach the Shannon capacity limit. Second, the interleaver breaks low-weight input sequences. A turbo code interleaver is designed to transform lowweight parity sequences of the first constituent code into high-weight parity sequences of the second constituent code, with high probability. Hence, it increases the turbo code free Hamming distance and reduces the number of lower weight codewords in the code distance spectrum [9]. The final function of the interleaver is to spread the outputs from one decoder to provide the other decoders with less correlated inputs. This improves the performance of the iterative decoding algorithm. We can improve security by random interleaving process. It has been shown in [1,8] that the pseudorandom property of interleaver is an important factor, especially for large interleaver sizes. The effects induced by changing the interleaver structure at low SNR region are not significant. At high SNRs, the interleaver structure determines the code performance. The size and the type of interleaver structure affect the code performance. If the interleaver was truly random, it would be extremely difficult for an attacker to estimate it using other than a brute- force search. In proposed secure turbo codes, before applying puncturing process, output of RSCs (in turbo coder branch) are scrambled in order to enhance security. This procedure and interleaver act as a diffusion step which helps improving the secrecy of the overall system. The lack of knowledge about interleaver improves the security of the proposed system against ciphertext-only, linear and differential attacks.

123

412

D. Abbasi-Moghadam, V. T. Vakili

3 Security Analysis The security of the proposed schemes lies in the fact that the unauthorized decoder does not know some information which is necessary for decoding. The desired security level can be obtained by just setting appropriate values for the parameters of the turbo code cryptosystem. The highest level of security is obtained when all the parameters are kept secret, since this increases the complexity of any cryptanalytic attack. The security of these systems is based on exhaustive search on the key space and the turbo decoding of a random punctured sequence. For decoding attacks on secure puncturing matrix scheme [3], the basic problem to be solved is decoding a punctured sequence without knowing the puncturing pattern. Because of linearity in secure turbo code, all possible cases for secure puncturing matrix scheme are smaller than M! key_space ≤ (M) N = (38) N !(M − N )! where ! denotes factorial and M, N are punctured and unpunctured data length respectively. As mentioned in Sect. 2, all possible cases is very smaller than(M) N . Number of all possible cases for random interleaving turbo codes is L I !, where L I is the interleaver length. Computation of this number for random puncturing rate (NR) is complicated and dependent on frame lengths. Secure puncturing rate has a good security because both puncturing rate and puncturing matrix are random. By comparison of different secure turbo code schemes, it is seen that secure puncturing rate coding has the best security and secure frame length without consideration of random puncturing matrix is the worst. Finally, it is suggested, unlike most of the symmetric cryptosystems that have been proposed and studied in the literature, secure turbo code structures change during the encryption procedure (or combination of all schemes). The purpose of adding such properties to a secure turbo code is thus to increase the complexity of linear and differential cryptanalysis. The highest level of security is obtained when all the parameters are kept secret, since this increases the complexity of any cryptanalytic attack. For a dynamic secure turbo code with M, N and L I parameters, all possible cases are more than √ 2π L I M(L I ) L I M M L I !M! (39) key_space = = √ (M − N )!N ! (M − N )N e L I (M − N ) M−N N N Let us consider M = 1000, N = 400 and L I = 333, then there will be over 10982 possible code pattern. Due to the poor distance properties and resultant performance & security degradation associated with short length turbo codes, at low data rates we consider both random interleaver and data input blocks to have length, at least, of 600 bits. Using these scenarios, secure turbo code is defined in a way that the redundant information used for error-correction is not pre-determined by the nature of the error-correction part of the algorithm but it can be chosen arbitrarily out of the whole set of possible strings. Furthermore a look-up table is used and weak Hamming weight codes with small distances from this table are eliminated. Figure 1 presents combination of a cryptographic system such as elliptic curve (ECC) or AES algorithm and a turbo code. Incoming data is embedded in the interleaver process of the turbo encoder and its security is derived from cryptographic system and dynamic code. Secure turbo codes with LFSR/NLFSR and static structure are vulnerable in chosen plaintext attack, so we proposed dynamic turbo code. Using combination of a cryptographic system and turbo codes, the complexity of such cryptanalysis increased dramatically. This system has the advantages of high-speed encryption and decryption with high security, smaller encoder and decoder size and greater efficiency. Security levels for proposed schemes (dynamic structure

