ceci est mon titre - comelec.telecom-paristech.fr · comelec seminar - 04 may 2017 telecom paris...
TRANSCRIPT
COMELEC Seminar - 04 May 2017 Telecom Paris Tech
CO
ME
LE
C T
PT
and
F D
elav
eau T
CS
- 2
017M
Ay 0
4 :
"P
hysi
cal
Lay
er S
ecuri
ty –
Tec
hno
log
ies
and
Per
spec
tives
"
Sourc
e –
pro
ject P
HY
LA
WS
funded b
y EC
-FP
7-IC
T-2
01
1-8
GN
317
562
François DELAVEAU Thales Communications and Security
Unit: Hardware Technologies Tools and Engineering
COMELEC SEMINAR Physical layer Security - Technologies and Perspectives
Funded by EC-FP7-ICT-2011-8 GN 317562
www.phylaws-ict.org
Thursday 4th May, 14h00, Télécom Paris Tech, Amphi B312, 46 rue Barrault, Paris
2 / 2 / C
OM
EL
EC
TP
T a
nd
F D
elav
eau T
CS
- 2
017M
Ay 0
4 :
"P
hysi
cal
Lay
er S
ecuri
ty –
Tec
hno
log
ies
and
Per
spec
tives
"
Sourc
e –
pro
ject P
HY
LA
WS
funded b
y EC
-FP
7-IC
T-2
01
1-8
GN
317
562
COMELEC Seminar - 04 May 2017 Telecom Paris Tech
Summary/Agenda
Some references and some acronyms for the following
Why security enhancement are needed on public networks
Brief introduction to PHYSEC Studied configuration of wireless links: Alice (A) and Bob (B) : legitimates users– Eve (E): attacker
The PHYLAWS project - EC-FP7-ICT-2011-8 Grant Number 317562
Brief recall the PHYLAWS project - EC-FP7-ICT-2011-8 Grant Number 317562 Fundamentals – Achievements
Experimental material and prototypes
Experimental locations and procedures
Secret Key Generation (SKG) – Processing Radio-cellular and Wifi application case
De-correlation pre-processing (stationary channels) - Core processing (any channels)
Single sense Experiments for LTE-TDD and Wifi
Dual sense Wifi experiments 2.4 GHz - LOS geometry
Radio advantage built with Artificial Noise + Beam forming Wifi Case – Principle and illustrations
Wifi Case – Implantation and experiments
Secrecy Coding under radio advantage Our particular implantation
Experimentations at Wifi links (802.11ac - 5 GHz)
Technological maturity and application perspectives
Annexes
3 / 3 / C
OM
EL
EC
TP
T a
nd
F D
elav
eau T
CS
- 2
017M
Ay 0
4 :
"P
hysi
cal
Lay
er S
ecuri
ty –
Tec
hno
log
ies
and
Per
spec
tives
"
Sourc
e –
pro
ject P
HY
LA
WS
funded b
y EC
-FP
7-IC
T-2
01
1-8
GN
317
562
COMELEC Seminar - 04 May 2017 Telecom Paris Tech
Some references for the following
ZEIT, “Wie Merkels Handy abgehört werden konnte,” 18 12 2014. [Online]. Available: http://www.zeit.de/digital/datenschutz/2014-12/umts-verschluesselung-
umgehen-angela-merkel-handy
Metronews, “Une énorme faille de sécurité permet d'écouter vos appels et de lire vos SMS,” [Online]. Available: http://www.metronews.fr/high-tech/une-enorme-faille-de-
securite-permet-d-ecouter-vos-appels-et-de-lire-vos-sms/mnlv!YnqDbOgrtHFYk/
http://media.ccc.de/browse/congress/2014/31c3_-_6531_-_en_-_saal_6_-_201412272300_-_ss7map_mapping_vulnerability_of_the_international_mobile_roaming_infrastructure_-_laurent_ghigonis_-_alexandre_de_oliveira.html
T. Intercept, «The Great SIM Heist. How Spies Stole the Keys to the Encryption Castle,» 2015. Available: https://theintercept.com/2015/02/19/great-sim-heist/
“SS7 map: mapping vulnerability of the international mobile roaming infrastructure”, https://media.ccc.de/v/31c3_-_6531_-_en_-_saal_6_-_201412272300_-
_ss7map_mapping_vulnerability_of_the_international_mobile_roaming_infrastructure_-_laurent_ghigonis_-_alexandre_de_oliveira
Hyeran Mun et al., “3G-WLAN interworking: security analysis and new authentication and key agreement based on EAP-AKA”, Wireless Telecommunications
Symposium, 2009. WTS 2009
F. Delaveau, A. Evestti, A. Kotelba, R. Savola and N. Shapira, “Active and passive eavesdropper threats within public and private cililian networks - Existing
and potential future countermeasures - An overview,” in Winncomm, Munich, Ger. 2013.
Y. Zou, J. Zhu, X. Wang, and L. Hanzo, « Survey on Wireless Security: Technical Challenges, Recent Advances, and Future Trends », Proceedings of the IEEE,
Vol. 104, No. 9, September 2016.
M. Bloch and J. Barros, Physical-Layer Security, Cambridge University Press, 2011.
J. W. Wallace and R. K. Sharma, “Automatic secret keys from reciprocal MIMO Wireless channels: measurement and analysis,” IEEE Transactions on
information forensics and security, vol. 5, no. 3, pp. 381-392, Sept. 2010.
T. Mazloum, F. Mani and A. Sibille, "Analysis of secret key robustness in indoor radio channel measurements," in IEEE Vehicular Tech. Conf., Glasgow, 2015.
T. Mazloum, "Analyse et Modélisation Radio pour la Généation de Clés secrètes“, PhD Thesis, Telecom Paris Tech, February 2016
J.-C. Belfiore, C. Ling and L. Luzzi, “Lattice codes achieving strong secrecy over the mod-Λ Gaussian channel,” in IEEE International Symposium on
Information Theory Proceedings, Cambridge, USA, 2012
Project Phylaws Funded by EC-FP7-ICT-2011-8 GN 317562: www.phylaws-ict.org
Project Prophylaxe Funded by BMBF GN 16KIS0005K: http://www.ict-prophylaxe.de
F. Delaveau, A. Mueller , G. Wunder and ali. “Perspectives of Physec for the improvement of the subscriber privacy and communication confidentiality at the
Air Interface . Results for WLANs, IoT and radiocells”, ETSI WS on radio techn. Air Int. S.A. 27-28 /01/16
IET book: «Trusted Communications with Physical Layer Security for 5G and Beyond», edited by T.Q.Duong, X.Zhou, and H.V Poor, to be published in 2017
NIST: (National Institute of Standards and Technology), «Recommendation for the Entropy Sources Used for Random Bit Generation,», (Second Draft) Special
Publication 800-90B 2016.
M. Hamburg, P. Kocher and M. E. Marson, "Analysis of Intel's Ivy Bridge Digital Random Number Generator," Technical Report Cryptographic Research
INC., March 2012
4 / 4 / C
OM
EL
EC
TP
T a
nd
F D
elav
eau T
CS
- 2
017M
Ay 0
4 :
"P
hysi
cal
Lay
er S
ecuri
ty –
Tec
hno
log
ies
and
Per
spec
tives
"
Sourc
e –
pro
ject P
HY
LA
WS
funded b
y EC
-FP
7-IC
T-2
01
1-8
GN
317
562
COMELEC Seminar - 04 May 2017 Telecom Paris Tech
AN - BF Artificial Noise – Beam Forming
BCH Bose Ray-Chaudhuri Hocquenghem
BER Bit Error Rate
BTS Base Transceiver Station
CIR,CFR Channel Impulse Response, Channel Frequency Response
CFR Channel Frequency Response
CQA Channel Quantization Algorithm
COMSEC Communication Security
CSI Channel State Information
FDD Frequency Division Duplex
FEC Forward Error Correction
FuDu Full Duplex
GSM Global System for Mobile communications
IFF Interrogation Friend or Foe
IMSI (IMEI) International Mobile Subscriber (Equipment) Identity
IoT Internet of Things
LDPC Low Density Parity Check
LOS, NLOS Line Of Sight, Non Line Of Sight
LTE Long Term Evolution
MAC Media Access Control
MISO/MIMO Multiple Input Single Output / Multiple Input Multiple Output
NIST National Instrument of Standards and Technology
NETSEC Network Transmission Security
PHYSEC Physical Layer Security
OoM Order of Magnitude
PSS / SSS Primary Synchr. Sequence / Secondary Synchr. Seq. (LTE)
RAT Radio Access Technology
RNG Random Number Generator
Rx,Tx Receiver, Transmitter
SIM Subscriber Identity Module – Self Interference Mitigation
SISO/SIMO Single Input Single Output / Single Input Multiple Output
SKG,SC,SP Secret Key Generation , Secrecy Coding, Secure Pairing
SNR, SINR Signal to Noise Ratio, Signal to Noise + Interference Ratio
SS7 Signaling System No.7
STF, LTF Short Training Field, Long Training Field (Wifi)
TBD - TBS To Be Defined - To Be Studied
TDD Time Division Duplex
TMSI Temporary Mobile Subscriber Identity
TJ Time Jitter
TRANSEC Transmission Security
UE User Equipment
UHF Ultra High Frequencies (300 MHz – 3 GHz)
UMTS Universal Mobile Telecommunications System
USS Unccordinated Spread Spectrum
Some acronyms for the following
5 / 5 / C
OM
EL
EC
TP
T a
nd
F D
elav
eau T
CS
- 2
017M
Ay 0
4 :
"P
hysi
cal
Lay
er S
ecuri
ty –
Tec
hno
log
ies
and
Per
spec
tives
"
Sourc
e –
pro
ject P
HY
LA
WS
funded b
y EC
-FP
7-IC
T-2
01
1-8
GN
317
562
COMELEC Seminar - 04 May 2017 Telecom Paris Tech
SUBSCRIBER IDENTITIY (T/IMSI) IN CLEAR TEXT
AUTHENTICATION PARAMETERS IN CLEAR TEXT
PASSIVE EVE CAN DECODE
ACTIVE EVE CAN JAM, REPLAY ETC. MAN IN THE MIDDLE EVE CAN IMPERSONATE
Can be hacked
or disclosed – see ref.
WHEN EVE GETS THE KEY K/Ki (see references)
SHE CAN BREAK ALL PROTECTIONS…
… BY PASSIVE MEANS ONLY !!
Figure source
Why security enhancement are needed on public networks Example of the LTE “Enhanced Protocol for Security – Authentication Key Agreement” procedure
6 / 6 / C
OM
EL
EC
TP
T a
nd
F D
elav
eau T
CS
- 2
017M
Ay 0
4 :
"P
hysi
cal
Lay
er S
ecuri
ty –
Tec
hno
log
ies
and
Per
spec
tives
"
Sourc
e –
pro
ject P
HY
LA
WS
funded b
y EC
-FP
7-IC
T-2
01
1-8
GN
317
562
COMELEC Seminar - 04 May 2017 Telecom Paris Tech
LEGITIMATE links are Alice to/from Bob
Transmits and receives
A
B
TRANSEC (Transmission Security) is the protection of the transmitted Alice’s and Bob’s signals face to interception
and intrusion attempts of the user receiver (and even jamming and direction finding)
NETSEC (Network Transmission Security) is the protection of the signalling and access messages of Alice and Bob
(usual solutions are authentication and integrity control, sometimes ciphering of signalling in military networks)
COMSEC (Communication Security) is the protection of the data messages of Alice and Bob (voice, sms, mms, high
speed data). Most of solutions are based on ciphering+integrity control schemes of signalling and data.
OUR MAIN APPLICATIONS
Most usual academic hypothesis are:
• Complete information of Eve
about legitimate RATs/waveforms
• No Information of Eve about legitimate
Keys (e.g. Ki Keys on (U)SIM cards)
=> they may be no more valid nowadays
especially into public RATs (ex: SS7 monitoring hacking of Subscriber data bases – see references.)
Studied configuration of wireless links
Brief introduction to PHYSEC
E
Intercepts and monitors
May emit, jam, spoof or impersonate A or B
EAVESDROPPER and RADIO HACKER links are
• Alice to Eve…and even (active) Eve to Alice
• Bob to Eve… and even (active) Eve to Bob
THREAT MODELS
• Passive Eve
• Intelligent (protocol aware) jamming Eve
• Man in The Middle / Wormhole Eve, etc.
