Physical layer security for IoT applications

The increasing demands for Internet of things (IoT) applications and the tremendous increase in the volume of IoT generated data bring novel challenges for the fifth generation (5G) network. Verticals such as e-Health, vehicle to everything (V2X) and unmanned aerial vehicles (UAVs) require solutions that can guarantee low latency, energy efficiency,massive connectivity, and high reliability. In particular, finding strong security mechanisms that satisfy the above is of central importance for bringing the IoT to life. In this regards, employing physical layer security (PLS) methods could be greatly beneficial for IoT networks. While current security solutions rely on computational complexity, PLS is based on information theoretic proofs. By removing the need for computational power, PLS is ideally suited for resource constrained devices. In detail, PLS can ensure security using the inherit randomness already present in the physical channel. Promising schemes from the physical layer include physical unclonable functions (PUFs), which are seen as the hardware fingerprint of a device, and secret key generation (SKG) from wireless fading coefficients, which provide the wireless fingerprint of the communication channel between devices. The present thesis develops several PLS-based techniques that pave the way for a new breed of latency-aware, lightweight, security protocols. In particular, the work proposes: i) a fast multi-factor authentication solution with verified security properties based on PUFs, proximity detection and SKG; ii) an authenticated encryption SKG approach that interweaves data transmission and key generation; and, iii) a set of countermeasures to man-in-the-middle and jamming attacks. Overall, PLS solutions show promising performance, especially in the context of IoT applications, therefore, the advances in this thesis should be considered for beyond-5G networks

Joint secure communication and sensing in 6G networks

Joint communication and sensing is expected to be one of the features introduced by the sixth-generation (6G) wireless systems. This will enable a huge variety of new applications, hence, it is important to find suitable approaches to secure the exchanged information. Conventional security mechanisms may not be able to meet the stringent delay, power, and complexity requirements which opens the challenge of finding new lightweight security solutions. A promising approach coming from the physical layer is the secret key generation (SKG) from channel fading. While SKG has been investigated for several decades, practical implementations of its full protocol are still scarce. The aim of this chapter is to evaluate the SKG rates in real-life setups under a set of different scenarios. We consider a typical radar waveform and present a full implementation of the SKG protocol. Each step is evaluated to demonstrate that generating keys from the physical layer can be a viable solution for future networks. However, we show that there is not a single solution that can be generalized for all cases, instead, parameters should be chosen according to the context

Authenticated secret key generation in delay-constrained wireless systems

With the emergence of 5G low-latency applications, such as haptics and V2X, low-complexity and low-latency security mechanisms are needed. Promising lightweight mechanisms include physical unclonable functions (PUF) and secret key generation (SKG) at the physical layer, as considered in this paper. In this framework, we propose (i) a zero round trip time (0-RTT) resumption authentication protocol combining PUF and SKG processes, (ii) a novel authenticated encryption (AE) using SKG, and (iii) pipelining of the AE SKG and the encrypted data transfer in order to reduce latency. Implementing the pipelining at PHY, we investigate a parallel SKG approach for multi-carrier systems, where a subset of the subcarriers are used for SKG and the rest for data transmission. The optimal solution to this PHY resource allocation problem is identified under security, power, and delay constraints, by formulating the subcarrier scheduling as a subset-sum 0−1 knapsack optimization. A heuristic algorithm of linear complexity is proposed and shown to incur negligible loss with respect to the optimal dynamic programming solution. All of the proposed mechanisms have the potential to pave the way for a new breed of latency aware security protocols

Multi-factor Physical Layer Security Authentication in Short Blocklength Communication

Lightweight and low latency security schemes at the physical layer that have recently attracted a lot of attention include: (i) physical unclonable functions (PUFs), (ii) localization based authentication, and, (iii) secret key generation (SKG) from wireless fading coefficients. In this paper, we focus on short blocklengths and propose a fast, privacy preserving, multi-factor authentication protocol that uniquely combines PUFs, proximity estimation and SKG. We focus on delay constrained applications and demonstrate the performance of the SKG scheme in the short blocklength by providing a numerical comparison of three families of channel codes, including half rate low density parity check codes (LDPC), Bose Chaudhuri Hocquenghem (BCH), and, Polar Slepian Wolf codes for n=512, 1024. The SKG keys are incorporated in a zero-round-trip-time resumption protocol for fast re-authentication. All schemes of the proposed mutual authentication protocol are shown to be secure through formal proofs using Burrows, Abadi and Needham (BAN) and Mao and Boyd (MB) logic as well as the Tamarin-prover

Influence of grape processing technology on the characteristics of the obtained distillates

