ceci est mon titre - comelec.telecom-paristech.fr · comelec seminar - 04 may 2017 telecom paris...

COMELEC Seminar - 04 May 2017 Telecom Paris Tech

CO

ME

LE

C T

PT

and

F D

elav

eau T

CS

- 2

017M

Ay 0

4 :

"P

hysi

cal

Lay

er S

ecuri

ty –

Tec

hno

log

ies

and

Per

spec

tives

"

Sourc

e –

pro

ject P

HY

LA

WS

funded b

y EC

-FP

7-IC

T-2

01

1-8

GN

317

562

François DELAVEAU Thales Communications and Security

Unit: Hardware Technologies Tools and Engineering

COMELEC SEMINAR Physical layer Security - Technologies and Perspectives

Funded by EC-FP7-ICT-2011-8 GN 317562

www.phylaws-ict.org

Thursday 4th May, 14h00, Télécom Paris Tech, Amphi B312, 46 rue Barrault, Paris

http://www.phylaws-ict.org/



2 / 2 / C

OM

EL

EC

TP

T a

nd

F D

elav

eau T

CS

- 2

017M

Ay 0

4 :

"P

hysi

cal

Lay

er S

ecuri

ty –

Tec

hno

log

ies

and

Per

spec

tives

"

Sourc

e –

pro

ject P

HY

LA

WS

funded b

y EC

-FP

7-IC

T-2

01

1-8

GN

317

562


Summary/Agenda

Some references and some acronyms for the following

Why security enhancement are needed on public networks

Brief introduction to PHYSEC Studied configuration of wireless links: Alice (A) and Bob (B) : legitimates users– Eve (E): attacker

The PHYLAWS project - EC-FP7-ICT-2011-8 Grant Number 317562

Brief recall the PHYLAWS project - EC-FP7-ICT-2011-8 Grant Number 317562 Fundamentals – Achievements

Experimental material and prototypes

Experimental locations and procedures

Secret Key Generation (SKG) – Processing Radio-cellular and Wifi application case

De-correlation pre-processing (stationary channels) - Core processing (any channels)

Single sense Experiments for LTE-TDD and Wifi

Dual sense Wifi experiments 2.4 GHz - LOS geometry

Radio advantage built with Artificial Noise + Beam forming Wifi Case – Principle and illustrations

Wifi Case – Implantation and experiments

Secrecy Coding under radio advantage Our particular implantation

Experimentations at Wifi links (802.11ac - 5 GHz)

Technological maturity and application perspectives

Annexes

3 / 3 / C

OM

EL

EC

TP

T a

nd

F D

elav

eau T

CS

- 2

017M

Ay 0

4 :

"P

hysi

cal

Lay

er S

ecuri

ty –

Tec

hno

log

ies

and

Per

spec

tives

"

Sourc

e –

pro

ject P

HY

LA

WS

funded b

y EC

-FP

7-IC

T-2

01

1-8

GN

317

562


Some references for the following

ZEIT, “Wie Merkels Handy abgehört werden konnte,” 18 12 2014. [Online]. Available: http://www.zeit.de/digital/datenschutz/2014-12/umts-verschluesselung-

umgehen-angela-merkel-handy

Metronews, “Une énorme faille de sécurité permet d'écouter vos appels et de lire vos SMS,” [Online]. Available: http://www.metronews.fr/high-tech/une-enorme-faille-de-

securite-permet-d-ecouter-vos-appels-et-de-lire-vos-sms/mnlv!YnqDbOgrtHFYk/

http://media.ccc.de/browse/congress/2014/31c3_-_6531_-_en_-_saal_6_-_201412272300_-_ss7map_mapping_vulnerability_of_the_international_mobile_roaming_infrastructure_-_laurent_ghigonis_-_alexandre_de_oliveira.html

T. Intercept, «The Great SIM Heist. How Spies Stole the Keys to the Encryption Castle,» 2015. Available: https://theintercept.com/2015/02/19/great-sim-heist/

“SS7 map: mapping vulnerability of the international mobile roaming infrastructure”, https://media.ccc.de/v/31c3_-_6531_-_en_-_saal_6_-_201412272300_-

_ss7map_mapping_vulnerability_of_the_international_mobile_roaming_infrastructure_-_laurent_ghigonis_-_alexandre_de_oliveira

Hyeran Mun et al., “3G-WLAN interworking: security analysis and new authentication and key agreement based on EAP-AKA”, Wireless Telecommunications

Symposium, 2009. WTS 2009

F. Delaveau, A. Evestti, A. Kotelba, R. Savola and N. Shapira, “Active and passive eavesdropper threats within public and private cililian networks - Existing

and potential future countermeasures - An overview,” in Winncomm, Munich, Ger. 2013.

Y. Zou, J. Zhu, X. Wang, and L. Hanzo, « Survey on Wireless Security: Technical Challenges, Recent Advances, and Future Trends », Proceedings of the IEEE,

Vol. 104, No. 9, September 2016.

M. Bloch and J. Barros, Physical-Layer Security, Cambridge University Press, 2011.

J. W. Wallace and R. K. Sharma, “Automatic secret keys from reciprocal MIMO Wireless channels: measurement and analysis,” IEEE Transactions on

information forensics and security, vol. 5, no. 3, pp. 381-392, Sept. 2010.

T. Mazloum, F. Mani and A. Sibille, "Analysis of secret key robustness in indoor radio channel measurements," in IEEE Vehicular Tech. Conf., Glasgow, 2015.

T. Mazloum, "Analyse et Modélisation Radio pour la Généation de Clés secrètes“, PhD Thesis, Telecom Paris Tech, February 2016

J.-C. Belfiore, C. Ling and L. Luzzi, “Lattice codes achieving strong secrecy over the mod-Λ Gaussian channel,” in IEEE International Symposium on

Information Theory Proceedings, Cambridge, USA, 2012

Project Phylaws Funded by EC-FP7-ICT-2011-8 GN 317562: www.phylaws-ict.org

Project Prophylaxe Funded by BMBF GN 16KIS0005K: http://www.ict-prophylaxe.de

F. Delaveau, A. Mueller , G. Wunder and ali. “Perspectives of Physec for the improvement of the subscriber privacy and communication confidentiality at the

Air Interface . Results for WLANs, IoT and radiocells”, ETSI WS on radio techn. Air Int. S.A. 27-28 /01/16

IET book: «Trusted Communications with Physical Layer Security for 5G and Beyond», edited by T.Q.Duong, X.Zhou, and H.V Poor, to be published in 2017

NIST: (National Institute of Standards and Technology), «Recommendation for the Entropy Sources Used for Random Bit Generation,», (Second Draft) Special

Publication 800-90B 2016.

M. Hamburg, P. Kocher and M. E. Marson, "Analysis of Intel's Ivy Bridge Digital Random Number Generator," Technical Report Cryptographic Research

INC., March 2012

http://www.zeit.de/digital/datenschutz/2014-12/umts-verschluesselung-umgehen-angela-merkel-handy













http://www.metronews.fr/high-tech/une-enorme-faille-de-securite-permet-d-ecouter-vos-appels-et-de-lire-vos-sms/mnlv!YnqDbOgrtHFYk/















































https://theintercept.com/2015/02/19/great-sim-heist/





https://media.ccc.de/v/31c3_-_6531_-_en_-_saal_6_-_201412272300_-_ss7map_mapping_vulnerability_of_the_international_mobile_roaming_infrastructure_-_laurent_ghigonis_-_alexandre_de_oliveira















http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5068983








http://www.ict-prophylaxe.de/



4 / 4 / C

OM

EL

EC

TP

T a

nd

F D

elav

eau T

CS

- 2

017M

Ay 0

4 :

"P

hysi

cal

Lay

er S

ecuri

ty –

Tec

hno

log

ies

and

Per

spec

tives

"

Sourc

e –

pro

ject P

HY

LA

WS

funded b

y EC

-FP

7-IC

T-2

01

1-8

GN

317

562


AN - BF Artificial Noise – Beam Forming

BCH Bose Ray-Chaudhuri Hocquenghem

BER Bit Error Rate

BTS Base Transceiver Station

CIR,CFR Channel Impulse Response, Channel Frequency Response

CFR Channel Frequency Response

CQA Channel Quantization Algorithm

COMSEC Communication Security

CSI Channel State Information

FDD Frequency Division Duplex

FEC Forward Error Correction

FuDu Full Duplex

GSM Global System for Mobile communications

IFF Interrogation Friend or Foe

IMSI (IMEI) International Mobile Subscriber (Equipment) Identity

IoT Internet of Things

LDPC Low Density Parity Check

LOS, NLOS Line Of Sight, Non Line Of Sight

LTE Long Term Evolution

MAC Media Access Control

MISO/MIMO Multiple Input Single Output / Multiple Input Multiple Output

NIST National Instrument of Standards and Technology

NETSEC Network Transmission Security

PHYSEC Physical Layer Security

OoM Order of Magnitude

PSS / SSS Primary Synchr. Sequence / Secondary Synchr. Seq. (LTE)

RAT Radio Access Technology

RNG Random Number Generator

Rx,Tx Receiver, Transmitter

SIM Subscriber Identity Module – Self Interference Mitigation

SISO/SIMO Single Input Single Output / Single Input Multiple Output

SKG,SC,SP Secret Key Generation , Secrecy Coding, Secure Pairing

SNR, SINR Signal to Noise Ratio, Signal to Noise + Interference Ratio

SS7 Signaling System No.7

STF, LTF Short Training Field, Long Training Field (Wifi)

TBD - TBS To Be Defined - To Be Studied

TDD Time Division Duplex

TMSI Temporary Mobile Subscriber Identity

TJ Time Jitter

TRANSEC Transmission Security

UE User Equipment

UHF Ultra High Frequencies (300 MHz – 3 GHz)

UMTS Universal Mobile Telecommunications System

USS Unccordinated Spread Spectrum

Some acronyms for the following

5 / 5 / C

OM

EL

EC

TP

T a

nd

F D

elav

eau T

CS

- 2

017M

Ay 0

4 :

"P

hysi

cal

Lay

er S

ecuri

ty –

Tec

hno

log

ies

and

Per

spec

tives

"

Sourc

e –

pro

ject P

HY

LA

WS

funded b

y EC

-FP

7-IC

T-2

01

1-8

GN

317

562


SUBSCRIBER IDENTITIY (T/IMSI) IN CLEAR TEXT

AUTHENTICATION PARAMETERS IN CLEAR TEXT

PASSIVE EVE CAN DECODE

ACTIVE EVE CAN JAM, REPLAY ETC. MAN IN THE MIDDLE EVE CAN IMPERSONATE

Can be hacked

or disclosed – see ref.