Eve
7 / 7 / C
OM
EL
EC
TP
T a
nd
F D
elav
eau T
CS
- 2
017M
Ay 0
4 :
"P
hysi
cal
Lay
er S
ecuri
ty –
Tec
hno
log
ies
and
Per
spec
tives
"
Sourc
e –
pro
ject P
HY
LA
WS
funded b
y EC
-FP
7-IC
T-2
01
1-8
GN
317
562
COMELEC Seminar - 04 May 2017 Telecom Paris Tech
Adding random
to disturb Eve
Antennas’ pattern of A and B:
diagrams, beam directions
Artificial noise to avantage
SNR of B versus E
ALICE
BOB
EVE
Reflection
Diffraction
Scattering and Shadowing Diffusion , masks
Reflexions
Scattering
A
B
E
(Mobile) obstacles between A and B
Multiple paths between A- E and B-E
Signals received by B et E are altered differently
Apply either to outdoor and indoor
Complex wave propagation +
unpredictable (fine) scattering
characteristics
Space, time and frequency propagation diversity
due to fixed and mobile scatters
Transmission/Reception diversity due to antennas
The fine structure of signals at B and A
cannot neither be recovered nor predicted by Eve
Same apply for receiving noise of B and A
Propagation Reciprocity (when Time
Division Duplex radio protocol and stationary
propagation during channel extraction)
Same scatters, angles, distance and propagation in senses
AB and BA => A et B share the same propag. random
Tx and Rx radio calibration of A and B may be necessary
for restoring channel reciprocity
Brief introduction to PHYSEC Alice (A) and Bob (B) : legitimates users– Eve (E): attacker
8 / 8 / C
OM
EL
EC
TP
T a
nd
F D
elav
eau T
CS
- 2
017M
Ay 0
4 :
"P
hysi
cal
Lay
er S
ecuri
ty –
Tec
hno
log
ies
and
Per
spec
tives
"
Sourc
e –
pro
ject P
HY
LA
WS
funded b
y EC
-FP
7-IC
T-2
01
1-8
GN
317
562
COMELEC Seminar - 04 May 2017 Telecom Paris Tech
Illustration with RSSI measurement over time - Source: project Prophylaxe.
Radio Environment is indoor (Factory) with slight mobility of Scatterers and Eve 1.2 l close to Alice
0 1 2 3 4 5
Approximative time(s)
In addition: Indoor time coherence is estimated between 50 to 100 ms
100 ms
Same RSSI figure (after normalisation)
In FWD sens Alice -> Bob
=> Reciprocity In RTN sense Bob -> Alice
Different RSSI figure
In sense Bob -> Eve
In sense Bob -> Alice
Spatial decorrelation
Alice Bob
Eve
Signals are IEEE 802.11n, 2.4 GHz, BW=20 MHz E is located ~ 15cm next to Alice
Brief introduction to PHYSEC Alice (A) and Bob (B) : legitimates users– Eve (E): attacker
9 / 9 / C
OM
EL
EC
TP
T a
nd
F D
elav
eau T
CS
- 2
017M
Ay 0
4 :
"P
hysi
cal
Lay
er S
ecuri
ty –
Tec
hno
log
ies
and
Per
spec
tives
"
Sourc
e –
pro
ject P
HY
LA
WS
funded b
y EC
-FP
7-IC
T-2
01
1-8
GN
317
562
COMELEC Seminar - 04 May 2017 Telecom Paris Tech
Illustration with CSI measurement over time - Source: project Phylaws
Brief introduction to PHYSEC Alice (A) and Bob (B) : legitimates users– Eve (E): attacker
MIMO 4x4 dual sense CSI figures over duration of a few milliseconds (2 frame lengths)
Radio Environment is fixed indoor (laboratory)
and Eve 10 l close to Alice
Blue and Black curves are identical
=> Channel
Reciprocity
=> Key agreement
Blue and Red curves are different
=> Channel
Diversity
Secrecy of keys
when facing Eve
Signals are IEEE 802.11n, 5 GHz, BW=80 MHz E is located ~ 50 cm next to Alice
10 / 10 / C
OM
EL
EC
TP
T a
nd
F D
elav
eau T
CS
- 2
017M
Ay 0
4 :
"P
hysi
cal
Lay
er S
ecuri
ty –
Tec
hno
log
ies
and
Per
spec
tives
"
Sourc
e –
pro
ject P
HY
LA
WS
funded b
y EC
-FP
7-IC
T-2
01
1-8
GN
317
562
COMELEC Seminar - 04 May 2017 Telecom Paris Tech
Provisory Conclusion
When channel is reciprocal and stationary
=> Alice and Bob share the same CIR/CFR estimations
NLOS Bob – Eve dist. > λ/2 (2.4 GHz -> 6 cm)
or LOS Bob – Eve dist. > 5λ (2.4 GHz -> 60 cm)
=> De-correlated waveforms at Bob and Eve sides
=> Eve cannot get the same estimation than Bob
Complex wave propagation and mobile obstacles
=> Eve cannot recover/predict Alice – Bob channel estimate
In any TDD cases, Secret Keys can be generated from the channel
randomness Achieves security pairing !
Achieves secret key generation !
In many TDD and FDD cases, Secret Codes can be computed
=> achieves information theoretic secrecy !
Channel envelope correlation vs Bob-Eve distance
(X. He, H. Dai, proceeding IEEE INFOCOM 2013)
One-ring scatter model:
AS = Angular Spread
Dd : distance difference
Model of the radio channel envelope
correlation
Rich scatter environment => AS > 45°
=> spatial de-correlation when Δd > λ/2
typical example : NLOS outdoor and indoor
Poor scatter environment => AS 5°
=> spatial de-correlation when Δd > 4λ
typical example : LOS rural outdoor and LOS indoor
Brief introduction to PHYSEC Alice (A) and Bob (B) : legitimates users– Eve (E): attacker
11 / 11 / C
OM
EL
EC
TP
T a
nd
F D
elav
eau T
CS
- 2
017M
Ay 0
4 :
"P
hysi
cal
Lay
er S
ecuri
ty –
Tec
hno
log
ies
and
Per
spec
tives
"
Sourc
e –
pro
ject P
HY
LA
WS
funded b
y EC
-FP
7-IC
T-2
01
1-8
GN
317
562
COMELEC Seminar - 04 May 2017 Telecom Paris Tech
PHYLAWS
PHYsical Layer Wireless Security
Project Coordinator:
Thales Communications and Security François Delaveau
Tel: +33 (0)1 46 43 31 32
Fax: +33 (0)1 46 13 25 55
Email: [email protected]
Project website: www.phylaws-ict.org
+ Five Partners:
Institut Mines-Telecom ParisTech (France,
Imperial College of Science, Technology and
Medicine (Unted Kingdom),
Teknologian tutkimuskeskus VTT – OY (Finland),
Celeno Communications Israel Ldt (Israël).
Duration 4 years:
November, 2012 – October, 2016
Funding scheme: STREP
Contract Number: CNECT-ICT-317562
AN ORIGINAL APPROACH:
Merging academic and industrial skills on radio-
propagation, radio-communications and
security.
Integrating usual hypothesis with return of
practical experience
Considering any kind of threats at physical
layer: passive Eve + various active Eve
Focusing on signaling and access phases of
RATs, and not only on established data links.
MAIN GOALS:
To improve security of wireless links: . Radio cell and WLAN
. Slight to strong mobility
(at terminals’ or scatters’ side)
To search for key-free solutions based on
Physec
To experiment these solutions in real field
To search for practical implantations in existing
and future public RATs
Brief introduction to PHYSEC
The PHYLAWS project - EC-FP7-ICT-2011-8 Grant Number 317562
12 / 12 / C
OM
EL
EC
TP
T a
nd
F D
elav
eau T
CS
- 2
017M
Ay 0
4 :
"P
hysi
cal
Lay
er S
ecuri
ty –
Tec
hno
log
ies
and
Per
spec
tives
"
Sourc
e –
pro
ject P
HY
LA
WS
funded b
y EC
-FP
7-IC
T-2
01
1-8
GN
317
562
COMELEC Seminar - 04 May 2017 Telecom Paris Tech
Fondamentals = current academic knowledge about PHYSEC:
Key-less security technique exploiting propagation randomness to establish secret Theory is OK since 1980’s, academic research is intensive, Applications in realistic radio-
environment now exist (IoT in project Prophylaxe, Wireless and WLAN in project Phylaws)
Achievements = 3 protection schemes: Secure Pairing (SP) with Tag Signals (TS) & Interrog. Ackn.Sequences (IASs)
new concept invented, feasibility elements.
Secret Key Generation (SKG)
pre-industrial application to IoT (achieved by Prophylaxe)
feasibility proof for WLAN and LTE networks (Phylaws)
Artificial Noise-Beam Forming (AN-BF) + Secrecy Coding (SC)
feasibility proof for WLAN and LTE networks (Phylaws)
Brief recall the PHYLAWS project - EC-FP7-ICT-2011-8 Grant Number 317562 Our Fondamentals – Our achievements
Following
of the
talk
Annex only
For More information about the dvT and experimental work
Complements on security flaws and threats of public RATs => www.phylaws-ict.org, del. D2.1, references.
Complements on legitimate and attacker signals => www.phylaws-ict.org, del. D2.4, D4.1, D. 4.2, D4.3, D4.4, references.
Brief synthesis of the fundations of Physical layer security => ww.phylaws-ict.org, del. D2.3,D3.1,D3.2,D3.3,D3.4,D3.5,Publications.
Project Phylaws Funded by EC-FP7-ICT-2011-8 GN 317562: www.phylaws-ict.org
Project Prophylaxe: Funded by BMBF GN 16KIS0005K http://www.ict-prophylaxe.de
IET book: «Trusted Communications with Physical Layer Security for 5G and Beyond»,
edited by T.Q.Duong, X.Zhou, and H.V Poor, to be published in the start of 2017
13 / 13 / C
OM
EL
EC
TP
T a
nd
F D
elav
eau T
CS
- 2
017M
Ay 0
4 :
"P
hysi
cal
Lay
er S
ecuri
ty –
Tec
hno
log
ies
and
Per
spec
tives
"
Sourc
e –
pro
ject P
HY
LA
WS
funded b
y EC
-FP
7-IC
T-2
01
1-8
GN
317
562
COMELEC Seminar - 04 May 2017 Telecom Paris Tech
WIDE BAND CHANNEL SOUNDER (TPT – PhD Thesis of Taghrid Mazloum)
Measurements of Frequency domain vs. space domain degree of freedom
Generation of secret keys based on the channel quantization alternate (CQA)
algorithm using two alternative maps with varying map sizes of M (see following)
Comparison of simulations and experiments
Brief recall the PHYLAWS project - EC-FP7-ICT-2011-8 Grant Number 317562 Our experimental material and prototypes
• VN4 (4 ports based),
• freq scanned 2-6 GHz with variable interval Df,
• Bicone UWB antennas for Alice/Bob/Eve
• 121 spatially scanned positions for small scale randomness at Alice
• 51 macro positions in classrooms and 42 positions in the lecture hall for Alice/Bob/Eve
Alice
14 / 14 / C
OM
EL
EC
TP
T a
nd
F D
elav
eau T
CS
- 2
017M
Ay 0
4 :
"P
hysi
cal
Lay
er S
ecuri
ty –
Tec
hno
log
ies
and
Per
spec
tives
"
Sourc
e –
pro
ject P
HY
LA
WS
funded b
y EC
-FP
7-IC
T-2
01
1-8
GN
317
562
COMELEC Seminar - 04 May 2017 Telecom Paris Tech
HW and FW : USRP boards + Clock Board
+ PC Computer build in 6x1 SIMO Rx
Antennas are shared among Bob
and Eve. More details in annex
EVE
URSP boards
Industrial PC
HW and FW : Celeno Wifi 4x4 MIMO Boards and chipsets Performs CSI measurement, Artificial Noise&Beam-Forming, SKG and SC
802.11n/ac MIMO 4x4 3 instances: Alice, Bob, Eve
More details in annex
ALICE
BOB
Wifi Chipset
Host
Board
Includ.
