Physical Layer Authentication for Mobile Systems ... - Semantic Scholar

1658

IEEE TRANSACTIONS ON COMMUNICATIONS, VOL. 62, NO. 5, MAY 2014

Physical Layer Authentication for Mobile Systems with Time-Varying Carrier Frequency Offsets Weikun Hou, Member, IEEE, Xianbin Wang, Senior Member, IEEE, Jean-Yves Chouinard, Senior Member, IEEE, and Ahmed Refaey, Member, IEEE

Abstract—A novel physical layer authentication scheme is proposed in this paper by exploiting the time-varying carrier frequency offset (CFO) associated with each pair of wireless communications devices. In realistic scenarios, radio frequency oscillators in each transmitter-and-receiver pair always present device-dependent biases to the nominal oscillating frequency. The combination of these biases and mobility-induced Doppler shift, characterized as a time-varying CFO, can be used as a radiometric signature for wireless device authentication. In the proposed authentication scheme, the variable CFO values at different communication times are first estimated. Kalman filtering is then employed to predict the current value by tracking the past CFO variation, which is modeled as an autoregressive random process. To achieve the proposed authentication, the current CFO estimate is compared with the Kalman predicted CFO using hypothesis testing to determine whether the signal has followed a consistent CFO pattern. An adaptive CFO variation threshold is derived for device discrimination according to the signal-to-noise ratio and the Kalman prediction error. In addition, a software-defined radio (SDR) based prototype platform has been developed to validate the feasibility of using CFO for authentication. Simulation results further confirm the effectiveness of the proposed scheme in multipath fading channels. Index Terms—Physical layer authentication, carrier frequency offset (CFO), hypothesis testing, Kalman filtering.

I. I NTRODUCTION ECURITY provisioning has become a fundamental challenge in wireless communications due to the open nature of the shared air space as a communications medium, where the transmitted signal is broadcasted to any receiver within its coverage [1]–[3]. Traditional wireless security schemes, relying on data encryption and authentication at the higher layers of the protocol stack, do not directly address physical layer vulnerabilities and security threats from the open air interface. In addition, conventional wireless security measures often lead to excessive communication latency, high power consumption and decreased system capacity due to the imposed computational load and signaling overhead [4], [5]. To overcome these problems, there has been tremendous research interest in developing physical layer secure com-

S

Manuscript received November 29, 2012; revised July 31 and December 2, 2013. The editor coordinating the review of this paper and approving it for publication was H. Steendam. W. Hou, X. Wang, and A. Refaey are with the Department of Electrical and Computer Engineering, Western University, London, ON, N6G 5B9 Canada (e-mail: {whou5, xianbin.wang, ahusse7}@uwo.ca). J.-Y. Chouinard is with the Department of Electrical and Computer Engineering, Universit´e Laval, Qu´ebec, QC, G1V 0A6 Canada (e-mail: [email protected]). Digital Object Identifier 10.1109/TCOMM.2014.032914.120921

munication methods [6], [7]. Among these efforts, physical layer authentication schemes, which provide complementary enhancements to existing higher layer authentication mechanisms, have been attracting much research attention recently [8]. A. Limitations of Existing Physical Layer Authentication Schemes There are basically two types of authentication approaches at the physical layer. The first type can be considered as active authentication schemes, where identification information is embedded into the transmitted signal [8]–[11]. However, modification to the existing transmission schemes is required to apply such authentication techniques. In contrast to the aforementioned methods, the second type of approaches exploits the physical layer characteristics inherent in wireless transmissions for device authentication [1] [12]. In [13], Xiao proposed an authentication method that exploits the specific spatial and temporal channel state information (CSI) between the transmitter and the receiver. In addition, a robust authentication method using inherent properties of the channel impulse response was developed in [14]. Although channelassisted authentication schemes are attractive, their practical performances may be limited by the unpredictable wireless environment and dynamic channel conditions [12]. Apart from the CSI associated with the particular physical link, device dependent hardware properties, which are more stable than the CSI, can also be utilized for authentication [15]–[18]. Since hardware components in practical wireless transceivers always exhibit certain imperfections caused by various manufacturing and environmental factors, the device-dependent bias to the nominal hardware specification can be used as a unique signature. Various radiometric features, such as the error vector magnitude (EVM), common phase error (CPE) and CFO, were explored to discriminate between different devices [15]–[17]. Compared with other hardware characteristics, CFO is a salient metric with great flexibility for device identification. It has been demonstrated in [16] that among all the considered radiometric signatures, CFO plays a significant role in improving the authentication accuracy. Furthermore, CFO estimation and compensation are commonly embedded functions for signal recovery in wireless systems. Hence, the increase of computational load for CFO-based device identification is marginal, which will not impose a power consumption burden on mobile devices. In our previous work [17], device authentication based on constant CFO values in a static wireless

c 2014 IEEE 0090-6778/14$31.00 

HOU et al.: PHYSICAL LAYER AUTHENTICATION FOR MOBILE SYSTEMS WITH TIME-VARYING CARRIER FREQUENCY OFFSETS

environment was investigated, which confirms its feasibility for authentication. However, authentication based on timevarying CFO due to mobility-induced Doppler frequency shift in more realistic mobile communications remains unresolved. B. Contributions of This Paper To address the more challenging authentication scenario in mobile communications, we propose a continuous physical layer authentication scheme by exploiting the time-varying CFO. Considering the constant bias of an RF oscillator mismatch and a variable Doppler shift, we model the combined CFO as an autoregressive (AR) random process. Accordingly, the CFO value at each time instant can be used as a device signature for continuous verification in the communication process. Although there are many existing research works on CFO estimation [19]–[30], the contribution of this paper is on integrating time-varying CFO into the proposed physical layer authentication framework rather than developing CFO estimation schemes. Conventional autocorrelation-based CFO estimation methods [19]–[21] are used only for the verification of the proposed scheme and subsequent analysis. Furthermore, it is noteworthy that the proposed authentication framework is flexible and extendable to other time-varying physical layer attributes. In the proposed scheme, Kalman filtering is used to track the variation pattern in the sequential CFO estimates for device authentication. In particular, the predicted CFO at the Kalman filtering output is compared with the current actual estimated CFO to verify the transmitter identity. To quantify the authentication performance, an automatic threshold based on the signal-to-noise ratio (SNR) is also derived for reliably discriminating the legitimate station from spoofing stations. Due to the mandatory CFO estimation and compensation in most standardized wireless transmissions [1], [3], the proposed authentication scheme only needs minimal additional computations for signature analysis and device identification. The rest of the paper is organized as follows. Section II introduces the system model for the proposed CFO authentication, while the modeling of time-varying CFO is presented in Section III. In Section IV, the Kalman filtering based CFO tracking and predication is developed, from which the predicted CFO is compared with the actual estimate for device identification. Furthermore, the feasibility of using CFO for device authentication is validated by a prototype SDR platform. In Section V, binary authentication hypothesis testing of CFO estimates is developed, and the tracking procedure initialization and the imitation countermeasure are discussed. The related performance analysis of the proposed scheme is elaborated in Section VI, followed by simulation results given in Section VII. Finally, conclusions are drawn in Section VIII. II. S YSTEM M ODEL FOR P HYSICAL L AYER AUTHENTICATION U SING CFO The proposed system model for physical layer authentication using time-varying CFO estimates is illustrated in Fig. 1. As commonly used in the security related studies, the terminology of Alice, Bob and Eve is used to represent three different entities. Alice is the legitimate transmitter who sends a message to the intended receiver Bob, while Eve is