WHEN EVE GETS THE KEY K/Ki (see references)

SHE CAN BREAK ALL PROTECTIONS…

… BY PASSIVE MEANS ONLY !!

Figure source

Why security enhancement are needed on public networks Example of the LTE “Enhanced Protocol for Security – Authentication Key Agreement” procedure

6 / 6 / C

OM

EL

EC

TP

T a

nd

F D

elav

eau T

CS

- 2

017M

Ay 0

4 :

"P

hysi

cal

Lay

er S

ecuri

ty –

Tec

hno

log

ies

and

Per

spec

tives

"

Sourc

e –

pro

ject P

HY

LA

WS

funded b

y EC

-FP

7-IC

T-2

01

1-8

GN

317

562


LEGITIMATE links are Alice to/from Bob

Transmits and receives

A

B

TRANSEC (Transmission Security) is the protection of the transmitted Alice’s and Bob’s signals face to interception

and intrusion attempts of the user receiver (and even jamming and direction finding)

NETSEC (Network Transmission Security) is the protection of the signalling and access messages of Alice and Bob

(usual solutions are authentication and integrity control, sometimes ciphering of signalling in military networks)

COMSEC (Communication Security) is the protection of the data messages of Alice and Bob (voice, sms, mms, high

speed data). Most of solutions are based on ciphering+integrity control schemes of signalling and data.

OUR MAIN APPLICATIONS

Most usual academic hypothesis are:

• Complete information of Eve

about legitimate RATs/waveforms

• No Information of Eve about legitimate

Keys (e.g. Ki Keys on (U)SIM cards)

=> they may be no more valid nowadays

especially into public RATs (ex: SS7 monitoring hacking of Subscriber data bases – see references.)

Studied configuration of wireless links

Brief introduction to PHYSEC

E

Intercepts and monitors

May emit, jam, spoof or impersonate A or B

EAVESDROPPER and RADIO HACKER links are

• Alice to Eve…and even (active) Eve to Alice

• Bob to Eve… and even (active) Eve to Bob

THREAT MODELS

• Passive Eve

• Intelligent (protocol aware) jamming Eve

• Man in The Middle / Wormhole Eve, etc.

Eve

7 / 7 / C

OM

EL

EC

TP

T a

nd

F D

elav

eau T

CS

- 2

017M

Ay 0

4 :

"P

hysi

cal

Lay

er S

ecuri

ty –

Tec

hno

log

ies

and

Per

spec

tives

"

Sourc

e –

pro

ject P

HY

LA

WS

funded b

y EC

-FP

7-IC

T-2

01

1-8

GN

317

562


Adding random

to disturb Eve

Antennas’ pattern of A and B:

diagrams, beam directions

Artificial noise to avantage

SNR of B versus E

ALICE

BOB

EVE

Reflection

Diffraction

Scattering and Shadowing Diffusion , masks

Reflexions

Scattering

A

B

E

(Mobile) obstacles between A and B

Multiple paths between A- E and B-E

Signals received by B et E are altered differently

Apply either to outdoor and indoor

Complex wave propagation +

unpredictable (fine) scattering

characteristics

Space, time and frequency propagation diversity

due to fixed and mobile scatters

Transmission/Reception diversity due to antennas

The fine structure of signals at B and A

cannot neither be recovered nor predicted by Eve

Same apply for receiving noise of B and A

Propagation Reciprocity (when Time

Division Duplex radio protocol and stationary

propagation during channel extraction)

Same scatters, angles, distance and propagation in senses

AB and BA => A et B share the same propag. random

Tx and Rx radio calibration of A and B may be necessary

for restoring channel reciprocity

Brief introduction to PHYSEC Alice (A) and Bob (B) : legitimates users– Eve (E): attacker

8 / 8 / C

OM

EL

EC

TP

T a

nd

F D

elav

eau T

CS

- 2

017M

Ay 0

4 :

"P

hysi

cal

Lay

er S

ecuri

ty –

Tec

hno

log

ies

and

Per

spec

tives

"

Sourc

e –

pro

ject P

HY

LA

WS

funded b

y EC

-FP

7-IC

T-2

01

1-8

GN

317

562


Illustration with RSSI measurement over time - Source: project Prophylaxe.

Radio Environment is indoor (Factory) with slight mobility of Scatterers and Eve 1.2 l close to Alice

0 1 2 3 4 5

Approximative time(s)

In addition: Indoor time coherence is estimated between 50 to 100 ms

100 ms

Same RSSI figure (after normalisation)

In FWD sens Alice -> Bob

=> Reciprocity In RTN sense Bob -> Alice

Different RSSI figure

In sense Bob -> Eve

In sense Bob -> Alice

Spatial decorrelation

Alice Bob

Eve

Signals are IEEE 802.11n, 2.4 GHz, BW=20 MHz E is located ~ 15cm next to Alice


9 / 9 / C

OM

EL

EC

TP

T a

nd

F D

elav

eau T

CS

- 2

017M

Ay 0

4 :

"P

hysi

cal

Lay

er S

ecuri

ty –

Tec

hno

log

ies

and

Per

spec

tives

"

Sourc

e –

pro

ject P

HY

LA

WS

funded b

y EC

-FP

7-IC

T-2

01

1-8

GN

317

562


Illustration with CSI measurement over time - Source: project Phylaws


MIMO 4x4 dual sense CSI figures over duration of a few milliseconds (2 frame lengths)

Radio Environment is fixed indoor (laboratory)

and Eve 10 l close to Alice

Blue and Black curves are identical

=> Channel

Reciprocity

=> Key agreement

Blue and Red curves are different

=> Channel

Diversity

Secrecy of keys

when facing Eve

Signals are IEEE 802.11n, 5 GHz, BW=80 MHz E is located ~ 50 cm next to Alice

10 / 10 / C

OM

EL

EC

TP

T a

nd

F D

elav

eau T

CS

- 2

017M

Ay 0

4 :

"P

hysi

cal

Lay

er S

ecuri

ty –

Tec

hno

log

ies

and

Per

spec

tives

"

Sourc

e –

pro

ject P

HY

LA

WS

funded b

y EC

-FP

7-IC

T-2

01

1-8

GN

317

562


Provisory Conclusion

When channel is reciprocal and stationary

=> Alice and Bob share the same CIR/CFR estimations

NLOS Bob – Eve dist. > λ/2 (2.4 GHz -> 6 cm)

or LOS Bob – Eve dist. > 5λ (2.4 GHz -> 60 cm)

=> De-correlated waveforms at Bob and Eve sides

=> Eve cannot get the same estimation than Bob

Complex wave propagation and mobile obstacles

=> Eve cannot recover/predict Alice – Bob channel estimate

In any TDD cases, Secret Keys can be generated from the channel

randomness Achieves security pairing !

Achieves secret key generation !

In many TDD and FDD cases, Secret Codes can be computed

=> achieves information theoretic secrecy !

Channel envelope correlation vs Bob-Eve distance

(X. He, H. Dai, proceeding IEEE INFOCOM 2013)

One-ring scatter model:

AS = Angular Spread

Dd : distance difference

Model of the radio channel envelope

correlation

Rich scatter environment => AS > 45°

=> spatial de-correlation when Δd > λ/2

typical example : NLOS outdoor and indoor

Poor scatter environment => AS 5°

=> spatial de-correlation when Δd > 4λ

typical example : LOS rural outdoor and LOS indoor


11 / 11 / C

OM

EL

EC

TP

T a

nd

F D

elav

eau T

CS

- 2

017M

Ay 0

4 :

"P

hysi

cal

Lay

er S

ecuri

ty –

Tec

hno

log

ies

and

Per

spec

tives

"

Sourc

e –

pro

ject P

HY

LA

WS

funded b

y EC

-FP

7-IC

T-2

01

1-8

GN

317

562


PHYLAWS

PHYsical Layer Wireless Security

Project Coordinator:

Thales Communications and Security François Delaveau

Tel: +33 (0)1 46 43 31 32

Fax: +33 (0)1 46 13 25 55

Email: [email protected]

Project website: www.phylaws-ict.org

+ Five Partners:

Institut Mines-Telecom ParisTech (France,

Imperial College of Science, Technology and

Medicine (Unted Kingdom),

Teknologian tutkimuskeskus VTT – OY (Finland),

Celeno Communications Israel Ldt (Israël).

Duration 4 years:

November, 2012 – October, 2016

Funding scheme: STREP

Contract Number: CNECT-ICT-317562

AN ORIGINAL APPROACH:

Merging academic and industrial skills on radio-

propagation, radio-communications and

security.

Integrating usual hypothesis with return of

practical experience

Considering any kind of threats at physical

layer: passive Eve + various active Eve

Focusing on signaling and access phases of

RATs, and not only on established data links.

MAIN GOALS:

To improve security of wireless links: . Radio cell and WLAN

. Slight to strong mobility

(at terminals’ or scatters’ side)

To search for key-free solutions based on

Physec

To experiment these solutions in real field

To search for practical implantations in existing

and future public RATs

Brief introduction to PHYSEC

The PHYLAWS project - EC-FP7-ICT-2011-8 Grant Number 317562

12 / 12 / C

OM

EL

EC

TP

T a

nd

F D

elav

eau T

CS

- 2

017M

Ay 0

4 :

"P

hysi

cal

Lay

er S

ecuri

ty –

Tec

hno

log

ies

and

Per

spec

tives

"

Sourc

e –

pro

ject P

HY

LA

WS

funded b

y EC

-FP

7-IC

T-2

01

1-8

GN

317

562


Fondamentals = current academic knowledge about PHYSEC:

Key-less security technique exploiting propagation randomness to establish secret Theory is OK since 1980’s, academic research is intensive, Applications in realistic radio-

environment now exist (IoT in project Prophylaxe, Wireless and WLAN in project Phylaws)

Achievements = 3 protection schemes: Secure Pairing (SP) with Tag Signals (TS) & Interrog. Ackn.Sequences (IASs)

new concept invented, feasibility elements.

Secret Key Generation (SKG)

pre-industrial application to IoT (achieved by Prophylaxe)

feasibility proof for WLAN and LTE networks (Phylaws)

Artificial Noise-Beam Forming (AN-BF) + Secrecy Coding (SC)

feasibility proof for WLAN and LTE networks (Phylaws)

Brief recall the PHYLAWS project - EC-FP7-ICT-2011-8 Grant Number 317562 Our Fondamentals – Our achievements

Following

of the

talk

Annex only

For More information about the dvT and experimental work

Complements on security flaws and threats of public RATs => www.phylaws-ict.org, del. D2.1, references.

Complements on legitimate and attacker signals => www.phylaws-ict.org, del. D2.4, D4.1, D. 4.2, D4.3, D4.4, references.