Wifi RF
LEGITIMATE PART (CEL)
DUAL SENSE MIMO LINK ENABLER
UHF ATTACKER PART (TCS) +
SINGLE SENSE SIMO RECORDER
Brief recall the PHYLAWS project - EC-FP7-ICT-2011-8 Grant Number 317562 Our experimental material and prototypes
15 / 15 / C
OM
EL
EC
TP
T a
nd
F D
elav
eau T
CS
- 2
017M
Ay 0
4 :
"P
hysi
cal
Lay
er S
ecuri
ty –
Tec
hno
log
ies
and
Per
spec
tives
"
Sourc
e –
pro
ject P
HY
LA
WS
funded b
y EC
-FP
7-IC
T-2
01
1-8
GN
317
562
COMELEC Seminar - 04 May 2017 Telecom Paris Tech
Brief recall the PHYLAWS project - EC-FP7-ICT-2011-8 Grant Number 317562 Our experimental locations and procedures
Use for academic channel studies and
preliminary design of SKG algorithms
Ref: PhD Thesis of Mrs Taghrid Mazloum
INDOOR MEASUREMENTS IN TPT PREMISES FOR KEY GENERATION
Measurements of Frequency domain vs. space domain degree of freedom
A Rx 3 A Rx 3
Configuration of experiments
Number of frequencies (i.e. scanned BW=Nf.Df)
Nu
mb
er
of a
va
ilab
le k
ey b
its I K
Estimation of generated Key bits with
CQA algorithm
CIR/CFR power profile
16 / 16 / C
OM
EL
EC
TP
T a
nd
F D
elav
eau T
CS
- 2
017M
Ay 0
4 :
"P
hysi
cal
Lay
er S
ecuri
ty –
Tec
hno
log
ies
and
Per
spec
tives
"
Sourc
e –
pro
ject P
HY
LA
WS
funded b
y EC
-FP
7-IC
T-2
01
1-8
GN
317
562
COMELEC Seminar - 04 May 2017 Telecom Paris Tech
Brief recall the PHYLAWS project - EC-FP7-ICT-2011-8 Grant Number 317562 Our experimental locations and procedures
Generation of secret keys based on the channel quantization alternating (CQA)
algorithm using two alternative maps with varying map sizes M (see following slides)
INDOOR MEASUREMENTS IN TPT PREMISES FOR KEY GENERATION
Alice-Bob BER: measured vs. simplified
simulated channel : LOS + dense multipath
• A-B key agreement better for LOS and high
SNR
• Fit between measured and modeled BER
distributions: good in LOS, bad in NLOS
Bob-Eve BER: 15 dB SNR, LOS (worst) case,
CDF over all Eve‟s measured indoor positions,
• BER very close to 0.5, facilitating
amplification of confidentiality
• High map sizes reduce information
leakage to Eve
17 / 17 / C
OM
EL
EC
TP
T a
nd
F D
elav
eau T
CS
- 2
017M
Ay 0
4 :
"P
hysi
cal
Lay
er S
ecuri
ty –
Tec
hno
log
ies
and
Per
spec
tives
"
Sourc
e –
pro
ject P
HY
LA
WS
funded b
y EC
-FP
7-IC
T-2
01
1-8
GN
317
562
COMELEC Seminar - 04 May 2017 Telecom Paris Tech
Brief recall the PHYLAWS project - EC-FP7-ICT-2011-8 Grant Number 317562 Our experimental locations and procedures
GENERIC 6 RX SIMO RECORDS AND ANALYSIS AT UHF RADIO ENVIRTS
Open space
Street
Indoor/Outdoor Classroom
Corridor Amphitheater
Wifi records in the following LTE records in the following
LTE records in the following
LTE records in the following
18 / 18 / C
OM
EL
EC
TP
T a
nd
F D
elav
eau T
CS
- 2
017M
Ay 0
4 :
"P
hysi
cal
Lay
er S
ecuri
ty –
Tec
hno
log
ies
and
Per
spec
tives
"
Sourc
e –
pro
ject P
HY
LA
WS
funded b
y EC
-FP
7-IC
T-2
01
1-8
GN
317
562
COMELEC Seminar - 04 May 2017 Telecom Paris Tech
Brief recall the PHYLAWS project - EC-FP7-ICT-2011-8 Grant Number 317562 Our experimental locations and procedures
Wifi records in the following
• Celeno's Testing Apartment • Line Of sight • Non Line Of sight
Alice TX
Bob TX
DEDICATED 4X4 MIMO RECORDS AT WIFI CARRIERS IN INDOOR
19 / 19 / C
OM
EL
EC
TP
T a
nd
F D
elav
eau T
CS
- 2
017M
Ay 0
4 :
"P
hysi
cal
Lay
er S
ecuri
ty –
Tec
hno
log
ies
and
Per
spec
tives
"
Sourc
e –
pro
ject P
HY
LA
WS
funded b
y EC
-FP
7-IC
T-2
01
1-8
GN
317
562
COMELEC Seminar - 04 May 2017 Telecom Paris Tech
Secret Key Generation (SKG) – Processing
Alice
A
Bob
B
A- Reciprocity restoration
Prior to any SKG processing: Radio Calibration of
Transmitter and receivers of Alice A and Bob B • Phase ambiguities during computations
• synchronization references of OFDM symbol at A and B
• Phase mismatches between A and B antennas+radios
• Gain mismatches entre between A and B antennas+radios
During SKG processing: Normalisation and filtering
of channel estimates at each (Tx, Rx) antenna pair
Calibrated Radios
Normalized
measures
B- Bi-directionals Channel Sounding – Wifi case
A, B and E are Wifi Acces Points MIMO 4x4 (TDD)
A and B exchange sounding frames (NDP), also
captured by E
A, B & E perform independent Channel estimates
Shared
Channel
Channel
Estimation Channel
Estimation
NDP FWD
NDP RTN
C- Key generation
De-correlation pre-processing (stationary channels)
Channel Quantification (≈ multipaths demodulation)
Key Reconciliation (≈ key bit coding and correction)
Secret amplification (≈ key bit hashing)
Channel
Pre-proceesing Channel
Pre-proceesing
Reconciliation Reconciliation sketch
Quantification Quantification
quant. map
Amplification Amplification
Security
metrics
- Control with suitable metrics
Radiocell and Wifi application case
20 / 20 / C
OM
EL
EC
TP
T a
nd
F D
elav
eau T
CS
- 2
017M
Ay 0
4 :
"P
hysi
cal
Lay
er S
ecuri
ty –
Tec
hno
log
ies
and
Per
spec
tives
"
Sourc
e –
pro
ject P
HY
LA
WS
funded b
y EC
-FP
7-IC
T-2
01
1-8
GN
317
562
COMELEC Seminar - 04 May 2017 Telecom Paris Tech
C00- Example of signal records
in very stationary
environment (4G 2.6 GHz)
Alice = BS 4G
At building roof
Aperture of the
antenna array
≈ 30 cm
De-correlation pre-processing (stationary channels)
Secret Key Generation (SKG) – Processing
Great number of generated key bits
(1000x122 in 5 seconds) but the high correlation
of key bits over time can be exploited by Eve’s
attacks 1
22
bit
s
C01- Output of quantification without
channel de-correlation pre-processing
1000 keys in 5 s
time
C02- Output of quantification with
channel de-correlation pre-processing
36
b
its
Lower number of generated
key bits (200x36 en 5s).
But much less correlation
patterns over time 200 keys in 5 s
time
21 / 21 / C
OM
EL
EC
TP
T a
nd
F D
elav
eau T
CS
- 2
017M
Ay 0
4 :
"P
hysi
cal
Lay
er S
ecuri
ty –
Tec
hno
log
ies
and
Per
spec
tives
"
Sourc
e –
pro
ject P
HY
LA
WS
funded b
y EC
-FP
7-IC
T-2
01
1-8
GN
317
562
COMELEC Seminar - 04 May 2017 Telecom Paris Tech
C1- Quantification
(≈ multipath demodulation)
• Objective: generate key bits by « demodulating »
the complex coefficients of the channel estimates
C2- Reconciliation ≈ error correction
of key bits (see details in annex)
• Objective: correct false key bits
between Alice and Bob
• Exchange of public sketch + code
classical decoding
C3- Secrecy amplification (see details in annex)
• Objective: mitigate any added
information disclosure to Eve
• Classical processing in
cryptology: hash function
• Key length reduction
C4- Metrics/controls of keys
(see details in Phylaws D4.5 and D3.5)
• Objective: estimate the key entropy
=> Classical cryto. test:
NIST,
Intel RNG health control
• Control the mutual information of Eve
=> Learning of the radio environment
• Equiprobable Quantization Maps significantly reduces
error risks at map borders (case of low SNR)
• Map index is transmitted but symbol is not
• When amplitude + phase demodulation (CSI)
• Random richness is optimal
• Channel Quantization Alternate algo. (Wallace)
• When amplitude demodulation only (RSSI)
• Processing is robust
• Random richness is poor
Core processing (any channels)
Secret Key Generation (SKG) – Processing
Alice and Bob compute Quantization maps QMA_0 and QMA_1
Then A choses bit value 00 and informs B about her map (QMA_1)
Thus B even choses symbol 00 on map QMA_1
CQA
Case
M=4
CQA
Case
M=16
22 / 22 / C
OM
EL
EC
TP
T a
nd
F D
elav
eau T
CS
- 2
017M
Ay 0
4 :
"P
hysi
cal
Lay
er S
ecuri
ty –
Tec
hno
log
ies
and
Per
spec
tives
"
Sourc
e –
pro
ject P
HY
LA
WS
funded b
y EC
-FP
7-IC
T-2
01
1-8
GN
317
562
COMELEC Seminar - 04 May 2017 Telecom Paris Tech
Indoor classroom
12
7 k
ey
Bit
s
LTE indoor 2645 MHz
Classroom
fixed position
49 Keys in 5s
22
Indoor office
12
7 B
its
Wifi 2400 MHz Indoor
fixed LOS 152 Keys in 2s
12
7 k
ey
Bit
s
12
7 k
ey
Bit
s
Wifi 2400 MHz Indoor. Slight
mobile NLOS 171 Keys in 2s
Indoor office Outdoor Street
LTE 800 MHz Urban Street 348 Keys in 5s
LTE 2600 MHz Urban Street 284 Keys in 5s
12
7 k
ey
Bit
s
12
7 k
ey
Bit
s
EVEN IN THE MOST
DIFFICULT CASE,
SKG WORKS WELL.
Wifi and LTE results
SKG based on CSI
Generated Keys
Secret Key Generation (SKG) – Experiments Single sense Experiments for LTE-TDD and Wifi
23 / 23 / C
OM
EL
EC
TP
T a
nd
F D
elav
eau T
CS
- 2
017M
Ay 0
4 :
"P
hysi
cal
Lay
er S
ecuri
ty –
Tec
hno
log
ies
and
Per
spec
tives
"
Sourc
e –
pro
ject P
HY
LA
WS
funded b
y EC
-FP
7-IC
T-2
01
1-8
GN
317
562
COMELEC Seminar - 04 May 2017 Telecom Paris Tech
NIST Runs tests
Determines whether the oscillation between
0s and 1s is too fast or too slow.
NIST frequency monobit tests
Determines whether the numbers of 0s and 1s in
the key are approximately the same as would be
expected for a truly random sequence.
LTE Indoor
(2.6GHz)
Outdoor
(2.6GHz)
Quantization only 98%
(48/49)
99%
(281/284)
Quant+Reconciliation
+Amplification
100%
(49/49)
100%
(284/284)
LTE Indoor
(2.6GHz)
Outdoor
(2.6GHz)
Quantization only 27%
(13/49)
80%
(228/284)
Quant+Reconciliation
+Amplification
100%
(49/49)
100%
(284/284)
WIFI indoor LOS
(2.4 GHz)
NLOS
(2.4 GHz)
Quantization 87%
(132/152)
100%
(171/171)
Quant+Reconciliati
on +Amplification
99%
(151/152)
100%
(171/171)
WIFI Indoor LOS
(2.4 GHz)
NLOS
(2.4 GHz)
Quantization only 84%
(128/152)
99%
(169/171)
Quant.+Reconcilia
tion +Amplification
98%
(149/152)
99%
(170/171)
How PHYSEC can help security, identity authentication, confidentiality Single sense Experiments for LTE-TDD and Wifi
Secret Key Generation (SKG) – Experiments
Wifi and LTE results SKG based on CSI: Quality test of Generated keys
24 / 24 / C
OM
EL
EC
TP
T a
nd
F D
elav
eau T
CS
- 2
017M
Ay 0
4 :
"P
hysi
cal
Lay
er S
ecuri
ty –
Tec
hno
log
ies
and
Per
spec
tives
"
Sourc
e –
pro
ject P
HY
LA
WS
funded b
y EC
-FP
7-IC
T-2
01
1-8
GN
317
562
COMELEC Seminar - 04 May 2017 Telecom Paris Tech
Eve Alice
Bob
Rx E Tx A
Rx B
4 Wifi antenna - Gain 2 dBi
Omnidirectional in azimuth
Host
board
B- Parameters :
• 200 captures FWD+RTN each 60 ms
• 8 captures 1 entry for SKG (25 key
computations)
• Quantif. Ampl + Phase on 4 bits
=> 228 keys of 127 bits each
=> 114 keys of 256 bits each
• Reconciliation: BCH (127;29)
• Amplification: Hash 2 Universe.
Secret Key Generation (SKG) – Experiments Dual sense Wifi experiments 2.4 GHz - LOS geometry
A- Line Of Sight geometry
Chipset 4x4 MIMO
Wifi 802.11n/ac
C- following results for configuration ”low dist.”