123

Enhanced Secure Error Correction Code Schemes Table 1 Computationally equivalent key sizes (in bits)

AES

413 ECC

RSA

Turbo/AES

80

163

1024

65

128

283

3072

110

192

409

7680

167

256

571

15360

234

with M = 1000, N = 600, υ = 4 (on the average)) and standard RSA, Elliptic curve and AES algorithms are summarized in Table 1. For the same level of resistance against the best known attacks, the system parameters for a turbo/AES system can be chosen to be much smaller than the parameters for RSA [3]. For example, a turbo/AES over a 65-bit gives the same level of security as a 1024-bit RSA modulus. The difference becomes even more dramatic as the desired security level increases. For example, 234-bit turbo/AES is equivalent in security to 15,360-bit RSA. The fact that the encoding system is intrinsically secure introduces more security to the whole system. Loss of synchronization in these schemes is fatal. If the shift registers required for the encryption and the decryption are not identical, then the recovered plaintext will be gibberish. Also secure turbo code is the best choice in an error-prone environment, because it has error correction capability. If a bit is added or lost from the ciphertext stream, then all subsequent blocks are shifted one bit out of position and all subsequent ciphertext will decrypt incorrectly unless there is some kind of frame structure to realign the block boundaries. It is obvious that Ciphertext will be longer than plaintext. Considering the space-time focusing property of TR-UWB, low spatial focusing gain of TR-UWB system at distance d away from the intended receiver, indicates that a nearby receiver at that location would not be able to detect the signal. It was shown that the directivity drops by 10 dB when the unauthorized receiver is 20 cm away from the authorized receiver [12]. Therefore, if a reasonable distance separates the eavesdroppers from each of the authorized users, the channel impulse response is a source of unique and secret information between those users. So the channel of each transceiver pair can be viewed as being independent and therefore environmental confidentiality (or spatial security) is provided, which is additional security for secure turbo code in this system. Besides prefilter (h ∗ (−t)) is random in nature which makes eavesdropping more difficult. Even though the eavesdropping may acquire the prefilter information during the feedback stage of the, the attacker has to overcome a serious ISI effect in order to decode the received data correctly in other locations.

4 Overall Delay The secure turbo code delay depends on processor performance and proposed schemes complexity. The secure turbo code complexity depends on code parameters such as frame length, constraint length, decoding algorithm and iteration number of decoding. The encoding complexity can be safely neglected, because the encoders consist of simple shift registers. The overall complexity of a turbo decoder depends on how efficient the decoding algorithm is implemented. The MAP decoding is not a practical algorithm for implementation in real systems. The logarithmic version of the MAP algorithm such as Log-MAP, Max-Log-MAP and the Soft Output Viterbi Algorithm (SOVA) are the practical decoding algorithms for implementation [13]. SOVA has the least computational complexity and the worse bit error rate performance among these algorithms, while the Log-MAP algorithm has the best BER

123

414

D. Abbasi-Moghadam, V. T. Vakili

performance. It was shown that, decoder complexity has an exponential form in terms of constraint length [13]. The computational complexity of the iterative decoders also is linearly dependent on the number of iterations performed for the decoder. Furthermore the complexity of encryption algorithm should be added to proposed turbo code complexity. This complexity depends on used encryption algorithm. If time delay of cryptographic system is tcr ypt then the overall delay of proposed secure turbo code schemes, due to parallel processing, is   ttot = max td , tcr ypt (40) Time delay of a conventional procedure, first encryption then coding, is ttot = td + tcr ypt