1659

the spoofing entity who tries to mimic Alice during other communication time slots. In physical layer authentication, the major task for Bob is to identify the transmitter or to verify that the transmission is from the legitimate entity (i.e., Alice). Therefore, Bob must be able to discriminate Alice from Eve using the received signal alone. As shown in Fig. 1, the generated baseband signal from Alice after digital-to-analog conversion (DAC) is modulated to a carrier frequency fA before emission, where the subscript A denotes the device involved. When the radiated RF signal arrives at Bob, it is first down converted to the baseband using the local generated carrier frequency fB before further processing. Due to the unique oscillator characteristics and the mobility-induced Doppler shift, carrier frequencies of transmitter Alice and receiver Bob cannot be exactly the same, resulting in a CFO (i.e., ΔfA = fA − fB ) in the received signal. Similarly, the CFO between Eve and Bob is ΔfE = fE − fB . Owing to the independence of communication devices, the received signal from different transmitters will experience distinctive CFOs at different time instants (i.e., ΔfA [m1 ] = ΔfE [m2 ]). Consequently, the unique CFO value associated with each pair of transmitter and receiver can be used as a specific signature for identification. In the presence of CFO at the m-th data frame, the authentication can be formulated as a binary hypothesis test:  H0 : Δf [m] = ΔfA [m] . (1) H1 : Δf [m] = ΔfA [m]  [m], is consistent with ΔfA [m], If the estimated CFO, i.e., Δf H0 is accepted and the signal is considered as being from Alice; otherwise H0 is violated and the signal is assumed to be from illegitimate transmitter Eve. In realistic scenarios, there is always some error present in the estimated CFO due to the noise effect. Furthermore, the CFO is often time-varying in the communication process due to user mobility. These detrimental factors make the above hypothesis testing a challenging task. In the remaining of the paper, authentication based on the estimated CFO in the presence of noise and mobility-induced variations is investigated. III. M ODELING OF T IME - VARYING CFO In practical communication systems, the CFO is a combined effect of RF oscillator mismatch and Doppler frequency shift [22]. In particular, the CFO caused by the oscillator mismatch between the transmitter and the receiver can be considered as a constant [24], as oscillator mismatch due to temperature, supply voltage and aging factors changes very slowly, usually in the time scale of hours or days [27], [31], [32]. In contrast, the CFO caused by the mobility-induced Doppler effect may change more rapidly during the transmission. Based on the above, the model we use here considers both oscillator mismatch and Doppler shift effects. Specifically, the CFO can be divided into two parts: a constant component caused by the oscillator mismatch, and a variable component due to the mobility-induced Doppler shift. Further, it is assumed that the CFO remains static during one frame but does change on a frame-by-frame basis.

1660

IEEE TRANSACTIONS ON COMMUNICATIONS, VOL. 62, NO. 5, MAY 2014

Alice Input

Symbol Modulation

DAC

UpConverter

Bob RF Amplifier

fA

DownConverter

LPF

CFO Compensation

ADC

fB Symbol Modulation

DAC

CFO Estimation

UpConverter

fE

Fig. 1.

Output

LNA

Eve Input

Symbol Demodulation

RF Amplifier

Kalman Filtering

Authentication

Authenticated Result

Physical layer authentication based on the unique time-varying CFO associated with each transmitter-and-receiver pair.

−6

10

Suppose that the CFO is obtained periodically for every data frame. Then the corresponding CFO value normalized by the sampling rate fs for the m-th frame is modeled by (2)

where ε[m] denotes the normalized CFO of the m-th frame, i.e., ε[m] = Δf [m]/fs = Δf [m] Ts , with Ts being the sampling interval, εc is the constant CFO component representing the oscillator mismatch and εd [m] is the variable component induced by the Doppler shift at the m-th frame. Furthermore, the time-varying CFO term εd [m] in (2) can be modeled as a time correlated zero mean AR random process as follows [24], [26]: εd [m + 1] = β εd [m] + εn [m],

E{εd [m + 1] εd [m]} , E{ε2d [m]}

−8

10

−9

10

−10

10

−11

10

0

5

10

15

20

25

30

SNR (dB)

Fig. 2. NMSE of CFO estimates vs. SNR with different training lengths and associated approximate lower bounds.

expressed as:

(5)

In real transmission environments, the variance of random Doppler shifts σd2 = E{ε2d [m]} is always bounded because of the limited moving speed. For instance, the maximum Doppler shift over a radio carrier frequency of fc = 2.5 GHz for a vehicle with moving speed v = 120 km/h is about fdmax = fc v/c ≈ 278 Hz, with c = 3 × 108 m/s being the speed of light. Assuming a Gaussian Doppler spectrum, the standard deviation of the √ normalized Doppler shift in this case is σd = fdmax Ts / 2 ≈ 196 Ts . This example shows the validity of using correlated random processes to model CFO time variations during the transmission, which is the basis of the proposed CFO tracking and authentication scheme described in the subsequent sections. Finally, by incorporating (3) into (2), the CFO random process can be expressed as a non-zero mean AR process as ε[m + 1] = (1 − β)εc + β ε[m] + εn [m].

Lower bound

(4)

and εn [m] is the random variation over each frame, which is modeled as a zero mean Gaussian increment with variance Δ2d = (1 − β 2 ) E{ ε2d [m] } = (1 − β 2 ) σd2 .

