168 research outputs found
Novel Physical Layer Authentication Techniques for Secure Wireless Communications
Due to the open nature of radio propagation, information security in wireless communications has been facing more challenges compared to its counterpart in wired networks. Authentication, defined as an important aspect of information security, is the process of verifying the identity of transmitters to prevent against spoofing attacks. Traditionally, secure wireless communications is achieved by relying solely upon higher layer cryptographic mechanisms. However, cryptographic approaches based on complex mathematical calculations are inefficient and vulnerable to various types of attacks. Recently, researchers have shown that the unique properties of wireless channels can be exploited for authentication enhancement by providing additional security protection against spoofing attacks. Motivated by the vulnerability of existing higher-layer security techniques and the security advantages provided by exploring the physical link properties, five novel physical layer authentication techniques to enhance the security performance of wireless systems are proposed. The first technique exploits the inherent properties of CIR to achieve robust channel-based authentication. The second and third techniques utilize a long-range channel predictor and additional multipath delay characteristics, respectively, to enhance the CIR-based authentication. The fourth technique exploits the advantages of AF cooperative relaying to improve traditional channel-based authentication. The last technique employs an embedded confidential signaling link to secure the legitimate transmissions in OFDM systems
Physical layer authentication using ensemble learning technique in wireless communications
Cyber-physical wireless systems have surfaced as an important data communication and networking research area. It is an emerging discipline that allows effective monitoring and efficient real-time communication between the cyber and physical worlds by embedding computer software and integrating communication and networking technologies. Due to their high reliability, sensitivity and connectivity, their security requirements are more comparable to the Internet as they are prone to various security threats such as eavesdropping, spoofing, botnets, man-in-the-middle attack, denial of service (DoS) and distributed denial of service (DDoS) and impersonation. Existing methods use physical layer authentication (PLA), the most promising solution to detect cyber-attacks. Still, the cyber-physical systems (CPS) have relatively large computational requirements and require more communication resources, thus making it impossible to achieve a low latency target. These methods perform well but only in stationary scenarios. We have extracted the relevant features from the channel matrices using discrete wavelet transformation to improve the computational time required for data processing by considering mobile scenarios. The features are fed to ensemble learning algorithms, such as AdaBoost, LogitBoost and Gentle Boost, to classify data. The authentication of the received signal is considered a binary classification problem. The transmitted data is labeled as legitimate information, and spoofing data is illegitimate information. Therefore, this paper proposes a threshold-free PLA approach that uses machine learning algorithms to protect critical data from spoofing attacks. It detects the malicious data packets in stationary scenarios and detects them with high accuracy when receivers are mobile. The proposed model achieves better performance than the existing approaches in terms of accuracy and computational time by decreasing the processing time
Analysis of Channel-Based User Authentication by Key-Less and Key-Based Approaches
User authentication (UA) supports the receiver in deciding whether a message
comes from the claimed transmitter or from an impersonating attacker. In
cryptographic approaches messages are signed with either an asymmetric or
symmetric key, and a source of randomness is required to generate the key. In
physical layer authentication (PLA) instead the receiver checks if received
messages presumably coming from the same source undergo the same channel. We
compare these solutions by considering the physical-layer channel features as
randomness source for generating the key, thus allowing an immediate comparison
with PLA (that already uses these features). For the symmetric-key approach we
use secret key agreement, while for asymmetric-key the channel is used as
entropy source at the transmitter. We focus on the asymptotic case of an
infinite number of independent and identically distributed channel
realizations, showing the correctness of all schemes and analyzing the secure
authentication rate, that dictates the rate at which the probability that UA
security is broken goes to zero as the number of used channel resources (to
generate the key or for PLA) goes to infinity. Both passive and active attacks
are considered and by numerical results we compare the various systems
Cooperative Authentication in Underwater Acoustic Sensor Networks
With the growing use of underwater acoustic communications (UWAC) for both
industrial and military operations, there is a need to ensure communication
security. A particular challenge is represented by underwater acoustic networks
(UWANs), which are often left unattended over long periods of time. Currently,
due to physical and performance limitations, UWAC packets rarely include
encryption, leaving the UWAN exposed to external attacks faking legitimate
messages. In this paper, we propose a new algorithm for message authentication
in a UWAN setting. We begin by observing that, due to the strong spatial
dependency of the underwater acoustic channel, an attacker can attempt to mimic
the channel associated with the legitimate transmitter only for a small set of
receivers, typically just for a single one. Taking this into account, our
scheme relies on trusted nodes that independently help a sink node in the
authentication process. For each incoming packet, the sink fuses beliefs
evaluated by the trusted nodes to reach an authentication decision. These
beliefs are based on estimated statistical channel parameters, chosen to be the
most sensitive to the transmitter-receiver displacement. Our simulation results
show accurate identification of an attacker's packet. We also report results
from a sea experiment demonstrating the effectiveness of our approach.Comment: Author version of paper accepted for publication in the IEEE
Transactions on Wireless Communication
Key Generation in Wireless Sensor Networks Based on Frequency-selective Channels - Design, Implementation, and Analysis
Key management in wireless sensor networks faces several new challenges. The
scale, resource limitations, and new threats such as node capture necessitate
the use of an on-line key generation by the nodes themselves. However, the cost
of such schemes is high since their secrecy is based on computational
complexity. Recently, several research contributions justified that the
wireless channel itself can be used to generate information-theoretic secure
keys. By exchanging sampling messages during movement, a bit string can be
derived that is only known to the involved entities. Yet, movement is not the
only possibility to generate randomness. The channel response is also strongly
dependent on the frequency of the transmitted signal. In our work, we introduce
a protocol for key generation based on the frequency-selectivity of channel
fading. The practical advantage of this approach is that we do not require node
movement. Thus, the frequent case of a sensor network with static motes is
supported. Furthermore, the error correction property of the protocol mitigates
the effects of measurement errors and other temporal effects, giving rise to an
agreement rate of over 97%. We show the applicability of our protocol by
implementing it on MICAz motes, and evaluate its robustness and secrecy through
experiments and analysis.Comment: Submitted to IEEE Transactions on Dependable and Secure Computin
- …