Design of an OFDM Physical Layer Encryption Scheme

This paper presents a new encryption scheme implemented at the physical layer of wireless networks employing orthogonal frequency-division multiplexing (OFDM). The new scheme obfuscates the subcarriers by randomly reserving several subcarriers for dummy data and resequences the training symbol by a new secure sequence. Subcarrier obfuscation renders the OFDM transmission more secure and random, whereas training symbol resequencing protects the entire physical layer packet but does not affect the normal functions of synchronization and channel estimation of legitimate users while preventing eavesdroppers from performing these functions. The security analysis shows that the system is robust to various attacks by analyzing the search space using an exhaustive key search. Our scheme is shown to perform better in terms of search space, key rate, and complexity in comparison with other OFDM physical layer encryption schemes. The scheme offers options for users to customize the security level and the key rate according to the hardware resource. Its low complexity nature also makes the scheme suitable for resource-limited devices. Details of practical design considerations are highlighted by applying the approach to an IEEE 802.11 OFDM system case study

Low complexity physical layer security approach for 5G internet of things

Fifth-generation (5G) massive machine-type communication (mMTC) is expected to support the cellular adaptation of internet of things (IoT) applications for massive connectivity. Due to the massive access nature, IoT is prone to high interception probability and the use of conventional cryptographic techniques in these scenarios is not practical considering the limited computational capabilities of the IoT devices and their power budget. This calls for a lightweight physical layer security scheme which will provide security without much computational overhead and/or strengthen the existing security measures. Here a shift based physical layer security approach is proposed which will provide a low complexity security without much changes in baseline orthogonal frequency division multiple access (OFDMA) architecture as per the low power requirements of IoT by systematically rearranging the subcarriers. While the scheme is compatible with most fast Fourier transform (FFT) based waveform contenders which are being proposed in 5G especially in mMTC and ultra-reliable low latency communication (URLLC), it can also add an additional layer of security at physical layer to enhanced mobile broadband (eMBB)

IMPROVING DIGITAL HIGH FREQUENCY (HF) COMMUNICATIONS WITH MULTI-DIMENSIONAL CONSTANT ENERGY MODULATION IMPLEMENTATION

Approved for public release. Distribution is unlimited.Improved high frequency (HF) digital communication is desired in commercial and military applications, especially at sea where the primary digital communications is satellite communications (SATCOM). HF over-the-horizon (OTH) relays are often the alternative communication path when SATCOM is too costly or not available. Our work suggests using multiple-input multiple-output (MIMO), orthogonal frequency division multiplexing (OFDM), and various modulations in HF OTH communications to reduce the bit error rate (BER), improve data throughput in the allocated bandwidth, and potentially provide physical layer security through obfuscation. We implement MIMO, OFDM, and multi-dimensional constant energy modulation (CEM) by utilizing GNU Radio Companion (GRC) to program two NI Ettus X310 Software Defined Radios (SDR) in a 2x2 MIMO configuration. This is the first time CEM has been transmitted and received. Modulation and demodulation are successful for various file types. The 4D-16 CEM constellation and its BER are compared to that of quadrature phase shift keying (QPSK) and 16-quadrature amplitude modulation (QAM). Explanations of how CEM, OFDM subcarriers, and space time block codes (STBC) can provide frequency agility, throughput manipulation, and physical layer security are provided. Selected CEM constellations are presented.Lieutenant Commander, United States NavyApproved for public release; distribution is unlimited

Securing Wireless Communications of the Internet of Things from the Physical Layer, An Overview

The security of the Internet of Things (IoT) is receiving considerable interest as the low power constraints and complexity features of many IoT devices are limiting the use of conventional cryptographic techniques. This article provides an overview of recent research efforts on alternative approaches for securing IoT wireless communications at the physical layer, specifically the key topics of key generation and physical layer encryption. These schemes can be implemented and are lightweight, and thus offer practical solutions for providing effective IoT wireless security. Future research to make IoT-based physical layer security more robust and pervasive is also covered

Design of an Energy-Efficient Multidimensional Secure Constellation for 5G Communications

Energy efficiency and security are two important metrics for the fifth generation (5G) wireless networks. Existing constellation designs often consider spectral efficiency but neglect energy efficiency and security. We define the concept of energy efficiency of constellations and propose a multidimensional secure constellation (MSC) design to improve the energy efficiency, security, and bit error rate (BER) performance. A general closed-form algorithm to construct the n-dimensional constellation mapping codebook is proposed. A multi-dimensional rotation method is proposed to enhance the security and prevent eavesdroppers from recovering symbols. A closed-form expressions for the upper bound on the BER for the proposed MSC is obtained. Simulation results show that when the dimension reaches 255, MSC can achieve a BER performance of the order of 10 -4 at SNR = -8dB without binary channel coding. For the same throughput, the proposed method is shown to outperform polar coding (1-2 dB SNR gain at BER=10 -4 )