Lt = 128

(3)

where β denotes the normalized time correlation between two consecutive Doppler-induced CFO components β=

Lt = 96 −7

10

NMSE of estimated CFO

ε[m] = εc + εd [m],

Lt = 64

(6)

IV. CFO E STIMATION AND P REDICTION A. CFO Estimation Assuming the CFO random process described above, the transmission model based on the training sequence can be

ym [n] = ej2πε[m]n um [n] + wm [n] , 0 ≤ n ≤ Nt − 1 ,

(7)

where ym [n] denotes the received baseband signal for the mth frame, um [n] denotes the replicated training sequence of length Nt , and wm [n] denotes the zero-mean additive white Gaussian noise with variance σn2 . Let σs2 [m] represent the received signal power E{|um [n]|2 }. Then the signal-to-noise ratio (SNR) γ[m] can be calculated as σs2 [m]/σn2 . Since the received training sequence is periodic with multiple identical segments of length Lt , namely, um [n] = um [n + Lt ], the CFO can be estimated by self correlating the received signal with its Lt -delayed version [19]:

⎫ ⎧ Lt −1 ⎪ ⎪ ∗ ⎪ ⎪ ⎪  ym [n] ym [n + Lt ] ⎪ ⎪ ⎪ ⎨ ⎬ 1 n=0 −1 tan εˆ[m] = L −1

, (8) t ⎪ ⎪ 2πLt ⎪ ⎪ ⎪ ∗ ⎪ ⎪ ym [n] ym [n + Lt ] ⎪ ⎩ ⎭ n=0 −1

where tan is the inverse tangent function with range [−π, π) and (·) and (·) represent the real and imaginary parts of a complex number, respectively. In addition, the CFO estimation range is inversely proportional to the training length   1 1 , εˆ[m] ∈ − . (9) 2Lt 2Lt According to [19], the CFO estimate at high SNRs is

HOU et al.: PHYSICAL LAYER AUTHENTICATION FOR MOBILE SYSTEMS WITH TIME-VARYING CARRIER FREQUENCY OFFSETS

Consequently, the CFO estimate can be approximated as a random Gaussian variable with the true CFO ε[m] as its mean value and with variance σε2 [m] given in (10), which can be expressed as εˆ[m] = ε[m] + wε [m].

is a trademark of the Ettus Research.

Gaussian dist. of CFO estimate (Tx.1) Gaussian dist. of CFO estimate (Tx.2) Experimental dist. of CFO estimate (Tx.1) Experimental dist. of CFO estimate (Tx.2)

0.012

0.01

0.008

0.006

0.004

(11)

Here wε [m] is the estimation noise for the m-th data frame. Specifically, it is modeled as a zero-mean Gaussian variable with variance σε2 [m] = 1/(4π 2 L3t γ[m]), where γ[m] = σs2 [m]/σn2 denotes the SNR. Fig. 2 shows the normalized mean square error (NMSE) of the estimated CFO versus SNR. It can be observed that the estimation error approaches to the variance in (10) as SNR increases, which indicates the validity of using (10) as the estimation lower bound. It is also observed that the estimation performance improves when the length of the training segment Lt increases. However, as shown in (9), the estimation range becomes smaller with a longer training segment, resulting in a tradeoff between estimation accuracy and estimation range. Though Fig. 2 only demonstrates the estimation performance based on (8), it is noted that other CFO estimation methods with different performance-complexity tradeoffs can be used in the proposed authentication detailed in the following section. To further assess the feasibility of using estimated CFO for device authentication, a software-defined radio (SDR) platform based on the Universal Software Radio Peripheral (USRP1 ) was developed to capture the real CFO data. The implemented system comprises two transmitters and one receiver operating at a 2.47 GHz carrier frequency as illustrated in Fig. 4. The experimental probability density distributions (PDF) of CFO estimates associated with the two different transmitters are depicted in Fig. 3. In order to calculate these experimental PDFs, around 2 × 104 samples of the autocorrelation-based CFO estimates were obtained in the real wireless environment using the baseband signal from the SDR platform. As shown, the CFO values of two individual transmitters are significantly different, which can be used to discriminate the transmitters. Additionally, the Gaussian PDFs based on the estimated mean and variance of the obtained CFO samples are also illustrated. It can be seen that the Gaussian PDF curves fit the corresponding experimental PDFs consistently, indicating that the estimated CFO can be well approximated by a Gaussian random variable as formulated in (11). The implemented hardware platform shows the estimated CFO in static indoor wireless environments without considering Doppler shifts. However, with user mobility, CFO variations caused by the Doppler shift are still significantly smaller than the oscillator-induced CFO. As an example, for a wireless system operating at a 2.5 GHz carrier frequency, a typical oscillator frequency drift of 10ppm (10 × 10−6 ) leads to an offset of 25 kHz, while the maximum Doppler shift with a high velocity of 120 km/h is only 278 Hz. It is obvious that 1 USRP

0.014

Prob. Density Distribution

unbiased, implying that E(ˆ ε[m] − ε[m]) ≈ 0. Further, the variance of the estimate can be derived as   σn2 . (10) σε2 [m] = E |ˆ ε[m] − ε[m]|2 ≈ 2 4π L3t σs2 [m]

1661

0.002

0 −800

−600

−400

−200

0

200

400

600

800

Carrier frequency offset (Hz)

Fig. 3. Experimental PDFs of CFO estimates associated with two different transmitters and the corresponding approximate Gaussian distributions.

random Doppler variations only contribute a small fraction of the composite CFO and therefore the composite CFO can be predicted based on the previous estimates. B. CFO Tracking based on the Kalman Filtering Since the variable CFO is estimated over each frame using (8) and that it may change during the transmission, Kalman filtering is proposed to track the CFO variation frame by frame. From (6) and (11), the CFO state-space model for the Kalman filtering can be formulated in matrix form [33]:  um+1 = A um + bm , (12) εˆ[m] = cT um + wε [m] where matrix A denotes the state transition model   1 0 A= , 1−β β

(13)

c = [ 0 1 ]T denotes the coefficient vector for the observation model, um = [εc , ε[m]]T denotes the state vector of the m-th T frame, and b = [ 0 εn [m] ] and wε [m] are the noise process and the noise measurement, respectively. The covariance matrix of the noise process bm is given by   0 0 T P = E[ bm bm ] = . (14) 0 Δ2d Additionally, the variance of the measurement noise wε [m] for the m-th data frame is σε2 [m], which depends on the received SNR γ[m] = σs2 [m]/σn2 as shown in (10). To initialize the Kalman filtering, the CFO state vector ˆ 0 = [ˆ ε[0], εˆ[0]]T , where εˆ[0] denotes the initial begins with u authenticated CFO estimate. Afterwards, the state vector for the next data frame can be predicted as ˆ pm = Aˆ u um−1 , m > 0 .