Brief synthesis of the fundations of Physical layer security => ww.phylaws-ict.org, del. D2.3,D3.1,D3.2,D3.3,D3.4,D3.5,Publications.

Project Phylaws Funded by EC-FP7-ICT-2011-8 GN 317562: www.phylaws-ict.org

Project Prophylaxe: Funded by BMBF GN 16KIS0005K http://www.ict-prophylaxe.de

IET book: «Trusted Communications with Physical Layer Security for 5G and Beyond»,

edited by T.Q.Duong, X.Zhou, and H.V Poor, to be published in the start of 2017
















13 / 13 / C

OM

EL

EC

TP

T a

nd

F D

elav

eau T

CS

- 2

017M

Ay 0

4 :

"P

hysi

cal

Lay

er S

ecuri

ty –

Tec

hno

log

ies

and

Per

spec

tives

"

Sourc

e –

pro

ject P

HY

LA

WS

funded b

y EC

-FP

7-IC

T-2

01

1-8

GN

317

562


WIDE BAND CHANNEL SOUNDER (TPT – PhD Thesis of Taghrid Mazloum)

Measurements of Frequency domain vs. space domain degree of freedom

Generation of secret keys based on the channel quantization alternate (CQA)

algorithm using two alternative maps with varying map sizes of M (see following)

Comparison of simulations and experiments

Brief recall the PHYLAWS project - EC-FP7-ICT-2011-8 Grant Number 317562 Our experimental material and prototypes

• VN4 (4 ports based),

• freq scanned 2-6 GHz with variable interval Df,

• Bicone UWB antennas for Alice/Bob/Eve

• 121 spatially scanned positions for small scale randomness at Alice

• 51 macro positions in classrooms and 42 positions in the lecture hall for Alice/Bob/Eve

Alice

14 / 14 / C

OM

EL

EC

TP

T a

nd

F D

elav

eau T

CS

- 2

017M

Ay 0

4 :

"P

hysi

cal

Lay

er S

ecuri

ty –

Tec

hno

log

ies

and

Per

spec

tives

"

Sourc

e –

pro

ject P

HY

LA

WS

funded b

y EC

-FP

7-IC

T-2

01

1-8

GN

317

562


HW and FW : USRP boards + Clock Board

+ PC Computer build in 6x1 SIMO Rx

Antennas are shared among Bob

and Eve. More details in annex

EVE

URSP boards

Industrial PC

HW and FW : Celeno Wifi 4x4 MIMO Boards and chipsets Performs CSI measurement, Artificial Noise&Beam-Forming, SKG and SC

802.11n/ac MIMO 4x4 3 instances: Alice, Bob, Eve

More details in annex

ALICE

BOB

Wifi Chipset

Host

Board

Includ.

Wifi RF

LEGITIMATE PART (CEL)

DUAL SENSE MIMO LINK ENABLER

UHF ATTACKER PART (TCS) +

SINGLE SENSE SIMO RECORDER

Brief recall the PHYLAWS project - EC-FP7-ICT-2011-8 Grant Number 317562 Our experimental material and prototypes

15 / 15 / C

OM

EL

EC

TP

T a

nd

F D

elav

eau T

CS

- 2

017M

Ay 0

4 :

"P

hysi

cal

Lay

er S

ecuri

ty –

Tec

hno

log

ies

and

Per

spec

tives

"

Sourc

e –

pro

ject P

HY

LA

WS

funded b

y EC

-FP

7-IC

T-2

01

1-8

GN

317

562


Brief recall the PHYLAWS project - EC-FP7-ICT-2011-8 Grant Number 317562 Our experimental locations and procedures

Use for academic channel studies and

preliminary design of SKG algorithms

Ref: PhD Thesis of Mrs Taghrid Mazloum

INDOOR MEASUREMENTS IN TPT PREMISES FOR KEY GENERATION

Measurements of Frequency domain vs. space domain degree of freedom

A Rx 3 A Rx 3

Configuration of experiments

Number of frequencies (i.e. scanned BW=Nf.Df)

Nu

mb

er

of a

va

ilab

le k

ey b

its I K

Estimation of generated Key bits with

CQA algorithm

CIR/CFR power profile

16 / 16 / C

OM

EL

EC

TP

T a

nd

F D

elav

eau T

CS

- 2

017M

Ay 0

4 :

"P

hysi

cal

Lay

er S

ecuri

ty –

Tec

hno

log

ies

and

Per

spec

tives

"

Sourc

e –

pro

ject P

HY

LA

WS

funded b

y EC

-FP

7-IC

T-2

01

1-8

GN

317

562



Generation of secret keys based on the channel quantization alternating (CQA)

algorithm using two alternative maps with varying map sizes M (see following slides)

INDOOR MEASUREMENTS IN TPT PREMISES FOR KEY GENERATION

Alice-Bob BER: measured vs. simplified

simulated channel : LOS + dense multipath

• A-B key agreement better for LOS and high

SNR

• Fit between measured and modeled BER

distributions: good in LOS, bad in NLOS

Bob-Eve BER: 15 dB SNR, LOS (worst) case,

CDF over all Eve‟s measured indoor positions,

• BER very close to 0.5, facilitating

amplification of confidentiality

• High map sizes reduce information

leakage to Eve

17 / 17 / C

OM

EL

EC

TP

T a

nd

F D

elav

eau T

CS

- 2

017M

Ay 0

4 :

"P

hysi

cal

Lay

er S

ecuri

ty –

Tec

hno

log

ies

and

Per

spec

tives

"

Sourc

e –

pro

ject P

HY

LA

WS

funded b

y EC

-FP

7-IC

T-2

01

1-8

GN

317

562



GENERIC 6 RX SIMO RECORDS AND ANALYSIS AT UHF RADIO ENVIRTS

Open space

Street

Indoor/Outdoor Classroom

Corridor Amphitheater

Wifi records in the following LTE records in the following

LTE records in the following

LTE records in the following

18 / 18 / C

OM

EL

EC

TP

T a

nd

F D

elav

eau T

CS

- 2

017M

Ay 0

4 :

"P

hysi

cal

Lay

er S

ecuri

ty –

Tec

hno

log

ies

and

Per

spec

tives

"

Sourc

e –

pro

ject P

HY

LA

WS

funded b

y EC

-FP

7-IC

T-2

01

1-8

GN

317

562



Wifi records in the following

• Celeno's Testing Apartment • Line Of sight • Non Line Of sight

Alice TX

Bob TX

DEDICATED 4X4 MIMO RECORDS AT WIFI CARRIERS IN INDOOR

19 / 19 / C

OM

EL

EC

TP

T a

nd

F D

elav

eau T

CS

- 2

017M

Ay 0

4 :

"P

hysi

cal

Lay

er S

ecuri

ty –

Tec

hno

log

ies

and

Per

spec

tives

"

Sourc

e –

pro

ject P

HY

LA

WS

funded b

y EC

-FP

7-IC

T-2

01

1-8

GN

317

562


Secret Key Generation (SKG) – Processing

Alice

A

Bob

B

A- Reciprocity restoration

Prior to any SKG processing: Radio Calibration of

Transmitter and receivers of Alice A and Bob B • Phase ambiguities during computations

• synchronization references of OFDM symbol at A and B

• Phase mismatches between A and B antennas+radios

• Gain mismatches entre between A and B antennas+radios

During SKG processing: Normalisation and filtering

of channel estimates at each (Tx, Rx) antenna pair

Calibrated Radios

Normalized

measures

B- Bi-directionals Channel Sounding – Wifi case

A, B and E are Wifi Acces Points MIMO 4x4 (TDD)

A and B exchange sounding frames (NDP), also

captured by E

A, B & E perform independent Channel estimates

Shared

Channel

Channel

Estimation Channel

Estimation

NDP FWD

NDP RTN

C- Key generation

De-correlation pre-processing (stationary channels)

Channel Quantification (≈ multipaths demodulation)

Key Reconciliation (≈ key bit coding and correction)

Secret amplification (≈ key bit hashing)

Channel

Pre-proceesing Channel

Pre-proceesing

Reconciliation Reconciliation sketch

Quantification Quantification

quant. map

Amplification Amplification

Security

metrics

- Control with suitable metrics

Radiocell and Wifi application case

20 / 20 / C

OM

EL

EC

TP

T a

nd

F D

elav

eau T

CS

- 2

017M

Ay 0

4 :

"P

hysi

cal

Lay

er S

ecuri

ty –

Tec

hno

log

ies

and

Per

spec

tives

"

Sourc

e –

pro

ject P

HY

LA

WS

funded b

y EC

-FP

7-IC

T-2

01

1-8

GN

317

562


C00- Example of signal records

in very stationary

environment (4G 2.6 GHz)

Alice = BS 4G

At building roof

Aperture of the

antenna array

≈ 30 cm

De-correlation pre-processing (stationary channels)


Great number of generated key bits

(1000x122 in 5 seconds) but the high correlation

of key bits over time can be exploited by Eve’s

attacks 1

22

bit

s

C01- Output of quantification without

channel de-correlation pre-processing

1000 keys in 5 s

time

C02- Output of quantification with

channel de-correlation pre-processing

36

b

its

Lower number of generated

key bits (200x36 en 5s).

But much less correlation

patterns over time 200 keys in 5 s

time

21 / 21 / C

OM

EL

EC

TP

T a

nd

F D

elav

eau T

CS

- 2

017M

Ay 0

4 :

"P

hysi

cal

Lay

er S

ecuri

ty –

Tec

hno

log

ies

and

Per

spec

tives

"

Sourc

e –

pro

ject P

HY

LA

WS

funded b

y EC

-FP

7-IC

T-2

01

1-8

GN

317

562


C1- Quantification

(≈ multipath demodulation)

• Objective: generate key bits by « demodulating »

the complex coefficients of the channel estimates

C2- Reconciliation ≈ error correction

of key bits (see details in annex)

• Objective: correct false key bits

between Alice and Bob

• Exchange of public sketch + code

classical decoding

C3- Secrecy amplification (see details in annex)

• Objective: mitigate any added

information disclosure to Eve

• Classical processing in

cryptology: hash function

• Key length reduction

C4- Metrics/controls of keys

(see details in Phylaws D4.5 and D3.5)

• Objective: estimate the key entropy

=> Classical cryto. test:

NIST,

Intel RNG health control

• Control the mutual information of Eve

=> Learning of the radio environment

• Equiprobable Quantization Maps significantly reduces

error risks at map borders (case of low SNR)

• Map index is transmitted but symbol is not

• When amplitude + phase demodulation (CSI)

• Random richness is optimal

• Channel Quantization Alternate algo. (Wallace)

• When amplitude demodulation only (RSSI)

• Processing is robust

• Random richness is poor

Core processing (any channels)


Alice and Bob compute Quantization maps QMA_0 and QMA_1

Then A choses bit value 00 and informs B about her map (QMA_1)

Thus B even choses symbol 00 on map QMA_1

CQA

Case

M=4

CQA

Case

M=16

22 / 22 / C

OM

EL

EC

TP

T a

nd

F D

elav

eau T

CS

- 2

017M

Ay 0

4 :

"P

hysi

cal

Lay

er S

ecuri

ty –

Tec

hno

log

ies

and

Per

spec

tives

"

Sourc

e –

pro

ject P

HY

LA

WS

funded b

y EC

-FP

7-IC

T-2

01

1-8

GN

317

562


Indoor classroom

12

7 k

ey

Bit

s

LTE indoor 2645 MHz

Classroom

fixed position

49 Keys in 5s

22

Indoor office

12

7 B

its

Wifi 2400 MHz Indoor

fixed LOS 152 Keys in 2s

12

7 k

ey

Bit

s

12

7 k

ey

Bit

s

Wifi 2400 MHz Indoor. Slight

mobile NLOS 171 Keys in 2s

Indoor office Outdoor Street

LTE 800 MHz Urban Street 348 Keys in 5s

LTE 2600 MHz Urban Street 284 Keys in 5s

12

7 k

ey

Bit

s

12

7 k

ey

Bit

s

EVEN IN THE MOST

DIFFICULT CASE,

SKG WORKS WELL.

