Physical Layer Authentication Watermarks Through Synthetic Channel Emulation

Abstract—We present an authentication device allowing for the validation of wireless transmissions by means of a watermark signal applied at the physical layer, and demonstrate how the method may be applied to digital broadcast television signals. The novel watermarking approach presented conveys the authentication signal through explicit emulation of innocuous channel responses, further preventing Primary User Emulation attacks in Dynamic Spectrum Access theaters. The undesirable effects of the watermark signal design are removed by the receiver by traditional channel equalization practices, resulting in nearly zero impact to the bit error rate (BER) of the primary signal received. The proposed mechanism may be implemented without modification to existing Digital Television (DTV) transmission equipment using a retrofitting approach, and does not require the modification of existing receivers or protocols. A key benefit of the proposed method is that the authentication signal may be received at a BER much lower than the primary-signal, all within original transmission power and bandwidth constraints. We discuss physical layer details of the new watermarking method, and demonstrate how proven cryptographic authentication measures may be applied to the problem. I

Fighting Spam with the NeighborhoodWatch DHT

Abstract—In this paper, we present DHTBL, an anti-spam blacklist built upon a novel secure distributed hash table (DHT). We show how DHTBL can be used to replace existing DNS-based blacklists (DNSBLs) of IP addresses of mail relays that forward spam. Implementing a blacklist on a DHT improves resilience to DoS attacks and secures message delivery, when compared to DNSBLs. However, due to the sensitive nature of the blacklist, storing the data in a peer-to-peer DHT would invite attackers to infiltrate the system. Typical DHTs can withstand fail-stop failures, but malicious nodes may provide incorrect routing information, refuse to return published items, or simply ignore certain queries. The NeighborhoodWatch DHT is resilient to malicious nodes and maintains the O(log N) bounds on routing table size and expected lookup time. NeighborhoodWatch depends on two assumptions in order to make these guarantees: (1) the existence of an on-line trusted authority that periodically contacts and issues signed certificates to each node, and (2) for every sequence of k + 1 consecutive nodes in the ID space, at least one is alive and non-malicious. We show how NeighborhoodWatch maintains many of its security properties even when the second assumption is violated. Honest nodes in NeighborhoodWatch can detect malicious behavior and expel the responsible nodes from the DHT. I