Researcher: Rohit Negi
Research Area: Privacy Protection
Providing Privacy and Authentication Using the Properties of the Wireless Channel
The wireless communication medium is inherently a broadcast medium, wherein each transmission is heard by several receivers, legitimate or otherwise. This project shows a novel utilization of the broadcast property of the wireless channel to provide secrecy of communications and authentication of nodes using proximity as the identifier. This will provide a communications-based complement (not a replacement) to security features obtained in the higher layers by computational cryptography.
Security mechanisms must be designed into the system at each layer. The broadcast properties of the wireless channel will be used to provide physical-layer based security as follows:
We propose to use a proximity determination technique that relies on the rate of change of Direction of Arrival (DOA). Consider a mouse or PDA that is attempting to connect to the laptop wirelessly. The mouse (node B) is at a particular direction with respect to the orientation of the laptop (node A). The DOA of electromagnetic waves transmitted by the mouse can be estimated fairly accurately using a laptop wireless card equipped with multiple antennas . Now, rather than using speed of light as an invariant, another ‘invariant speed’ exists - the speed of human movement. The protocol for proximity-based authentication is therefore, to physically move the mouse in a complete circle (or on an arc) around the laptop, within a time limit (of say, 5 seconds). The successful completion of a revolution within the time frame can be easily tracked by direction-finding algorithms. Notice that an imposter, such as another mouse, which is further away, will have a larger radius, and thus, require a longer time to complete the same revolution. This is true even if such nodes were able to fake their range by transmitting at a higher power or using directed-antenna beams. Imposters that are closer to the laptop and try to complete the revolution quickly will be glaringly conspicuous. Note that this method requires the use of multiple antennas at the laptop (but not at the mouse), which can reasonably be expected in the near-future, given the intense activity in that area. The method does not require a side-channel, such as a USB port in the mouse, as in current devices.
While the basic idea is novel, research is required to explore its potential and understand its limits. For example, the accuracy of tracking the moving node B (the mouse), must be investigated. The tracking and authentication algorithm must be robust to errors in the movement of node B (e.g., not necessarily a circle), yet must not allow other movement patterns to be authenticated. The significant research that exists in DOA estimating and tracking signal processing algorithms, using training sequences or blind estimation methods such as MUSIC, ESPIRIT will be investigated. Testing of these algorithms will be done by purchasing NSF-funded wireless Universal Software Radio Peripheral (USRP) test-board for demonstration in CMU's wireless lab. These boards cost around $700 each, and CMU’s wireless laboratory will provide the capital-intensive test equipment (signal generators, oscilloscope, spectrum analyzers, etc.) to test the proximity determining algorithms. Attacks on the method using geographically distributed, precisely synchronized malicious nodes will be investigated for feasibility.
In this proposal, we plan to demonstrate the practicality of this scheme using the purchased USRP test-boards. Practical systems have estimation errors in various parameters, such as the channel gains. The effect of these errors on the secrecy capacity will be investigated. Robust mechanisms to provide secrecy capacity will be designed, which will involve the use of link margins, robust modulation formats and error correction codes. The secrecy capacity obtained will be demonstrated on the wireless laboratory. Attacks on the secrecy mechanism will be explored. This may take the form of colluding eavesdroppers, eavesdroppers will multiple antennas, or active eavesdroppers that attempt to jam the synchronous transmissions of packets by the helpers. Finally, it can be noted that the idea of using secrecy capacity can be applied to any broadcast scenario, at the higher layers also, such as wireless MAC protocols, or routing that allows flooding of packets.