(41)

By comparison of (40) and (41) it is seen that, secure turbo code schemes has the advantages of high-speed encryption and decryption. It can be shown that for a turbo code with N = 1000, R = 1/2, υ = 3, 50 Mbit data and iteration number of 5, the maximum code delay is 4 sec and for an AES encryption with key length of 192, the overall delay is 0.15 sec on a Pentium 4 & 2.1 GHz, and the time delay of secure turbo code schemes is 4.0 sec but the time delay of a conventional procedure is 4.15 sec, therefore the proposed system is %4 faster. For complicated system such as ECC the proposed system is also faster. It can be shown that for an ECC with key size of 163 and rate of 10 Mbps, ECC delay is 0.406 s [14] and for turbo code with the same rate, time delay is 1.12 s, therefore the ECC/Turbo code system is %26 faster than conventional system. It is possible to increase data rate by using ASIC technology. ASIC technology in comparison with FPGA has the advantage of simplicity and higher speed per cost, therefore ASIC technology is an appropriate choice for implementing proposed secure turbo code. Hence the secure turbo code can be implemented with high data rate by using ASIC technology or FPGA technology such as Virtex-5 and Virtex-6. It could be concluded that, in a same security level, complexity of proposed secure turbo code is less than conventional system due to its smaller key size. Also because of parallel processing in secure turbo coded schemes, overall delay of proposed schemes decreases in comparison with conventional systems. Hence secure turbo coded schemes have the advantages of high-speed encryption and decryption with high security, smaller encoder and decoder size and greater efficiency. In a conventional method, if there is even a single error in the received ciphertext (after channel decoding), there will be a huge number of errors in the decrypted plaintext, whereas, in the proposed scheme, it is not so.

5 Applications of Proposed Schemes in TR-UWB Systems When dealing with wireless communication such as UWB systems, information should be protected by using cryptographic techniques. Based on authors knowledge, up to now, there is not any suggestion for security techniques applicable to UWB systems. The other challenge of UWB system is its low transmission range and complex receiver. It was shown that in order to capture most part of received energy (%85) in high SNR transmission, a rake receiver with 120 fingers is required. A rake receiver with more than 3–5 fingers will lead to an exponential increase in complexity because multipath acquisition, multipath tracking, and channel estimation consume too much processing resources [15]. Suboptimal schemes such as time reversal UWB system is proposed to perform successful multipath energy capture. Furthermore TR-UWB has an inherent security level due to its spatial focusing property. According

123

Enhanced Secure Error Correction Code Schemes

415

to the experimental result [16], the spatial correlation between two TR-UWB channels is less than 0.01 if two receivers are separated by more than 20 cm. Thus, the channel of each transceiver pair can be viewed as being independent. The TR pre-filter that is random in nature can be used to encode every transmit symbol, which makes eavesdropping more difficult. Based on these reasons we propose secure turbo coded TR-UWB for data transmission, which possesses increased transmission range, low power and very high secured data. In this section performance of secure turbo code scheme in TR-UWB system is analyzed. A TR-UWB system uses the channel impulse response as transmit prefilter [16–18]. The transmitted time-reversed signal retraces its path through the channel, resulting in an autocorrelation of the response being received. y(t) = x(t) ⊗ h ∗ (−t) ⊗ h(t) + n(t) = x(t) ⊗ R auto (t) + n(t) = x(t) ⊗ h eq (t) + n(t) (42) where x(t) is the transmitted signal and h eq (t) = Rauto (t) is the channel autocorrelation function. Using signal and noise equation, for SISO TR-UWB system and second order derivative Gaussian pulses as the transmitted pulse [15], and doing some simplification, SNR is: SN R =

