Analysis of Channel-Based User Authentication by Key-Less and Key-Based Approaches

User authentication (UA) supports the receiver in deciding whether a message comes from the claimed transmitter or from an impersonating attacker. In cryptographic approaches messages are signed with either an asymmetric or symmetric key, and a source of randomness is required to generate the key. In physical layer authentication (PLA) instead the receiver checks if received messages presumably coming from the same source undergo the same channel. We compare these solutions by considering the physical-layer channel features as randomness source for generating the key, thus allowing an immediate comparison with PLA (that already uses these features). For the symmetric-key approach we use secret key agreement, while for asymmetric-key the channel is used as entropy source at the transmitter. We focus on the asymptotic case of an infinite number of independent and identically distributed channel realizations, showing the correctness of all schemes and analyzing the secure authentication rate, that dictates the rate at which the probability that UA security is broken goes to zero as the number of used channel resources (to generate the key or for PLA) goes to infinity. Both passive and active attacks are considered and by numerical results we compare the various systems

Comparison Between Asymmetric and Symmetric Channel-Based Authentication for MIMO Systems

Authentication is a key element of security, by which a receiver confirms the sender identity of a message. Typical approaches include either key-based authentication at the application layer or physical layer authentication (PLA), where a message is considered authentic if it appears to have gone through the legitimate channel. In both cases a source of randomness is needed, whereas for PLA the random nature of the communication channel is exploited. In this paper we compare the various approaches using in all cases the channel as a source of randomness. We consider a multiple-input multiple-output (MIMO) system with a finite number of antennas. Simple auto-regressive (AR) models for its evolution as well as the relation of the legitimate and attacker channel are considered. In this setting the attacker can either predict the key used for key-based authentication or forge the channel estimated at the legitimate receiver for PLA. The analysis includes both symmetric and asymmetric key-based authentication. We compare the schemes in terms of false alarm and missed detection probability and we outline best attack strategies.Comment: Updated version (with typos correction) of paper accepted for WSA conferenc

Secure Compute-and-Forward Transmission With Artificial Noise and Full-Duplex Devices

We consider a wiretap channel with an eavesdropper (Eve) and an honest but curious relay (Ray). Ray and the destination (Bob) are full-duplex (FD) devices. Since we aim at not revealing information on the secret message to the relay, we consider the scaled compute-and-forward (SCF) where scaled lattice coding is used in the transmission by both the source (Alice) and Bob in order to allow Ray to decode only a linear combination of the two messages. At the same time Ray transmits artificial noise (AN) to confuse Eve. When Ray relays the decoded linear combination, Alice and Bob are transmitting AN against Eve. This can be a 5G cellular communication scenario where a mobile terminal (MT) aims at transmitting a secret message to a FD base station (BS), with the assistance of a network FD relay. With respect to existing literature the innovations of this paper are: a) Bob and Ray are FD devices; b) Alice, Ray and Bob transmit also AN; and c) the channel to Eve is not known to Alice, Bob and Ray. For this scenario we derive bounds on both the secrecy outage probability under Rayleigh fading conditions of the channels to Eve, and the achievable secrecy-outage rates.Comment: submitted to PIMR

Authentication of Satellite Navigation Signals by Wiretap Coding and Artificial Noise

In order to combat the spoofing of global navigation satellite system (GNSS) signals we propose a novel approach for satellite signal authentication based on information-theoretic security. In particular we superimpose to the navigation signal an authentication signal containing a secret message corrupted by artificial noise (AN), still transmitted by the satellite. We impose the following properties: a) the authentication signal is synchronous with the navigation signal, b) the authentication signal is orthogonal to the navigation signal and c) the secret message is undecodable by the attacker due to the presence of the AN. The legitimate receiver synchronizes with the navigation signal and stores the samples of the authentication signal with the same synchronization. After the transmission of the authentication signal, through a separate public asynchronous authenticated channel (e.g., a secure Internet connection) additional information is made public allowing the receiver to a) decode the secret message, thus overcoming the effects of AN, and b) verify the secret message. We assess the performance of the proposed scheme by the analysis of both the secrecy capacity of the authentication message and the attack success probability, under various attack scenarios. A comparison with existing approaches shows the effectiveness of the proposed scheme

Secret Message Transmission by HARQ with Multiple Encoding

Secure transmission between two agents, Alice and Bob, over block fading channels can be achieved similarly to conventional hybrid automatic repeat request (HARQ) by letting Alice transmit multiple blocks, each containing an encoded version of the secret message, until Bob informs Alice about successful decoding by a public error-free return channel. In existing literature each block is a differently punctured version of a single codeword generated with a Wyner code that uses a common randomness for all blocks. In this paper instead we propose a more general approach where multiple codewords are generated from independent randomnesses. The class of channels for which decodability and secrecy is ensured is characterized, with derivations for the existence of secret codes. We show in particular that the classes are not a trivial subset (or superset) of those of existing schemes, thus highlighting the novelty of the proposed solution. The result is further confirmed by deriving the average achievable secrecy throughput, thus taking into account both decoding and secrecy outage.Comment: Proc. Int. Conference on Communications (ICC) 201

Centralized and Distributed Sparsification for Low-Complexity Message Passing Algorithm in C-RAN Architectures

