Principles of Physical Layer Security in Multiuser Wireless Networks: A Survey

This paper provides a comprehensive review of the domain of physical layer security in multiuser wireless networks. The essential premise of physical-layer security is to enable the exchange of confidential messages over a wireless medium in the presence of unauthorized eavesdroppers without relying on higher-layer encryption. This can be achieved primarily in two ways: without the need for a secret key by intelligently designing transmit coding strategies, or by exploiting the wireless communication medium to develop secret keys over public channels. The survey begins with an overview of the foundations dating back to the pioneering work of Shannon and Wyner on information-theoretic security. We then describe the evolution of secure transmission strategies from point-to-point channels to multiple-antenna systems, followed by generalizations to multiuser broadcast, multiple-access, interference, and relay networks. Secret-key generation and establishment protocols based on physical layer mechanisms are subsequently covered. Approaches for secrecy based on channel coding design are then examined, along with a description of inter-disciplinary approaches based on game theory and stochastic geometry. The associated problem of physical-layer message authentication is also introduced briefly. The survey concludes with observations on potential research directions in this area.Comment: 23 pages, 10 figures, 303 refs. arXiv admin note: text overlap with arXiv:1303.1609 by other authors. IEEE Communications Surveys and Tutorials, 201

Using quantum key distribution for cryptographic purposes: a survey

The appealing feature of quantum key distribution (QKD), from a cryptographic viewpoint, is the ability to prove the information-theoretic security (ITS) of the established keys. As a key establishment primitive, QKD however does not provide a standalone security service in its own: the secret keys established by QKD are in general then used by a subsequent cryptographic applications for which the requirements, the context of use and the security properties can vary. It is therefore important, in the perspective of integrating QKD in security infrastructures, to analyze how QKD can be combined with other cryptographic primitives. The purpose of this survey article, which is mostly centered on European research results, is to contribute to such an analysis. We first review and compare the properties of the existing key establishment techniques, QKD being one of them. We then study more specifically two generic scenarios related to the practical use of QKD in cryptographic infrastructures: 1) using QKD as a key renewal technique for a symmetric cipher over a point-to-point link; 2) using QKD in a network containing many users with the objective of offering any-to-any key establishment service. We discuss the constraints as well as the potential interest of using QKD in these contexts. We finally give an overview of challenges relative to the development of QKD technology that also constitute potential avenues for cryptographic research.Comment: Revised version of the SECOQC White Paper. Published in the special issue on QKD of TCS, Theoretical Computer Science (2014), pp. 62-8

Characterisation and performance analysis of random linear network coding for reliable and secure communication