(0.29/BW + a) E b T N0

(43)

where a is a constant and T is delay spread of UWB system. However, TR alone may not effectively reduce the channel delay spread, considering the fact it maximizes the peak amplitude but does not impose any constraint at its sidelobe levels. For multiple input/single output (MISO) TR-UWB with Mt transmitting antenna, heq - M I S O (t) is: h eq - M I S O (t) =

Mt 

h ∗k (−t) ⊗ h k (t)

(44)

k=1

For MISO TR-UWB with symbol rate less than coherence bandwidth and uncorrelated scattering property, we have SN R =

Mt × (0.29/BW + a) E b T N0

(45)

where Mt is the number of transmitted antennas. As it is seen, in this scenario a gain of 10 log(Mt ) dB can be achieved by using an MISO system. For symbol rate greater than coherence bandwidth ISI occurred, so signal to interference ratio (SINR) is [15]: SINR =

Mt × (0.29 + a × BW ) E b T × N0 × BW +

L0×0.29

  Eb 2T exp TTs −1

(46)

where L0 = Min ( 2d/λ + 1, Mt − 1) , λ is the central wavelength and d is the spatial focusing depth (the focusing depth is circular and its size is about λ/2 for wideband signals, 2λ for SISO-UWB systems and smaller than λ/2 for MISO and MIMO-UWB [12,17], so for wideband signals and MISO/MIMO UWB system L0 will be 1 and for SISO-UWB signals L0 = 2). For indoor application, due to wide despreading angle of arrival, d is smaller than λ/2, therefore L0 = 1. As it is seen from (46), with increasing bandwidth (or symbol rate), this gain reduces to10 log(Mt /L0).

123

416

D. Abbasi-Moghadam, V. T. Vakili

By substituting (45) and (46) in (12) the lower bound of bit error probability for secure turbo codes in ISI and without ISI scenario is computed. Analytical performances of secure turbo code schemes in SISO TR-UWB are similar to AWGN but SNR replaced by (43).

6 Coding Analytical and Simulation Results In this section, analytical and simulation results of secure turbo code schemes are presented. In all figures, four iterations have been considered (excluding Fig. 3), constraint length is three, and number of transmitter and/or receiver antennas is four. It should be noticed that for Figs. 2, 3, 4, 5, 6, and 7, the assumed channel is AWGN and signalling format is binary antipodal. Figure 2 shows the code rate versus E b /N0 for secure turbo codes in AWGN and MISOTR UWB channel, assuming BE R = 10−5 . As it could be seen, by decreasing code rate, E b /N0 enhances dramatically but its security degraded due to added redundancy bits.

Fig. 2 Code rate versus E b /N0 for secure turbo codes in BE R = 10−5 for AWGN and MISO-TR (analytical)

Fig. 3 Comparison of secure turbo code and convolutional coding in AWGN channels (simulation)

123

Enhanced Secure Error Correction Code Schemes

417

Fig. 4 Secure SCCC turbo code based on Random Rate scheme in AWGN (analytical)

Fig. 5 Secure turbo code performance based on random puncturing rate with uniform distribution (analytical)

Performance of secure turbo code based on secure puncturing matrix in AWGN channels is shown in Fig. 3. This code has 3 dB gains relative to convolutioal code with same complexity in SNR of 10−3 and frame length of 1000. It is noticeable that, increasing number of iterations and code length could enhance the performance dramatically. For example in turbo code with d f r ee = 5, W f r ee = 2 and N f r ee = 3, K = L = 1024 and different puncturing rate, Pb (e) is shown in Fig. 4, as it is seen secure puncturing rate coding for uniform distribution in [0.5, 1] degraded 1 dB (Relative to conventional turbo code). Figure 5 shows the performance of secure turbo code based on random puncturing rate with uniform distribution for different varying ranges [a, b]. In order to have a satisfying performance we can conclude that in [0, 1] and B E R = 10−5 , SNR should be greater than 19 dB and for B E R = 10−4 , SNR should be greater than 10 dB. It is obvious that when the variance of puncturing rate

