Transcript Channel-Independent Viterbi Algorithm (CIVA) for DNA

MIMO Transmissions with Information
Theoretic Secrecy for Secret-Key
Agreement in Wireless Networks
Xiaohua (Edward) Li1 and E. Paul Ratazzi2
1Department
of Electrical and Computer Engineering
State University of New York at Binghamton
[email protected],
http://ucesp.ws.binghamton.edu/~xli
2Air Force Research Lab, AFRL/IFGB, [email protected]
MILCOM'2005
1
Contents
1.
2.
3.
4.
5.
6.
Introduction
Secure MIMO transmission scheme
Transmission weights design
Transmission secrecy
Simulations
Conclusions
MILCOM'2005
2
1. Introduction
• Secure wireless transmission: necessary
PHY security techniques for wireless
information assurance
– Wireless transmissions have no boundary,
susceptible to listening/analyzing, location,
jamming
– Wireless nodes have severe energy and
bandwidth constraints  “light” techniques
– Unreliable link and dynamic network topology
MILCOM'2005
3
Secure Wireless Transmissions
• Traditional secure transmission design
– Data encryption, spread spectrum, etc
• New idea: use antenna array diversity and
array redundancy
– A completely different approach of secure (LPI)
waveform design
MILCOM'2005
4
Significance to Cryptography
• Provable (information-theoretic) secrecy
– Inherently secure transmission, no encryption keys
involved
– Comparable to quantum cryptography
• Provide PHY-layer LPI, and assist higher layer
data encryption
– PHY-layer assisted secret key agreement
MILCOM'2005
5
Secret-Key Agreement
• Classic Shannon model
– Alice & Bob try to exchange encryption keys for
encrypted data transmission
– Eve can acquire all (and identical) messages
received by Alice or Bob
– Perfect secrecy impractical under Shannon model
– Computational secrecy achievable
MILCOM'2005
6
PHY-layer Transmission Secrecy Model
• Information theoretic secrecy realizable with
model different than Shannon’s
– Eve’s channels, and thus received signals, are
different from Alice’s or Bob’s
– A reality in quantum communication, and wireless
transmissions
MILCOM'2005
7
Information-Theoretic Secrecy
• Wyner’s wire-tap channel: secret capacity
 h (  )  h (  ),
C1  
0,

w here
if    (Eve' s channel
else (Eve' channel
noiser)
better)
h ( p )   p log p  (1  p ) log( 1  p )
• Maurer’s common information concept
C 2  h (     2  )  h (  )
• High secret channel capacity requires Eve’s channel
being noisier  not practical enough
MILCOM'2005
8
2. Secure MIMO transmission scheme
• Can we guarantee a large  or    in
practice?
• Possible: randomized MIMO transmission
• Basic idea:
– Use redundancy of antenna array
– Exploit the limit of blind deconvolution
• Eve can not estimate channel/symbol blindly
MILCOM'2005
9
Transmission Scheme
• Alice: antenna array (secure, public, pilot)
– Does not send training signals
• Bob: estimate symbols, no channel knowledge
required
MILCOM'2005
10
Signal Model and Assumptions
B ob receives: x ( n )  H W ( n ) b ( n )  v ( n )
E ve receives: x u ( n )  H u W ( n ) b ( n )  v u ( n )
Alice, Bob & Eve do not know channels.
– Alice estimate H by reciprocity
– Bob need not know channel.
– Eve depends on blind estimation.
MILCOM'2005
11
MIMO Transmission Procedure
• Alice select transmit antenna weights so that
H W (n)  A :
A is K  K diagonal w ith positive elem ents
• Bob receives signal x ( n )  A b ( n )  v ( n )
– By estimating received signal power, Bob can detect
signals
ˆb ( n )  A  1 x ( n )
• Key points:
– No channel information required for Bob, no training
required  no training available to Eve
– Redundancy in selecting weights W ( n )
MILCOM'2005
12
3. Transmission Weights Design
• Existing array transmission schemes are
susceptible to Eve’s blind deconvolution attack?
– Eve can easily estimate b ( n ) by blind deconvolution
if with optimal transmit beamforming
W opt ( n )  V opt
H
 D 1U
opt
opt A opt


