Skema Secret Key Generation (SKG) untuk Keamanan pada Sistem Komunikasi di Lingkungan Wireless

Skema Secret Key Generation (SKG) yang mengeksploitasi sifat reciprocity dan keacakan kanal wireless untuk membangkitkan secret key telah menjadi area penelitian yang semakin menarik dan menjanjikan. Terdapat 3 permasalahan utama dalam pembangunan skema SKG yang efisien yang harus diatasi, yaitu trade-off antara parameter performansi Key Disagreement Rate (KDR) dan Key Generation Rate (KGR), tingginya kompleksitas implementasi karena banyaknya tahapan yang harus dilalui, serta tidak efisiennya skema SKG yang dibangun sehingga tidak sesuai jika diimplementasikan pada perangkat Internet of Things(IoT) yang memiliki keterbatasan sumber daya. Disertasi ini berkontribusi dalam mengatasi ketiga permasalahan tersebut. Kontribusi pertama yang dilakukan untuk mengatasi trade-off antara parameter performansi KDR dan KGR adalah didapatkannya kombinasi yang optimal antara metode pra proses yaitu Kalman Filter, Modified Polynomial Regression (MPR), serta Savitzky Golay Filter dan kuantisasi multilevel. Hasil yang didapat adalah penurunan KDR dan peningkatan KGR dibandingkan dengan skema yang eksisting. Kontribusi kedua dari disertasi ini adalah mekanisme penyederhanaan skema SKG dengan kombinasi metode Modified Kalman (MK) serta Combined Multilevel Quantization (CMQ) sehingga bisa dihasilkan secret key yang identik tanpa melalui tahap rekonsiliasi informasi. Hasil pengujian yang dilakukan menghasilkan 4 blok 128-bit data di lingkungan tanpa halangan serta 2 blok 128-bit data yang memiliki KDR sebesar 0 sehingga tidak memerlukan koreksi untuk mendapatkan secret key yang identik. Kontribusi ketiga dari disertasi ini adalah didapatkannya skema SKG Signal Strength Exchange (SSE) yang efisien dalam hal waktu komputasi dan overhead komunikasi dengan menggunakan metode Synchronized Quantization (SQ) sebagai bagian dari skema SKG SSE. Hasil yang didapat menunjukkan penurunan waktu komputasi menjadi sebesar 3.8% dan overhead komunikasi menjadi sebesar 34% skema yang eksisting. Kontribusi yang dihasilkan dalam disertasi ini diharapkan dapat menjadi salah satu solusi alternatif pembentukan kunci simetris yang tidak membutuhkan kompleksitas komputasi serta Trusted Third Party (TTP), sehingga cocok jika digunakan pada berbagai aplikasi IoT

Secure key design approaches using entropy harvesting in wireless sensor network: A survey

Physical layer based security design in wireless sensor networks have gained much importance since the past decade. The various constraints associated with such networks coupled with other factors such as their deployment mainly in remote areas, nature of communication etc. are responsible for development of research works where the focus is secured key generation, extraction, and sharing. Keeping the importance of such works in mind, this survey is undertaken that provides a vivid description of the different mechanisms adopted for securely generating the key as well its randomness extraction and also sharing. This survey work not only concentrates on the more common methods, like received signal strength based but also goes on to describe other uncommon strategies such as accelerometer based. We first discuss the three fundamental steps viz. randomness extraction, key generation and sharing and their importance in physical layer based security design. We then review existing secure key generation, extraction, and sharing mechanisms and also discuss their pros and cons. In addition, we present a comprehensive comparative study of the recent advancements in secure key generation, sharing, and randomness extraction approaches on the basis of adversary, secret bit generation rate, energy efficiency etc. Finally, the survey wraps up with some promising future research directions in this area