(15)

In the above state prediction, the mean square error (MSE) ˆ pm may be computed as matrix of u   p T ˆ m (ˆ Mm upm )T = AMm−1 (16) m−1 = E u m−1 A + P, where Mm−1 m−1 denotes the state estimation MSE matrix of the

1662

IEEE TRANSACTIONS ON COMMUNICATIONS, VOL. 62, NO. 5, MAY 2014

cT CFO Estimate

Hˆ[m]

+

-

km

km (Hˆ[m]  cT uˆ mp )

+

+

uˆ m

AZ-1

uˆ mp

Absolute Difference

SNR J [m]

Threshold Comparison

Authenticated Decision

Fig. 4. Experimental SDR platform for CFO estimation with two different transmitters and one receiver.

(m − 1)-th data frame and its initialization is given by  2  σε [0] 0 M00 = . (17) 0 σd2 The calculations of (15) and (16) detail the prediction phase of the Kalman filtering. Once the CFO estimate of the m-th frame is obtained, the CFO state vector can be updated using ˆ pm ) ˆ pm + km (ˆ ˆm = u ε[m] − cT u u

(18)

with the Kalman gain km given by km =

Mm m−1 c . 2 σε [m] + cT Mm m−1 c

(19)

Correspondingly, the MSE matrix of the updated state vector ˆ m for the m-th frame is calculated by u T m Mm m = (I − km c ) Mm−1 .

(20)

In the Kalman filtering, the CFO state vector um can be predicted and updated by using (15) and (18), recursively, where the corresponding parameters in the calculations are specified in (16), (19) and (20). In the ensuing section, a continuous authentication procedure using the frame-by-frame Kalman predicted CFO from (15) will be discussed. V. AUTHENTICATION U SING K ALMAN P REDICTED CFO As mentioned previously, the Kalman filtering is employed to track the CFO variation during the communication. Since the CFO caused by the oscillator mismatch as well as the Doppler shift between a specific transmitter-and-receiver pair changes slowly, abrupt changes of CFO estimates εˆ[m] are probably caused by illegitimate spoofing transmissions. In this section, a device authentication scheme using the Kalman filtering is proposed, where the principle is based on the detection of any outlier in the periodic CFO estimates. A. Kalman Tracking Procedure In the state space model, as indicated in (12), the CFO estimate for the m-th frame (i.e., εˆ[m] = ε[m] + wε [m]) is obtained under the implicit assumption that the received signal

Fig. 5. System block diagram of the proposed authentication scheme based on the Kalman predicted CFO.

is from the legitimate transmitter Alice. However, it may also be sent by illegitimate user Eve, resulting in a security threat for the communication link. To identify whether the current received signal is from Alice or not, the CFO estimate from the incoming frame is compared with the predicted CFO based on the previous authenticated frame. The authentication procedure can be formulated as a binary hypothesis test:  H0 : εˆ[m] = εA [m] + wε [m] , (21) H1 : εˆ[m] = εE [m] + wε [m] where εA [m] is the CFO related to user Alice and εE [m] is the CFO associated with user Eve. However, as the true CFO εA [m] related to Alice cannot be perfectly known at the receiver, we cannot verify the above hypothesis directly. As an alternative, we use the predicted CFO value associated with Alice to authenticate the legitimacy of the current transmission. This authentication scheme can be achieved by detecting any significant change between the current CFO estimate εˆ[m] and the predicted CFO εˆpA [m]: H1

|ˆ ε[m] − εˆpA [m]| ≷ T [m] , H0

(22)

where T [m] is the detection threshold for the m-th frame. Recalling (11) and (16), the estimation noise wε [m] and the prediction noise wp [m] are present in the current CFO estimate and the predicted CFO, respectively. As a result, for a given threshold, the false alarm rate Pf can be calculated as Pf = P (|ˆ ε[m] − εˆpA [m]| > T [m] | H0 ) = P (|wε [m] − wp [m]| > T [m])    −T [m] 1 t2  = exp − 2 dt 2 e [m] 2πe2 [m] −∞    +∞ 1 t2  exp − 2 + dt 2 e [m] 2πe2 [m] T [m]   T [m] = 2Q . (23) e[m]  ∞ t2 Here Q(x) = √12π x e− 2 dt is the Q-function, and e(m)

HOU et al.: PHYSICAL LAYER AUTHENTICATION FOR MOBILE SYSTEMS WITH TIME-VARYING CARRIER FREQUENCY OFFSETS

denotes the standard deviation of the effective noise given by   e2 [m] = E |wε [m] − wp [m]|2 =

E{wε2 [m]} + E{wp2 [m]}

=

σε2 [m] + e2p [m],

(24)

where σε2 [m] = 1/(4π 2 L3t γ[m]) is the estimation noise variance of the m-th data frame, and e2p [m] is the prediction error variance of εˆpA [m] obtained from (16). More specifically, it is the second entry on the main diagonal of the prediction MSE matrix (i.e., e2p [m] = Mm m−1 (2, 2)), which is updated recursively at each step. Conversely, by fixing the false alarm rate Pf obtained in (23), the threshold T [m] can be determined as   Pf −1 T [m] = e[m] Q , (25) 2

Initialization: Set the CFO state vector as u0 = [ˆ ε[0], εˆ[0]]T and the corresponding MSE matrix M00 as (17). Set m → 1. 1.

2.