In the production of wine distillates, the factors influencing their composition, respectively their quality, can be divided into the following directions: composition of grapes (as raw material), the technology for its processing and alcoholic fermentation to obtain wine material, as well as the method of distillation of the wine material to derive a distillate. Each of these factors is important for the production of quality wine distillate and significantly affects the concentration of chemical substances that determine its aromatic and flavour profile. The present study was carried out with Muscat Ottonel grapes, a raw material typical for the production of Muscat brandies, through double batch distillation. The grapes are processed and vinified according to three different technological schemes. It is established their influence on both the chemical composition of the wine materials and the received distillate fractions, typical for batch distillation

Man-in-the-Middle and Denial of Service Attacks in Wireless Secret Key Generation

Wireless secret key generation (W-SKG) from shared randomness (e.g., from the wireless channel fading realizations), is a well established scheme that can be used for session key agreement. W-SKG approaches can be of particular interest in delay constrained wireless networks and notably in the context of ultra reliable low latency communications (URLLC) in beyond fifth generation (B5G) systems. However W- SKG schemes are known to be malleable over the so called "advantage distillation" phase, during which observations of the shared randomness are obtained at the legitimate parties. As an example, an active attacker can act as a man-in- the-middle (MiM) by injecting pilot signals and/or can mount denial of service attacks (DoS) in the form of jamming. This paper investigates the impact of injection and reactive jamming attacks in W-SKG. First, it is demonstrated that injection attacks can be reduced to - potentially less harmful - jamming attacks by pilot randomization; a novel system design with randomized QPSK pilots is presented. Subsequently, the optimal jamming strategy is identified in a block fading additive white Gaussian noise (BF-AWGN) channel in the presence of a reactive jammer, using a game theoretic formulation. It is shown that the impact of a reactive jammer is far more severe than that of a simple proactive jammer

A Physical Layer, Zero-round-trip-time, Multi-factor Authentication Protocol

Lightweight physical layer security schemes that have recently attracted a lot of attention include physical unclonable functions (PUFs), RF fingerprinting / proximity based authentication and secret key generation (SKG) from wireless fading coefficients. In this paper, we propose a fast, privacy-preserving, zero-round-trip-time (0-RTT), multi-factor authentication protocol, that for the first time brings all these elements together, i.e., PUFs, proximity estimation and SKG. We use Kalman filters to extract proximity estimates from real measurements of received signal strength (RSS) in an indoor environment to provide soft fingerprints for node authentication. By leveraging node mobility, a multitude of such fingerprints are extracted to provide resistance to impersonation type of attacks e.g., a false base station. Upon removal of the proximity fingerprints, the residual measurements are then used as an entropy source for the distillation of symmetric keys and subsequently used as resumption secrets in a 0-RTT fast authentication protocol. Both schemes are incorporated in a challenge-response PUF-based mutual authentication protocol, shown to be secure through formal proofs using Burrows, Abadi, and Needham (BAN) and Mao and Boyd (MB) logic, as well as the Tamarin-prover. Our protocol showcases that in future networks purely physical layer security solutions are tangible and can provide an alternative to public key infrastructure in specific scenarios

Optimal Resource Allocation in Joint Secret Key Generation and Data Transfer Schemes

International audienceDue to computational complexity and latency constraints in the nodes of many IoT systems, alternatives are sought for session key generation schemes that rely on public key encryption. In this work we investigate novel cross-layer security protocols in which session keys are generated at the physical layer using standard techniques of secret key generation (SKG) from shared randomness. In this framework, we study the optimal power allocation in block-fading additive white Gaussian noise (BF-AWGN) channels with short-term power constraints when a subset of the subcarriers is used for SKG and the rest for data transmission. Fixing the amount of data that can be transmitted with a single key, allows us to first identify the optimal subset of subcarriers that should be devoted to SKG and the respective power allocation policy which, depending on the available overall power, might not be unique. Subsequently, a further step is taken in our analysis to account for the impact of the proposed power allocation in the long-term

Protecting Physical Layer Secret Key Generation from Active Attacks

Lightweight session key agreement schemes are expected to play a central role in building Internet of things (IoT) security in sixth-generation (6G) networks. A well-established approach deriving from the physical layer is a secret key generation (SKG) from shared randomness (in the form of wireless fading coefficients). However, although practical, SKG schemes have been shown to be vulnerable to active attacks over the initial “advantage distillation” phase, throughout which estimates of the fading coefficients are obtained at the legitimate users. In fact, by injecting carefully designed signals during this phase, a man-in-the-middle (MiM) attack could manipulate and control part of the reconciled bits and thus render SKG vulnerable to brute force attacks. Alternatively, a denial of service attack can be mounted by a reactive jammer. In this paper, we investigate the impact of injection and jamming attacks during the advantage distillation in a multiple-input–multiple-output (MIMO) system. First, we show that a MiM attack can be mounted as long as the attacker has one extra antenna with respect to the legitimate users, and we propose a pilot randomization scheme that allows the legitimate users to successfully reduce the injection attack to a less harmful jamming attack. Secondly, by taking a game-theoretic approach we evaluate the optimal strategies available to the legitimate users in the presence of reactive jammers