Wifi and LTE results

SKG based on CSI

Generated Keys

Secret Key Generation (SKG) – Experiments Single sense Experiments for LTE-TDD and Wifi

23 / 23 / C

OM

EL

EC

TP

T a

nd

F D

elav

eau T

CS

- 2

017M

Ay 0

4 :

"P

hysi

cal

Lay

er S

ecuri

ty –

Tec

hno

log

ies

and

Per

spec

tives

"

Sourc

e –

pro

ject P

HY

LA

WS

funded b

y EC

-FP

7-IC

T-2

01

1-8

GN

317

562


NIST Runs tests

Determines whether the oscillation between

0s and 1s is too fast or too slow.

NIST frequency monobit tests

Determines whether the numbers of 0s and 1s in

the key are approximately the same as would be

expected for a truly random sequence.

LTE Indoor

(2.6GHz)

Outdoor

(2.6GHz)

Quantization only 98%

(48/49)

99%

(281/284)

Quant+Reconciliation

+Amplification

100%

(49/49)

100%

(284/284)

LTE Indoor

(2.6GHz)

Outdoor

(2.6GHz)


(13/49)

80%

(228/284)

Quant+Reconciliation

+Amplification

100%

(49/49)

100%

(284/284)

WIFI indoor LOS

(2.4 GHz)

NLOS

(2.4 GHz)

Quantization 87%

(132/152)

100%

(171/171)

Quant+Reconciliati

on +Amplification

99%

(151/152)

100%

(171/171)

WIFI Indoor LOS

(2.4 GHz)

NLOS

(2.4 GHz)


(128/152)

99%

(169/171)

Quant.+Reconcilia

tion +Amplification

98%

(149/152)

99%

(170/171)

How PHYSEC can help security, identity authentication, confidentiality Single sense Experiments for LTE-TDD and Wifi

Secret Key Generation (SKG) – Experiments

Wifi and LTE results SKG based on CSI: Quality test of Generated keys

24 / 24 / C

OM

EL

EC

TP

T a

nd

F D

elav

eau T

CS

- 2

017M

Ay 0

4 :

"P

hysi

cal

Lay

er S

ecuri

ty –

Tec

hno

log

ies

and

Per

spec

tives

"

Sourc

e –

pro

ject P

HY

LA

WS

funded b

y EC

-FP

7-IC

T-2

01

1-8

GN

317

562


Eve Alice

Bob

Rx E Tx A

Rx B

4 Wifi antenna - Gain 2 dBi

Omnidirectional in azimuth

Host

board

B- Parameters :

• 200 captures FWD+RTN each 60 ms

• 8 captures 1 entry for SKG (25 key

computations)

• Quantif. Ampl + Phase on 4 bits

=> 228 keys of 127 bits each

=> 114 keys of 256 bits each

• Reconciliation: BCH (127;29)

• Amplification: Hash 2 Universe.

Secret Key Generation (SKG) – Experiments Dual sense Wifi experiments 2.4 GHz - LOS geometry

A- Line Of Sight geometry

Chipset 4x4 MIMO

Wifi 802.11n/ac

C- following results for configuration ”low dist.”

SKG under Wifi devices

25 / 25 / C

OM

EL

EC

TP

T a

nd

F D

elav

eau T

CS

- 2

017M

Ay 0

4 :

"P

hysi

cal

Lay

er S

ecuri

ty –

Tec

hno

log

ies

and

Per

spec

tives

"

Sourc

e –

pro

ject P

HY

LA

WS

funded b

y EC

-FP

7-IC

T-2

01

1-8

GN

317

562


Propagation Amplitude reciprocity OK and secret ≈ OK

Secrecy Default

Importance

of privacy

amplification

( spreading

of Eve’s

errors

on key bits)


26 / 26 / C

OM

EL

EC

TP

T a

nd

F D

elav

eau T

CS

- 2

017M

Ay 0

4 :

"P

hysi

cal

Lay

er S

ecuri

ty –

Tec

hno

log

ies

and

Per

spec

tives

"

Sourc

e –

pro

ject P

HY

LA

WS

funded b

y EC

-FP

7-IC

T-2

01

1-8

GN

317

562


Propagation Phase reciprocity ≈ OK and secret OK


Reciprocity

Default

Importance

of reconci-

liation

( error

correction

on key bits

computed

by Alice

and Bob)

27 / 27 / C

OM

EL

EC

TP

T a

nd

F D

elav

eau T

CS

- 2

017M

Ay 0

4 :

"P

hysi

cal

Lay

er S

ecuri

ty –

Tec

hno

log

ies

and

Per

spec

tives

"

Sourc

e –

pro

ject P

HY

LA

WS

funded b

y EC

-FP

7-IC

T-2

01

1-8

GN

317

562


Min-entropy estimates

Alice Bob Eve

Most common value

estimate 0.95 0.95 0.93

Collision estimate 0.18 0.18 0.17

Markov estimate 0.34 0.36 0.33

Compression estimate 0.22 0.22 0.21

Min-entropy 0.18 0.18 0.17

Mutual information

estimates

Alice -

Bob

Alice -

Eve

Bob -

Eve

Most common value

estimate 0.91 0.31 0.32

Collision estimate 0.22 0.15 0.15

Markov estimate 0.46 0.32 0.32

Compression estimate 0.30 0.19 0,19

Min mutual information 0.22 0.15 0.15

Max mutual information 0.91 0.32 0.32

Min-entropy

estimates

of Wifi

radio channels

Mutual information

estimates

of Wifi

radio channels (more details in Phylaws

D4.5 and D3.5)

Ensure the capability

of computing secret key

which remain private

when facing Eve


28 / 28 / C

OM

EL

EC

TP

T a

nd

F D

elav

eau T

CS

- 2

017M

Ay 0

4 :

"P

hysi

cal

Lay

er S

ecuri

ty –

Tec

hno

log

ies

and

Per

spec

tives

"

Sourc

e –

pro

ject P

HY

LA

WS

funded b

y EC

-FP

7-IC

T-2

01

1-8

GN

317

562


Key bit errors between A and B after

each step:

0 50 100 150 200 2500

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

key block number

Mis

matc

h

quantization

reconciliation

amplification

0 50 100 150 200 2500

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

key block number

BE

R

quantization

reconciliation

amplification

Key bit errors between A and E

after each step:

Keys perfectly shared

betwwen A and B

Keys secret for E

─ Quantification (error 10%)

o Reconciliation (error 0% )

+ Amplification (error 0%)

─ Quantification (error 40 %)

o Reconciliation (error 50%)

+ Amplification (error 50%)


29 / 29 / C

OM

EL

EC

TP

T a

nd

F D

elav

eau T

CS

- 2

017M

Ay 0

4 :

"P

hysi

cal

Lay

er S

ecuri

ty –

Tec

hno

log

ies

and

Per

spec

tives

"

Sourc

e –

pro

ject P

HY

LA

WS

funded b

y EC

-FP

7-IC

T-2

01

1-8

GN

317

562

COMELEC Seminar - 04 May 2017 Telecom Paris Tech P.29

Estimation of key randomness

228 keys of 127 bits each

20 40 60 80 100 120 140 160 180 200 220

20

40

60

80

100

120

20 40 60 80 100 120 140 160 180 200 220

20

40

60

80

100

120

o After reconciliation

Keys are approximately random

o After amplification

Estimation of key randomness

228 keys of 127 bits each

Keys are perfectly random


30 / 30 / C

OM

EL

EC

TP

T a

nd

F D

elav

eau T

CS

- 2

017M

Ay 0

4 :

"P

hysi

cal

Lay

er S

ecuri

ty –

Tec

hno

log

ies

and

Per

spec

tives

"

Sourc

e –

pro

ject P

HY

LA

WS

funded b

y EC

-FP

7-IC

T-2

01

1-8

GN

317

562


Number of 127-bits keys with successfull NIST

“mono-bit frequency test” good statistical results

0 5 10 15 20 250

1

2

3

4

5

6

7

8

9

10

11

12

after quantization

after amplification

Number of 127-bits keys with successfull INTEL

“Intel Health Check ” good statistical results

0 5 10 15 20 250

1

2

3

4

5

6

after quantization

after amplification

Number of 256-bits keys recovered by Bob and Eve

Key Agreement is perfect - key secrecy is perfect

0 5 10 15 20 250

1

2

3

4

5

6

Bob

Eve

Number of 127-bits keys with successfull NIST

“run test” good statistical results

0 5 10 15 20 250

1

2

3

4

5

6

7

8

9

10

11

12

after quantization

after amplification


31 / 31 / C

OM

EL

EC

TP

T a

nd

F D

elav

eau T

CS

- 2

017M

Ay 0

4 :

"P

hysi

cal

Lay

er S

ecuri

ty –

Tec

hno

log

ies

and

Per

spec

tives

"

Sourc

e –

pro

ject P

HY

LA

WS

funded b

y EC

-FP

7-IC

T-2

01

1-8

GN

317

562


Artificial Noise and Beam Forming – Principle and simulation

0 2 4 6 8 10 12 14 160

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

Average SNR [dB]

PE

R

Bob MCS = 1

Bob MCS = 2

Bob MCS = 3

Eve MCS = 1

Eve MCS = 2

Eve MCS = 3

Wifi simulations (Packet error rate)

1/ Alice has four antennas and emits one

802.11n data stream and three noise streams

2/ Bob and Eve have respectively 2 and 4

antennas, with the same receiving capabilities - Dash line: Packet Error Rate of Eve vs SNR

- Solid line: Packet Error Rate of Bob vs SNR

- Color: Modulation and coding Scheme (MCS)

BOB

EVE

General principle in MIMO Tx-Tx

1/ Extract the Alice-Bob Channel matrix (CIR or CFR)

and its orthogonal directions

2/ Transmit noise streams on orthogonal directions.