Adaptive key generation algorithm based on software engineering methodology

Recently, the generation of security keys has been considered for guaranteeing the strongest of them in terms of randomness. In addition, the software engineering methodologies are adopted to ensure the mentioned goal is reached. In this paper, an adaptive key generation algorithm is proposed based on software engineering techniques. The adopted software engineering technique is self-checking process, used for detecting the fault in the underlying systems. This technique checks the generated security keys in terms of validity based on randomness factors. These factors include the results of National Institute of standard Test (NIST) tests. In case the randomness factors are less than the accepted values, the key is regenerated until obtaining the valid one. It is important to note that the security keys are generated using shift register and SIGABA technique. The proposed algorithm is tested over different case studies and the results show the effective performance of it to produce well random generated keys

Digital watermarking : applicability for developing trust in medical imaging workflows state of the art review

Medical images can be intentionally or unintentionally manipulated both within the secure medical system environment and outside, as images are viewed, extracted and transmitted. Many organisations have invested heavily in Picture Archiving and Communication Systems (PACS), which are intended to facilitate data security. However, it is common for images, and records, to be extracted from these for a wide range of accepted practices, such as external second opinion, transmission to another care provider, patient data request, etc. Therefore, confirming trust within medical imaging workflows has become essential. Digital watermarking has been recognised as a promising approach for ensuring the authenticity and integrity of medical images. Authenticity refers to the ability to identify the information origin and prove that the data relates to the right patient. Integrity means the capacity to ensure that the information has not been altered without authorisation. This paper presents a survey of medical images watermarking and offers an evident scene for concerned researchers by analysing the robustness and limitations of various existing approaches. This includes studying the security levels of medical images within PACS system, clarifying the requirements of medical images watermarking and defining the purposes of watermarking approaches when applied to medical images

Secret Key Generation Schemes for Physical Layer Security

Physical layer security (PLS) has evolved to be a pivotal technique in ensuring secure wireless communication. This paper presents a comprehensive analysis of the recent developments in physical layer secret key generation (PLSKG). The principle, procedure, techniques and performance metricesare investigated for PLSKG between a pair of users (PSKG) and for a group of users (GSKG). In this paper, a detailed comparison of the various parameters and techniques employed in different stages of key generation such as, channel probing, quantisation, encoding, information reconciliation (IR) and privacy amplification (PA) are provided. Apart from this, a comparison of bit disagreement rate, bit generation rate and approximate entropy is also presented. The work identifies PSKG and GSKG schemes which are practically realizable and also provides a discussion on the test bed employed for realising various PLSKG schemes. Moreover, a discussion on the research challenges in the area of PLSKG is also provided for future research

Towards Practical and Secure Channel Impulse Response-based Physical Layer Key Generation