123

418

D. Abbasi-Moghadam, V. T. Vakili

Fig. 6 Secure turbo code based on random frame length in AWGN (simulation)

Fig. 7 Mismatch interleaving effects in secure turbo codes with L = 1000, r = 1/2 (simulation)

decreases, the performance is enhanced, though the security is deteriorated. The reason for this phenomenon is when the variance of puncturing rate decreases, the number of codes with short hamming distance will be also reduced, resulting in a performance enhancement. Simulation results for the turbo codes based on random frame length are shown in Fig. 6. As it is seen, performance of conventional turbo code and random frame length with poisons distribution are nearly the same. Furthermore it should be noticed that for uniform distribution with greater variance, the performance is degraded because of smaller Hamming distance. Figure 7 shows the mismatch effects between interleavers of the transmitter and receiver on turbo code performance. The figure shows the decoder bit error rate for an interleaver size of 1000 bits. If the interleaver is known exactly at both transmitter and receiver, error-free transmission can be achieved; otherwise, an irreducible error floor appears such high error rates due to interleaver mismatch can make the process of retrieving the original data impossible. Comparison of the proposed schemes with conventional turbo coding scheme is shown in Fig. 8. As it is seen, secure interleaving performance is better than conventional turbo

123

Enhanced Secure Error Correction Code Schemes

419

Fig. 8 Comparison of different proposed schemes in AWGN with υ = 3, K = 1000, R = 1/2, iter = 4 (simulation)

Fig. 9 Secure turbo code based on secure puncturing rate performance in TR-UWB with L = 1000 and for SISO and MISO (Simulation)

code and the performance of random frame length and random puncturing rate is worse than conventional turbo code. In Figs. 9, 10, and 11, the assumed channel is TR-UWB and signaling format is PAM. Simulation performance of secure turbo code in SISO and MISO TR-UWB communication systems is shown in Fig. 9. By comparison of uncoded data and MISO-TR secure turbo code a gain of 6 dB is achieved in BER of 10−3 . Comparison of secure turbo code with 10% puncturing rate and Reed-Solomon shows that a gain of nearly 4 dB is achieved in BER of 10−4 . Evaluated and simulated results for bit error probability of the secure turbo code in SISO and MISO TR-UWB are presented in Fig. 10. As it is seen for SNR = 5 dB, MISO TR-UWB with 10% puncturing rate is 100 times better than SISO TR-UWB. Figure 11 also shows that in higher SNR, simulated results approach to bit error probability bound. As it was noted, the performance of secure frame length in AWGN channel is the same

123

420

D. Abbasi-Moghadam, V. T. Vakili

Fig. 10 Secure SCCC turbo code schemes in SISO and MISO TR-UWB, average frame size is 2750 (analytical)

Fig. 11 Comparison of different random interleaver turbo code schemes performance in MISO TR-UWB with L = 1000, puncturing = 33% (simulation)

as conventional turbo code and it was shown analytically that the same result will be obtained in TR-UWB channel. Comparison of different secure turbo code schemes performances in MISO TR-UWB is illustrated in Fig. 11. It could be seen that secure interleaving has the best performance and secure puncturing rate is the worst. Comparison of secure interleaving and secure puncturing rate shows that a gain of nearly 2 dB is achieved in BER of 10−5 . Also it is observed that secure interleaving has a gain of 0.8 dB relative to secure puncturing matrix. Figure 12 shows range increment, using coding schemes (coherent) such as Reed Solomon, convolutional, turbo code and non coherent MISO turbo code in LOS and NLOS UWB channels. It is seen that turbo codes provide a 60% increase in range relative to uncoded. Simulation result shows that MISO TR provides a 50% increase in range in the worse case (NLOS). It could be concluded that the propagation channel impresses less attenuation on