Eve cannot estimate the legitimate CIR, she is thus

forced into low Signal to Noise Ratio (SNR).

3/ Beam-form of the Alice-Bob data stream for Bob to

maximize link budget.

Jammed

zone

Beam-Formed

clean zone

BOB

User

Data

stream

ALICE

Noise

Stream

EVE 1

EVE 2 Noise

Stream

Wifi Case – Principle and illustrations

Radio advantage built with Artificial Noise + Beam forming

32 / 32 / C

OM

EL

EC

TP

T a

nd

F D

elav

eau T

CS

- 2

017M

Ay 0

4 :

"P

hysi

cal

Lay

er S

ecuri

ty –

Tec

hno

log

ies

and

Per

spec

tives

"

Sourc

e –

pro

ject P

HY

LA

WS

funded b

y EC

-FP

7-IC

T-2

01

1-8

GN

317

562


Wifi Case – Implantation and experiments

Radio advantage built with Artificial Noise + Beam Forming

AN-BF and Radio Advantage Results AN-BF Implantations

L-STF

8 ms

VHT-STF

4 ms

L+VHT SIG

12 ms

VHT-LTF-1

3.2 ms

L-LTF

8 msGI GI

VHT-LTF-2

3.2 msGI

VHT-LTF-3

3.2 msGI

VHT-LTF-4

3.2 msDATA PAYLOAD

Alice FFT Window

Bob FFT Window

Symbol Timing Offset

• Alice has four TX antennas and emits

one 802.11ac data stream and three

noise streams

• Bob is a single to four antenna device

• Radio advantage is normalized to a

single antenna Eve

• AN is applied on data portion of frame

only

o AN applied on MAC header (not

protected by WPA/WEP) =>

privacy protection and defense

from MAC spoofing

• Simulations are based on fixed point

model of the Testbed, and includes all

protocol and implementation losses

AN-BF is

applied here

Equal power of user data steam and noise stream

Signal to Artifical Noise ratio = 0 dB

Signal to Interf + Noise ratio at Bob is 6,5 dB

Radio advantage / Eve is 7 dB

33 / 33 / C

OM

EL

EC

TP

T a

nd

F D

elav

eau T

CS

- 2

017M

Ay 0

4 :

"P

hysi

cal

Lay

er S

ecuri

ty –

Tec

hno

log

ies

and

Per

spec

tives

"

Sourc

e –

pro

ject P

HY

LA

WS

funded b

y EC

-FP

7-IC

T-2

01

1-8

GN

317

562


Focus on SC principle

A- Preliminary Radio advantage

• Objective: provide at better capacity at Bob‟s

side than at Eve‟s side

• Simple cause of single path channel +

Gaussian additive noise + interference:

Radio advantage: (SINR)B,dB - (SINR)E,dB

Secrecy capacity: CSEC=

CSEC = log2[[1+10((SINR)B,dB)/10]/[1+10((SINR)E,dB)/10]

B- Objective of the secrecy codes

• correct bit errors between Alice and

Bob

• warranty null information leakage

towards Eve

• Condition: rate less than CSEC.

C- Practical secrecy coding scheme

developed in Phylaws WP4

• Concatenation of two codes

A usual Inner FEC Code: able to

provide sufficient error correction

capability when facing any kind of

realistic radio channel

An added Outer Code (nested polar or

Reed Muller) able to provide secrecy

• The result is a sub-optimal scheme

which is close to the optimum

𝑩 Outer

Encoder

Inner FEC

Encoder Radio

Channel

FEC

Decoder

Outer

Decoder 𝑩

AWGN

SISO

MIMO

BSC

like Signal Modulator

Signal Demodulator

Equalizer

AWGN

like

𝑺 𝑿 𝑴 𝑴

• One practical mean for achieving the radio

advantage is Artificial Noise and Beam Forming • See the previous slide

• Eve is forced into low SNR radio because of

interference from Alice (see previous slide)

• Thanks for the Beam-Forming Bob keeps a

high SINR radio (see previous slide)

at Bob‟s Rx at Eve‟s Rx

at Bob‟s Rx at Eve‟s Rx

Our particular implantation

Secrecy Coding under radio advantage

34 / 34 / C

OM

EL

EC

TP

T a

nd

F D

elav

eau T

CS

- 2

017M

Ay 0

4 :

"P

hysi

cal

Lay

er S

ecuri

ty –

Tec

hno

log

ies

and

Per

spec

tives

"

Sourc

e –

pro

ject P

HY

LA

WS

funded b

y EC

-FP

7-IC

T-2

01

1-8

GN

317

562


-1 0 1 2 3 4 5 6 7

100

SINR (in dB)

BE

R o

f U

D b

its

10-1

10-2

10-3

10-4

10-5

10-6

LDPC decoder

Polar, SC1 rate: 0.4



RM, SC4 rate: 0.33

RM, SC5 rate: 0.25

BER -> 0.2

BER = 0.5 Focus on SC – Implantaion and simulation

𝑿 Polar

or RM

outer encoder

FEC

inner encoder

Radio

Channel

FEC

inner decoder

Polar

or RM outer

decoder

𝑿

Target BER for

Bob

Bob‟s

side

Bob‟s

side

Coding schemes SC 1 SC 2 SC 3 SC 4 SC 5

Inner code LDPC code of length 1296 and rate 5/6 defined in

the 802.11 standard

Outer code PC PC PC RMC RMC

Eves’s target rate 0.1 0.1 0.1 0.05 0.05

Bob’s target rate 0.6 0.5 0.4 0.5 0.4

R bits,

UD bits,

P bits

102,

512,

410

102,

409,

513

102,

307,

615

56,

430,

538

56,

330,

638

Theoretical Secret

rate 0.5 0.4 0.3 0.45 0.35

Secret Bits Rate 0.4 0.33 0.24 0.33 0.25

Target BER for

Eve

Eves‟

side

Eves‟

side

Ex

am

ple

with

SC

5

Radio Advantage

Received image around

SINREve=2 dB targeted

for BEREve=0.5

Received image for

SINRuser = SINREve + 1 dB

BEREve=0.3

Received image for

SINRbob SINRbob =4.7 dB

targeted for BERBob= 5 10-5

Received image for

SINRuser = SINRbob – 1.5 dB

BERBob=0.04

2,7 dB

Low SINREve BER = 0.2: information leackage remains

Low SINREve BER = 0.5: no more information leackage

Our particular implantation


35 / 35 / C

OM

EL

EC

TP

T a

nd

F D

elav

eau T

CS

- 2

017M

Ay 0

4 :

"P

hysi

cal

Lay

er S

ecuri

ty –

Tec

hno

log

ies

and

Per

spec

tives

"

Sourc

e –

pro

ject P

HY

LA

WS

funded b

y EC

-FP

7-IC

T-2

01

1-8

GN

317

562


NLOS GEOMETRY



LOS GEOMETRY

36 / 36 / C

OM

EL

EC

TP

T a

nd

F D

elav

eau T

CS

- 2

017M

Ay 0

4 :

"P

hysi

cal

Lay

er S

ecuri

ty –

Tec

hno

log

ies

and

Per

spec

tives

"

Sourc

e –

pro

ject P

HY

LA

WS

funded b

y EC

-FP

7-IC

T-2

01

1-8

GN

317

562


NLOS Geometry – middle distance Bob-Eve with respect to previews slides

Several Wifi Modulation and Coding Schemes (MCS)

Values of AN to User Data power tuned to MCS (aSIR,Alice,Tx = 0.1, 0.25, 0.25, 0.5, 0.75)

Plots show conventional-coded (blue) and Secret-Coded BER (red) Wifi packets

Note that ~50% BER (after SC red curves) is consistent with ultimate “semantic” security ,

with low variance between frames “perfect” secrecy is experimentally proven

Outer code built with nested Reed Muller Codes

0 50 100 1500

10

20

30

40

50

60

Packet Index

BE

R (

%)

MCS 4 / alpha = 0.75

0 50 100 1500

10

20

30

40

50

60MCS 5 / alpha = 0.5

Packet Index

BE

R (

%)

0 50 100 1500

10

20

30

40

50

60MCS 6 / alpha = 0.25

Packet Index

BE

R (

%)

0 50 100 1500

10

20

30

40

50

60MCS 7 / alpha = 0.1

Packet Index

BE

R (

%)

Uncoded

RM Code

------ Channel code

------ Secrecy code

------ Channel code

------ Secrecy code

------ Channel code

------ Secrecy code

------ Channel code

------ Secrecy code

0 50 100 1500

10

20

30

40

50

60

Packet Index

BE

R (

%)


0 50 100 1500

10

20

30

40

50

60

Packet Index

BE

R (

%)

MCS 5 / alpha = 0.5

0 50 100 1500

10

20

30

40

50

60

Packet Index

BE

R (

%)


0 50 100 1500

10

20

30

40

50

60

Packet Index

BE

R (

%)

MCS 7 / alpha = 0.1

Uncoded

Polar Code

Outer code built with nested Polar Codes

------ Channel code

------ Secrecy code

------ Channel code

------ Secrecy code

------ Channel code

------ Secrecy code

------ Channel code

------ Secrecy code



37 / 37 / C

OM

EL

EC

TP

T a

nd

F D

elav

eau T

CS

- 2

017M

Ay 0

4 :

"P

hysi

cal

Lay

er S

ecuri

ty –

Tec

hno

log

ies

and

Per

spec

tives

"

Sourc

e –

pro

ject P

HY

LA

WS

funded b

y EC

-FP

7-IC

T-2

01

1-8

GN

317

562


Synthesis of PHYSEC schemes for air interface security

Scheme Techn. Status Requirement Secrecy efficiency RAT application

Technological maturity and application perspectives

38 / 38 / C

OM

EL

EC

TP

T a

nd

F D

elav

eau T

CS

- 2

017M

Ay 0

4 :

"P

hysi

cal

Lay

er S

ecuri

ty –

Tec

hno

log

ies

and

Per

spec

tives

"

Sourc

e –

pro

ject P

HY

LA

WS

funded b

y EC

-FP

7-IC

T-2

01

1-8

GN

317

562


Thank you for your attention

Find more information on our website

www.phylaws-ict.org




39 / 39 / C

OM

EL

EC

TP

T a

nd

F D

elav

eau T

CS

- 2

017M

Ay 0

4 :