Der derzeitige Trend hin zu “smarten” Geräten bringt eine Vielzahl an Internet-fähigen und verbundenen Geräten mit sich. Die entsprechende Kommunikation dieser Geräte muss zwangsläufig durch geeignete Maßnahmen abgesichert werden, um die datenschutz- und sicherheitsrelevanten Anforderungen an die übertragenen Informationen zu erfüllen. Jedoch zeigt die Vielzahl an sicherheitskritischen Vorfällen im Kontext von “smarten” Geräten und des Internets der Dinge auf, dass diese Absicherung der Kommunikation derzeit nur unzureichend umgesetzt wird. Die Ursachen hierfür sind vielfältig: so werden essentielle Sicherheitsmaßnahmen im Designprozess mitunter nicht berücksichtigt oder auf Grund von Preisdruck nicht realisiert. Darüber hinaus erschwert die Beschaffenheit der eingesetzten Geräte die Anwendung klassischer Sicherheitsverfahren. So werden in diesem Kontext vorrangig stark auf Anwendungsfälle zugeschnittene Lösungen realisiert, die auf Grund der verwendeten Hardware meist nur eingeschränkte Rechen- und Energieressourcen zur Verfügung haben. An dieser Stelle können die Ansätze und Lösungen der Sicherheit auf physikalischer Schicht (physical layer security, PLS) eine Alternative zu klassischer Kryptografie bieten. Im Kontext der drahtlosen Kommunikation können hier die Eigenschaften des Übertragungskanals zwischen zwei legitimen Kommunikationspartnern genutzt werden, um Sicherheitsprimitive zu implementieren und damit Sicherheitsziele zu realisieren. Konkret können etwa reziproke Kanaleigenschaften verwendet werden, um einen Vertrauensanker in Form eines geteilten, symmetrischen Geheimnisses zu generieren. Dieses Verfahren wird Schlüsselgenerierung basierend auf Kanalreziprozität (channel reciprocity based key generation, CRKG) genannt. Auf Grund der weitreichenden Verfügbarkeit wird dieses Verfahren meist mit Hilfe der Kanaleigenschaft des Empfangsstärkenindikators (received signal strength indicator, RSSI) realisiert. Dies hat jedoch den Nachteil, dass alle physikalischen Kanaleigenschaften auf einen einzigen Wert heruntergebrochen werden und somit ein Großteil der verfügbaren Informationen vernachlässigt wird. Dem gegenüber steht die Verwendung der vollständigen Kanalzustandsinformationen (channel state information, CSI). Aktuelle technische Entwicklungen ermöglichen es zunehmend, diese Informationen auch in Alltagsgeräten zur Verfügung zu stellen und somit für PLS weiterzuverwenden. In dieser Arbeit analysieren wir Fragestellungen, die sich aus einem Wechsel hin zu CSI als verwendetes Schlüsselmaterial ergeben. Konkret untersuchen wir CSI in Form von Ultrabreitband-Kanalimpulsantworten (channel impulse response, CIR). Für die Untersuchungen haben wir initial umfangreiche Messungen vorgenommen und damit analysiert, in wie weit die grundlegenden Annahmen von PLS und CRKG erfüllt sind und die CIRs sich grundsätzlich für die Schlüsselgenerierung eignen. Hier zeigen wir, dass die CIRs der legitimen Kommunikationspartner eine höhere Ähnlichkeit als die eines Angreifers aufzeigen und das somit ein Vorteil gegenüber diesem auf der physikalischen Schicht besteht, der für die Schlüsselgenerierung ausgenutzt werden kann. Basierend auf den Ergebnissen der initialen Untersuchung stellen wir dann grundlegende Verfahren vor, die notwendig sind, um die Ähnlichkeit der legitimen Messungen zu verbessern und somit die Schlüsselgenerierung zu ermöglichen. Konkret werden Verfahren vorgestellt, die den zeitlichen Versatz zwischen reziproken Messungen entfernen und somit die Ähnlichkeit erhöhen, sowie Verfahren, die das in den Messungen zwangsläufig vorhandene Rauschen entfernen. Gleichzeitig untersuchen wir, inwieweit die getroffenen fundamentalen Sicherheitsannahmen aus Sicht eines Angreifers erfüllt sind. Zu diesem Zweck präsentieren, implementieren und analysieren wir verschiedene praktische Angriffsmethoden. Diese Verfahren umfassen etwa Ansätze, bei denen mit Hilfe von deterministischen Kanalmodellen oder durch ray tracing versucht wird, die legitimen CIRs vorherzusagen. Weiterhin untersuchen wir Machine Learning Ansätze, die darauf abzielen, die legitimen CIRs direkt aus den Beobachtungen eines Angreifers zu inferieren. Besonders mit Hilfe des letzten Verfahrens kann hier gezeigt werden, dass große Teile der CIRs deterministisch vorhersagbar sind. Daraus leitet sich der Schluss ab, dass CIRs nicht ohne adäquate Vorverarbeitung als Eingabe für Sicherheitsprimitive verwendet werden sollten. Basierend auf diesen Erkenntnissen entwerfen und implementieren wir abschließend Verfahren, die resistent gegen die vorgestellten Angriffe sind. Die erste Lösung baut auf der Erkenntnis auf, dass die Angriffe aufgrund von vorhersehbaren Teilen innerhalb der CIRs möglich sind. Daher schlagen wir einen klassischen Vorverarbeitungsansatz vor, der diese deterministisch vorhersagbaren Teile entfernt und somit das Eingabematerial absichert. Wir implementieren und analysieren diese Lösung und zeigen ihre Effektivität sowie ihre Resistenz gegen die vorgeschlagenen Angriffe. In einer zweiten Lösung nutzen wir die Fähigkeiten des maschinellen Lernens, indem wir sie ebenfalls in das Systemdesign einbringen. Aufbauend auf ihrer starken Leistung bei der Mustererkennung entwickeln, implementieren und analysieren wir eine Lösung, die lernt, die zufälligen Teile aus den rohen CIRs zu extrahieren, durch die die Kanalreziprozität definiert wird, und alle anderen, deterministischen Teile verwirft. Damit ist nicht nur das Schlüsselmaterial gesichert, sondern gleichzeitig auch der Abgleich des Schlüsselmaterials, da Differenzen zwischen den legitimen Beobachtungen durch die Merkmalsextraktion effizient entfernt werden. Alle vorgestellten Lösungen verzichten komplett auf den Austausch von Informationen zwischen den legitimen Kommunikationspartnern, wodurch der damit verbundene Informationsabfluss sowie Energieverbrauch inhärent vermieden wird

