Message Authentication Code over a Wiretap Channel

Message Authentication Code (MAC) is a keyed function $f_K$ such that when Alice, who shares the secret $K$ with Bob, sends $f_K(M)$ to the latter, Bob will be assured of the integrity and authenticity of $M$. Traditionally, it is assumed that the channel is noiseless. However, Maurer showed that in this case an attacker can succeed with probability $2^{-\frac{H(K)}{\ell+1}}$ after authenticating $\ell$ messages. In this paper, we consider the setting where the channel is noisy. Specifically, Alice and Bob are connected by a discrete memoryless channel (DMC) $W_1$ and a noiseless but insecure channel. In addition, an attacker Oscar is connected with Alice through DMC $W_2$ and with Bob through a noiseless channel. In this setting, we study the framework that sends $M$ over the noiseless channel and the traditional MAC $f_K(M)$ over channel $(W_1, W_2)$. We regard the noisy channel as an expensive resource and define the authentication rate $\rho_{auth}$ as the ratio of message length to the number $n$ of channel $W_1$ uses. The security of this framework depends on the channel coding scheme for $f_K(M)$. A natural coding scheme is to use the secrecy capacity achieving code of Csisz\'{a}r and K\"{o}rner. Intuitively, this is also the optimal strategy. However, we propose a coding scheme that achieves a higher $\rho_{auth}.$ Our crucial point for this is that in the secrecy capacity setting, Bob needs to recover $f_K(M)$ while in our coding scheme this is not necessary. How to detect the attack without recovering $f_K(M)$ is the main contribution of this work. We achieve this through random coding techniques.Comment: Formulation of model is change

Authentication of Satellite Navigation Signals by Wiretap Coding and Artificial Noise

In order to combat the spoofing of global navigation satellite system (GNSS) signals we propose a novel approach for satellite signal authentication based on information-theoretic security. In particular we superimpose to the navigation signal an authentication signal containing a secret message corrupted by artificial noise (AN), still transmitted by the satellite. We impose the following properties: a) the authentication signal is synchronous with the navigation signal, b) the authentication signal is orthogonal to the navigation signal and c) the secret message is undecodable by the attacker due to the presence of the AN. The legitimate receiver synchronizes with the navigation signal and stores the samples of the authentication signal with the same synchronization. After the transmission of the authentication signal, through a separate public asynchronous authenticated channel (e.g., a secure Internet connection) additional information is made public allowing the receiver to a) decode the secret message, thus overcoming the effects of AN, and b) verify the secret message. We assess the performance of the proposed scheme by the analysis of both the secrecy capacity of the authentication message and the attack success probability, under various attack scenarios. A comparison with existing approaches shows the effectiveness of the proposed scheme

Cooperative Authentication in Underwater Acoustic Sensor Networks

With the growing use of underwater acoustic communications (UWAC) for both industrial and military operations, there is a need to ensure communication security. A particular challenge is represented by underwater acoustic networks (UWANs), which are often left unattended over long periods of time. Currently, due to physical and performance limitations, UWAC packets rarely include encryption, leaving the UWAN exposed to external attacks faking legitimate messages. In this paper, we propose a new algorithm for message authentication in a UWAN setting. We begin by observing that, due to the strong spatial dependency of the underwater acoustic channel, an attacker can attempt to mimic the channel associated with the legitimate transmitter only for a small set of receivers, typically just for a single one. Taking this into account, our scheme relies on trusted nodes that independently help a sink node in the authentication process. For each incoming packet, the sink fuses beliefs evaluated by the trusted nodes to reach an authentication decision. These beliefs are based on estimated statistical channel parameters, chosen to be the most sensitive to the transmitter-receiver displacement. Our simulation results show accurate identification of an attacker's packet. We also report results from a sea experiment demonstrating the effectiveness of our approach.Comment: Author version of paper accepted for publication in the IEEE Transactions on Wireless Communication

Comparison Between Asymmetric and Symmetric Channel-Based Authentication for MIMO Systems

Authentication is a key element of security, by which a receiver confirms the sender identity of a message. Typical approaches include either key-based authentication at the application layer or physical layer authentication (PLA), where a message is considered authentic if it appears to have gone through the legitimate channel. In both cases a source of randomness is needed, whereas for PLA the random nature of the communication channel is exploited. In this paper we compare the various approaches using in all cases the channel as a source of randomness. We consider a multiple-input multiple-output (MIMO) system with a finite number of antennas. Simple auto-regressive (AR) models for its evolution as well as the relation of the legitimate and attacker channel are considered. In this setting the attacker can either predict the key used for key-based authentication or forge the channel estimated at the legitimate receiver for PLA. The analysis includes both symmetric and asymmetric key-based authentication. We compare the schemes in terms of false alarm and missed detection probability and we outline best attack strategies.Comment: Updated version (with typos correction) of paper accepted for WSA conferenc

Quantum authentication with key recycling

We show that a family of quantum authentication protocols introduced in [Barnum et al., FOCS 2002] can be used to construct a secure quantum channel and additionally recycle all of the secret key if the message is successfully authenticated, and recycle part of the key if tampering is detected. We give a full security proof that constructs the secure channel given only insecure noisy channels and a shared secret key. We also prove that the number of recycled key bits is optimal for this family of protocols, i.e., there exists an adversarial strategy to obtain all non-recycled bits. Previous works recycled less key and only gave partial security proofs, since they did not consider all possible distinguishers (environments) that may be used to distinguish the real setting from the ideal secure quantum channel and secret key resource.Comment: 38+17 pages, 13 figures. v2: constructed ideal secure channel and secret key resource have been slightly redefined; also added a proof in the appendix for quantum authentication without key recycling that has better parameters and only requires weak purity testing code