Cloud radio access network (C-RAN) is a promising technology for fifth-generation (5G) cellular systems. However the burden imposed by the huge amount of data to be collected (in the uplink) from the radio remote heads (RRHs) and processed at the base band unit (BBU) poses serious challenges. In order to reduce the computation effort of minimum mean square error (MMSE) receiver at the BBU the Gaussian message passing (MP) together with a suitable sparsification of the channel matrix can be used. In this paper we propose two sets of solutions, either centralized or distributed ones. In the centralized solutions, we propose different approaches to sparsify the channel matrix, in order to reduce the complexity of MP. However these approaches still require that all signals reaching the RRH are conveyed to the BBU, therefore the communication requirements among the backbone network devices are unaltered. In the decentralized solutions instead we aim at reducing both the complexity of MP at the BBU and the requirements on the RRHs-BBU communication links by pre-processing the signals at the RRH and convey a reduced set of signals to the BBU.Comment: Accepted for pubblication in IEEE VTC 201

A Multi-Service Oriented Multiple-Access Scheme for Next-Generation Mobile Networks

One of the key requirements for fifth-generation (5G) cellular networks is their ability to handle densely connected devices with different quality of service (QoS) requirements. In this article, we present multi-service oriented multiple access (MOMA), an integrated access scheme for massive connections with diverse QoS profiles and/or traffic patterns originating from both handheld devices and machine-to-machine (M2M) transmissions. MOMA is based on a) stablishing separate classes of users based on relevant criteria that go beyond the simple handheld/M2M split, b) class dependent hierarchical spreading of the data signal and c) a mix of multiuser and single-user detection schemes at the receiver. Practical implementations of the MOMA principle are provided for base stations (BSs) that are equipped with a large number of antenna elements. Finally, it is shown that such a massive-multiple-input-multiple-output (MIMO) scenario enables the achievement of all the benefits of MOMA even with a simple receiver structure that allows to concentrate the receiver complexity where effectively needed.Comment: 6 pages, 3 figures, accepted to the European Conference on Networks and Communications (EuCNC 2016

Resource Allocation for Secure Gaussian Parallel Relay Channels with Finite-Length Coding and Discrete Constellations

We investigate the transmission of a secret message from Alice to Bob in the presence of an eavesdropper (Eve) and many of decode-and-forward relay nodes. Each link comprises a set of parallel channels, modeling for example an orthogonal frequency division multiplexing transmission. We consider the impact of discrete constellations and finite-length coding, defining an achievable secrecy rate under a constraint on the equivocation rate at Eve. Then we propose a power and channel allocation algorithm that maximizes the achievable secrecy rate by resorting to two coupled Gale-Shapley algorithms for stable matching problem. We consider the scenarios of both full and partial channel state information at Alice. In the latter case, we only guarantee an outage secrecy rate, i.e., the rate of a message that remains secret with a given probability. Numerical results are provided for Rayleigh fading channels in terms of average outage secrecy rate, showing that practical schemes achieve a performance quite close to that of ideal ones

Cooperative Authentication in Underwater Acoustic Sensor Networks

With the growing use of underwater acoustic communications (UWAC) for both industrial and military operations, there is a need to ensure communication security. A particular challenge is represented by underwater acoustic networks (UWANs), which are often left unattended over long periods of time. Currently, due to physical and performance limitations, UWAC packets rarely include encryption, leaving the UWAN exposed to external attacks faking legitimate messages. In this paper, we propose a new algorithm for message authentication in a UWAN setting. We begin by observing that, due to the strong spatial dependency of the underwater acoustic channel, an attacker can attempt to mimic the channel associated with the legitimate transmitter only for a small set of receivers, typically just for a single one. Taking this into account, our scheme relies on trusted nodes that independently help a sink node in the authentication process. For each incoming packet, the sink fuses beliefs evaluated by the trusted nodes to reach an authentication decision. These beliefs are based on estimated statistical channel parameters, chosen to be the most sensitive to the transmitter-receiver displacement. Our simulation results show accurate identification of an attacker's packet. We also report results from a sea experiment demonstrating the effectiveness of our approach.Comment: Author version of paper accepted for publication in the IEEE Transactions on Wireless Communication

Power Allocation in Multiuser Parallel Gaussian Broadcast Channels With Common and Confidential Messages

We consider a broadcast communication over parallel channels, where the transmitter sends K+1 messages: one common message to all users, and K confidential messages to each user, which need to be kept secret from all unintended users. We assume partial channel state information at the transmitter, stemming from noisy channel estimation. Our main goal is to design a power allocation algorithm in order to maximize the weighted sum rate of common and confidential messages under a total power constraint. The resulting problem for joint encoding across channels is formulated as the cascade of two problems, the inner min problem being discrete, and the outer max problem being convex. Thereby, efficient algorithms for this kind of optimization program can be used as solutions to our power allocation problem. For the special case K=2 , we provide an almost closed-form solution, where only two single variables must be optimized, e.g., through dichotomic searches. To reduce computational complexity, we propose three new algorithms, maximizing the weighted sum rate achievable by two suboptimal schemes that perform per-user and per-channel encoding. By numerical results, we assess the performance of all proposed algorithms as a function of different system parameters