SKG under Wifi devices
25 / 25 / C
OM
EL
EC
TP
T a
nd
F D
elav
eau T
CS
- 2
017M
Ay 0
4 :
"P
hysi
cal
Lay
er S
ecuri
ty –
Tec
hno
log
ies
and
Per
spec
tives
"
Sourc
e –
pro
ject P
HY
LA
WS
funded b
y EC
-FP
7-IC
T-2
01
1-8
GN
317
562
COMELEC Seminar - 04 May 2017 Telecom Paris Tech
Propagation Amplitude reciprocity OK and secret ≈ OK
Secrecy Default
Importance
of privacy
amplification
( spreading
of Eve’s
errors
on key bits)
Secret Key Generation (SKG) – Experiments Dual sense Wifi experiments 2.4 GHz - LOS geometry
26 / 26 / C
OM
EL
EC
TP
T a
nd
F D
elav
eau T
CS
- 2
017M
Ay 0
4 :
"P
hysi
cal
Lay
er S
ecuri
ty –
Tec
hno
log
ies
and
Per
spec
tives
"
Sourc
e –
pro
ject P
HY
LA
WS
funded b
y EC
-FP
7-IC
T-2
01
1-8
GN
317
562
COMELEC Seminar - 04 May 2017 Telecom Paris Tech
Propagation Phase reciprocity ≈ OK and secret OK
Secret Key Generation (SKG) – Experiments Dual sense Wifi experiments 2.4 GHz - LOS geometry
Reciprocity
Default
Importance
of reconci-
liation
( error
correction
on key bits
computed
by Alice
and Bob)
27 / 27 / C
OM
EL
EC
TP
T a
nd
F D
elav
eau T
CS
- 2
017M
Ay 0
4 :
"P
hysi
cal
Lay
er S
ecuri
ty –
Tec
hno
log
ies
and
Per
spec
tives
"
Sourc
e –
pro
ject P
HY
LA
WS
funded b
y EC
-FP
7-IC
T-2
01
1-8
GN
317
562
COMELEC Seminar - 04 May 2017 Telecom Paris Tech
Min-entropy estimates
Alice Bob Eve
Most common value
estimate 0.95 0.95 0.93
Collision estimate 0.18 0.18 0.17
Markov estimate 0.34 0.36 0.33
Compression estimate 0.22 0.22 0.21
Min-entropy 0.18 0.18 0.17
Mutual information
estimates
Alice -
Bob
Alice -
Eve
Bob -
Eve
Most common value
estimate 0.91 0.31 0.32
Collision estimate 0.22 0.15 0.15
Markov estimate 0.46 0.32 0.32
Compression estimate 0.30 0.19 0,19
Min mutual information 0.22 0.15 0.15
Max mutual information 0.91 0.32 0.32
Min-entropy
estimates
of Wifi
radio channels
Mutual information
estimates
of Wifi
radio channels (more details in Phylaws
D4.5 and D3.5)
Ensure the capability
of computing secret key
which remain private
when facing Eve
Secret Key Generation (SKG) – Experiments Dual sense Wifi experiments 2.4 GHz - LOS geometry
28 / 28 / C
OM
EL
EC
TP
T a
nd
F D
elav
eau T
CS
- 2
017M
Ay 0
4 :
"P
hysi
cal
Lay
er S
ecuri
ty –
Tec
hno
log
ies
and
Per
spec
tives
"
Sourc
e –
pro
ject P
HY
LA
WS
funded b
y EC
-FP
7-IC
T-2
01
1-8
GN
317
562
COMELEC Seminar - 04 May 2017 Telecom Paris Tech
Key bit errors between A and B after
each step:
0 50 100 150 200 2500
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1
key block number
Mis
matc
h
quantization
reconciliation
amplification
0 50 100 150 200 2500
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1
key block number
BE
R
quantization
reconciliation
amplification
Key bit errors between A and E
after each step:
Keys perfectly shared
betwwen A and B
Keys secret for E
─ Quantification (error 10%)
o Reconciliation (error 0% )
+ Amplification (error 0%)
─ Quantification (error 40 %)
o Reconciliation (error 50%)
+ Amplification (error 50%)
Secret Key Generation (SKG) – Experiments Dual sense Wifi experiments 2.4 GHz - LOS geometry
29 / 29 / C
OM
EL
EC
TP
T a
nd
F D
elav
eau T
CS
- 2
017M
Ay 0
4 :
"P
hysi
cal
Lay
er S
ecuri
ty –
Tec
hno
log
ies
and
Per
spec
tives
"
Sourc
e –
pro
ject P
HY
LA
WS
funded b
y EC
-FP
7-IC
T-2
01
1-8
GN
317
562
COMELEC Seminar - 04 May 2017 Telecom Paris Tech P.29
Estimation of key randomness
228 keys of 127 bits each
20 40 60 80 100 120 140 160 180 200 220
20
40
60
80
100
120
20 40 60 80 100 120 140 160 180 200 220
20
40
60
80
100
120
o After reconciliation
Keys are approximately random
o After amplification
Estimation of key randomness
228 keys of 127 bits each
Keys are perfectly random
Secret Key Generation (SKG) – Experiments Dual sense Wifi experiments 2.4 GHz - LOS geometry
30 / 30 / C
OM
EL
EC
TP
T a
nd
F D
elav
eau T
CS
- 2
017M
Ay 0
4 :
"P
hysi
cal
Lay
er S
ecuri
ty –
Tec
hno
log
ies
and
Per
spec
tives
"
Sourc
e –
pro
ject P
HY
LA
WS
funded b
y EC
-FP
7-IC
T-2
01
1-8
GN
317
562
COMELEC Seminar - 04 May 2017 Telecom Paris Tech
Number of 127-bits keys with successfull NIST
“mono-bit frequency test” good statistical results
0 5 10 15 20 250
1
2
3
4
5
6
7
8
9
10
11
12
after quantization
after amplification
Number of 127-bits keys with successfull INTEL
“Intel Health Check ” good statistical results
0 5 10 15 20 250
1
2
3
4
5
6
after quantization
after amplification
Number of 256-bits keys recovered by Bob and Eve
Key Agreement is perfect - key secrecy is perfect
0 5 10 15 20 250
1
2
3
4
5
6
Bob
Eve
Number of 127-bits keys with successfull NIST
“run test” good statistical results
0 5 10 15 20 250
1
2
3
4
5
6
7
8
9
10
11
12
after quantization
after amplification
Secret Key Generation (SKG) – Experiments Dual sense Wifi experiments 2.4 GHz - LOS geometry
31 / 31 / C
OM
EL
EC
TP
T a
nd
F D
elav
eau T
CS
- 2
017M
Ay 0
4 :
"P
hysi
cal
Lay
er S
ecuri
ty –
Tec
hno
log
ies
and
Per
spec
tives
"
Sourc
e –
pro
ject P
HY
LA
WS
funded b
y EC
-FP
7-IC
T-2
01
1-8
GN
317
562
COMELEC Seminar - 04 May 2017 Telecom Paris Tech
Artificial Noise and Beam Forming – Principle and simulation
0 2 4 6 8 10 12 14 160
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1
Average SNR [dB]
PE
R
Bob MCS = 1
Bob MCS = 2
Bob MCS = 3
Eve MCS = 1
Eve MCS = 2
Eve MCS = 3
Wifi simulations (Packet error rate)
1/ Alice has four antennas and emits one
802.11n data stream and three noise streams
2/ Bob and Eve have respectively 2 and 4
antennas, with the same receiving capabilities - Dash line: Packet Error Rate of Eve vs SNR
- Solid line: Packet Error Rate of Bob vs SNR
- Color: Modulation and coding Scheme (MCS)
BOB
EVE
General principle in MIMO Tx-Tx
1/ Extract the Alice-Bob Channel matrix (CIR or CFR)
and its orthogonal directions
2/ Transmit noise streams on orthogonal directions.
Eve cannot estimate the legitimate CIR, she is thus
forced into low Signal to Noise Ratio (SNR).
3/ Beam-form of the Alice-Bob data stream for Bob to
maximize link budget.
Jammed
zone
Beam-Formed
clean zone
BOB
User
Data
stream
ALICE
Noise
Stream
EVE 1
EVE 2 Noise
Stream
Wifi Case – Principle and illustrations
Radio advantage built with Artificial Noise + Beam forming
32 / 32 / C
OM
EL
EC
TP
T a
nd
F D
elav
eau T
CS
- 2
017M
Ay 0
4 :
"P
hysi
cal
Lay
er S
ecuri
ty –
Tec
hno
log
ies
and
Per
spec
tives
"
Sourc
e –
pro
ject P
HY
LA
WS
funded b
y EC
-FP
7-IC
T-2
01
1-8
GN
317
562
COMELEC Seminar - 04 May 2017 Telecom Paris Tech
Wifi Case – Implantation and experiments
Radio advantage built with Artificial Noise + Beam Forming
AN-BF and Radio Advantage Results AN-BF Implantations
L-STF
8 ms
VHT-STF
4 ms
L+VHT SIG
12 ms
VHT-LTF-1
3.2 ms
L-LTF
8 msGI GI
VHT-LTF-2
3.2 msGI
VHT-LTF-3
3.2 msGI
VHT-LTF-4
3.2 msDATA PAYLOAD
Alice FFT Window
Bob FFT Window
Symbol Timing Offset
• Alice has four TX antennas and emits
one 802.11ac data stream and three
noise streams
• Bob is a single to four antenna device
• Radio advantage is normalized to a
single antenna Eve
• AN is applied on data portion of frame
only
o AN applied on MAC header (not
protected by WPA/WEP) =>
privacy protection and defense
from MAC spoofing
• Simulations are based on fixed point
model of the Testbed, and includes all
protocol and implementation losses
AN-BF is
applied here
Equal power of user data steam and noise stream
Signal to Artifical Noise ratio = 0 dB
Signal to Interf + Noise ratio at Bob is 6,5 dB
Radio advantage / Eve is 7 dB
33 / 33 / C
OM
EL
EC
TP
T a
nd
F D
elav
eau T
CS
- 2
017M
Ay 0
4 :
"P
hysi
cal
Lay
er S
ecuri
ty –
Tec
hno
log
ies
and
Per
spec
tives
"
Sourc
e –
pro
ject P
HY
LA
WS
funded b
y EC
-FP
7-IC
T-2
01
1-8
GN
317
562
COMELEC Seminar - 04 May 2017 Telecom Paris Tech
Focus on SC principle
A- Preliminary Radio advantage
• Objective: provide at better capacity at Bob‟s
side than at Eve‟s side
• Simple cause of single path channel +
Gaussian additive noise + interference:
Radio advantage: (SINR)B,dB - (SINR)E,dB
Secrecy capacity: CSEC=
CSEC = log2[[1+10((SINR)B,dB)/10]/[1+10((SINR)E,dB)/10]
B- Objective of the secrecy codes
• correct bit errors between Alice and
Bob
• warranty null information leakage
towards Eve
• Condition: rate less than CSEC.
