Authentication of Satellite Navigation Signals by Wiretap Coding and Artificial Noise

In order to combat the spoofing of global navigation satellite system (GNSS) signals we propose a novel approach for satellite signal authentication based on information-theoretic security. In particular we superimpose to the navigation signal an authentication signal containing a secret message corrupted by artificial noise (AN), still transmitted by the satellite. We impose the following properties: a) the authentication signal is synchronous with the navigation signal, b) the authentication signal is orthogonal to the navigation signal and c) the secret message is undecodable by the attacker due to the presence of the AN. The legitimate receiver synchronizes with the navigation signal and stores the samples of the authentication signal with the same synchronization. After the transmission of the authentication signal, through a separate public asynchronous authenticated channel (e.g., a secure Internet connection) additional information is made public allowing the receiver to a) decode the secret message, thus overcoming the effects of AN, and b) verify the secret message. We assess the performance of the proposed scheme by the analysis of both the secrecy capacity of the authentication message and the attack success probability, under various attack scenarios. A comparison with existing approaches shows the effectiveness of the proposed scheme

Key Generation in Wireless Sensor Networks Based on Frequency-selective Channels - Design, Implementation, and Analysis

Key management in wireless sensor networks faces several new challenges. The scale, resource limitations, and new threats such as node capture necessitate the use of an on-line key generation by the nodes themselves. However, the cost of such schemes is high since their secrecy is based on computational complexity. Recently, several research contributions justified that the wireless channel itself can be used to generate information-theoretic secure keys. By exchanging sampling messages during movement, a bit string can be derived that is only known to the involved entities. Yet, movement is not the only possibility to generate randomness. The channel response is also strongly dependent on the frequency of the transmitted signal. In our work, we introduce a protocol for key generation based on the frequency-selectivity of channel fading. The practical advantage of this approach is that we do not require node movement. Thus, the frequent case of a sensor network with static motes is supported. Furthermore, the error correction property of the protocol mitigates the effects of measurement errors and other temporal effects, giving rise to an agreement rate of over 97%. We show the applicability of our protocol by implementing it on MICAz motes, and evaluate its robustness and secrecy through experiments and analysis.Comment: Submitted to IEEE Transactions on Dependable and Secure Computin

Secrecy Constrained Distributed Inference in Wireless Sensor Networks

Comprised of a large number of low-cost, low-power, mobile and miniature sensors, wireless sensor networks are widely employed in many applications, such as environmental monitoring, health-care, and diagnostics of complex systems. In wireless sensor networks, the sensor outputs are transmitted across a wireless communication network to legitimate users such as fusion centers for final decision-making. Because of the wireless links across the network, the data are vulnerable to security breaches. For many applications, the data collected by local sensors are extremely sensitive, and care must be taken to prevent that information from being leaked to any malicious third parties, e.g., eavesdroppers. Eavesdropping is one of the most significant threats to wireless sensor networks, where local sensors are tapped by an eavesdropper in order to intercept information. I considered distributed inference in the presence of a global, greedy and informed eavesdropper who has access to all local node outputs rather than access. My goal is to develop secured distributed systems against eavesdropping attacks using a physical-layer security approach instead of cryptography techniques because of the stringent constraints on sensor networks energy and computational capability. The physical-layer security approach utilizes the characteristics of the physical layer, including transmission channels noises, and the information of the source. Additionally, physical-layer security for distributed inference is scalable due to the low computational complexity. I first investigate secrecy constrained distributed detection under both Neyman-Pearson and Bayesian frameworks. I analyze the asymptotic detection performance and proposed a novel way of analyzing the maximum performance trade-off using Kullback-Leibler divergence ratio between the fusion center and eavesdropper. Under the Neyman-Pearson framework, I show that the eavesdropper\u27s detection performance can be limited such that her decision-making is no better than random guessing; meanwhile, the detection performance at the fusion center is guaranteed at the prespecified level. Similar analyses and proofs are provided under the Bayesian framework, where it was shown that an eavesdropper can be constrained to an error probability level equal to her prior information. Additionally, I derive the asymptotic error exponent and show that asymptotic perfect secrecy and asymptotic perfect detection are possible by increasing the number of sensors under both frameworks if the fusion center has noiseless channels to the sensors. For secrecy constrained distributed estimation, I conducted similar analysis under both a classical setting and Bayesian setting. I derived the maximum achievable secrecy performance and show that under the condition that the eavesdropper has noisy channels and the fusion center has noiseless channels, both asymptotic perfect secrecy and asymptotic perfect estimation can be achieved under a classical setting. Similarly, under a Bayesian setting, I derived the performance trade-off using Fisher information ratio and show that the fusion center outperforms the eavesdropper significantly in the simulation section. Secrecy constrained in distributed inference with Rayleigh fading binary symmetric channel is considered as well. Similarly, I derive the maximum achievable secrecy performance ratio for both detection and estimation. The maximum achievable trade-off turns out to be almost the same in distributed estimation as in distributed detection. This suggests that a universal framework for generally structured inference problems are feasible. Further investigations are needed to justify this conjecture for more general applications