In this thesis, we develop theoretical frameworks to characterize the performance of Random Linear Network Coding (RLNC), and propose novel communication schemes for the achievement of both reliability and security in wireless networks. In particular, (i) we present an analytical model to evaluate the performance of practical RLNC schemes suitable for low-complexity receivers, prioritized (i.e., layered) coding and multi-hop communications, (ii) investigate the performance of RLNC in relay assisted networks and propose a new cross-layer RLNC-aided cooperative scheme for reliable communication, (iii) characterize the secrecy feature of RLNC and propose a new physical-application layer security technique for the purpose of achieving security and reliability in multi-hope communications. At first, we investigate random block matrices and derive mathematical expressions for the enumeration of full-rank matrices that contain blocks of random entries arranged in a diagonal, lower-triangular or tri-diagonal structure. The derived expressions are then used to model the probability that a receiver will successfully decode a source message or layers of a service, when RLNC based on non-overlapping, expanding or sliding generations is employed. Moreover, the design parameters of these schemes allow to adjust the desired decoding performance. Next, we evaluate the performance of Random Linear Network Coded Cooperation (RLNCC) in relay assisted networks, and propose a cross-layer cooperative scheme which combines the emerging Non-Orthogonal Multiple Access (NOMA) technique and RLNCC. In this regard, we first consider the multiple-access relay channel in a setting where two source nodes transmit packets to a destination node, both directly and via a relay node. Secondly, we consider a multi-source multi-relay network, in which relay nodes employ RLNC on source packets and generate coded packets. For each network, we build our analysis on fundamental probability expressions for random matrices over finite fields and we derive theoretical expressions of the probability that the destination node will successfully decode the source packets. Finally, we consider a multi-relay network comprising of two groups of source nodes, where each group transmits packets to its own designated destination node over single-hop links and via a cluster of relay nodes shared by both groups. In an effort to boost reliability without sacrificing throughput, a scheme is proposed whereby packets at the relay nodes are combined using two methods; packets delivered by different groups are mixed using non-orthogonal multiple access principles, while packets originating from the same group are mixed using RLNC. An analytical framework that characterizes the performance of the proposed scheme is developed, and benchmarked against a counterpart scheme that is based on orthogonal multiple access. Finally, we quantify and characterize the intrinsic security feature of RLNC and design a joint physical-application layer security technique. For this purpose, we first consider a network comprising a transmitter, which employs RLNC to encode a message, a legitimate receiver, and a passive eavesdropper. Closed-form analytical expressions are derived to evaluate the intercept probability of RLNC, and a resource allocation model is presented to further minimize the intercept probability. Afterward, we propose a joint RLNC and opportunistic relaying scheme in a multi relay network to transmit confi- dential data to a destination in the presence of an eavesdropper. Four relay selection protocols are studied covering a range of network capabilities, such as the availability of the eavesdropper’s channel state information or the possibility to pair the selected relay with a jammer node that intentionally generates interference. For each case, expressions of the probability that a coded packet will not be decoded by a receiver, which can be either the destination or the eavesdropper, are derived. Based on those expressions, a framework is developed that characterizes the probability of the eavesdropper intercepting a sufficient number of coded packets and partially or fully decoding the confidential data. We observe that the field size over which RLNC is performed at the application layer as well as the adopted modulation and coding scheme at the physical layer can be modified to fine-tune the trade-off between security and reliability

Design and Analysis of Security Schemes for Low-cost RFID Systems

With the remarkable progress in microelectronics and low-power semiconductor technologies, Radio Frequency IDentification technology (RFID) has moved from obscurity into mainstream applications, which essentially provides an indispensable foundation to realize ubiquitous computing and machine perception. However, the catching and exclusive characteristics of RFID systems introduce growing security and privacy concerns. To address these issues are particularly challenging for low-cost RFID systems, where tags are extremely constrained in resources, power and cost. The primary reasons are: (1) the security requirements of low-cost RFID systems are even more rigorous due to large operation range and mass deployment; and (2) the passive tags' modest capabilities and the necessity to keep their prices low present a novel problem that goes beyond the well-studied problems of traditional cryptography. This thesis presents our research results on the design and the analysis of security schemes for low-cost RFID systems. Motivated by the recent attention on exploiting physical layer resources in the design of security schemes, we investigate how to solve the eavesdropping, modification and one particular type of relay attacks toward the tag-to-reader communication in passive RFID systems without requiring lightweight ciphers. To this end, we propose a novel physical layer scheme, called Backscatter modulation- and Uncoordinated frequency hopping-assisted Physical Layer Enhancement (BUPLE). The idea behind it is to use the amplitude of the carrier to transmit messages as normal, while to utilize its periodically varied frequency to hide the transmission from the eavesdropper/relayer and to exploit a random sequence modulated to the carrier's phase to defeat malicious modifications. We further improve its eavesdropping resistance through the coding in the physical layer, since BUPLE ensures that the tag-to-eavesdropper channel is strictly noisier than the tag-to-reader channel. Three practical Wiretap Channel Codes (WCCs) for passive tags are then proposed: two of them are constructed from linear error correcting codes, and the other one is constructed from a resilient vector Boolean function. The security and usability of BUPLE in conjunction with WCCs are further confirmed by our proof-of-concept implementation and testing. Eavesdropping the communication between a legitimate reader and a victim tag to obtain raw data is a basic tool for the adversary. However, given the fundamentality of eavesdropping attacks, there are limited prior work investigating its intension and extension for passive RFID systems. To this end, we firstly identified a brand-new attack, working at physical layer, against backscattered RFID communications, called unidirectional active eavesdropping, which defeats the customary impression that eavesdropping is a ``passive" attack. To launch this attack, the adversary transmits an un-modulated carrier (called blank carrier) at a certain frequency while a valid reader and a tag interacts at another frequency channel. Once the tag modulates the amplitude of reader's signal, it causes fluctuations on the blank carrier as well. By carefully examining the amplitude of the backscattered versions of the blank carrier and the reader's carrier, the adversary could intercept the ongoing reader-tag communication with either significantly lower bit error rate or from a significantly greater distance away. Our concept is demonstrated and empirically analyzed towards a popular low-cost RFID system, i.e., EPC Gen2. Although active eavesdropping in general is not trivial to be prohibited, for a particular type of active eavesdropper, namely a greedy proactive eavesdropper, we propose a simple countermeasure without introducing extra cost to current RFID systems. The needs of cryptographic primitives on constraint devices keep increasing with the growing pervasiveness of these devices. One recent design of the lightweight block cipher is Hummingbird-2. We study its cryptographic strength under a novel technique we developed, called Differential Sequence Attack (DSA), and present the first cryptanalytic result on this cipher. In particular, our full attack can be divided into two phases: preparation phase and key recovery phase. During the key recovery phase, we exploit the fact that the differential sequence for the last round of Hummingbird-2 can be retrieved by querying the full cipher, due to which, the search space of the secret key can be significantly reduced. Thus, by attacking the encryption (decryption resp.) of Hummingbird-2, our algorithm recovers 36-bit (another 28-bit resp.) out of 128-bit key with $2^{68}$ ($2^{60}$ resp.) time complexity if particular differential conditions of the internal states and of the keys at one round can be imposed. Additionally, the rest 64-bit of the key can be exhaustively searched and the overall time complexity is dominated by $2^{68}$. During the preparation phase, by investing $2^{81}$ effort in time, the adversary is able to create the differential conditions required in the key recovery phase with at least 0.5 probability. As an additional effort, we examine the cryptanalytic strength of another lightweight candidate known as A2U2, which is the most lightweight cryptographic primitive proposed so far for low-cost tags. Our chosen-plaintext-attack fully breaks this cipher by recovering its secret key with only querying the encryption twice on the victim tag and solving 32 sparse systems of linear equations (where each system has 56 unknowns and around 28 unknowns can be directly obtained without computation) in the worst case, which takes around 0.16 second on a Thinkpad T410 laptop

