Skip to main content

Providing Privacy & Authentication

Researcher: Rohit Negi

Research Area: Privacy Protection


Providing Privacy and Authentication Using the Properties of the Wireless Channel

The wireless communication medium is inherently a broadcast medium, wherein each transmission is heard by several receivers, legitimate or otherwise. This project shows a novel utilization of the broadcast property of the wireless channel to provide secrecy of communications and authentication of nodes using proximity as the identifier. This will provide a communications-based complement (not a replacement) to security features obtained in the higher layers by computational cryptography.

Research Plan:

Security mechanisms must be designed into the system at each layer. The broadcast properties of the wireless channel will be used to provide physical-layer based security as follows:

  1. Authentication using node proximity: Recently, especially in the context of sensor networks, there has been substantial research on authentication, based on the location of a node (i.e., node location serves as the node's identity.) These schemes are based on the round-trip time required for node A to receive its own replayed signal from node B, to provide an estimate of the distance between A and B, using the speed of electromagnetic waves as the invariant. However, the problem with using the speed of EM waves as an invariant is that it is practically very hard to measure such small time differences, especially when the distances involved are small. Radar uses reflection from the target effectively. However, in this case, node B is being asked to instantaneously process an incoming waveform from A and replay it. Consider the case where the A-B distance is 30 m, so that the round trip time should be 0.1 microsec. This means that any processing that node B does must be accomplished within a time interval well below 0.1 microsec. This kind of processing speed is outside the present or even future capabilities of communication devices. For example, note that in present communication designs, each frame or packet is preceded by a preamble several microseconds long, just so that the receiver can synchronize with the start of the transmitted signal. There have also been earlier efforts on using the received power at node A from node B, as a proxy for channel loss (and hence, of distance A-B). However, such authentication can be easily defeated if node B uses a higher transmit power, or a directed antenna-beam, to make it appear close to A.

We propose to use a proximity determination technique that relies on the rate of change of Direction of Arrival (DOA). Consider a mouse or PDA that is attempting to connect to the laptop wirelessly. The mouse (node B) is at a particular direction with respect to the orientation of the laptop (node A). The DOA of electromagnetic waves transmitted by the mouse can be estimated fairly accurately using a laptop wireless card equipped with multiple antennas [2]. Now, rather than using speed of light as an invariant, another ‘invariant speed’ exists - the speed of human movement. The protocol for proximity-based authentication is therefore, to physically move the mouse in a complete circle (or on an arc) around the laptop, within a time limit (of say, 5 seconds). The successful completion of a revolution within the time frame can be easily tracked by direction-finding algorithms. Notice that an imposter, such as another mouse, which is further away, will have a larger radius, and thus, require a longer time to complete the same revolution. This is true even if such nodes were able to fake their range by transmitting at a higher power or using directed-antenna beams. Imposters that are closer to the laptop and try to complete the revolution quickly will be glaringly conspicuous. Note that this method requires the use of multiple antennas at the laptop (but not at the mouse), which can reasonably be expected in the near-future, given the intense activity in that area. The method does not require a side-channel, such as a USB port in the mouse, as in current devices.

While the basic idea is novel, research is required to explore its potential and understand its limits. For example, the accuracy of tracking the moving node B (the mouse), must be investigated. The tracking and authentication algorithm must be robust to errors in the movement of node B (e.g., not necessarily a circle), yet must not allow other movement patterns to be authenticated. The significant research that exists in DOA estimating and tracking signal processing algorithms, using training sequences or blind estimation methods such as MUSIC, ESPIRIT will be investigated. Testing of these algorithms will be done by purchasing NSF-funded wireless Universal Software Radio Peripheral (USRP) test-board for demonstration in CMU's wireless lab. These boards cost around $700 each, and CMU’s wireless laboratory will provide the capital-intensive test equipment (signal generators, oscilloscope, spectrum analyzers, etc.) to test the proximity determining algorithms. Attacks on the method using geographically distributed, precisely synchronized malicious nodes will be investigated for feasibility.

  1. Privacy and information-theoretic security: The broadcast channel clearly gives rise to privacy concerns, due to the simplicity of eavesdropping on such a channel. Methods exist in literature, which use the difference in physical channels, seen by the legitimate receiver and the eavesdropper respectively, to quantify the ‘secure capacity’ of a wireless channel. If the eavesdropper sees a channel that is worse than that seen by the legitimate receiver, then it is obvious that data transmission to the latter can be done at a rate larger than the rate to the former, which can be easily converted into a mechanism for privacy. However, in general, there is no guarantee that the receiver will have better channel than the eavesdropper (e.g., consider the case where eavesdropper is closer to the transmitter than is the receiver). Funded by a previous Cylab grant, we have shown an interesting application of multiple antennas, where this condition can be satisfied by producing ‘artificial noise’. This noise is created such that it degrades the eavesdropper's channel but does not affect the channel of the intended receiver, thus allowing perfectly secure communication. Such a targeted artificial noise can be created if the transmitter has multiple antennas, or if there are ‘helper nodes’ available. The key idea in this method is that a transmitter (perhaps aided by helper nodes), which has more dimensions (e.g., multiple antennas) than the eavesdropper can transmit random noise in the null space of the legitimate receiver, thus not affecting it, while yet degrading the channel of the eavesdropper.

In this proposal, we plan to demonstrate the practicality of this scheme using the purchased USRP test-boards. Practical systems have estimation errors in various parameters, such as the channel gains. The effect of these errors on the secrecy capacity will be investigated. Robust mechanisms to provide secrecy capacity will be designed, which will involve the use of link margins, robust modulation formats and error correction codes. The secrecy capacity obtained will be demonstrated on the wireless laboratory. Attacks on the secrecy mechanism will be explored. This may take the form of colluding eavesdroppers, eavesdroppers will multiple antennas, or active eavesdroppers that attempt to jam the synchronous transmissions of packets by the helpers. Finally, it can be noted that the idea of using secrecy capacity can be applied to any broadcast scenario, at the higher layers also, such as wireless MAC protocols, or routing that allows flooding of packets.