On the Design and Analysis of Secure Inference Networks

Parallel-topology inference networks consist of spatially-distributed sensing agents that collect and transmit observations to a central node called the fusion center (FC), so that a global inference is made regarding the phenomenon-of-interest (PoI). In this dissertation, we address two types of statistical inference, namely binary-hypothesis testing and scalar parameter estimation in parallel-topology inference networks. We address three different types of security threats in parallel-topology inference networks, namely Eavesdropping (Data-Confidentiality), Byzantine (Data-Integrity) or Jamming (Data-Availability) attacks. In an attempt to alleviate information leakage to the eavesdropper, we present optimal/near-optimal binary quantizers under two different frameworks, namely differential secrecy where the difference in performances between the FC and Eve is maximized, and constrained secrecy where FC’s performance is maximized in the presence of tolerable secrecy constraints. We also propose near-optimal transmit diversity mechanisms at the sensing agents in detection networks in the presence of tolerable secrecy constraints. In the context of distributed inference networks with M-ary quantized sensing data, we propose a novel Byzantine attack model and find optimal attack strategies that minimize KL Divergence at the FC in the presence of both ideal and non-ideal channels. Furthermore, we also propose a novel deviation-based reputation scheme to detect Byzantine nodes in a distributed inference network. Finally, we investigate optimal jamming attacks in detection networks where the jammer distributes its power across the sensing and the communication channels. We also model the interaction between the jammer and a centralized detection network as a complete information zero-sum game. We find closed-form expressions for pure-strategy Nash equilibria and show that both the players converge to these equilibria in a repeated game. Finally, we show that the jammer finds no incentive to employ pure-strategy equilibria, and causes greater impact on the network performance by employing mixed strategies

Secure Compute-and-Forward in a Bidirectional Relay

We consider the basic bidirectional relaying problem, in which two users in a wireless network wish to exchange messages through an intermediate relay node. In the compute-and-forward strategy, the relay computes a function of the two messages using the naturally-occurring sum of symbols simultaneously transmitted by user nodes in a Gaussian multiple access (MAC) channel, and the computed function value is forwarded to the user nodes in an ensuing broadcast phase. In this paper, we study the problem under an additional security constraint, which requires that each user's message be kept secure from the relay. We consider two types of security constraints: perfect secrecy, in which the MAC channel output seen by the relay is independent of each user's message; and strong secrecy, which is a form of asymptotic independence. We propose a coding scheme based on nested lattices, the main feature of which is that given a pair of nested lattices that satisfy certain "goodness" properties, we can explicitly specify probability distributions for randomization at the encoders to achieve the desired security criteria. In particular, our coding scheme guarantees perfect or strong secrecy even in the absence of channel noise. The noise in the channel only affects reliability of computation at the relay, and for Gaussian noise, we derive achievable rates for reliable and secure computation. We also present an application of our methods to the multi-hop line network in which a source needs to transmit messages to a destination through a series of intermediate relays.Comment: v1 is a much expanded and updated version of arXiv:1204.6350; v2 is a minor revision to fix some notational issues; v3 is a much expanded and updated version of v2, and contains results on both perfect secrecy and strong secrecy; v3 is a revised manuscript submitted to the IEEE Transactions on Information Theory in April 201