The decision threshold in (26) is determined according to false alarm rate Pf , received SNR γ[m] and the variance of prediction error. Consequently, it can be automatically adjusted according to the channel environment and the prediction accuracy. Furthermore, it is noted that the predetermined false alarm rate Pf also characterizes the average reset frequency for the Kalman tracking procedure. The system block diagram of the proposed Kalman-based authentication is illustrated in Fig. 5, and the corresponding procedure is summarized on the right column of this page. B. Further Discussion on the Authentication Scheme 1) Initialization: As an example on how one can initialize the CFO state vector and attach this device signature to Alice as a user-specific label, consider the following. Once the legitimate communication entities have completed the user authentication based on higher-layer protocols, the CFO estimate from the signaling frame in the successful authentication process can be used to initialize the Kalman tracking procedure, thus achieving CFO state vector initialization. For the subsequent transmissions, the time-varying CFOs are then considered as device signatures for continuous authentication. 2) CFO hopping to prevent imitating behaviors: To further prevent imitating attacks from Eve, the CFO may vary periodically with a pseudo-random hopping pattern determined by the communication entities. This hopping mechanism can effectively prevent Eve from adjusting her own CFO to Alice’s CFO. In contrast to traditional one-time static authentication methods using high-layer protocols, the proposed scheme offers continuous and dynamic device identification during the entire communication session. 3) Enhancement by combining other physical layer attributes: Under the time-varying authentication framework proposed in this paper, other physical layer characteristics such as the channel response can also be exploited and combined

Obtain the current CFO estimate εˆ[m] and the corresponding estimation variance σε2 [m] from (8) and (10), respectively. ˆ pm from (15): Calculate the predicted CFO vector u ˆ pm = Aˆ u um−1 , and the prediction MSE matrix Mm m−1 using (16): m−1 T Mm m−1 = AMm−1 A + P.

3.

−1

where Q (·) is the inverse of Q-function. Then, substituting the estimation variance (10) into (24) and denoting η = 1/(4π 2 L3t ) as a system parameter, and further incorporating (24) into (25), we have    Pf η T [m] = + e2p [m] Q−1 . (26) γ[m] 2

1663

Derive the decision threshold T [m] in (26) using the obtained σε2 [m] = η/γ[m] and e2p [m] = Mm m−1 (2, 2):  T [m] =

4.

η −1 + Mm m−1 (2, 2) Q γ[m]



Pf 2

 .

Compare the absolute difference between the CFO estimate and the predicted CFO with the decision threshold: H1

|ˆ ε[m] − εˆpA [m]| ≷ T [m]. H0

5.

If hypothesis H0 is valid, update the CFO state vector as in (18), and calculate the MSE matrix Mm m for the updated state vector using (20). Then set m → m + 1 and return to Step 1. If H0 is violated, then the current data frame is considered as coming from illegitimate transmitter Eve. Then reset m → 0 and trigger the higher-layer authentication.

with CFO to enhance the authentication performance. It is thus expected that by combining various physical layer attributes, a more comprehensive signature can be provided to enhance the wireless security. VI. P ERFORMANCE A NALYSIS To determine the miss detection rate Pm , the statistical distribution of CFO associated with a specific transmitter is required. According to [16], the CFO of an individual transmitter, for instance εE for Eve, can be approximated 2 . This as a zero-mean Gaussian variable with variance σE is intuitive since the CFO caused by oscillator mismatch is a combined effect of numerous independent random factors in RF circuits, which can be approximated as a Gaussian variable according to the central limit theorem. Due to the phase wrapping effect of 2π in the inverse tangent operation (8), the CFO estimation range at the receiver is restricted by (9). Consequently, by taking the estimation range limitation into account, we can model the PDF of CFO ε˜E seen at

1664

IEEE TRANSACTIONS ON COMMUNICATIONS, VOL. 62, NO. 5, MAY 2014

(a)

6000 3

Pf=0.01 Pf=0.05 Pf=0.1

2.5

4000

2

0

50

100

150 (b)

200

250

300

0

50

100

150 (c)

200

250

300

4

3000 CFO (KHz)

Decision threshold for CFO (Hz)

5000

2000

3 2 1

1000 3.5

0

0

5

10

15 SNR (dB)

20

25

30

Fig. 6. Decision threshold for CFO absolute difference versus SNR for different false alarm rates Pf .

2.5

1.5

0

50

100

Estimated CFO

the receiver as a wrapped normal distribution with the same 2 [34]: variance σE   +∞ (˜ εE + Lkt )2 1 exp − , p(˜ εE ) =  2 2 2σE 2πσE k=−∞   1 1 ε˜E ∈ − , . (27) 2Lt 2Lt 2 tends towards +∞, the distribution When the variance σE converges to the uniform distribution over the estimation range 1 , 1 ), as used in [23]. It is noteworthy that the above [− 2L t 2Lt model provides more details on the random CFO generation and is consistent with the assumption reported in [23] on the CFO distribution. Consequently, the miss detection rate based on the predicted CFO εˆpA [m] can be derived as

Pm = P (|ˆ ε[m] − εˆpA [m]| ≤ T | H1 ) = P (|˜ εE [m] + wε [m] − εA [m] − wp [m]| ≤ T )  2L1  T +εA [m] |ε−˜ εE |2 t 1 −  = p(˜ εE )d˜ εE e 2e2 [m] dε 1 2π e2 [m] −T +εA [m] − 2L t   1  2L t −T + εA [m] − ε˜E = p(˜ εE ) Q d˜ εE 1 e[m] − 2L t    2L1 t T + εA [m] − ε˜E − p(˜ εE ) Q d˜ εE . (28) 1 e[m] − 2L t

Based on (28), the detection rate of illegitimate transmitters can be determined as Pd = 1 − Pm . As the calculation of Pm requires the integral of Q-function, Pd cannot be obtained in closed form. Therefore, we present in Section VII the average detection rates obtained from numerical simulations. VII. S IMULATION R ESULTS In this section, the performance of the proposed authentication scheme is evaluated in terms of the CFO tracking capability and the associated identification rates. Specifically, a communication system with sampling rate fs = 20 MHz

150

200 250 300 Time index True CFO

350

Predicted CFO

400

450

500

Tolerant range

Fig. 7. Authentication using Kalman predicted CFOs (Pf = 0.05). (a) SNR = 30 dB. (b) SNR = 15 dB. (c) SNR changes from SNR = 20 dB to SNR = 30 dB at frame number 220.

