Analysis of Channel-Based User Authentication by Key-Less and Key-Based Approaches

User authentication (UA) supports the receiver in deciding whether a message comes from the claimed transmitter or from an impersonating attacker. In cryptographic approaches messages are signed with either an asymmetric or symmetric key, and a source of randomness is required to generate the key. In physical layer authentication (PLA) instead the receiver checks if received messages presumably coming from the same source undergo the same channel. We compare these solutions by considering the physical-layer channel features as randomness source for generating the key, thus allowing an immediate comparison with PLA (that already uses these features). For the symmetric-key approach we use secret key agreement, while for asymmetric-key the channel is used as entropy source at the transmitter. We focus on the asymptotic case of an infinite number of independent and identically distributed channel realizations, showing the correctness of all schemes and analyzing the secure authentication rate, that dictates the rate at which the probability that UA security is broken goes to zero as the number of used channel resources (to generate the key or for PLA) goes to infinity. Both passive and active attacks are considered and by numerical results we compare the various systems

Securing health monitoring via body-centric time-frequency signature authorization

Identity-based attacks serve as the basis of an intruder’s attempt to launch security infringements in mobile health monitoring scenarios. Wireless channel perturbations due to the presence of human body are a relative phenomenon depending heavily on the subject’s dielectric properties. A new Body-Centric Signature Authorization (B-CSAI) approach based on time-frequency domain characteristics was proposed. This method utilizes multiple millimeter wave bands of 27-28 GHz, 29-30 GHz, and 31-32 GHz, thereby enhancing the security in body-centric communications exploiting benefits of subject specific channel signature. The proposed bornprint method is based on the intrinsic identity related time-frequency domain information, which generated by the user’s natural hand motion signature and resulting creeping waves and space waves. It can meet the unconditional keyless authorization requirements. A detailed measurement campaign considering radiation efficiency (η = -25.8, -24.7, -26.4), pathloss exponent, and shadowing factor in three millimeter wave bands, using six human subjects confirm the usability and efficiency of the proposed approach. This also shows that there is a wide space for realizing security from physical mechanisms

Byzantine Multiple Access Channels -- Part II: Communication With Adversary Identification

We introduce the problem of determining the identity of a byzantine user (internal adversary) in a communication system. We consider a two-user discrete memoryless multiple access channel where either user may deviate from the prescribed behaviour. Owing to the noisy nature of the channel, it may be overly restrictive to attempt to detect all deviations. In our formulation, we only require detecting deviations which impede the decoding of the non-deviating user's message. When neither user deviates, correct decoding is required. When one user deviates, the decoder must either output a pair of messages of which the message of the non-deviating user is correct or identify the deviating user. The users and the receiver do not share any randomness. The results include a characterization of the set of channels where communication is feasible, and an inner and outer bound on the capacity region. We also show that whenever the rate region has non-empty interior, the capacity region is same as the capacity region under randomized encoding, where each user shares independent randomness with the receiver. We also give an outer bound for this randomized coding capacity region.Comment: arXiv admin note: substantial text overlap with arXiv:2105.0338

Cyber Security of Critical Infrastructures

Critical infrastructures are vital assets for public safety, economic welfare, and the national security of countries. The vulnerabilities of critical infrastructures have increased with the widespread use of information technologies. As Critical National Infrastructures are becoming more vulnerable to cyber-attacks, their protection becomes a significant issue for organizations as well as nations. The risks to continued operations, from failing to upgrade aging infrastructure or not meeting mandated regulatory regimes, are considered highly significant, given the demonstrable impact of such circumstances. Due to the rapid increase of sophisticated cyber threats targeting critical infrastructures with significant destructive effects, the cybersecurity of critical infrastructures has become an agenda item for academics, practitioners, and policy makers. A holistic view which covers technical, policy, human, and behavioural aspects is essential to handle cyber security of critical infrastructures effectively. Moreover, the ability to attribute crimes to criminals is a vital element of avoiding impunity in cyberspace. In this book, both research and practical aspects of cyber security considerations in critical infrastructures are presented. Aligned with the interdisciplinary nature of cyber security, authors from academia, government, and industry have contributed 13 chapters. The issues that are discussed and analysed include cybersecurity training, maturity assessment frameworks, malware analysis techniques, ransomware attacks, security solutions for industrial control systems, and privacy preservation methods

Authentication and Integrity Protection at Data and Physical layer for Critical Infrastructures

This thesis examines the authentication and the data integrity services in two prominent emerging contexts such as Global Navigation Satellite Systems (GNSS) and the Internet of Things (IoT), analyzing various techniques proposed in the literature and proposing novel methods. GNSS, among which Global Positioning System (GPS) is the most widely used, provide affordable access to accurate positioning and timing with global coverage. There are several motivations to attack GNSS: from personal privacy reasons, to disrupting critical infrastructures for terrorist purposes. The generation and transmission of spoofing signals either for research purpose or for actually mounting attacks has become easier in recent years with the increase of the computational power and with the availability on the market of Software Defined Radios (SDRs), general purpose radio devices that can be programmed to both receive and transmit RF signals. In this thesis a security analysis of the main currently proposed data and signal level authentication mechanisms for GNSS is performed. A novel GNSS data level authentication scheme, SigAm, that combines the security of asymmetric cryptographic primitives with the performance of hash functions or symmetric key cryptographic primitives is proposed. Moreover, a generalization of GNSS signal layer security code estimation attacks and defenses is provided, improving their performance, and an autonomous anti-spoofing technique that exploits semi-codeless tracking techniques is introduced. Finally, physical layer authentication techniques for IoT are discussed, providing a trade-off between the performance of the authentication protocol and energy expenditure of the authentication process

On the Support of Massive Machine-to-Machine Traffic in Heterogeneous Networks and Fifth-Generation Cellular Networks

The widespread availability of many emerging services enabled by the Internet of Things (IoT) paradigm passes through the capability to provide long-range connectivity to a massive number of things, overcoming the well-known issues of ad-hoc, short-range networks. This scenario entails a lot of challenges, ranging from the concerns about the radio access network efficiency to the threats about the security of IoT networks. In this thesis, we will focus on wireless communication standards for long-range IoT as well as on fundamental research outcomes about IoT networks. After investigating how Machine-Type Communication (MTC) is supported nowadays, we will provide innovative solutions that i) satisfy the requirements in terms of scalability and latency, ii) employ a combination of licensed and license-free frequency bands, and iii) assure energy-efficiency and security