Fusing Censored Dependent Data for Distributed Detection

In this paper, we consider a distributed detection problem for a censoring sensor network where each sensor's communication rate is significantly reduced by transmitting only "informative" observations to the Fusion Center (FC), and censoring those deemed "uninformative". While the independence of data from censoring sensors is often assumed in previous research, we explore spatial dependence among observations. Our focus is on designing the fusion rule under the Neyman-Pearson (NP) framework that takes into account the spatial dependence among observations. Two transmission scenarios are considered, one where uncensored observations are transmitted directly to the FC and second where they are first quantized and then transmitted to further improve transmission efficiency. Copula-based Generalized Likelihood Ratio Test (GLRT) for censored data is proposed with both continuous and discrete messages received at the FC corresponding to different transmission strategies. We address the computational issues of the copula-based GLRTs involving multidimensional integrals by presenting more efficient fusion rules, based on the key idea of injecting controlled noise at the FC before fusion. Although, the signal-to-noise ratio (SNR) is reduced by introducing controlled noise at the receiver, simulation results demonstrate that the resulting noise-aided fusion approach based on adding artificial noise performs very closely to the exact copula-based GLRTs. Copula-based GLRTs and their noise-aided counterparts by exploiting the spatial dependence greatly improve detection performance compared with the fusion rule under independence assumption

Novel Physical Layer Authentication Techniques for Secure Wireless Communications

Due to the open nature of radio propagation, information security in wireless communications has been facing more challenges compared to its counterpart in wired networks. Authentication, defined as an important aspect of information security, is the process of verifying the identity of transmitters to prevent against spoofing attacks. Traditionally, secure wireless communications is achieved by relying solely upon higher layer cryptographic mechanisms. However, cryptographic approaches based on complex mathematical calculations are inefficient and vulnerable to various types of attacks. Recently, researchers have shown that the unique properties of wireless channels can be exploited for authentication enhancement by providing additional security protection against spoofing attacks. Motivated by the vulnerability of existing higher-layer security techniques and the security advantages provided by exploring the physical link properties, five novel physical layer authentication techniques to enhance the security performance of wireless systems are proposed. The first technique exploits the inherent properties of CIR to achieve robust channel-based authentication. The second and third techniques utilize a long-range channel predictor and additional multipath delay characteristics, respectively, to enhance the CIR-based authentication. The fourth technique exploits the advantages of AF cooperative relaying to improve traditional channel-based authentication. The last technique employs an embedded confidential signaling link to secure the legitimate transmissions in OFDM systems

Principles of Physical Layer Security in Multiuser Wireless Networks: A Survey

This paper provides a comprehensive review of the domain of physical layer security in multiuser wireless networks. The essential premise of physical-layer security is to enable the exchange of confidential messages over a wireless medium in the presence of unauthorized eavesdroppers without relying on higher-layer encryption. This can be achieved primarily in two ways: without the need for a secret key by intelligently designing transmit coding strategies, or by exploiting the wireless communication medium to develop secret keys over public channels. The survey begins with an overview of the foundations dating back to the pioneering work of Shannon and Wyner on information-theoretic security. We then describe the evolution of secure transmission strategies from point-to-point channels to multiple-antenna systems, followed by generalizations to multiuser broadcast, multiple-access, interference, and relay networks. Secret-key generation and establishment protocols based on physical layer mechanisms are subsequently covered. Approaches for secrecy based on channel coding design are then examined, along with a description of inter-disciplinary approaches based on game theory and stochastic geometry. The associated problem of physical-layer message authentication is also introduced briefly. The survey concludes with observations on potential research directions in this area.Comment: 23 pages, 10 figures, 303 refs. arXiv admin note: text overlap with arXiv:1303.1609 by other authors. IEEE Communications Surveys and Tutorials, 201