C- Practical secrecy coding scheme
developed in Phylaws WP4
• Concatenation of two codes
A usual Inner FEC Code: able to
provide sufficient error correction
capability when facing any kind of
realistic radio channel
An added Outer Code (nested polar or
Reed Muller) able to provide secrecy
• The result is a sub-optimal scheme
which is close to the optimum
𝑩 Outer
Encoder
Inner FEC
Encoder Radio
Channel
FEC
Decoder
Outer
Decoder 𝑩
AWGN
SISO
MIMO
BSC
like Signal Modulator
Signal Demodulator
Equalizer
AWGN
like
𝑺 𝑿 𝑴 𝑴
• One practical mean for achieving the radio
advantage is Artificial Noise and Beam Forming • See the previous slide
• Eve is forced into low SNR radio because of
interference from Alice (see previous slide)
• Thanks for the Beam-Forming Bob keeps a
high SINR radio (see previous slide)
at Bob‟s Rx at Eve‟s Rx
at Bob‟s Rx at Eve‟s Rx
Our particular implantation
Secrecy Coding under radio advantage
34 / 34 / C
OM
EL
EC
TP
T a
nd
F D
elav
eau T
CS
- 2
017M
Ay 0
4 :
"P
hysi
cal
Lay
er S
ecuri
ty –
Tec
hno
log
ies
and
Per
spec
tives
"
Sourc
e –
pro
ject P
HY
LA
WS
funded b
y EC
-FP
7-IC
T-2
01
1-8
GN
317
562
COMELEC Seminar - 04 May 2017 Telecom Paris Tech
-1 0 1 2 3 4 5 6 7
100
SINR (in dB)
BE
R o
f U
D b
its
10-1
10-2
10-3
10-4
10-5
10-6
LDPC decoder
Polar, SC1 rate: 0.4
Polar, SC2 rate: 0.3
Polar, SC3 rate: 0.23
RM, SC4 rate: 0.33
RM, SC5 rate: 0.25
BER -> 0.2
BER = 0.5 Focus on SC – Implantaion and simulation
𝑿 Polar
or RM
outer encoder
FEC
inner encoder
Radio
Channel
FEC
inner decoder
Polar
or RM outer
decoder
𝑿
Target BER for
Bob
Bob‟s
side
Bob‟s
side
Coding schemes SC 1 SC 2 SC 3 SC 4 SC 5
Inner code LDPC code of length 1296 and rate 5/6 defined in
the 802.11 standard
Outer code PC PC PC RMC RMC
Eves’s target rate 0.1 0.1 0.1 0.05 0.05
Bob’s target rate 0.6 0.5 0.4 0.5 0.4
R bits,
UD bits,
P bits
102,
512,
410
102,
409,
513
102,
307,
615
56,
430,
538
56,
330,
638
Theoretical Secret
rate 0.5 0.4 0.3 0.45 0.35
Secret Bits Rate 0.4 0.33 0.24 0.33 0.25
Target BER for
Eve
Eves‟
side
Eves‟
side
Ex
am
ple
with
SC
5
Radio Advantage
Received image around
SINREve=2 dB targeted
for BEREve=0.5
Received image for
SINRuser = SINREve + 1 dB
BEREve=0.3
Received image for
SINRbob SINRbob =4.7 dB
targeted for BERBob= 5 10-5
Received image for
SINRuser = SINRbob – 1.5 dB
BERBob=0.04
2,7 dB
Low SINREve BER = 0.2: information leackage remains
Low SINREve BER = 0.5: no more information leackage
Our particular implantation
Secrecy Coding under radio advantage
35 / 35 / C
OM
EL
EC
TP
T a
nd
F D
elav
eau T
CS
- 2
017M
Ay 0
4 :
"P
hysi
cal
Lay
er S
ecuri
ty –
Tec
hno
log
ies
and
Per
spec
tives
"
Sourc
e –
pro
ject P
HY
LA
WS
funded b
y EC
-FP
7-IC
T-2
01
1-8
GN
317
562
COMELEC Seminar - 04 May 2017 Telecom Paris Tech
NLOS GEOMETRY
Experimentations at Wifi links (802.11ac - 5 GHz)
Secrecy Coding under radio advantage
LOS GEOMETRY
36 / 36 / C
OM
EL
EC
TP
T a
nd
F D
elav
eau T
CS
- 2
017M
Ay 0
4 :
"P
hysi
cal
Lay
er S
ecuri
ty –
Tec
hno
log
ies
and
Per
spec
tives
"
Sourc
e –
pro
ject P
HY
LA
WS
funded b
y EC
-FP
7-IC
T-2
01
1-8
GN
317
562
COMELEC Seminar - 04 May 2017 Telecom Paris Tech
NLOS Geometry – middle distance Bob-Eve with respect to previews slides
Several Wifi Modulation and Coding Schemes (MCS)
Values of AN to User Data power tuned to MCS (aSIR,Alice,Tx = 0.1, 0.25, 0.25, 0.5, 0.75)
Plots show conventional-coded (blue) and Secret-Coded BER (red) Wifi packets
Note that ~50% BER (after SC red curves) is consistent with ultimate “semantic” security ,
with low variance between frames “perfect” secrecy is experimentally proven
Outer code built with nested Reed Muller Codes
0 50 100 1500
10
20
30
40
50
60
Packet Index
BE
R (
%)
MCS 4 / alpha = 0.75
0 50 100 1500
10
20
30
40
50
60MCS 5 / alpha = 0.5
Packet Index
BE
R (
%)
0 50 100 1500
10
20
30
40
50
60MCS 6 / alpha = 0.25
Packet Index
BE
R (
%)
0 50 100 1500
10
20
30
40
50
60MCS 7 / alpha = 0.1
Packet Index
BE
R (
%)
Uncoded
RM Code
------ Channel code
------ Secrecy code
------ Channel code
------ Secrecy code
------ Channel code
------ Secrecy code
------ Channel code
------ Secrecy code
0 50 100 1500
10
20
30
40
50
60
Packet Index
BE
R (
%)
MCS 4 / alpha = 0.75
0 50 100 1500
10
20
30
40
50
60
Packet Index
BE
R (
%)
MCS 5 / alpha = 0.5
0 50 100 1500
10
20
30
40
50
60
Packet Index
BE
R (
%)
MCS 6 / alpha = 0.25
0 50 100 1500
10
20
30
40
50
60
Packet Index
BE
R (
%)
MCS 7 / alpha = 0.1
Uncoded
Polar Code
Outer code built with nested Polar Codes
------ Channel code
------ Secrecy code
------ Channel code
------ Secrecy code
------ Channel code
------ Secrecy code
------ Channel code
------ Secrecy code
Experimentations at Wifi links (802.11ac - 5 GHz)
Secrecy Coding under radio advantage
37 / 37 / C
OM
EL
EC
TP
T a
nd
F D
elav
eau T
CS
- 2
017M
Ay 0
4 :
"P
hysi
cal
Lay
er S
ecuri
ty –
Tec
hno
log
ies
and
Per
spec
tives
"
Sourc
e –
pro
ject P
HY
LA
WS
funded b
y EC
-FP
7-IC
T-2
01
1-8
GN
317
562
COMELEC Seminar - 04 May 2017 Telecom Paris Tech
Synthesis of PHYSEC schemes for air interface security
Scheme Techn. Status Requirement Secrecy efficiency RAT application
Technological maturity and application perspectives
38 / 38 / C
OM
EL
EC
TP
T a
nd
F D
elav
eau T
CS
- 2
017M
Ay 0
4 :
"P
hysi
cal
Lay
er S
ecuri
ty –
Tec
hno
log
ies
and
Per
spec
tives
"
Sourc
e –
pro
ject P
HY
LA
WS
funded b
y EC
-FP
7-IC
T-2
01
1-8
GN
317
562
COMELEC Seminar - 04 May 2017 Telecom Paris Tech
Thank you for your attention
Find more information on our website
www.phylaws-ict.org
39 / 39 / C
OM
EL
EC
TP
T a
nd
F D
elav
eau T
CS
- 2
017M
Ay 0
4 :
"P
hysi
cal
Lay
er S
ecuri
ty –
Tec
hno
log
ies
and
Per
spec
tives
"
Sourc
e –
pro
ject P
HY
LA
WS
funded b
y EC
-FP
7-IC
T-2
01
1-8
GN
317
562
COMELEC Seminar - 04 May 2017 Telecom Paris Tech
ANNEXES
Physec: wiretap channel , theoretical basics, Eve’s model
More about Secure Pairing
Building of the generic UHF single sense test bed
Measuring the CFR of OFDM wave forms with the generic UHF single sense
test bed
Building of the dedicated Wifi Demonstrator
Development of the CSI extraction in to the dedicated Wifi Demonstrator
Development of the SKG into the dedicated Wifi Demonstrator
Performance of the AN into the dedicated Wifi Demonstrator
Performance of the SC into the dedicated Wifi Demonstrator
40 / 40 / C
OM
EL
EC
TP
T a
nd
F D
elav
eau T
CS
- 2
017M
Ay 0
4 :
"P
hysi
cal
Lay
er S
ecuri
ty –
Tec
hno
log
ies
and
Per
spec
tives
"
Sourc
e –
pro
ject P
HY
LA
WS
funded b
y EC
-FP
7-IC
T-2
01
1-8
GN
317
562
COMELEC Seminar - 04 May 2017 Telecom Paris Tech
Alice
Bob
Eve
Signal
Noise
Signal
Noise
SK
Memory-less
Source Data Blocks length K
Entropy:
(instantaneous)
HS=H(SK)/K
ALICE
Transmits
signal block XN
Coding rate: K/N
BOB
Receives
signal YN
decodes
Csh (A->B) = Sup {I(XN;YN) ; PXN}
Legitimate Channel: FWD Alice to Bob: h(A->B) ;
RTN (Bob to Alice ): h(B->A)
S’K ^
Mutual information:
I(XN;YN) ≤ Csh (A->B)
Perfect secrecy is
I(XN;YN) ↑ Csec (A->B)
Csh (A->E) = Sup {I(XN;YN) ; PXN}
EVE
Intercepts
signal ZN
decodes
Passive Attacker Channel: FWD Alice to Eve: h(A->E)
FWD Bob to Eve: h(B->E)
S’’K ^
Equivocation
∆=H(SK/ZN)/K
Information leakage
I(SK;ZN) ≥ 0
Perfect secrecy:
∆=H(S)I(SK;ZN) = 0
T.M. Cover and J.A. Thomas, Elements of Information Theory. New York: Wiley, 1991.
M.Bloch and J.Barros, "Physical layer security - from information theory to security engineering," Cambridge University Press, 2011
Physec: Wiretap channel
ANNEX
41 / 41 / C
OM
EL
EC
TP
T a
nd
F D
elav
eau T
CS
- 2
017M
Ay 0
4 :
"P
hysi
cal
Lay
er S
ecuri
ty –
Tec
hno
log
ies
and
Per
spec
tives
"
Sourc
e –
pro
ject P
HY
LA
WS
funded b
y EC
-FP
7-IC
T-2
01
1-8
GN
317
562
COMELEC Seminar - 04 May 2017 Telecom Paris Tech
III/
II/
I/
II/
III/
T.M. Cover and J.A. Thomas, Elements of Information Theory. New York: Wiley, 1991.
M.Bloch and J.Barros, "Physical layer security - from information theory to security engineering," Cambridge University Press, 2011
=> at Eve’s side
- Equivocation is ∆=H(SK/ZN)/K (uncertainty remaining at Eves side / her observation Z)
- Information leakage is I(SK;ZN) ≥ 0
- Perfect secrecy means ∆=H(S) I(SK;ZN) = 0
(total uncertainty no information whatever is Eve’s observation Z)
Physec: theoretical basics
ANNEX
I’/ Min-entropy Hmin(X) : most conservative measure of the uncertainty of a set of X samples Hmin(X) is experimentally computatble with NIST estimators (see ref) and Hmin(X) H(X)
III’/ Min mutual information is also approximately estimated from the min-entropy Hmin(X) : 𝐼𝑚𝑖𝑛 𝐴, 𝐵 = 𝐻𝑚𝑖𝑛 𝐴 + 𝐻𝑚𝑖𝑛 𝐵 − 𝐻𝑚𝑖𝑛 𝐴, 𝐵
42 / 42 / C
OM
EL
EC
TP
T a
nd
F D
elav
eau T
CS
- 2
017M
Ay 0
4 :
"P
hysi
cal
Lay
er S
ecuri
ty –
Tec
hno
log
ies
and
Per
spec
tives
"
Sourc
e –
pro
ject P
HY
LA
WS
funded b
y EC
-FP
7-IC
T-2
01
1-8
GN
317
562
COMELEC Seminar - 04 May 2017 Telecom Paris Tech
IV/ HOW PERFECT SECRECY CAN BE ACHIEVED WITH SECRET CODES ∆=HS I(SK;ZN) ≡ 0
=> Secrecy capacity Csec(A->B/E) achieves Max {I(XN;YN )
over X distribution PX and over constraint ∆ = HS
=> In practice achieving secrecy requires a “radio-channel advantage”, i.e. :
Csh(A->B) > Csh(A->E) (AWGN case : SNRB > SNRE)
=> under the previous conditions and some (very general) symmetry assumptions
Csec(A->B/E) = Csh(A->B) - Csh(A->E)
≤ Csh(A->B) Illustration of (weak) secrecy (QAM)
16 QAM symbol = 4 bits x‟y‟x‟‟ y‟‟ beeing „‟0‟‟ ou „‟1‟‟
Worst protected bits : x‟ y‟ quadran designation
Best protected bits : x‟‟ y‟‟ symbol in the quadran x‟y‟x‟‟y‟‟
Aaron Wyner. The Wire-Tap Channel". In: Bell Syst. Tech. J. 54.8 (Oct. 1975),
pp. 1355{1387).
Leung Yan Cheong and Martin Hellman. \The Gaussian Wire-Tap Channel". In:
IEEE Trans. Inform. Theory 24 (1978), pp. 451{456.
Frederique Oggier, Patrick Sole, and Jean-Claude Belore. \Lattice Codes for the
Wiretap Gaussian Channel: Construction and Analysis". Mar. 2011.