"P

hysi

cal

Lay

er S

ecuri

ty –

Tec

hno

log

ies

and

Per

spec

tives

"

Sourc

e –

pro

ject P

HY

LA

WS

funded b

y EC

-FP

7-IC

T-2

01

1-8

GN

317

562


ANNEXES

Physec: wiretap channel , theoretical basics, Eve’s model

More about Secure Pairing

Building of the generic UHF single sense test bed

Measuring the CFR of OFDM wave forms with the generic UHF single sense

test bed

Building of the dedicated Wifi Demonstrator

Development of the CSI extraction in to the dedicated Wifi Demonstrator

Development of the SKG into the dedicated Wifi Demonstrator

Performance of the AN into the dedicated Wifi Demonstrator

Performance of the SC into the dedicated Wifi Demonstrator

40 / 40 / C

OM

EL

EC

TP

T a

nd

F D

elav

eau T

CS

- 2

017M

Ay 0

4 :

"P

hysi

cal

Lay

er S

ecuri

ty –

Tec

hno

log

ies

and

Per

spec

tives

"

Sourc

e –

pro

ject P

HY

LA

WS

funded b

y EC

-FP

7-IC

T-2

01

1-8

GN

317

562


Alice

Bob

Eve

Signal

Noise

Signal

Noise

SK

Memory-less

Source Data Blocks length K

Entropy:

(instantaneous)

HS=H(SK)/K

ALICE

Transmits

signal block XN

Coding rate: K/N

BOB

Receives

signal YN

decodes

Csh (A->B) = Sup {I(XN;YN) ; PXN}

Legitimate Channel: FWD Alice to Bob: h(A->B) ;

RTN (Bob to Alice ): h(B->A)

S’K ^

Mutual information:

I(XN;YN) ≤ Csh (A->B)

Perfect secrecy is

I(XN;YN) ↑ Csec (A->B)

Csh (A->E) = Sup {I(XN;YN) ; PXN}

EVE

Intercepts

signal ZN

decodes

Passive Attacker Channel: FWD Alice to Eve: h(A->E)

FWD Bob to Eve: h(B->E)

S’’K ^

Equivocation

∆=H(SK/ZN)/K

Information leakage

I(SK;ZN) ≥ 0

Perfect secrecy:

∆=H(S)I(SK;ZN) = 0

T.M. Cover and J.A. Thomas, Elements of Information Theory. New York: Wiley, 1991.

M.Bloch and J.Barros, "Physical layer security - from information theory to security engineering," Cambridge University Press, 2011

Physec: Wiretap channel

ANNEX

41 / 41 / C

OM

EL

EC

TP

T a

nd

F D

elav

eau T

CS

- 2

017M

Ay 0

4 :

"P

hysi

cal

Lay

er S

ecuri

ty –

Tec

hno

log

ies

and

Per

spec

tives

"

Sourc

e –

pro

ject P

HY

LA

WS

funded b

y EC

-FP

7-IC

T-2

01

1-8

GN

317

562


III/

II/

I/

II/

III/

T.M. Cover and J.A. Thomas, Elements of Information Theory. New York: Wiley, 1991.

M.Bloch and J.Barros, "Physical layer security - from information theory to security engineering," Cambridge University Press, 2011

=> at Eve’s side

- Equivocation is ∆=H(SK/ZN)/K (uncertainty remaining at Eves side / her observation Z)

- Information leakage is I(SK;ZN) ≥ 0

- Perfect secrecy means ∆=H(S) I(SK;ZN) = 0

(total uncertainty no information whatever is Eve’s observation Z)

Physec: theoretical basics

ANNEX

I’/ Min-entropy Hmin(X) : most conservative measure of the uncertainty of a set of X samples Hmin(X) is experimentally computatble with NIST estimators (see ref) and Hmin(X) H(X)

III’/ Min mutual information is also approximately estimated from the min-entropy Hmin(X) : 𝐼𝑚𝑖𝑛 𝐴, 𝐵 = 𝐻𝑚𝑖𝑛 𝐴 + 𝐻𝑚𝑖𝑛 𝐵 − 𝐻𝑚𝑖𝑛 𝐴, 𝐵

42 / 42 / C

OM

EL

EC

TP

T a

nd

F D

elav

eau T

CS

- 2

017M

Ay 0

4 :

"P

hysi

cal

Lay

er S

ecuri

ty –

Tec

hno

log

ies

and

Per

spec

tives

"

Sourc

e –

pro

ject P

HY

LA

WS

funded b

y EC

-FP

7-IC

T-2

01

1-8

GN

317

562


IV/ HOW PERFECT SECRECY CAN BE ACHIEVED WITH SECRET CODES ∆=HS I(SK;ZN) ≡ 0

=> Secrecy capacity Csec(A->B/E) achieves Max {I(XN;YN )

over X distribution PX and over constraint ∆ = HS

=> In practice achieving secrecy requires a “radio-channel advantage”, i.e. :

Csh(A->B) > Csh(A->E) (AWGN case : SNRB > SNRE)

=> under the previous conditions and some (very general) symmetry assumptions

Csec(A->B/E) = Csh(A->B) - Csh(A->E)

≤ Csh(A->B) Illustration of (weak) secrecy (QAM)

16 QAM symbol = 4 bits x‟y‟x‟‟ y‟‟ beeing „‟0‟‟ ou „‟1‟‟

Worst protected bits : x‟ y‟ quadran designation

Best protected bits : x‟‟ y‟‟ symbol in the quadran x‟y‟x‟‟y‟‟

Aaron Wyner. The Wire-Tap Channel". In: Bell Syst. Tech. J. 54.8 (Oct. 1975),

pp. 1355{1387).

Leung Yan Cheong and Martin Hellman. \The Gaussian Wire-Tap Channel". In:

IEEE Trans. Inform. Theory 24 (1978), pp. 451{456.

Frederique Oggier, Patrick Sole, and Jean-Claude Belore. \Lattice Codes for the

Wiretap Gaussian Channel: Construction and Analysis". Mar. 2011.

=> Existence of secrecy codes is proven,

but proof is not constructive

=> the key for achieving secrecy coding is

- the existence of sub-codes

in the channel codes

- the suitable mapping

of bits to be protected


ANNEX

43 / 43 / C

OM

EL

EC

TP

T a

nd

F D

elav

eau T

CS

- 2

017M

Ay 0

4 :

"P

hysi

cal

Lay

er S

ecuri

ty –

Tec

hno

log

ies

and

Per

spec

tives

"

Sourc

e –

pro

ject P

HY

LA

WS

funded b

y EC

-FP

7-IC

T-2

01

1-8

GN

317

562


V/ HOW SECRET KEYS OF SIGNIFICANT LENGTH CAN BE GENERATED

=> known Channel Quantization Algorithm (CQA) based on RSSI (Received Signal Strength Indication)

based on CSI (Channel State Information) : ampl. and phase of paths

Number of generated bits:

𝐼𝐾 = 𝐼 ℎ(𝐴→𝐵) ; ℎ(𝐵→𝐴)

in case of reciprocal channels

(ℎ(𝐴→𝐵) = ℎ(𝐵→𝐴)), IK = H h𝐴→𝐵

Number of secure bits:

𝐼𝑆𝐾 = 𝐼(ℎ𝐴→𝐵 ; ℎ𝐵→𝐴|h𝐴→𝐸 , ℎ𝐵→𝐸)

Number of non-secure bits:

𝐼𝑉𝐾 = 𝐼𝐾 - 𝐼𝑆𝐾

Illustration of SKG scenario

with « disk distributed scatters »

Antenna number

U.Maurer, "Secret key agreement by public discussion from

common information," IEEE Transactions on Information Theory,

1993, pp. 733-742.

J. Wallace and R. Sharma, "Automatic secret keys from reciprocal

MIMO wireless channels: measurement and analysis," IEEE Trans.

Inf. Forensics and Security, vol. 5, no. 3, pp. 381-392, Sep. 2010.


ANNEX

44 / 44 / C

OM

EL

EC

TP

T a

nd

F D

elav

eau T

CS

- 2

017M

Ay 0

4 :

"P

hysi

cal

Lay

er S

ecuri

ty –

Tec

hno

log

ies

and

Per

spec

tives

"

Sourc

e –

pro

ject P

HY

LA

WS

funded b

y EC

-FP

7-IC

T-2

01

1-8

GN

317

562


Passive Eve - Short model description:

Eve’s procedures

- Aware about the standard, sometimes about subscriber keys

- Records all signal

- demodulates and decodes signalling and data messages between Alice and Bob

- does not emit any signal

Eve’s limits / drawbacks

- cannot influence the legitimate exchanges

- Very sensitive to radio propagation and poor energy budget

Eve’s advantages

- no real-time constraints of any kind

Major risks for legitimates

Monitoring of 2G (A5-1/2 A8 A3) and WLAN (WEP and WPA - WPA2 in question )

In 3G 4G, maximal risk occurs when Eve is informed about their Subscribers keys (Ki on

SIM, K on USIM, etc.) and can also compute off-line the complete legitimate data.

NOTE: Such risks illustrate the limits the current approach of public wireless security based

only on cryptographic key distribution..

Physec: Eve‟s models

ANNEX

45 / 45 / C

OM

EL

EC

TP

T a

nd

F D

elav

eau T

CS

- 2

017M

Ay 0

4 :

"P

hysi

cal

Lay

er S

ecuri

ty –

Tec

hno

log

ies

and

Per

spec

tives

"

Sourc

e –

pro

ject P

HY

LA

WS

funded b

y EC

-FP

7-IC

T-2

01

1-8

GN

317

562


“Intelligent Jamming” Eve (IJ) - Short model description:

Eve’s procedures

- Partially aware of the legitimate protocol

- Informed about dedicated sequences between Alice and Bob in signalling and in negotiation

(for example the authentication protocol, the CSI protocol and the relevant messages).

- Dedictée jamming influences the radio access protocol of legitimate users, especially at the

negotiation stage.

- Deny high level services such as 3G and 4G, highest data rates, MIMO RATs enabling, etc.

Eve’s limits / drawbacks

- Uite accurate Synchronization is needed at legitimate frame/protocol/target messages

Eve’s advantages

- Jamming only, no necessity for demodulation nor modulation of Rx Tx signals

- Jams only few messages with dedicated signals => short time, furtive, low mean power

- No significant real time constraints (propagation time can be easily anticipated when synchro. is OK).