(i.e., Ts = 50 ns) is considered, where the transmitted signal is passed through a randomly generated 12-tap multipath fading channel with an exponential power delay profile. The corresponding channel taps are aligned with the sampling intervals and generated independently according to a complex Gaussian distribution. The preamble at the beginning of each data frame is formed by a guard interval of 32 samples and two repetitive training segments with length Lt = 128, leading to a CFO estimation range of [−78.125, 78.125) kHz. Based on the IEEE 802.11a specification, the maximum transmit frequency tolerance is ±20 ppm, which corresponds to the maximum CFO of 100 kHz when operating with a 2.5 GHz carrier. Therefore, the estimation range considered in the simulated system can accommodate most of the CFO ranges in practical systems. Without loss of generality, the Constant Amplitude Zero AutoCorrelation (CAZAC) sequence exp (j13n(n + 1)/Lt ) is used as the training sequence. As an example, it is assumed that the CFO between the legitimate transmitter and the intended receiver (i.e., between Alice and Bob) is initially set to ΔfA = +2.54 kHz, and then it changes frame by frame due to user mobility in the subsequent transmissions. Other initial CFO values can also be used. In the simulation, the standard deviation of the normalized Doppler shift is σd = 5 × 10−6 , corresponding to a moving speed around 60 km/h, and the normalized time correlation is β = 0.99,  which yields the standard deviation of CFO variation Δd = (1 − β 2 )σd ≈ 7 × 10−7 according to (5). Further, owning to the range limitation and the maximum frequency drift tolerance aforementioned, the CFO of the illegitimate transmitter (i.e., Eve) is randomly generated within the estimation range according to the wrapped normal distribution in (27) with standard deviation σE = 10 kHz. Since the CFO estimation performance depends on the sig-

HOU et al.: PHYSICAL LAYER AUTHENTICATION FOR MOBILE SYSTEMS WITH TIME-VARYING CARRIER FREQUENCY OFFSETS

(a)

(b)

0.18 Theoretical Pf= 0.1

0.95

Theoretical Pf= 0.05 Theoretical Pf= 0.01

0.14

0.1 0.08

Detection rate Pd

0.12

0.85 0.8 0.75

0.06

Pf = 0.02

1

0.9

0.9

0.8

0.8

0.7

0.7

0.6

0.6

0.5

0.5

0.4

0.4

0.3 SNR = 5dB

0.2

Pf = 0.06

SNR = 15dB

0.1

Pf = 0.1

0

10 20 SNR (dB)

30

0

10 20 SNR (dB)

1 seq., SNR = 5dB

0.2

SNR = 10B

Pf = 0.08

0.65

0.02

0.3

Pf = 0.04

0.7

0.04

0

(b)

1

0.9 Detection rate Pd

False alarm rate Pf

(a)

1

0.16

1665

1 seq., SNR = 10dB 2 seqs., SNR = 5dB

0.1

SNR = 20dB

30

Fig. 8. Simulated false alarm rate Pf and detection rate Pd . (a) Pf versus SNR. (b) Pd versus SNR with different Pf configurations.

nal quality, to restrain the same false alarm rate Pf at different SNRs, the identification threshold T needs to be adjusted based on (26). Fig. 6 illustrates how the threshold T changes with different SNRs and false alarm rates Pf . It shows that the threshold becomes smaller as the SNR increases, which is attributed to a better estimation performance with smaller error variance. For a fixed SNR, the threshold value increases as the corresponding Pf decreases, which is expected as a smaller false alarm rate requires a larger confidence interval to accommodate the estimation error. Fig. 7 shows three instances of the proposed authentication scheme using Kalman predicted CFO in different SNR conditions. The false alarm rate in all instances is set to be Pf = 0.05. As illustrated in the figure, though the CFO estimate of each frame exhibits strong fluctuation around the corresponding true CFO value, the recursive Kalman update can effectively track the CFO variation across time. Accordingly, the CFO tolerance, whose range is determined by the authentication threshold, is adapted according to the predicted CFO. Comparing the upper two plots, we can observe that the CFO tolerance range is larger in the low SNR condition of SNR = 15dB, due to the higher estimation errors. This result is consistent with the observation from Fig. 6. The last plot at the bottom of Fig. 7 further shows how the threshold adjusts according to the SNR during transmissions. As shown in Fig. 7c, the threshold becomes smaller as the SNR jumps from 20 dB to 30 dB at frame m = 220, while the false alarm rate is remained the same. Fig. 8 shows the simulated false alarm rate Pf versus SNR and the detection rate Pd versus SNR in different Pf conditions. Theoretically, Pf should be a predetermined value in the design and the threshold is adjusted based on the SNR and the prediction error to maintain the same false alarm rate Pf . However, as the estimation lower bound (shown in Fig. 2) is used in the threshold design instead of the true estimation error, this will underestimate the false alarm rate and result in a gap between the simulated and the theoretical Pf . It is shown in Fig. 8a that the gap between the simulated Pf and the theoretical one (indicated in the legend) becomes smaller for a higher SNR. This result can be confirmed from Fig. 2,

0

0

0.1

0.2

0 0.3 0 False alarm rate Pf

2 seqs., SNR = 10dB

0.1

0.2

0.3

Fig. 9. Receiver operating characteristics. (a) Simulated Pf vs. Pd with different SNRs. (b) Simulated Pf vs. Pd with different number of training sequences.

where the estimation error approaches to the lower bound as SNR increases. Further, it is observed in Fig. 8b that as the SNR or Pf increase, the detection rate Pd can be improved. In order to show the tradeoff between the false alarm rate and the detection rate, the receiver operating characteristic (ROC) curves (i.e., Pf vs. Pd ) in different SNR conditions are illustrated in Fig. 9a. It is shown that better authentication performance can be achieved when the SNR is increased, which is consistent with previous simulation results. In the proposed authentication scheme, Pf is a configurable system parameter which can be tuned according to different system and user requirements. In general, higher detection rate may be attained when Pf is also increased. To further enhance the authentication performance, CFO estimation with multiple training sequences can be used. As shown in Fig. 9b, ROC curves are significantly improved when the number of training sequences is doubled. The enhanced ROC performance can also be achieved using decision-directed CFO estimation. VIII. C ONCLUSIONS In this paper, we have proposed a continuous physical layer authentication scheme for mobile systems using the unique time-varying CFO between each individual transmitter-andreceiver pair. The distinctive CFO values, which are modeled by a nonzero-mean AR process, are confirmed as devicedependent signatures and further used to authenticate different transmitters. In the proposed authentication scheme, the CFO is estimated from the received signal, and the difference between the current estimate and the Kalman predicted value is calculated. By comparing the absolute difference of these two CFO values with the SNR-based threshold, the incoming signal is examined according to a binary hypothesis test, to determine whether or not it originates from the legitimate transmitter. In contrast to traditional one-time static authentications based on high-layer protocols, the proposed scheme offers continuous and dynamic device verification during the communication. Simulation results demonstrate the effectiveness of the proposed scheme in multipath fading channels.