=> Existence of secrecy codes is proven,
but proof is not constructive
=> the key for achieving secrecy coding is
- the existence of sub-codes
in the channel codes
- the suitable mapping
of bits to be protected
Physec: theoretical basics
ANNEX
43 / 43 / C
OM
EL
EC
TP
T a
nd
F D
elav
eau T
CS
- 2
017M
Ay 0
4 :
"P
hysi
cal
Lay
er S
ecuri
ty –
Tec
hno
log
ies
and
Per
spec
tives
"
Sourc
e –
pro
ject P
HY
LA
WS
funded b
y EC
-FP
7-IC
T-2
01
1-8
GN
317
562
COMELEC Seminar - 04 May 2017 Telecom Paris Tech
V/ HOW SECRET KEYS OF SIGNIFICANT LENGTH CAN BE GENERATED
=> known Channel Quantization Algorithm (CQA) based on RSSI (Received Signal Strength Indication)
based on CSI (Channel State Information) : ampl. and phase of paths
Number of generated bits:
𝐼𝐾 = 𝐼 ℎ(𝐴→𝐵) ; ℎ(𝐵→𝐴)
in case of reciprocal channels
(ℎ(𝐴→𝐵) = ℎ(𝐵→𝐴)), IK = H h𝐴→𝐵
Number of secure bits:
𝐼𝑆𝐾 = 𝐼(ℎ𝐴→𝐵 ; ℎ𝐵→𝐴|h𝐴→𝐸 , ℎ𝐵→𝐸)
Number of non-secure bits:
𝐼𝑉𝐾 = 𝐼𝐾 - 𝐼𝑆𝐾
Illustration of SKG scenario
with « disk distributed scatters »
Antenna number
U.Maurer, "Secret key agreement by public discussion from
common information," IEEE Transactions on Information Theory,
1993, pp. 733-742.
J. Wallace and R. Sharma, "Automatic secret keys from reciprocal
MIMO wireless channels: measurement and analysis," IEEE Trans.
Inf. Forensics and Security, vol. 5, no. 3, pp. 381-392, Sep. 2010.
Physec: theoretical basics
ANNEX
44 / 44 / C
OM
EL
EC
TP
T a
nd
F D
elav
eau T
CS
- 2
017M
Ay 0
4 :
"P
hysi
cal
Lay
er S
ecuri
ty –
Tec
hno
log
ies
and
Per
spec
tives
"
Sourc
e –
pro
ject P
HY
LA
WS
funded b
y EC
-FP
7-IC
T-2
01
1-8
GN
317
562
COMELEC Seminar - 04 May 2017 Telecom Paris Tech
Passive Eve - Short model description:
Eve’s procedures
- Aware about the standard, sometimes about subscriber keys
- Records all signal
- demodulates and decodes signalling and data messages between Alice and Bob
- does not emit any signal
Eve’s limits / drawbacks
- cannot influence the legitimate exchanges
- Very sensitive to radio propagation and poor energy budget
Eve’s advantages
- no real-time constraints of any kind
Major risks for legitimates
Monitoring of 2G (A5-1/2 A8 A3) and WLAN (WEP and WPA - WPA2 in question )
In 3G 4G, maximal risk occurs when Eve is informed about their Subscribers keys (Ki on
SIM, K on USIM, etc.) and can also compute off-line the complete legitimate data.
NOTE: Such risks illustrate the limits the current approach of public wireless security based
only on cryptographic key distribution..
Physec: Eve‟s models
ANNEX
45 / 45 / C
OM
EL
EC
TP
T a
nd
F D
elav
eau T
CS
- 2
017M
Ay 0
4 :
"P
hysi
cal
Lay
er S
ecuri
ty –
Tec
hno
log
ies
and
Per
spec
tives
"
Sourc
e –
pro
ject P
HY
LA
WS
funded b
y EC
-FP
7-IC
T-2
01
1-8
GN
317
562
COMELEC Seminar - 04 May 2017 Telecom Paris Tech
“Intelligent Jamming” Eve (IJ) - Short model description:
Eve’s procedures
- Partially aware of the legitimate protocol
- Informed about dedicated sequences between Alice and Bob in signalling and in negotiation
(for example the authentication protocol, the CSI protocol and the relevant messages).
- Dedictée jamming influences the radio access protocol of legitimate users, especially at the
negotiation stage.
- Deny high level services such as 3G and 4G, highest data rates, MIMO RATs enabling, etc.
Eve’s limits / drawbacks
- Uite accurate Synchronization is needed at legitimate frame/protocol/target messages
Eve’s advantages
- Jamming only, no necessity for demodulation nor modulation of Rx Tx signals
- Jams only few messages with dedicated signals => short time, furtive, low mean power
- No significant real time constraints (propagation time can be easily anticipated when synchro. is OK).
Major risks for legitimates
- Deny 3G and 4G in order to force 2G,
- Deny high level services such as highest data rates, MIMO RATs enabling, Chan. State Information,
Artificial Noise + beam Forming enabling, SKG and SC, even cipher enabling in some cases…
- Forcing into a less secure protocol, then monitoring in passive mode.
Physec: Eve‟s models
ANNEX
46 / 46 / C
OM
EL
EC
TP
T a
nd
F D
elav
eau T
CS
- 2
017M
Ay 0
4 :
"P
hysi
cal
Lay
er S
ecuri
ty –
Tec
hno
log
ies
and
Per
spec
tives
"
Sourc
e –
pro
ject P
HY
LA
WS
funded b
y EC
-FP
7-IC
T-2
01
1-8
GN
317
562
COMELEC Seminar - 04 May 2017 Telecom Paris Tech
“Man-In-The-Middle” Eve (MITM) - Short model description:
Eve’s procedures
- Aware bout the complete legitimate protocol
- Intercepts, processes, replays exchanged messages between Alice and Bob,
- Impersonate legitimate Tx (and even operators) and / or spoofs legitimate Rx messages, in
order to overpass the authentication, to modify the computation of cipher keys, etc.
Eve’s limits / drawbacks - Very sensitive to network engineering conditions (power of impersonated BS versus power of Eve‟s TX)
- Very sensitive to radio conditions (receiving part of Eve), while Eve cannot achieve the control of legitimate
transmit power
- Maximal real time constraints
- Highest complexity: accurate synchronization is needed at legitimate protocol/frame/messages, real time
demodulation and modulation of Rx Tx signals are required, etc.
- when impersonating or spoofing is partial MITM may be very indiscrete (“basic” IMSI catchers)
Eve’s advantages
- Complete control of the legitimate protocol : authentication, ciphering, subscriber data, etc.
Major risks for legitimates
• Robbery of Subscriber data (IMSI, Agendas etc.)
• Full monitoring of exchanged data (access and on-going communication)
• Deny of any kind of communication services
Physec: Eve‟s models
ANNEX
47 / 47 / C
OM
EL
EC
TP
T a
nd
F D
elav
eau T
CS
- 2
017M
Ay 0
4 :
"P
hysi
cal
Lay
er S
ecuri
ty –
Tec
hno
log
ies
and
Per
spec
tives
"
Sourc
e –
pro
ject P
HY
LA
WS
funded b
y EC
-FP
7-IC
T-2
01
1-8
GN
317
562
COMELEC Seminar - 04 May 2017 Telecom Paris Tech
Built with wide band low DSP Direct Spread Sequences signals (DSSS)
FWD and RTN Under beacon frequencies/msgs Ssig => Self interfered
=> negative « tag to Signal + noise » ratio
A- Building – Relevant Radio parameters
Dominant
Signal ssig
Total Signal ssig + ttag + nnoise
Noise level
Tag Signal ttag freq.
Power
SNR
TSR Tag to Signal Ratio
TSNR at Input Tag to Signal + Noise Ratio
Signal and Noise
ssig + nnoise
Tag Signals (TS) – building and processing
More about Secure Pairing
B- Processing = Matched filtering CIR est. No RAKE
Unauthorized Rx:
no tag detection, no CIR
“Authorized” Rx: tag detection + CIR estimation
Detection
threshold
Output detection criteria
TSNR’
= Output
Tag to Signal
+ Noise Ratio
Optimal time resolution for accurate CIR estimation
DSSS codes change fast and the chose is made adaptively dependent on channel measurement
ANNEX
48 / 48 / C
OM
EL
EC
TP
T a
nd
F D
elav
eau T
CS
- 2
017M
Ay 0
4 :
"P
hysi
cal
Lay
er S
ecuri
ty –
Tec
hno
log
ies
and
Per
spec
tives
"
Sourc
e –
pro
ject P
HY
LA
WS
funded b
y EC
-FP
7-IC
T-2
01
1-8
GN
317
562
COMELEC Seminar - 04 May 2017 Telecom Paris Tech
2) Return Tag Signal TRTN, in a public set (when USS), random time (when TJ)
After synchronizing TFWD , Bob transmits TRTN dependent on TFWD and CIRFWD
Alice estimates CIRRTN on received TRTN
4) Return TS’RTN propagation dependent
Bob transmits T’RTN dependent on estimated TFWD’ and CIR’FWD
Alice recognizes Bob by estimating CIR’RTN on received T’RTN, Eve can no more
1) Forward Tag Signal TFWD, in a public set (when USS), random time (when TJ)
Alice transmits TFWD
Bob estimates CIRFWD on received TFWD
3) Forward T’FWD, propagation dependent
Alice transmits T’FWD dependent on TSRTN and CIRRTN
Bob recognizes Alice by estimating CIR’FWD on received T’FWD, Eve can no more
ALICE
I- SECURE PAIRING TROUGH CIR ESTIMATION WITH TAG SIGNALS
1st
IAS
2nd
IAS
BOB
II- ESTABLISHMENT OF PHYSEC SCHEME
Forward and return Secret Keys and Secrecy Codes / Artificial Noise
ALICE
BOB
Interrogation and Acknowledgement Sequences (IAS) – principle
More about Secure Pairing
ANNEX
Authentication, Subscriber identification, user identification etc.
49 / 49 / C
OM
EL
EC
TP
T a
nd
F D
elav
eau T
CS
- 2
017M
Ay 0
4 :
"P
hysi
cal
Lay
er S
ecuri
ty –
Tec
hno
log
ies
and
Per
spec
tives
"
Sourc
e –
pro
ject P
HY
LA
WS
funded b
y EC
-FP
7-IC
T-2
01
1-8
GN
317
562
COMELEC Seminar - 04 May 2017 Telecom Paris Tech
IASs Resilience to passive Eve
EVE BOB ALICE 1) Alice transmits a first tag signal
(from a public set)
Bob dispreads and estimates the channel
2) Bob acknowledges by sending a tag signal
3) Alice acknowledges by sending a new tag signal
dependent on her channel measurement
1) Eve dispreads and estimates the channel.
Due to spatial decorrelation, Eve‟s estimation
is independent from Bob‟s one
4) Bob sends a tag signal dependent on his channel
measurement and eventually on other parameters
Establishment of a PHYSEC scheme
5) Secret Key or Secrecy coding can be added
on tag signal to enhance protection of CSI, of
auth messages and of subscriber data
3) Eve cannot follow TS exchanges as they
turn dependent on the radio-link
(she loses the capability for match filtering
and she has radio disadvantage)
?
?
5) PHYSEC scheme Eve cannot decode any
information exchanged on Alice-Bob radio link ?
=> No real need for USS and TJ at first IAS when facing Passive Eve
1st
IAS
2nd
IAS
.
.
.
More about Secure Pairing
ANNEX
50 / 50 / C
OM
EL
EC
TP
T a
nd
F D
elav
eau T
CS
- 2
017M
Ay 0
4 :
"P
hysi
cal
Lay
er S
ecuri
ty –
Tec
hno
log
ies
and
Per
spec
tives
"
Sourc
e –
pro
ject P
HY
LA
WS
funded b
y EC
-FP
7-IC
T-2
01
1-8
GN
317
562
COMELEC Seminar - 04 May 2017 Telecom Paris Tech
IASs Resilience to MITM Eve
=> USS and TJ at first IAS make the TS DSSS codes sequences and time of emission
unpredictable for Eve
The following of the protocol is similar to passive Eve case
Tag signal mismatch + Late time of arrival of Eve’s signals are discriminant
BOB ALICE 1) Alice transmits a first tag signal
(from a public USS set and TJ set)
Bob dispreads and estimates the channel
3) Alice acknowledges by sending a new tag signal
dependent on her channel measurement
EVE
3) Eve replays Bob‟s (or a modified version) to
impersonate him
1) Eve dispreads and estimates the channel.
Due to spatial decorrelation, Eve‟s estimation
is independent from Bob‟s one
6) Eve cannot follow message exchanges as
they turns dependent on the radio-link
2) Eve replays Alice‟s message to
impersonate Alice to Bob
2) Eve receives Bob‟s acknowledgment
• Eve tries to impersonate Alice
• Eve tries to impersonate Bob
1st
IAS
2nd
IAS
2) Bob acknowledges by sending a tag signal
(code+TJ may be dependent on his chan. MeasT - SIP)
2) Bob rejects Eve‟s attempt due to late time of arrival
(TJ) and tag signal mismatch (USS)
4) Alice rejects Eve‟s attempt due to late time of arrival
and tag signal mismatch (wrong channel estimation)
5) Bob sends a tag signal dependent on his channel
measurement and eventually on other parameters
More about Secure Pairing
ANNEX
51 / 51 / C
OM
EL
EC
TP
T a
nd
F D
elav
eau T
CS
- 2
017M
Ay 0
4 :
"P
hysi
cal
Lay
er S
ecuri
ty –
Tec
hno
log
ies
and
Per
spec
tives
"
Sourc
e –
pro
ject P
HY
LA
WS
funded b
y EC
-FP
7-IC
T-2
01
1-8
GN
317
562
COMELEC Seminar - 04 May 2017 Telecom Paris Tech
IASs Resilience to IJ Eve
BOB ALICE 1) Alice transmits a first tag signal
(from a public USS set and TJ set)
Bob dispreads and estimates the channel
2) Bob acknowledges by sending a tag signal with TJ
(code+TJ may be dependent on his chan. MeasT - SIP)
3) Alice acknowledges by sending a new tag signal
dependent on her channel measurement + TJ
1) Eve cannot predict Alice‟s Emission time.