- Deny 3G and 4G in order to force 2G,

- Deny high level services such as highest data rates, MIMO RATs enabling, Chan. State Information,

Artificial Noise + beam Forming enabling, SKG and SC, even cipher enabling in some cases…

- Forcing into a less secure protocol, then monitoring in passive mode.


ANNEX

46 / 46 / C

OM

EL

EC

TP

T a

nd

F D

elav

eau T

CS

- 2

017M

Ay 0

4 :

"P

hysi

cal

Lay

er S

ecuri

ty –

Tec

hno

log

ies

and

Per

spec

tives

"

Sourc

e –

pro

ject P

HY

LA

WS

funded b

y EC

-FP

7-IC

T-2

01

1-8

GN

317

562


“Man-In-The-Middle” Eve (MITM) - Short model description:

Eve’s procedures

- Aware bout the complete legitimate protocol

- Intercepts, processes, replays exchanged messages between Alice and Bob,

- Impersonate legitimate Tx (and even operators) and / or spoofs legitimate Rx messages, in

order to overpass the authentication, to modify the computation of cipher keys, etc.

Eve’s limits / drawbacks - Very sensitive to network engineering conditions (power of impersonated BS versus power of Eve‟s TX)

- Very sensitive to radio conditions (receiving part of Eve), while Eve cannot achieve the control of legitimate

transmit power

- Maximal real time constraints

- Highest complexity: accurate synchronization is needed at legitimate protocol/frame/messages, real time

demodulation and modulation of Rx Tx signals are required, etc.

- when impersonating or spoofing is partial MITM may be very indiscrete (“basic” IMSI catchers)

Eve’s advantages

- Complete control of the legitimate protocol : authentication, ciphering, subscriber data, etc.


• Robbery of Subscriber data (IMSI, Agendas etc.)

• Full monitoring of exchanged data (access and on-going communication)

• Deny of any kind of communication services


ANNEX

47 / 47 / C

OM

EL

EC

TP

T a

nd

F D

elav

eau T

CS

- 2

017M

Ay 0

4 :

"P

hysi

cal

Lay

er S

ecuri

ty –

Tec

hno

log

ies

and

Per

spec

tives

"

Sourc

e –

pro

ject P

HY

LA

WS

funded b

y EC

-FP

7-IC

T-2

01

1-8

GN

317

562


Built with wide band low DSP Direct Spread Sequences signals (DSSS)

FWD and RTN Under beacon frequencies/msgs Ssig => Self interfered

=> negative « tag to Signal + noise » ratio

A- Building – Relevant Radio parameters

Dominant

Signal ssig

Total Signal ssig + ttag + nnoise

Noise level

Tag Signal ttag freq.

Power

SNR

TSR Tag to Signal Ratio

TSNR at Input Tag to Signal + Noise Ratio

Signal and Noise

ssig + nnoise

Tag Signals (TS) – building and processing


B- Processing = Matched filtering CIR est. No RAKE

Unauthorized Rx:

no tag detection, no CIR

“Authorized” Rx: tag detection + CIR estimation

Detection

threshold

Output detection criteria

TSNR’

= Output

Tag to Signal

+ Noise Ratio

Optimal time resolution for accurate CIR estimation

DSSS codes change fast and the chose is made adaptively dependent on channel measurement

ANNEX

48 / 48 / C

OM

EL

EC

TP

T a

nd

F D

elav

eau T

CS

- 2

017M

Ay 0

4 :

"P

hysi

cal

Lay

er S

ecuri

ty –

Tec

hno

log

ies

and

Per

spec

tives

"

Sourc

e –

pro

ject P

HY

LA

WS

funded b

y EC

-FP

7-IC

T-2

01

1-8

GN

317

562


2) Return Tag Signal TRTN, in a public set (when USS), random time (when TJ)

After synchronizing TFWD , Bob transmits TRTN dependent on TFWD and CIRFWD

Alice estimates CIRRTN on received TRTN

4) Return TS’RTN propagation dependent

Bob transmits T’RTN dependent on estimated TFWD’ and CIR’FWD

Alice recognizes Bob by estimating CIR’RTN on received T’RTN, Eve can no more

1) Forward Tag Signal TFWD, in a public set (when USS), random time (when TJ)

Alice transmits TFWD

Bob estimates CIRFWD on received TFWD

3) Forward T’FWD, propagation dependent

Alice transmits T’FWD dependent on TSRTN and CIRRTN

Bob recognizes Alice by estimating CIR’FWD on received T’FWD, Eve can no more

ALICE

I- SECURE PAIRING TROUGH CIR ESTIMATION WITH TAG SIGNALS

1st

IAS

2nd

IAS

BOB

II- ESTABLISHMENT OF PHYSEC SCHEME

Forward and return Secret Keys and Secrecy Codes / Artificial Noise

ALICE

BOB

Interrogation and Acknowledgement Sequences (IAS) – principle


ANNEX

Authentication, Subscriber identification, user identification etc.

49 / 49 / C

OM

EL

EC

TP

T a

nd

F D

elav

eau T

CS

- 2

017M

Ay 0

4 :

"P

hysi

cal

Lay

er S

ecuri

ty –

Tec

hno

log

ies

and

Per

spec

tives

"

Sourc

e –

pro

ject P

HY

LA

WS

funded b

y EC

-FP

7-IC

T-2

01

1-8

GN

317

562


IASs Resilience to passive Eve

EVE BOB ALICE 1) Alice transmits a first tag signal

(from a public set)

Bob dispreads and estimates the channel

2) Bob acknowledges by sending a tag signal

3) Alice acknowledges by sending a new tag signal

dependent on her channel measurement

1) Eve dispreads and estimates the channel.

Due to spatial decorrelation, Eve‟s estimation

is independent from Bob‟s one

4) Bob sends a tag signal dependent on his channel

measurement and eventually on other parameters

Establishment of a PHYSEC scheme

5) Secret Key or Secrecy coding can be added

on tag signal to enhance protection of CSI, of

auth messages and of subscriber data

3) Eve cannot follow TS exchanges as they

turn dependent on the radio-link

(she loses the capability for match filtering

and she has radio disadvantage)

?

?

5) PHYSEC scheme Eve cannot decode any

information exchanged on Alice-Bob radio link ?

=> No real need for USS and TJ at first IAS when facing Passive Eve

1st

IAS

2nd

IAS

.

.

.


ANNEX

50 / 50 / C

OM

EL

EC

TP

T a

nd

F D

elav

eau T

CS

- 2

017M

Ay 0

4 :

"P

hysi

cal

Lay

er S

ecuri

ty –

Tec

hno

log

ies

and

Per

spec

tives

"

Sourc

e –

pro

ject P

HY

LA

WS

funded b

y EC

-FP

7-IC

T-2

01

1-8

GN

317

562


IASs Resilience to MITM Eve

=> USS and TJ at first IAS make the TS DSSS codes sequences and time of emission

unpredictable for Eve

The following of the protocol is similar to passive Eve case

Tag signal mismatch + Late time of arrival of Eve’s signals are discriminant

BOB ALICE 1) Alice transmits a first tag signal

(from a public USS set and TJ set)



dependent on her channel measurement

EVE

3) Eve replays Bob‟s (or a modified version) to

impersonate him

1) Eve dispreads and estimates the channel.

Due to spatial decorrelation, Eve‟s estimation

is independent from Bob‟s one

6) Eve cannot follow message exchanges as

they turns dependent on the radio-link

2) Eve replays Alice‟s message to

impersonate Alice to Bob

2) Eve receives Bob‟s acknowledgment

• Eve tries to impersonate Alice

• Eve tries to impersonate Bob

1st

IAS

2nd

IAS

2) Bob acknowledges by sending a tag signal

(code+TJ may be dependent on his chan. MeasT - SIP)

2) Bob rejects Eve‟s attempt due to late time of arrival

(TJ) and tag signal mismatch (USS)

4) Alice rejects Eve‟s attempt due to late time of arrival

and tag signal mismatch (wrong channel estimation)

5) Bob sends a tag signal dependent on his channel

measurement and eventually on other parameters


ANNEX

51 / 51 / C

OM

EL

EC

TP

T a

nd

F D

elav

eau T

CS

- 2

017M

Ay 0

4 :

"P

hysi

cal

Lay

er S

ecuri

ty –

Tec

hno

log

ies

and

Per

spec

tives

"

Sourc

e –

pro

ject P

HY

LA

WS

funded b

y EC

-FP

7-IC

T-2

01

1-8

GN

317

562


IASs Resilience to IJ Eve

BOB ALICE 1) Alice transmits a first tag signal

(from a public USS set and TJ set)


2) Bob acknowledges by sending a tag signal with TJ

(code+TJ may be dependent on his chan. MeasT - SIP)


dependent on her channel measurement + TJ

1) Eve cannot predict Alice‟s Emission time.

Eve‟s emission is non correlated to Bob‟s

receiving

2) Bob rejects Eve‟s jamming due to bad time of arrival

and DSSS spreading factor

4) Eve can never anticipate nor synchronize

Alice‟s and Bob‟s TS

EVE

2) Eve‟s time of emission does not match to Bob‟s TS

at Alice‟s receiver => low jamming probability

3) Eve‟s signal and time of emission does not match to

Bob‟s message at Alice‟s receiver

=> very low jamming probability

4) Alice rejects Eve‟s attempt due to late time of arrival

and tag signal mismatch (wrong channel estimation)

• Eve tries to jam Alice

• Eve tries to jam Bob

1st

IAS

2nd

IAS

USS and TJ at first IAS make the code and time of Alice’s and Bob’s

emissions unpredictable for Eve

Reduced jamming probabibility of tag signals


ANNEX

52 / 52 / C

OM

EL

EC

TP

T a

nd

F D

elav

eau T

CS

- 2

017M

Ay 0

4 :

"P

hysi

cal

Lay

er S

ecuri

ty –

Tec

hno

log

ies

and

Per

spec

tives

"

Sourc

e –

pro

ject P

HY

LA

WS

funded b

y EC

-FP

7-IC

T-2

01

1-8

GN

317

562


Test bed for wireless radio Channel mesurement in real field –0.4 – 4 .4 GHz

ANNEX Building of the generic UHF single sense test bed

53 / 53 / C

OM

EL

EC

TP

T a

nd

F D

elav

eau T

CS

- 2

017M

Ay 0

4 :

"P

hysi

cal

Lay

er S

ecuri

ty –

Tec

hno

log

ies

and

Per

spec

tives

"

Sourc

e –

pro

ject P

HY

LA

WS

funded b

y EC

-FP

7-IC

T-2

01

1-8

GN

317

562

COMELEC Seminar - 04 May 2017 Telecom Paris Tech P.53

• Real field signal records and CIR extraction with the TCS test bed

• Computation of channel frequency response (CFR=FT(CSI))