123

Enhanced Secure Error Correction Code Schemes

421

Fig. 12 Increase in range by using of different coding scheme in TR-UWB channel and BER of 10−4

the transmitted signal and in turn the received power will be higher when TR is used. Considering these figures, the advantages/disadvantages of different secure turbo code schemes in AWGN and TR-UWB channel could be extracted. These results suggest that the secure channel coding and time reversal can significantly extend the communication range without consuming extra transmitted power. To apply for the UWB channel, the turbo decoder should be modified to incorporate the UWB channel characteristics. Finally for TR-UWB system a secure turbo coded with υ = 3, mean length of 1000, code rate (or mean rate) of 1/2, iteration number of 4 and SOVA or Max-Log-MAP decoding algorithm is proposed.

7 Conclusion Secure coding schemes combine data encoding and data encryption into one process. In this paper, the design and modelling of secure turbo code schemes in TR-UWB system were investigated along with their performance analysis and simulation. Analytical and/or simulation results show that code performance is degraded slightly and level of security is dramatically enhanced compared to conventional coded transmission systems. The security of these schemes is based on exhaustive search on the key space and the dynamic secure turbo decoding structure. Considering various crypto-analytical attacks against these schemes, it could be concluded that security level of secure puncturing rate is higher than others. The idea of combining these proposed schemes were proposed and analyzed, illustrating much higher levels of security without a noticeable increase in complexity. In return, due to dynamic structure of this combined scheme, the complexity of standard cryptanalytic attacks such as linear and differential cryptanalysis is increased. Mixing of cryptographic systems such as AES, ECC and combined turbo code scheme enhances the immunity of this code against chosen plaintext attack, because the probability of encountering the codes with short hamming distance will be reduced. Considering time-space focusing of TR-UWB, an environmental confidentiality or spatial security is added to secure turbo code systems. These schemes have the advantages of high-speed encryption and decryption with high security, smaller encoder and decoder size and greater efficiency. From performance point of view, at first, QOS of different secure turbo code schemes in AWGN channel were analyzed, simulated and compared. It was observed that the performance of secure frame length is the same as conventional turbo code. Simulation and analytical results show that in a same code rate, secure interleaving has better performance

123

422

D. Abbasi-Moghadam, V. T. Vakili

and secure puncturing rate is the worst in both SISO and MISO. It is seen that for secure interleaving MISO-TR, a gain of 1 dB is achieved for BER of 10−4 . Comparison of secure puncturing rate turbo code (10%) with Reed-Solomon shows that a gain of nearly 4 dB is achieved for BER of 10−4 . Secure interleaving scheme has a gain of 2 dB over secure frame rate scheme while the former shows 0.8 dB gains over puncturing matrix for BER of 10−4 . Using combination of those schemes (dynamic structure), it is expected to have a degradation of 1 dB in performance. Acknowledgements The authors would like to thank ITRC (Iran telecommunication Research Center) for their invaluable assistance and funding for this research.