Eve‟s emission is non correlated to Bob‟s
receiving
2) Bob rejects Eve‟s jamming due to bad time of arrival
and DSSS spreading factor
4) Eve can never anticipate nor synchronize
Alice‟s and Bob‟s TS
EVE
2) Eve‟s time of emission does not match to Bob‟s TS
at Alice‟s receiver => low jamming probability
3) Eve‟s signal and time of emission does not match to
Bob‟s message at Alice‟s receiver
=> very low jamming probability
4) Alice rejects Eve‟s attempt due to late time of arrival
and tag signal mismatch (wrong channel estimation)
• Eve tries to jam Alice
• Eve tries to jam Bob
1st
IAS
2nd
IAS
USS and TJ at first IAS make the code and time of Alice’s and Bob’s
emissions unpredictable for Eve
Reduced jamming probabibility of tag signals
More about Secure Pairing
ANNEX
52 / 52 / C
OM
EL
EC
TP
T a
nd
F D
elav
eau T
CS
- 2
017M
Ay 0
4 :
"P
hysi
cal
Lay
er S
ecuri
ty –
Tec
hno
log
ies
and
Per
spec
tives
"
Sourc
e –
pro
ject P
HY
LA
WS
funded b
y EC
-FP
7-IC
T-2
01
1-8
GN
317
562
COMELEC Seminar - 04 May 2017 Telecom Paris Tech
Test bed for wireless radio Channel mesurement in real field –0.4 – 4 .4 GHz
ANNEX Building of the generic UHF single sense test bed
53 / 53 / C
OM
EL
EC
TP
T a
nd
F D
elav
eau T
CS
- 2
017M
Ay 0
4 :
"P
hysi
cal
Lay
er S
ecuri
ty –
Tec
hno
log
ies
and
Per
spec
tives
"
Sourc
e –
pro
ject P
HY
LA
WS
funded b
y EC
-FP
7-IC
T-2
01
1-8
GN
317
562
COMELEC Seminar - 04 May 2017 Telecom Paris Tech P.53
• Real field signal records and CIR extraction with the TCS test bed
• Computation of channel frequency response (CFR=FT(CSI))
• 𝑯 𝒇(𝒌) =𝒀 𝒇𝒌
𝑿 𝒇𝒌 (Y: received signal, X: reference signal)
• Suitable for OFDM waveform (LTE/WiFi)
• Example: Channel generated from Winner II Channel Model, CFR estimation on the LTF of WiFi
waveform
0 10 20 30 40 50 600
0.05
0.1
0.15
0.2
Subcarrier Index
Am
pli
tud
e
Estimated CFR
Generated CFR
ANNEX Measuring the CFR of OFDM wave forms with the generic UHF single sense test bed
Test bed for wireless radio Channel mesurement in real field –0.4 – 4 .4 GHz
54 / 54 / C
OM
EL
EC
TP
T a
nd
F D
elav
eau T
CS
- 2
017M
Ay 0
4 :
"P
hysi
cal
Lay
er S
ecuri
ty –
Tec
hno
log
ies
and
Per
spec
tives
"
Sourc
e –
pro
ject P
HY
LA
WS
funded b
y EC
-FP
7-IC
T-2
01
1-8
GN
317
562
COMELEC Seminar - 04 May 2017 Telecom Paris Tech
Example of Channel Frequency Response over Wifi carrier
Even in this indoor LOS case, the spatial diversity is significant
2452 2454 2456 2458 2460 2462 2464 2466 2468 2470 247265
70
75
80
85
90
Magnitude of Channel Frequency Response over 6 antennas (WiFi)
Frequency [MHz]
Mag
nit
ud
e [
dB
]
2452 2454 2456 2458 2460 2462 2464 2466 2468 2470 2472-4
-3
-2
-1
0
1
2
3
Phase of Channel Frequency Response over 6 antennas (WiFi)
Frequency [MHz]
Ph
ase
[rd
]
Bob
Eve
Bob
Eve
Test bed for wireless radio Channel mesurement – Wifi 2.4 GHz & LTE results
Confirms previous papers
W.C. Jakes Jr., « Microwave Mobile Communiations ». Piscataway, NJ: Wiley-IEEE Press
J.Wallace and R.Sharma, “Automatic secret keys from reciprocal MIMO Wireless channels: measurement and analysis,” IEEE Trans. on info. for. and sec., September 2010
ANNEX Measuring the CFR of OFDM wave forms with the generic UHF single sense test bed
55 / 55 / C
OM
EL
EC
TP
T a
nd
F D
elav
eau T
CS
- 2
017M
Ay 0
4 :
"P
hysi
cal
Lay
er S
ecuri
ty –
Tec
hno
log
ies
and
Per
spec
tives
"
Sourc
e –
pro
ject P
HY
LA
WS
funded b
y EC
-FP
7-IC
T-2
01
1-8
GN
317
562
COMELEC Seminar - 04 May 2017 Telecom Paris Tech
Example of Channel Frequency Response over short to mean time
0 20 40 60 80 100 120 140 160 180 200
Time [ms]
Det
ecti
on
cri
teri
on
-10 -5 0 5 1040
45
50
55
60
65
Magnitude of CIR for Frame 1
Frequency [MHz]
Ma
gn
itu
de
[dB
]
-10 -5 0 5 1040
45
50
55
60
65
Magnitude of CIR for Frame 2
Frequency [MHz]
Ma
gn
itu
de
[dB
]
-10 -5 0 5 1030
35
40
45
50
55
Magnitude of CIR for Frame 28
Frequency [MHz]
Ma
gn
itu
de
[dB
]
High time diversity enables computation of good secret keys (length, randomness)
Allow to regenerate secret-key bits after 100 ms (indoor case)
Test bed for wireless radio Channel mesurement – Wifi 2.4 GHz & LTE results
ANNEX Measuring the CFR of OFDM wave forms with the generic UHF single sense test bed
56 / 56 / C
OM
EL
EC
TP
T a
nd
F D
elav
eau T
CS
- 2
017M
Ay 0
4 :
"P
hysi
cal
Lay
er S
ecuri
ty –
Tec
hno
log
ies
and
Per
spec
tives
"
Sourc
e –
pro
ject P
HY
LA
WS
funded b
y EC
-FP
7-IC
T-2
01
1-8
GN
317
562
COMELEC Seminar - 04 May 2017 Telecom Paris Tech
• Wi-Fi testbed is based on Celeno’s CL2400 and CL 2442 4x4 802.11ac chipset
• SDR architecture
• DSP based PHY (OFDM and matrix manipulations engine, including all beamforming operations),
using best in class Ceva’s XC4210 DSP core (running 64 MACS at 480MHz)
• Flexible MAC based on 2 processor cores for lower and upper MAC layer
• Enables establishment of real WiFi links with 3’rd party
A/D
D/ARF
FrontEnd
PCIe Interface
Control
PCIe bus A/D
D/AA/D
D/ATx/RxRadio
802.11acUMAC CPU & Offload
802.11ac LMAC CPU
SDR -802.11ac
4T4RPHY
CL2440 802.11ac
GPIO
Channel aware scheduler Dynamic Spectrum
Analyser
HW MAC
HW Offload & AcceleratorsFEC Acc.
Time Domain Acc.
ANNEX Building of the dedicated Wifi Demonstrator
Two chip flavors: • CL2440 supporting 5GHz (80MHz channel BW)
• CL2442 supporting 2.4GHz (20/40MHz channel BW)
Global Architecture
57 / 57 / C
OM
EL
EC
TP
T a
nd
F D
elav
eau T
CS
- 2
017M
Ay 0
4 :
"P
hysi
cal
Lay
er S
ecuri
ty –
Tec
hno
log
ies
and
Per
spec
tives
"
Sourc
e –
pro
ject P
HY
LA
WS
funded b
y EC
-FP
7-IC
T-2
01
1-8
GN
317
562
COMELEC Seminar - 04 May 2017 Telecom Paris Tech
Bi-Directional Channel Sounding
Alice, Bob and Eve are 4-antenna devices (all
using CL2400 4x4 chipset)
Alice and Bob exchange NDP sounding
frames (spaced 20µS in time), both are
captured by Eve
Each node estimates channel independently
Reciprocity Restoration
Channel reciprocity issues
• TX to RX analog/RF gain/phase mismatch
• Mixer phase ambiguity between antennas – 180
degrees
• AGC gain mismatch between Alice and Bob
• OFDM symbol timing mismatch (Alice and Bob
has tolerance of 0.8µS Cyclic Prefix Guard
Interval !)