Privacy-Preserving Decentralized Optimization and Event Localization

This dissertation considers decentralized optimization and its applications. On the one hand, we address privacy preservation for decentralized optimization, where N agents cooperatively minimize the sum of N convex functions private to these individual agents. In most existing decentralized optimization approaches, participating agents exchange and disclose states explicitly, which may not be desirable when the states contain sensitive information of individual agents. The problem is more acute when adversaries exist which try to steal information from other participating agents. To address this issue, we first propose two privacy-preserving decentralized optimization approaches based on ADMM (alternating direction method of multipliers) and subgradient method, respectively, by leveraging partially homomorphic cryptography. To our knowledge, this is the first time that cryptographic techniques are incorporated in a fully decentralized setting to enable privacy preservation in decentralized optimization in the absence of any third party or aggregator. To facilitate the incorporation of encryption in a fully decentralized manner, we also introduce a new ADMM which allows time-varying penalty matrices and rigorously prove that it has a convergence rate of O(1/t). However, given that encryption-based algorithms unavoidably bring about extra computational and communication overhead in real-time optimization [61], we then propose another novel privacy solution for decentralized optimization based on function decomposition and ADMM which enables privacy without incurring large communication/computational overhead. On the other hand, we address the application of decentralized optimization to the event localization problem, which plays a fundamental role in many wireless sensor network applications such as environmental monitoring, homeland security, medical treatment, and health care. The event localization problem is essentially a non-convex and non-smooth problem. We address such a problem in two ways. First, a completely decentralized solution based on augmented Lagrangian methods and ADMM is proposed to solve the non-smooth and non-convex problem directly, rather than using conventional convex relaxation techniques. However, this algorithm requires the target event to be within the convex hull of the deployed sensors. To address this issue, we propose another two scalable distributed algorithms based on ADMM and convex relaxation, which do not require the target event to be within the convex hull of the deployed sensors. Simulation results confirm effectiveness of the proposed algorithms