Quantization Watermarking for Joint Compression and Data Hiding Schemes

International audienceEnrichment and protection of JPEG2000 images is an important issue. Data hiding techniques are a good solution to solve these problems. In this context, we can consider the joint approach to introduce data hiding technique into JPEG2000 coding pipeline. Data hiding consists of imperceptibly altering multimedia content, to convey some information. This process is done in such a way that the hidden data is not perceptible to an observer. Digital watermarking is one type of data hiding. In addition to the imperceptibility and payload constraints, the watermark should be robust against a variety of manipulations or attacks. We focus on trellis coded quantization (TCQ) data hiding techniques and propose two JPEG2000 compression and data hiding schemes. The properties of TCQ quantization, defined in JPEG2000 part 2, are used to perform quantization and information embedding during the same time. The first scheme is designed for content description and management applications with the objective of achieving high payloads. The compression rate/imperceptibility/payload trade off is our main concern. The second joint scheme has been developed for robust watermarking and can have consequently many applications. We achieve the better imperceptibility/robustness trade off in the context of JPEG2000 compression. We provide some experimental results on the implementation of these two schemes

Spread spectrum-based video watermarking algorithms for copyright protection

Merged with duplicate record 10026.1/2263 on 14.03.2017 by CS (TIS)Digital technologies know an unprecedented expansion in the last years. The consumer can now benefit from hardware and software which was considered state-of-the-art several years ago. The advantages offered by the digital technologies are major but the same digital technology opens the door for unlimited piracy. Copying an analogue VCR tape was certainly possible and relatively easy, in spite of various forms of protection, but due to the analogue environment, the subsequent copies had an inherent loss in quality. This was a natural way of limiting the multiple copying of a video material. With digital technology, this barrier disappears, being possible to make as many copies as desired, without any loss in quality whatsoever. Digital watermarking is one of the best available tools for fighting this threat. The aim of the present work was to develop a digital watermarking system compliant with the recommendations drawn by the EBU, for video broadcast monitoring. Since the watermark can be inserted in either spatial domain or transform domain, this aspect was investigated and led to the conclusion that wavelet transform is one of the best solutions available. Since watermarking is not an easy task, especially considering the robustness under various attacks several techniques were employed in order to increase the capacity/robustness of the system: spread-spectrum and modulation techniques to cast the watermark, powerful error correction to protect the mark, human visual models to insert a robust mark and to ensure its invisibility. The combination of these methods led to a major improvement, but yet the system wasn't robust to several important geometrical attacks. In order to achieve this last milestone, the system uses two distinct watermarks: a spatial domain reference watermark and the main watermark embedded in the wavelet domain. By using this reference watermark and techniques specific to image registration, the system is able to determine the parameters of the attack and revert it. Once the attack was reverted, the main watermark is recovered. The final result is a high capacity, blind DWr-based video watermarking system, robust to a wide range of attacks.BBC Research & Developmen