Reciprocity restoration - Each channel element (out
of 4x4 channel matrix) is normalized and
compensated independently
Secret Key Generation
Shared
Channel
Reciprocity restoration, de-correlation, Quantization,
Reconciliation and Amplification are done in offline processing
ANNEX Building of the dedicated Wifi Demonstrator
58 / 58 / C
OM
EL
EC
TP
T a
nd
F D
elav
eau T
CS
- 2
017M
Ay 0
4 :
"P
hysi
cal
Lay
er S
ecuri
ty –
Tec
hno
log
ies
and
Per
spec
tives
"
Sourc
e –
pro
ject P
HY
LA
WS
funded b
y EC
-FP
7-IC
T-2
01
1-8
GN
317
562
COMELEC Seminar - 04 May 2017 Telecom Paris Tech
Amplitude Phase
DUAL SENSE LEGITIMATE + EAVESDROPPER LINK
Initial CSI extraction
-200 0 200-90
-80
-70
-60
-50SS#0; Amp of H (dBm)
RX
#0
-200 0 200-10
0
10
20
30SS#0; Phase of H (rad)
-200 0 200-70
-60
-50
-40SS#1; Amp of H (dBm)
-200 0 200-10
0
10
20
30SS#1; Phase of H (rad)
-200 0 200-90
-80
-70
-60
-50SS#2; Amp of H (dBm)
-200 0 200-5
0
5
10
15
20SS#2; Phase of H (rad)
-200 0 200-90
-80
-70
-60
-50
-40SS#3; Amp of H (dBm)
-200 0 200-10
0
10
20
30SS#3; Phase of H (rad)
-200 0 200-90
-80
-70
-60
-50
-40
RX
#1
-200 0 200-20
-10
0
10
20
30
-200 0 200-80
-70
-60
-50
-40
-200 0 200-5
0
5
10
15
20
-200 0 200-120
-100
-80
-60
-40
-200 0 200-10
0
10
20
30
-200 0 200-100
-80
-60
-40
-200 0 200-10
0
10
20
30
-200 0 200-90
-80
-70
-60
-50
-40
RX
#2
-200 0 200-10
0
10
20
30
-200 0 200-90
-80
-70
-60
-50
-40
-200 0 200-10
0
10
20
30
-200 0 200-90
-80
-70
-60
-50
-200 0 200-5
0
5
10
15
-200 0 200-90
-80
-70
-60
-50
-40
-200 0 200-5
0
5
10
15
20
-200 0 200-100
-90
-80
-70
-60
-50
SC index
RX
#3
-200 0 200-10
0
10
20
SC index
-200 0 200-90
-80
-70
-60
-50
-40
SC index
-200 0 200-10
0
10
20
SC index
-200 0 200-90
-80
-70
-60
-50
SC index
-200 0 200-10
0
10
20
30
SC index
-200 0 200-90
-80
-70
-60
-50
-40
SC index
-200 0 200-5
0
5
10
15
20
SC index
Alice
Bob
Eve
ANNEX Development of the CSI extraction in to the dedicated Wifi Demonstrator
59 / 59 / C
OM
EL
EC
TP
T a
nd
F D
elav
eau T
CS
- 2
017M
Ay 0
4 :
"P
hysi
cal
Lay
er S
ecuri
ty –
Tec
hno
log
ies
and
Per
spec
tives
"
Sourc
e –
pro
ject P
HY
LA
WS
funded b
y EC
-FP
7-IC
T-2
01
1-8
GN
317
562
COMELEC Seminar - 04 May 2017 Telecom Paris Tech
Amplitude Phase
DUAL SENSE LEGITIMATE + EAVESDROPPER LINK
Processing stage I+II: CFR estimation + reciprocity retauration 1st normalization stage
average gain/phase normalization and linear phase estimation and removal
-200 0 200-30
-20
-10
0
10
20SS#0; Amp of H (dBm)
RX
#0
-200 0 200-8
-6
-4
-2
0
2SS#0; Phase of H (rad)
-200 0 200-10
-5
0
5
10
15SS#1; Amp of H (dBm)
-200 0 200-4
-2
0
2
4SS#1; Phase of H (rad)
-200 0 200-30
-20
-10
0
10SS#2; Amp of H (dBm)
-200 0 200-6
-4
-2
0
2SS#2; Phase of H (rad)
-200 0 200-10
0
10
20SS#3; Amp of H (dBm)
-200 0 200-6
-4
-2
0
2
4SS#3; Phase of H (rad)
-200 0 200-30
-20
-10
0
10
20
RX
#1
-200 0 200-15
-10
-5
0
5
-200 0 200-20
-10
0
10
20
-200 0 200-10
-5
0
5
-200 0 200-20
-10
0
10
20
30
-200 0 200-10
-5
0
5
-200 0 200-30
-20
-10
0
10
20
-200 0 200-10
-5
0
5
-200 0 200-20
-10
0
10
20
RX
#2
-200 0 200-4
-2
0
2
4
-200 0 200-20
-10
0
10
20
-200 0 200-10
-5
0
5
-200 0 200-20
-10
0
10
20
-200 0 200-15
-10
-5
0
5
10
-200 0 200-30
-20
-10
0
10
20
-200 0 200-15
-10
-5
0
5
-200 0 200-40
-30
-20
-10
0
10
SC index
RX
#3
-200 0 200-15
-10
-5
0
5
SC index
-200 0 200-20
-10
0
10
20
SC index
-200 0 200-15
-10
-5
0
5
SC index
-200 0 200-10
0
10
20
30
SC index
-200 0 200-4
-2
0
2
4
SC index
-200 0 200-30
-20
-10
0
10
20
SC index
-200 0 200-15
-10
-5
0
5
SC index
Alice
Bob
Eve
ANNEX Development of the CSI extraction in to the dedicated Wifi Demonstrator
60 / 60 / C
OM
EL
EC
TP
T a
nd
F D
elav
eau T
CS
- 2
017M
Ay 0
4 :
"P
hysi
cal
Lay
er S
ecuri
ty –
Tec
hno
log
ies
and
Per
spec
tives
"
Sourc
e –
pro
ject P
HY
LA
WS
funded b
y EC
-FP
7-IC
T-2
01
1-8
GN
317
562
COMELEC Seminar - 04 May 2017 Telecom Paris Tech
Amplitude Phase
DUAL SENSE LEGITIMATE + EAVESDROPPER LINK
Processing stage III: CFR estimation + reciprocity restauration 2nd normalization stage
-200 0 200-30
-20
-10
0
10SS#0; Amp of H (dBm)
RX
#0
-200 0 200-3
-2
-1
0
1
2SS#0; Phase of H (rad)
-200 0 200-15
-10
-5
0
5
10SS#1; Amp of H (dBm)
-200 0 200-2
0
2
4
6
8SS#1; Phase of H (rad)
-200 0 200-30
-20
-10
0
10SS#2; Amp of H (dBm)
-200 0 200-10
-5
0
5SS#2; Phase of H (rad)
-200 0 200-30
-20
-10
0
10SS#3; Amp of H (dBm)
-200 0 200-6
-4
-2
0
2SS#3; Phase of H (rad)
-200 0 200-30
-20
-10
0
10
RX
#1
-200 0 200-10
-5
0
5
-200 0 200-20
-10
0
10
-200 0 200-10
-5
0
5
10
-200 0 200-30
-20
-10
0
10
-200 0 200-10
-5
0
5
-200 0 200-30
-20
-10
0
10
-200 0 200-10
-5
0
5
10
-200 0 200-30
-20
-10
0
10
RX
#2
-200 0 200-2
0
2
4
6
8
-200 0 200-30
-20
-10
0
10
-200 0 200-6
-4
-2
0
2
4
-200 0 200-15
-10
-5
0
5
10
-200 0 200-15
-10
-5
0
5
10
-200 0 200-30
-20
-10
0
10
-200 0 200-15
-10
-5
0
5
10
-200 0 200-40
-30
-20
-10
0
10
SC index
RX
#3
-200 0 200-15
-10
-5
0
5
10
SC index
-200 0 200-30
-20
-10
0
10
SC index
-200 0 200-15
-10
-5
0
5
SC index
-200 0 200-20
-10
0
10
SC index
-200 0 200-5
0
5
10
SC index
-200 0 200-30
-20
-10
0
10
SC index
-200 0 200-15
-10
-5
0
5
10
SC index
Alice
Bob
Eve
ANNEX Development of the CSI extraction in to the dedicated Wifi Demonstrator
61 / 61 / C
OM
EL
EC
TP
T a
nd
F D
elav
eau T
CS
- 2
017M
Ay 0
4 :
"P
hysi
cal
Lay
er S
ecuri
ty –
Tec
hno
log
ies
and
Per
spec
tives
"
Sourc
e –
pro
ject P
HY
LA
WS
funded b
y EC
-FP
7-IC
T-2
01
1-8
GN
317
562
COMELEC Seminar - 04 May 2017 Telecom Paris Tech
ANNEX Development of the SKG into the dedicated Wifi Demonstrator
SKG – Quantization reconciliation and amplification algorythm
More info about SKG => www.phylaws-ict.org, deliverables D3.1, D4.3
1
3 2
1
2
3
62 / 62 / C
OM
EL
EC
TP
T a
nd
F D
elav
eau T
CS
- 2
017M
Ay 0
4 :
"P
hysi
cal
Lay
er S
ecuri
ty –
Tec
hno
log
ies
and
Per
spec
tives
"
Sourc
e –
pro
ject P
HY
LA
WS
funded b
y EC
-FP
7-IC
T-2
01
1-8
GN
317
562
COMELEC Seminar - 04 May 2017 Telecom Paris Tech
NIST test Freq.
Monobit
Runs
After
Quantization 31/57 22/57
After
Amplification 57/57 57/57
Concatenation
of all keys after
quantization Pass Fail
SKG scheme dual sense, without channel de-correlation No Time neither Freq. de-corr.
Reconciliation FEC=BCH(15,127),
Amplification with 2-Universal
Hash
Test of key quality
Keys after quantization Keys after privacy amplification
BOB‟S
SIDE
Generation of 128 bits keys samples computed from one WiFi frame
Keys after
Quantization
Keys after
amplification
Use of dual sense CSIs: B2 Alice -> Bob and Bob -> Alice
Alice is 4 Tx/Rx antennas A1 to A4 ; Bob is 2 Antennas B1 and B2
Real part of CSI
B1
B2
A1 A2 A3 A4
B1
B2
Imaginary part of CSI
ANNEX Development of the SKG into the dedicated Wifi Demonstrator
63 / 63 / C
OM
EL
EC
TP
T a
nd
F D
elav
eau T
CS
- 2
017M
Ay 0
4 :
"P
hysi
cal
Lay
er S
ecuri
ty –
Tec
hno
log
ies
and
Per
spec
tives
"
Sourc
e –
pro
ject P
HY
LA
WS
funded b
y EC
-FP
7-IC
T-2
01
1-8
GN
317
562
COMELEC Seminar - 04 May 2017 Telecom Paris Tech
SKG scheme dual sense, without channel de-correlation
AT BOB’S SIDE: Near 0 BER Reconciliation + key vérification are OK
at Alice and Bob
After quantization
After reconciliation
After amplification
Bin
ary
Err
or
Ra
te
Bin
ary
Err
or
Ra
te
Test of Key agreement between Alice and Bob
0 10 20 30 40 50 600
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1
key block number
BE
R
BER between Eve and Bob keys after each SKG step
quantization
reconciliation
amplification
AT EVE’S SIDE: Near 0.5 BER No information of Eve
on Alice’s and Bob’s keys
After quantization
After reconciliation
After amplification
Test of Information leakage towards Eve
ANNEX Development of the SKG into the dedicated Wifi Demonstrator
64 / 64 / C
OM
EL
EC
TP
T a
nd
F D
elav
eau T
CS
- 2
017M
Ay 0
4 :
"P
hysi
cal
Lay
er S
ecuri
ty –
Tec
hno
log
ies
and
Per
spec
tives
"
Sourc
e –
pro
ject P
HY
LA
WS
funded b
y EC
-FP
7-IC
T-2
01
1-8
GN
317
562
COMELEC Seminar - 04 May 2017 Telecom Paris Tech
Keys after quantization Keys after privacy amplification
NIST test
Freq.
Monobit
Runs
After
Quantization 7/7 7/7
After
Amplification 7/7 7/7
Concatenation
of all keys after
quantization Pass Pass
Time and Freq. de-correlation.
Reconciliation FEC=BCH(15,127),
Amplification with 2-Universal Hash
Generation of 128 bits keys from
CSI samples computed from one WiFi frame
BOB‟S
SIDE
1 2 3 4 5 6 70
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1
key block number
BE
R
BER between Eve and Bob keys after each SKG step
quantization
reconciliation
amplification
After quantization
After reconciliation
After amplification
SKG scheme dual sense with channel de-correlation
BOBS’S SIDE: near 0.5 BER
=> Reconciliation + key vérification
are still OK at Alice and Bob
EVE’S SIDE: Near 0.5 BER
=> No information on Alice‟s and Bob‟s keys
Test of information leakage towards Eve
Test of Key agreement between Alice and Bob
ANNEX Development of the SKG into the dedicated Wifi Demonstrator
65 / 65 / C
OM
EL
EC
TP
T a
nd
F D
elav
eau T
CS
- 2
017M
Ay 0
4 :
"P
hysi
cal
Lay
er S
ecuri
ty –
Tec
hno
log
ies
and
Per
spec
tives
"
Sourc
e –
pro
ject P
HY
LA
WS
funded b
y EC
-FP
7-IC
T-2
01
1-8
GN
317
562
COMELEC Seminar - 04 May 2017 Telecom Paris Tech
0
0,05
0,1
0,15
0,2
0,25
0,3
3 4 5
perT
itle
MCS
alphaSIR,Tx,Alice= 0.0 rhoSIR,Tx,Alice = ∞
alphaSIR,Tx,Alice = 0.1 rhoSIR,Tx,Alice = 9
alphaSIR,Tx,Alice= 0.25 rhoSIR,Tx,Alice = 3
alphaSIR,Tx,Alice = 0.5 rhoSIR,Tx,Alice = 1
(no AN)
Thales Communications
Values of power ratio and Bob's PER
(Packet Error Rate) at different MCSs
Tx/Rx radio parameters
1 user and 3 noise spatial streams among 4
AN is uniformly distributed over the antennas
Table of Wifi
Modulation and Coding Scheme (MCS)
ANNEX Performance of the AN into the dedicated Wifi Demonstrator
MCS BW
MHz
Rate
Mbps
Carrie
rNb
Modulatio
n
coding
Limit of
Rx ; NR
dBm ; dB
2 20 19.5 52 +
4 QPSK ¾
-77 ; 5,5
3 20 26 52 +
4
16QAM
½
-74 ; 8,5
4 20 39 52 +
4
16QAM ¾ -70 ;
12,5
5 20 52 52 +
4
64QAM 2/3
-66 ;
16,5
> 5 20 ≥ 58 52 +
4
≥64QAM
≥¾
≤-65;
≥17.5
66 / 66 / C
OM
EL
EC
TP
T a
nd
F D
elav
eau T
CS
- 2
017M
Ay 0
4 :
"P
hysi
cal
Lay
er S
ecuri
ty –
Tec
hno
log
ies
and
Per
spec
tives
"
Sourc
e –
pro
ject P
HY
LA
WS
funded b
y EC
-FP
7-IC
T-2
01
1-8
GN
317
562
COMELEC Seminar - 04 May 2017 Telecom Paris Tech
ANNEX Performance of the SC into the dedicated Wifi Demonstrator
67 / 67 / C
OM
EL
EC
TP
T a
nd
F D
elav
eau T
CS
- 2
017M
Ay 0
4 :
"P
hysi
cal
Lay
er S
ecuri
ty –
Tec
hno
log
ies
and
Per
spec
tives
"
Sourc
e –
pro
ject P
HY
LA
WS
funded b
y EC
-FP
7-IC
T-2
01
1-8
GN
317
562
COMELEC Seminar - 04 May 2017 Telecom Paris Tech Thales Communications
Pre-industrial results of Secrecy coding Performance of the SC into the dedicated Wifi Demonstrator
SC is Polar, (R,I,F) = (102, 409, 513)