1666

IEEE TRANSACTIONS ON COMMUNICATIONS, VOL. 62, NO. 5, MAY 2014

R EFERENCES [1] S. Mathur, A. Reznik, C. Ye, R. Mukherjee, et.al, “Exploiting the physical layer for enhanced security,” IEEE Wireless Commun., vol. 17, no. 5, pp. 63–70, Oct. 2010. [2] Z. Jin, S. Anand, and K. P. Subbalakshmi, “Impact of primary user emulation attacks on dynamic spectrum access networks,” IEEE Trans. Commun., vol. 60, no. 9, pp. 2635–2643, Sept. 2012. [3] IEEE Standard for Local and Metropolitan Area Networks Part 16: Air Interface for Fixed Broadband Wirelss Access Systems, IEEE Computer Society and IEEE Microwave Theory and Techniques Society, 2004. [4] N. R. Potlapally, S. Ravi, A.Raghunathan, and N. K. Jha, “A study of the energy consumption characteristics of cryptographic algorithms and security protocols,” IEEE Trans. Mobile Comput., vol. 5, no. 2, pp. 128– 143, Feb. 2006. [5] M. E. Mahmoud and X. Shen, “ESIP: Secure Incentive Protocol with limited use of public-key cryptography for multihop wireless networks,” IEEE Trans. Mobile Comput., vol. 10, no. 7, pp. 997–1010, Jul. 2011. [6] M. C. Gursoy, “Secure communication in the low-SNR regime,” IEEE Trans. Commun., vol. 60, no. 4, pp. 1114–1123, Apr. 2012. [7] Z. Rezki and M.-S. Alouini, “Secure diversity-multiplexing tradeoff zero-forcing transmit scheme at finite-SNR,” IEEE Trans. Commun., vol.60, no. 4, pp. 1138–1147, Apr. 2012. [8] P. L. Yu, J. S. Baras, and B. M. Sadler, “Physical-layer authentication,” IEEE Trans. Inf. Forensics Security, vol. 3, no. 1, pp. 38–51, Mar. 2008. [9] P. L. Yu, J. S. Baras, and B. M. Sadler, “Multicarrier authentication at the physical layer,” in Proc. 2008 Int. Symp. World of Wireless, Mobile and Multimedia Networks, pp. 1–6. [10] X. Wang, F. J. Liu, D. Fan, H. Tang, and P. C. Mason, “Continuous physical layer authentication using a novel adaptive OFDM system,” in Proc. 2011 IEEE ICC, pp. 1–5. [11] N. Goergen, T. C. Clancy, and T. R. Newman, “Physical layer authentication watermarks through synthetic channel emulation,” in Proc. 2010 IEEE Symposium on New Frontiers in Dynamic Spectrum, vol. 7, pp. 1– 7. [12] K. Zeng, K. Govindan, and P. Mohapatra, “Non-cryptographic authentication and identification in wireless networks,” IEEE Wireless Commun., vol. 17, no. 5, pp. 56–62, Oct. 2010. [13] L. Xiao, L. J. Greenstein, N. B. Mandayam, and W. Trappe, “Using the physical layer for wireless authentication in time-variant channels,” IEEE Trans. Wireless Commun., vol. 7, no. 7, pp. 2571–2579, Jul. 2008. [14] F. J. Liu, X. Wang, and H. Tang, “Robust physical layer authentication using inherent properties of channel impulse response,” in Proc. 2011 MILCOM, pp. 538–542. [15] V. Brik, S. Banerjee, M. Gruteser, and S. Oh, “Wireless device indentification with radiometric signatures,” in Proc. 2008 ACM MobiCom, pp. 116–127. [16] Y. Shi and M. A. Jensen, “Improved radiometric identification of wireless devices using MIMO transmission,” IEEE Trans. Inf. Forensics Security, vol. 6, no. 4, pp. 1346–1354, Dec. 2011. [17] W. Hou, X. Wang, and J.-Y. Chouinard, “Physical layer authentication in OFDM systems based on hypothesis testing of CFO estimates,” in Proc. 2012 IEEE ICC, pp. 3559–3563. [18] W. E. Cobb, E. D. Laspe, R. O. Baldwin, M. A. Temple, and Y. C. Kim, “Intrinsic physical-layer authentication of integrated circuits,” IEEE Trans. Inf. Forensics Security, vol. 7, no. 1, pp. 14–24, Feb. 2012. [19] P. H. Moose, “A technique for orthogonal frequency division multiplexing frequency offset correction,” IEEE Trans. Commun., vol. 42, no. 10, pp. 2908–2914, Oct. 1994. [20] T. M. Schmidl and D. C. Cox, “Robust frequency and timing synchronization for OFDM,” IEEE Trans. Commun., vol. 45, no. 12, pp. 1613– 1621, Dec. 1997. [21] J. J. van de Beek, M. Sandell, and P. O. Borjesson, “ML estimation of time and frequency offset in OFDM systems,” IEEE Trans. Signal Process., vol. 45, no. 7, pp. 1800–1805, Jul. 1997. [22] A. J. Coulson, “Maximum likelihood synchronization for OFDM using a pilot symbol: algorithms,” IEEE J. Sel. Areas Commun., vol. 19, no. 12, pp. 2486–2494, Dec. 2001. [23] D. Huang and K. B. Letaief, “Carrier frequency offset estimation for OFDM systems using null subcarriers,” IEEE Trans. Commun., vol. 54, no. 5, pp. 813–823, May 2006. [24] E. P. Simon, H. Hijazi, L. Ros, M. Berbineau, and P. Degauque, “Joint estimation of carrier frequency offset and channel complex gains for OFDM systems in fast time-varying vehicular environments,” in Proc. 2010 ICC Workshops. [25] L. Wu, X.-D. Zhang, P.-S. Li, and Y.-T. Su, “A blind CFO estimator based on smoothing power spectrum for OFDM systems,” IEEE Trans. Commun., vol. 57, no. 7, pp. 1924–1927, Jul. 2009.

