Novel Physical Layer Authentication Techniques for Secure Wireless Communications

Due to the open nature of radio propagation, information security in wireless communications has been facing more challenges compared to its counterpart in wired networks. Authentication, defined as an important aspect of information security, is the process of verifying the identity of transmitters to prevent against spoofing attacks. Traditionally, secure wireless communications is achieved by relying solely upon higher layer cryptographic mechanisms. However, cryptographic approaches based on complex mathematical calculations are inefficient and vulnerable to various types of attacks. Recently, researchers have shown that the unique properties of wireless channels can be exploited for authentication enhancement by providing additional security protection against spoofing attacks. Motivated by the vulnerability of existing higher-layer security techniques and the security advantages provided by exploring the physical link properties, five novel physical layer authentication techniques to enhance the security performance of wireless systems are proposed. The first technique exploits the inherent properties of CIR to achieve robust channel-based authentication. The second and third techniques utilize a long-range channel predictor and additional multipath delay characteristics, respectively, to enhance the CIR-based authentication. The fourth technique exploits the advantages of AF cooperative relaying to improve traditional channel-based authentication. The last technique employs an embedded confidential signaling link to secure the legitimate transmissions in OFDM systems

Physical layer authentication using ensemble learning technique in wireless communications

Cyber-physical wireless systems have surfaced as an important data communication and networking research area. It is an emerging discipline that allows effective monitoring and efficient real-time communication between the cyber and physical worlds by embedding computer software and integrating communication and networking technologies. Due to their high reliability, sensitivity and connectivity, their security requirements are more comparable to the Internet as they are prone to various security threats such as eavesdropping, spoofing, botnets, man-in-the-middle attack, denial of service (DoS) and distributed denial of service (DDoS) and impersonation. Existing methods use physical layer authentication (PLA), the most promising solution to detect cyber-attacks. Still, the cyber-physical systems (CPS) have relatively large computational requirements and require more communication resources, thus making it impossible to achieve a low latency target. These methods perform well but only in stationary scenarios. We have extracted the relevant features from the channel matrices using discrete wavelet transformation to improve the computational time required for data processing by considering mobile scenarios. The features are fed to ensemble learning algorithms, such as AdaBoost, LogitBoost and Gentle Boost, to classify data. The authentication of the received signal is considered a binary classification problem. The transmitted data is labeled as legitimate information, and spoofing data is illegitimate information. Therefore, this paper proposes a threshold-free PLA approach that uses machine learning algorithms to protect critical data from spoofing attacks. It detects the malicious data packets in stationary scenarios and detects them with high accuracy when receivers are mobile. The proposed model achieves better performance than the existing approaches in terms of accuracy and computational time by decreasing the processing time

Analysis of Channel-Based User Authentication by Key-Less and Key-Based Approaches

User authentication (UA) supports the receiver in deciding whether a message comes from the claimed transmitter or from an impersonating attacker. In cryptographic approaches messages are signed with either an asymmetric or symmetric key, and a source of randomness is required to generate the key. In physical layer authentication (PLA) instead the receiver checks if received messages presumably coming from the same source undergo the same channel. We compare these solutions by considering the physical-layer channel features as randomness source for generating the key, thus allowing an immediate comparison with PLA (that already uses these features). For the symmetric-key approach we use secret key agreement, while for asymmetric-key the channel is used as entropy source at the transmitter. We focus on the asymptotic case of an infinite number of independent and identically distributed channel realizations, showing the correctness of all schemes and analyzing the secure authentication rate, that dictates the rate at which the probability that UA security is broken goes to zero as the number of used channel resources (to generate the key or for PLA) goes to infinity. Both passive and active attacks are considered and by numerical results we compare the various systems

Cooperative Authentication in Underwater Acoustic Sensor Networks

With the growing use of underwater acoustic communications (UWAC) for both industrial and military operations, there is a need to ensure communication security. A particular challenge is represented by underwater acoustic networks (UWANs), which are often left unattended over long periods of time. Currently, due to physical and performance limitations, UWAC packets rarely include encryption, leaving the UWAN exposed to external attacks faking legitimate messages. In this paper, we propose a new algorithm for message authentication in a UWAN setting. We begin by observing that, due to the strong spatial dependency of the underwater acoustic channel, an attacker can attempt to mimic the channel associated with the legitimate transmitter only for a small set of receivers, typically just for a single one. Taking this into account, our scheme relies on trusted nodes that independently help a sink node in the authentication process. For each incoming packet, the sink fuses beliefs evaluated by the trusted nodes to reach an authentication decision. These beliefs are based on estimated statistical channel parameters, chosen to be the most sensitive to the transmitter-receiver displacement. Our simulation results show accurate identification of an attacker's packet. We also report results from a sea experiment demonstrating the effectiveness of our approach.Comment: Author version of paper accepted for publication in the IEEE Transactions on Wireless Communication

Key Generation in Wireless Sensor Networks Based on Frequency-selective Channels - Design, Implementation, and Analysis

Key management in wireless sensor networks faces several new challenges. The scale, resource limitations, and new threats such as node capture necessitate the use of an on-line key generation by the nodes themselves. However, the cost of such schemes is high since their secrecy is based on computational complexity. Recently, several research contributions justified that the wireless channel itself can be used to generate information-theoretic secure keys. By exchanging sampling messages during movement, a bit string can be derived that is only known to the involved entities. Yet, movement is not the only possibility to generate randomness. The channel response is also strongly dependent on the frequency of the transmitted signal. In our work, we introduce a protocol for key generation based on the frequency-selectivity of channel fading. The practical advantage of this approach is that we do not require node movement. Thus, the frequent case of a sensor network with static motes is supported. Furthermore, the error correction property of the protocol mitigates the effects of measurement errors and other temporal effects, giving rise to an agreement rate of over 97%. We show the applicability of our protocol by implementing it on MICAz motes, and evaluate its robustness and secrecy through experiments and analysis.Comment: Submitted to IEEE Transactions on Dependable and Secure Computin