Physical layer authenticated image encryption for Iot network based on biometric chaotic signature for MPFrFT OFDM system

In this paper, a new physical layer authenticated encryption (PLAE) scheme based on the multi-parameter fractional Fourier transform–Orthogonal frequency division multiplexing (MP-FrFT-OFDM) is suggested for secure image transmission over the IoT network. In addition, a new robust multi-cascaded chaotic modular fractional sine map (MCC-MF sine map) is designed and analyzed. Also, a new dynamic chaotic biometric signature (DCBS) generator based on combining the biometric signature and the proposed MCC-MF sine map random chaotic sequence output is also designed. The final output of the proposed DCBS generator is used as a dynamic secret key for the MPFrFT OFDM system in which the encryption process is applied in the frequency domain. The proposed DCBS secret key generator generates a very large key space of (Formula presented.). The proposed DCBS secret keys generator can achieve the confidentiality and authentication properties. Statistical analysis, differential analysis and a key sensitivity test are performed to estimate the security strengths of the proposed DCBS-MP-FrFT-OFDM cryptosystem over the IoT network. The experimental results show that the proposed DCBS-MP-FrFT-OFDM cryptosystem is robust against common signal processing attacks and provides a high security level for image encryption application. © 2023 by the authors

Cyber Security

This open access book constitutes the refereed proceedings of the 16th International Annual Conference on Cyber Security, CNCERT 2020, held in Beijing, China, in August 2020. The 17 papers presented were carefully reviewed and selected from 58 submissions. The papers are organized according to the following topical sections: access control; cryptography; denial-of-service attacks; hardware security implementation; intrusion/anomaly detection and malware mitigation; social network security and privacy; systems security

Identification and Mitigation of Information Leakage Caused by Side Channel Vulnerabilities in Network Stack

Keeping users sensitive information secure and private in todays network is challenging. Networks are large, complicated distributed systems and are subject to a wide variety of attacks, such as eavesdropping, identity spoofing, hijacking, etc. What is worse, encrypting data is often not enough in light of advanced threats such as side channel attacks, which enable malicious attackers to infer sensitive data from insignificant network information unexpectedly. For this purpose, we pro- pose series of techniques to prevent such information leakage at different layers in network stacks, and raise awareness of its severity. More specifically, 1) we propose a practical physical (PHY) layer security framework FOG, for effective packet header obfuscation using MIMO, to keep eavesdroppers from receiving any meaningful packet information; 2) we identify and fix a subtle yet serious pure off-path side channel vulnerability (CVE-2016-5696) introduced in both TCP specification and its implementation in Linux kernel, which prevents malicious attackers from exploiting it to indicate arbitrary connections state, reset the connection or even further hijack the connection; 3) we propose a principled TCP side channel vulnerability discovery solution based on model checking and program analysis, and automatically identify 12 new side channel vulnerabilities (and 3 old ones) from TCP implementation in Linux and FreeBSD kernel code. The ultimate goal is to help guide the future design and implementation of network stacks.Keeping users’ sensitive information secure and private in today’s network is challenging. Network nowadays are subject to a wide variety of attacks, such as eavesdropping, identity spoofing, denial of service, etc. What is worse, encrypting sensitive data is often not enough in light of advanced threats such as side channel attacks, which enable malicious attackers to infer sensitive data from “insignificant” network information unexpectedly. For this purpose, we propose series of techniques to prevent such information leakage at different layers in network stack, and raise awareness of its severity. In our first work, we propose a practical physical (PHY) layer security framework FOG, for effective packet header obfuscation using MIMO, to prevent eavesdroppers from receiving any packet headers to profile users. Secondly, we identify and fix a subtle yet serious pure off-path side channel vulnerability (CVE-2016-5696) introduced in both TCP specification and its implementation in Linux kernel. This vulnerability allows malicious attackers to indicate arbitrary TCP connection’s state, reset the connection or even further hijack the connection. Motivated by the fact that most previous TCP side channel vulnerabilities are manually identified, in our last work, we propose a principled TCP side channel vulnerability discovery solution based on model checking and program analysis. It automatically identifies 12 new side channel vulnerabilities (and 3 old ones) from TCP implementation in Linux and FreeBSD kernel code. The ultimate goal of my research is to help guide the future design and implementation of network stacks

Advanced Location-Based Technologies and Services

Since the publication of the first edition in 2004, advances in mobile devices, positioning sensors, WiFi fingerprinting, and wireless communications, among others, have paved the way for developing new and advanced location-based services (LBSs). This second edition provides up-to-date information on LBSs, including WiFi fingerprinting, mobile computing, geospatial clouds, geospatial data mining, location privacy, and location-based social networking. It also includes new chapters on application areas such as LBSs for public health, indoor navigation, and advertising. In addition, the chapter on remote sensing has been revised to address advancements