B
w here H  U opt  D opt ,

0  V opt

H

,

, A opt  I K /

tr D
2

and B can be zero or random
MILCOM'2005
13
Select Weights with Randomization
• W1(n): Redundancy in transmitting weights
 H 1  A  H W ( n ) 
1 1
W (n)   0
,
W1 ( n )


w here H   H 0
H 1 
• Procedure:
In each sym bol block interval, select ra ndom ly W 1 ( n ) such that
s1 ( n )  W1 ( n ) b ( n )
~
N
J K
and then calculate transm itted vector
( μ ,  ),
W ( n ) b ( n ) as
1
 s 0 ( n )   H 0  A b ( n )  H 1s 1 ( n )  
s(n)  

 
s
(
n
)
s
(
n
)
 1
 
1

MILCOM'2005
14
4. Transmission Secrecy
• Eve’s received signal becomes
x u ( n )   H u F
 s1 ( n ) 
I M  
  Huf ,
v
(
n
)
 u

  H 1H 
0
1
w here F  
,
 I J  K 
 H 1A b (n ) 
f   0

0


which has distribution
xe (n) ~ N
M
(H u F μ  H u f , H u F  F
H
Hu
H
2
  v IM )
• Objective: Eve can not estimate channel Hu from
xe(n), which relies on
– Assumption that Eve & Bob’s channels are sufficiently
different  wireless channels fade independently when
separated a fractional of wavelength
– Unknown to Eve: s1 ( n )  W1 ( n ) b ( n ) ~ N J  K ( μ ,  ),
MILCOM'2005
15
Indeterminacy of Blind Channel Estimation
• Proposition:
For unknow n sym bol b ( n ) and unknow n H , μ , Σ ,
from the distribution of x u ( n ), the chann el m atrix H u
is indistinguishable from H u P w ith J  J am b uiguity
m atrix
U
P  
0
GV  UG 
.
V

MILCOM'2005
16
Indeterminacy of Blind Symbol Estimation
• Proposition:
A ssum e x u ( n ) is generated by transm itting b ( n ).
T hen x u ( n ) has identical distribution as those generated
by transm itting any other sym bol vector d ( n ).
• Result:
– Eve’s error rate: high
– Bob’s error rate: low (identical to optimal MIMO
eigen-beamforming)
– Cost paid: higher transmission power
MILCOM'2005
17
Transmission secrecy
• Weights are selected randomly and unknown to
Eve, blind deconvolution is made impossible
• Weights are selected by Alice, no need to tell
Bob  equivalently one-time pad
• Information theory guarantees high and positive
secret channel capacity  provable
(information theoretic) secrecy
MILCOM'2005
18
Eve’s Exhaustive Search Attack
• Eve may exhaustively try all possible channels
(both H u , and H ).
2K
2(J K )
Q

Q
• The complexity can be at least
,
according to quantization level Q
2
2
– Low quantization level reduces complexity, but
increases symbol estimation error  still makes
high positive secret channel capacity possible
– Example,
2
128
when J  4, K  4, Q  16 (for   0.1).
MILCOM'2005
19
5. Simulations
J=6.
K=4.
QPSK.
• BER of the proposed transmission scheme
MILCOM'2005
20
• Secret channel capacity with the simulated BER
MILCOM'2005
21
Conclusions
• Proposed a randomized MIMO transmission
scheme
– Use array redundancy and channel diversity for
transmission security
– Enhance transmission LPI in the PHY-layer by
increasing the adversary’s receiving error
– Proof of secrecy with weight randomization and limit
of blind deconvolution
MILCOM'2005
22