Practical Secrecy at the Physical Layer: Key Extraction Methods with Applications in Cognitive Radio

The broadcast nature of wireless communication imposes the risk of information leakage to adversarial or unauthorized receivers. Therefore, information security between intended users remains a challenging issue. Currently, wireless security relies on cryptographic techniques and protocols that lie at the upper layers of the wireless network. One main drawback of these existing techniques is the necessity of a complex key management scheme in the case of symmetric ciphers and high computational complexity in the case of asymmetric ciphers. On the other hand, physical layer security has attracted significant interest from the research community due to its potential to generate information-theoretic secure keys. In addition, since the vast majority of physical layer security techniques exploit the inherent randomness of the communication channel, key exchange is no longer mandatory. However, additive white Gaussian noise, interference, channel estimation errors and the fact that communicating transceivers employ different radio frequency (RF) chains are among the reasons that limit utilization of secret key generation (SKG) algorithms to high signal to noise ratio levels. The scope of this dissertation is to design novel secret key generation algorithms to overcome this main drawback. In particular, we design a channel based SKG algorithm that increases the dynamic range of the key generation system. In addition, we design an algorithm that exploits angle of arrival (AoA) as a common source of randomness to generate the secret key. Existing AoA estimation systems either have high hardware and computation complexities or low performance, which hinder their incorporation within the context of SKG. To overcome this challenge, we design a novel high performance yet simple and efficient AoA estimation system that fits the objective of collecting sequences of AoAs for SKG. Cognitive radio networks (CRNs) are designed to increase spectrum usage efficiency by allowing secondary users (SUs) to exploit spectrum slots that are unused by the spectrum owners, i.e., primary users (PUs). Hence, spectrum sensing (SS) is essential in any CRN. CRNs can work both in opportunistic (interweaved) as well as overlay and/or underlay (limited interference) fashions. CRNs typically operate at low SNR levels, particularly, to support overlay/underlay operations. Similar to other wireless networks, CRNs are susceptible to various physical layer security attacks including spectrum sensing data falsification and eavesdropping. In addition to the generalized SKG methods provided in this thesis and due to the peculiarity of CRNs, we further provide a specific method of SKG for CRNs. After studying, developing and implementing several SS techniques, we design an SKG algorithm that exploits SS data. Our algorithm does not interrupt the SS operation and does not require additional time to generate the secret key. Therefore, it is suitable for CRNs

Doctor of Philosophy

dissertationCross layer system design represents a paradigm shift that breaks the traditional layer-boundaries in a network stack to enhance a wireless network in a number of di erent ways. Existing work has used the cross layer approach to optimize a wireless network in terms of packet scheduling, error correction, multimedia quality, power consumption, selection of modulation/coding and user experience, etc. We explore the use of new cross layer opportunities to achieve secrecy and e ciency of data transmission in wireless networks. In the rst part of this dissertation, we build secret key establishment methods for private communication between wireless devices using the spatio-temporal variations of symmetric-wireless channel measurements. We evaluate our methods on a variety of wireless devices, including laptops, telosB sensor nodes, and Android smartphones, with diverse wireless capabilities. We perform extensive measurements in real-world environments and show that our methods generate high entropy secret bits at a signi cantly faster rate in comparison to existing approaches. While the rst part of this dissertation focuses on achieving secrecy in wireless networks, the second part of this dissertation examines the use of special pulse shaping lters of the lterbank multicarrier (FBMC) physical layer in reliably transmitting data packets at a very high rate. We rst analyze the mutual interference power across subcarriers used by di erent transmitters. Next, to understand the impact of FBMC beyond the physical layer, we devise a distributed and adaptive medium access control protocol that coordinates data packet tra c among the di erent nodes in the network in a best e ort manner. Using extensive simulations, we show that FBMC consistently achieves an order-of-magnitude performance improvement over orthogonal frequency division multiplexing (OFDM) in several aspects, including packet transmission delays, channel access delays, and e ective data transmission rate available to each node in static indoor settings as well as in vehicular networks