References 1. McEliece, R. J. (1978). A public-key cryptosystem based on algebraic coding theory. JPL DSN Progress Rep. 2. Payandeh, A., Ahmadian, M., & Aref, M. R. (2006). Adaptive secure channel coding based on punctured turbo codes. IEE Proceeding-Communications, 153(2). 3. Orumiehchi, M. (2007). Key recovery attack on adaptive secure channel coding. In 3th information and knowledge technology conference (IKT07), Mashhad, Iran, 26–28 (in Persian). 4. Magli, E., Grangetto, M., & Olmo, G. (2007). Joint source, channel coding, and secrecy. EURASIP Journal on Information Security, 79048, 7. doi:10.1155/2007/79048. 5. Gligoroski, D., Knapskog, S., & Andova, S. (2006). Cryptcoding—Encryption and error correction coding in a single step. In International conference on security and management (SAM 2006), Las Vegas, Nevada, USA, 26–29. 6. Guo, N., Qiu, R. C., & Sadler, B. M. (2005). An ultra-wideband autocorrelation demodulation scheme with low-complexity time reversal enhancement. In Proceedings of IEEE MILCOM’05, Atlantic City, NJ, 17–20. 7. Benedetto, S., et al. (1998). Serial concatenation of interleaved codes: Performance analysis, design, and iterative decoding. IEEE Transactions on Information Theory, 44(3). 8. Craig, J. W. (1991). A new, simple and exact result for calculating the probability of error for two-dimensional signal constellation. In Proceedings of IEEE military communications conference (MILCOM) (pp. 571–575). 9. Vucetic, B., Li, Y., Perez, L. C., & Jiang, F. (2007). Recent advances in turbo code design and theory. Proceedings of the IEEE, 95(6) 10. Papoulis, A., & Pillai, S. U. (2002). Probability, random variables and stochastic processes (4th ed.). NY: McGraw-Hill. 11. Ireland, K., & Rosen, M. (1998). A classical introduction to modern number theory. New York: Springer. 12. Abbasi-Moghadam, D., Tabataba Vakili, V. (2010). Characterization of indoor time reversal UWB communication systems: Spatial, temporal and frequency properties. Wiley International Journal of Communication Systems. doi:10.1002/dac.1140. 13. Sadjadpour, H. R. (2000). Maximum A Posteriori decoding algorithms for turbo codes. In Proceedings of SPIE, July 2000 (Vol. 4045, pp. 73–83). 14. Nabi, M. N., Mahmud, S., & Rahman, M. L. (2007). Implementation and performance analysis of elliptic curve digital signature algorithm. Daffodil International University Journal of Science and Technology, 4(1). 15. Abbasi-Moghadam, D., & Tabataba Vakily, V. (2010). Channel characterization of time reversal UWB communication systems. Annals of Telecommunications, 65(9–10), 601–614. 16. Zhou, C., Guo, N., Sadler, B., & Qiu, R. C. (2007). Performance study on time reversed impulse MIMO for UWB communications based on measured spatial UWB channels. In Military communications conference, IEEE MILCOM 2007, Orlando, FL, USA, 29–31 (pp. 1–6). 17. Lerosey, G., de Rosny, J., Tourin, A., Derode, A., & Fink, M. (2006). Time reversal of wideband microwaves. Applied Physical Letter, 154101. 18. Khaleghi, A. (2009). Measurement and analysis of ultra-wideband time reversal for indoor propagation channels. Springer Wireless Personal Communication. doi:10.1007/s11277-009-9727-y.

123

Enhanced Secure Error Correction Code Schemes

423

Author Biographies Dariush Abbasi-Moghadam was born in Kerman, Iran on July 21, 1976. He received the B.S. degree in Electrical Engineering from Shahid Bahonar University, Kerman, Iran, in 1998 and the M.S. degree in Iran University of Science and Technology, Tehran, Iran, in 2001, in Electrical Engineering. He was primary with the Advanced Electronic Research Center (AERC)—Iran from 2001–2003 and worked on the design and analysis of satellite communication systems. In September 2004, he joined Iranian Telecommunications Company, Tehran, as a Research Engineer. He is currently a Ph.D. student in the Department of Electrical Engineering at Iran University of Science and Technology. His research interests are in the area of wireless communications, satellite communication systems, Power line communications, Ultra Wideband communication systems, and signal processing for communications.

Vahid Tabataba Vakili received the B.S. degree from Sharif University of Technology, Tehran, Iran, in 1970, the M.S. degree from the University of Manchester, Manchester, UK, in 1973, and the Ph.D. degree from the University of Bradford, Bradford, UK, in 1977, all in Electrical Engineering. In 1985, he joined the Department of Electrical Engineering, Iran University of Science and Technology, Tehran. He was promoted to Professor in 2010. He has served as the Head of the Communications Engineering Department and as the Head of postgraduate studies. His research interests are in the areas of mobile cellular systems, interference cancellation for CDMA systems, ultra wideband communication system and space–time processing and coding.

123