[26] E. P. Simon, L. Ros, H. Hijazi, J. Fang, D. P. Gaillot, and M. Berbineau, “Joint carrier frequency offset and fast time-varying channel estimation for MIMO-OFDM systems,” IEEE Trans. Veh. Technol., vol. 60, no. 3, pp. 955–965, Mar. 2011. [27] S. L. Talbot and B. Farhang-Boroujeny, “Time-varying carrier offsets in mobile OFDM,” IEEE Trans. Commun., vol. 57, no. 9, pp. 2790–2798, Sept. 2009. [28] H.-G. Jeon, K.-S. Kim, and E. Serpedin, “An efficient blind deterministic frequency offset estimator for OFDM systems,” IEEE Trans. Commun., vol. 59, no. 4, pp. 1133–1141, Apr. 2011. [29] J. Palmer and M. Rice, “Low-complexity frequency estimation using multiple disjoint pilot blocks in burst-mode communications,” IEEE Trans. Commun., vol. 59, no. 11, pp. 3135–3145, Nov. 2011. [30] S. Colonnese, S. Rinauro, and G. Scarano, “Frequency offset estimation for unknown QAM constellations,” IEEE Trans. Commun., vol. 60, no. 3, pp. 637–642, Mar. 2012. [31] W. Su, “A novel method for aging estimation of crystal oscillators,” in Proc. 1996 IEEE International Frequency Control Symposium, pp. 890– 896. [32] R. L. Filler and J. R. Vig, “Long-term aging of oscillators,” IEEE Trans. Ultrason., Ferroelectr., Freq. Control, vol. 40, no. 4, pp. 387–394, Jul. 1993. [33] S. M. Kay, Fundamentals of Statistical Signal Processing: Estimation Theory. Prentice-Hall, 1998. [34] K. V. Mardia and P. E. Jupp, Directional Statistics. John Wiley & Sons, 2000. Weikun Hou (S’06–M’12) received the B.Eng. and Ph.D. degrees in electrical engineering from South China University of Technology (SCUT), Guangzhou, China, in 2002 and 2007, respectively. From Jan. 2008 to Mar. 2010, he was a software/system designer at Guangdong Nortel R&D center, China, where he worked on simulation development and performance analysis for CDMA and LTE cellular systems. Since Apr. 2010, he has worked as a postdoctoral research fellow at The University of Western Ontario, ON, Canada. Dr. Hou’s research interests lie in signal processing and digital communications, including topics such as channel estimation, synchronization, cooperative communications and wireless physical layer security. He is a reviewer of several international journals, including IEEE T RANSACTIONS ON W IRELESS C OMMUNICATIONS , IEEE T RANSACTIONS ON V EHICULAR T ECHNOLOGY, IET Communications and IEEE C OMMUNICATIONS L ETTERS . He also served as a TPC member of different IEEE conferences, such as GLOBECOM, VTC and WCSP. In the 2012 IEEE International Conference on Communications (ICC’2012), he received the SPC Symposium Best Paper Award. Xianbin Wang (S’98–M’99–SM’06) is an Associate Professor at The University of Western Ontario and Canada Research Chair in Wireless Communications. He received his Ph.D. degree in electrical and computer engineering from National University of Singapore in 2001. Prior to joining Western, he was with Communications Research Centre Canada as Research Scientist/Senior Research Scientist between July 2002 and Dec. 2007. From Jan. 2001 to July 2002, he was a system designer at STMicroelectronics, where he was responsible for system design for DSL and Gigabit Ethernet chipsets. He was with Institute for Infocomm Research, Singapore (formerly known as Centre for Wireless Communications), as a Senior R & D engineer in 2000. His primary research area is wireless communications and related applications, including adaptive communications, wireless security, and wireless infrastructure based position location. Dr. Wang has over 150 peer-reviewed journal and conference papers on various communication system design issues, in addition to 23 granted and pending patents and several standard contributions. Dr. Wang is an IEEE Distinguished Lecturer and a Senior Member of IEEE. He was the recipient of three IEEE Best Paper Awards. He currently serves as an Associate Editor for IEEE W IRELESS C OMMUNICATIONS L ETTERS , IEEE T RANSACTIONS ON V EHICULAR T ECHNOLOGY, and IEEE T RANSACTIONS ON B ROADCASTING. He was also an editor for IEEE T RANSACTIONS ON W IRELESS C OMMUNICATIONS between 2007 and 2011. Dr. Wang was involved in a number of IEEE conferences including GLOBECOM, ICC, WCNC, VTC, and ICME, in different roles such as symposium chair, track chair, TPC and session chair.

HOU et al.: PHYSICAL LAYER AUTHENTICATION FOR MOBILE SYSTEMS WITH TIME-VARYING CARRIER FREQUENCY OFFSETS

Jean-Yves Chouinard is a Professor with the Department of Electrical and Computer Engineering at Universit´e Laval, Quebec city, Canada. His research interests are wireless communications, secure communication networks and signal processing for radar applications. He is the author/co-author of more than 200 journal, conference papers and technical reports. He was co-recipient of the 1999 Neal Shepherd Best Propagation Paper Award from the IEEE Vehicular Society and of the 2004 Signal Processing Best Paper Award from the European Journal of Signal Processing. He is an editor of a book on information theory and co-author of book chapters on MIMO wireless communication systems and on OFDM-based mobile broadcasting. He is an Editor for the IEEE T RANSACTIONS ON V EHICULAR T ECHNOLOGY and Associate Editor for the IEEE T RANSACTIONS ON B ROADCASTING. He has served on several conference committees including Technical Program Co-chair for the 2012 Vehicular Technology Conference (VTC’2012 Fall) and Publications Chair for the IEEE International Symposium on Information Theory (ISIT’2008).

1667

Ahmed Refaey Hussein is a postdoctoral fellow at The University of Western Ontario, Canada. Previously, Dr. Hussein worked as a Professional Researcher at the LRTS lab, Laval University in the field of wireless communications since 2007-2011. Prior to joining Laval University, Dr. Hussein was a System/ Core Network Engineer leading a team of junior engineers and technicians in the telecom field in three large companies which are Fujitsu, Vodafone and Alcatel-Lucent. Dr. Hussein received his B.Sc. and M.Sc. degrees from Alexandria University, Egypt in 2003 and 2005, and Ph.D. degree from Laval University, Quebec, Canada in 2011, respectively. His current research is focused on the systems and network security aspects by developing a new lower layer approach that supports important security objectives: authentication, confidentiality and integrity. Moreover, in his previous research, he investigated the fundamental side of error correcting codes and information theory, with emphasis on the application of channel coding in wireless systems. Dr. Hussein is the author and co-author of more than 17 technical papers and two patents applications addressing his research activities. He is currently serves as a reviewer for IEEE T RANSACTIONS ON B ROADCASTING, IEEE T RANSACTIONS ON V EHICULAR T ECHNOLOGY, and Springer for Signal Image and Video Processing. Dr. Hussein was involved in a number of IEEE conferences including GLOBECOM, WCSP, VTC, and ICICS, on different roles such as reviewer, TPC and session chair.