• 𝑯 𝒇(𝒌) =𝒀 𝒇𝒌

𝑿 𝒇𝒌 (Y: received signal, X: reference signal)

• Suitable for OFDM waveform (LTE/WiFi)

• Example: Channel generated from Winner II Channel Model, CFR estimation on the LTF of WiFi

waveform

0 10 20 30 40 50 600

0.05

0.1

0.15

0.2

Subcarrier Index

Am

pli

tud

e

Estimated CFR

Generated CFR

ANNEX Measuring the CFR of OFDM wave forms with the generic UHF single sense test bed

Test bed for wireless radio Channel mesurement in real field –0.4 – 4 .4 GHz

54 / 54 / C

OM

EL

EC

TP

T a

nd

F D

elav

eau T

CS

- 2

017M

Ay 0

4 :

"P

hysi

cal

Lay

er S

ecuri

ty –

Tec

hno

log

ies

and

Per

spec

tives

"

Sourc

e –

pro

ject P

HY

LA

WS

funded b

y EC

-FP

7-IC

T-2

01

1-8

GN

317

562


Example of Channel Frequency Response over Wifi carrier

Even in this indoor LOS case, the spatial diversity is significant

2452 2454 2456 2458 2460 2462 2464 2466 2468 2470 247265

70

75

80

85

90

Magnitude of Channel Frequency Response over 6 antennas (WiFi)

Frequency [MHz]

Mag

nit

ud

e [

dB

]

2452 2454 2456 2458 2460 2462 2464 2466 2468 2470 2472-4

-3

-2

-1

0

1

2

3

Phase of Channel Frequency Response over 6 antennas (WiFi)

Frequency [MHz]

Ph

ase

[rd

]

Bob

Eve

Bob

Eve

Test bed for wireless radio Channel mesurement – Wifi 2.4 GHz & LTE results

Confirms previous papers

W.C. Jakes Jr., « Microwave Mobile Communiations ». Piscataway, NJ: Wiley-IEEE Press

J.Wallace and R.Sharma, “Automatic secret keys from reciprocal MIMO Wireless channels: measurement and analysis,” IEEE Trans. on info. for. and sec., September 2010


http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.96.8752

















http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=5483148&tag=1







55 / 55 / C

OM

EL

EC

TP

T a

nd

F D

elav

eau T

CS

- 2

017M

Ay 0

4 :

"P

hysi

cal

Lay

er S

ecuri

ty –

Tec

hno

log

ies

and

Per

spec

tives

"

Sourc

e –

pro

ject P

HY

LA

WS

funded b

y EC

-FP

7-IC

T-2

01

1-8

GN

317

562


Example of Channel Frequency Response over short to mean time

0 20 40 60 80 100 120 140 160 180 200

Time [ms]

Det

ecti

on

cri

teri

on

-10 -5 0 5 1040

45

50

55

60

65

Magnitude of CIR for Frame 1

Frequency [MHz]

Ma

gn

itu

de

[dB

]

-10 -5 0 5 1040

45

50

55

60

65


Frequency [MHz]

Ma

gn

itu

de

[dB

]

-10 -5 0 5 1030

35

40

45

50

55


Frequency [MHz]

Ma

gn

itu

de

[dB

]

High time diversity enables computation of good secret keys (length, randomness)

Allow to regenerate secret-key bits after 100 ms (indoor case)

Test bed for wireless radio Channel mesurement – Wifi 2.4 GHz & LTE results


56 / 56 / C

OM

EL

EC

TP

T a

nd

F D

elav

eau T

CS

- 2

017M

Ay 0

4 :

"P

hysi

cal

Lay

er S

ecuri

ty –

Tec

hno

log

ies

and

Per

spec

tives

"

Sourc

e –

pro

ject P

HY

LA

WS

funded b

y EC

-FP

7-IC

T-2

01

1-8

GN

317

562


• Wi-Fi testbed is based on Celeno’s CL2400 and CL 2442 4x4 802.11ac chipset

• SDR architecture

• DSP based PHY (OFDM and matrix manipulations engine, including all beamforming operations),

using best in class Ceva’s XC4210 DSP core (running 64 MACS at 480MHz)

• Flexible MAC based on 2 processor cores for lower and upper MAC layer

• Enables establishment of real WiFi links with 3’rd party

A/D

D/ARF

FrontEnd

PCIe Interface

Control

PCIe bus A/D

D/AA/D

D/ATx/RxRadio

802.11acUMAC CPU & Offload

802.11ac LMAC CPU

SDR -802.11ac

4T4RPHY

CL2440 802.11ac

GPIO

Channel aware scheduler Dynamic Spectrum

Analyser

HW MAC

HW Offload & AcceleratorsFEC Acc.

Time Domain Acc.

ANNEX Building of the dedicated Wifi Demonstrator

Two chip flavors: • CL2440 supporting 5GHz (80MHz channel BW)

• CL2442 supporting 2.4GHz (20/40MHz channel BW)

Global Architecture

57 / 57 / C

OM

EL

EC

TP

T a

nd

F D

elav

eau T

CS

- 2

017M

Ay 0

4 :

"P

hysi

cal

Lay

er S

ecuri

ty –

Tec

hno

log

ies

and

Per

spec

tives

"

Sourc

e –

pro

ject P

HY

LA

WS

funded b

y EC

-FP

7-IC

T-2

01

1-8

GN

317

562


Bi-Directional Channel Sounding

Alice, Bob and Eve are 4-antenna devices (all

using CL2400 4x4 chipset)

Alice and Bob exchange NDP sounding

frames (spaced 20µS in time), both are

captured by Eve

Each node estimates channel independently

Reciprocity Restoration

Channel reciprocity issues

• TX to RX analog/RF gain/phase mismatch

• Mixer phase ambiguity between antennas – 180

degrees

• AGC gain mismatch between Alice and Bob

• OFDM symbol timing mismatch (Alice and Bob

has tolerance of 0.8µS Cyclic Prefix Guard

Interval !)

Reciprocity restoration - Each channel element (out

of 4x4 channel matrix) is normalized and

compensated independently

Secret Key Generation

Shared

Channel

Reciprocity restoration, de-correlation, Quantization,

Reconciliation and Amplification are done in offline processing

ANNEX Building of the dedicated Wifi Demonstrator

58 / 58 / C

OM

EL

EC

TP

T a

nd

F D

elav

eau T

CS

- 2

017M

Ay 0

4 :

"P

hysi

cal

Lay

er S

ecuri

ty –

Tec

hno

log

ies

and

Per

spec

tives

"

Sourc

e –

pro

ject P

HY

LA

WS

funded b

y EC

-FP

7-IC

T-2

01

1-8

GN

317

562


Amplitude Phase

DUAL SENSE LEGITIMATE + EAVESDROPPER LINK

Initial CSI extraction

-200 0 200-90

-80

-70

-60

-50SS#0; Amp of H (dBm)

RX

#0

-200 0 200-10

0

10

20

30SS#0; Phase of H (rad)

-200 0 200-70

-60

-50


-200 0 200-10

0

10

20


-200 0 200-90

-80

-70

-60


-200 0 200-5

0

5

10

15


-200 0 200-90

-80

-70

-60

-50


-200 0 200-10

0

10

20


-200 0 200-90

-80

-70

-60

-50

-40

RX

#1

-200 0 200-20

-10

0

10

20

30

-200 0 200-80

-70

-60

-50

-40

-200 0 200-5

0

5

10

15

20

-200 0 200-120

-100

-80

-60

-40

-200 0 200-10

0

10

20

30

-200 0 200-100

-80

-60

-40

-200 0 200-10

0

10

20

30

-200 0 200-90

-80

-70

-60

-50

-40

RX

#2

-200 0 200-10

0

10

20

30

-200 0 200-90

-80

-70

-60

-50

-40

-200 0 200-10

0

10

20

30

-200 0 200-90

-80

-70

-60

-50

-200 0 200-5

0

5

10

15

-200 0 200-90

-80

-70

-60

-50

-40

-200 0 200-5

0

5

10

15

20

-200 0 200-100

-90

-80

-70

-60

-50

SC index

RX

#3

-200 0 200-10

0

10

20

SC index

-200 0 200-90

-80

-70

-60

-50

-40

SC index

-200 0 200-10

0

10

20

SC index

-200 0 200-90

-80

-70

-60

-50

SC index

-200 0 200-10

0

10

20

30

SC index

-200 0 200-90

-80

-70

-60

-50

-40

SC index

-200 0 200-5

0

5

10

15

20

SC index

Alice

Bob

Eve

ANNEX Development of the CSI extraction in to the dedicated Wifi Demonstrator

59 / 59 / C

OM

EL

EC

TP

T a

nd

F D

elav

eau T

CS

- 2

017M

Ay 0

4 :

"P

hysi

cal

Lay

er S

ecuri

ty –

Tec

hno

log

ies

and

Per

spec

tives

"

Sourc

e –

pro

ject P

HY

LA

WS

funded b

y EC

-FP

7-IC

T-2

01

1-8

GN

317

562


Amplitude Phase


Processing stage I+II: CFR estimation + reciprocity retauration 1st normalization stage

average gain/phase normalization and linear phase estimation and removal

-200 0 200-30

-20

-10

0

10

20SS#0; Amp of H (dBm)

RX

#0

-200 0 200-8

-6

-4

-2

0


-200 0 200-10

-5

0

5

10


-200 0 200-4

-2

0

2


-200 0 200-30

-20

-10

0


-200 0 200-6

-4

-2

0


-200 0 200-10

0

10


-200 0 200-6

-4

-2

0

2


-200 0 200-30

-20

-10

0

10

20

RX

#1

-200 0 200-15

-10

-5

0

5

-200 0 200-20

-10

0

10

20

-200 0 200-10

-5

0

5

-200 0 200-20

-10

0

10

20

30

-200 0 200-10

-5

0

5

-200 0 200-30

-20

-10

0

10

20

-200 0 200-10

-5

0

5

-200 0 200-20

-10

0

10

20

RX

#2

-200 0 200-4

-2

0

2

4

-200 0 200-20

-10

0

10

20

-200 0 200-10

-5

0

5

-200 0 200-20

-10

0

10

20

-200 0 200-15

-10

-5

0

5

10

-200 0 200-30

-20

-10

0

10

20

-200 0 200-15

-10

-5

0

5

-200 0 200-40

-30

-20

-10

0

10

SC index

RX

#3

-200 0 200-15

-10

-5

0

5

SC index

-200 0 200-20

-10

0

10

20

SC index

-200 0 200-15

-10

-5

0

5

SC index

-200 0 200-10

0

10

20

30

SC index

-200 0 200-4

-2

0

2

4

SC index

-200 0 200-30

-20

-10

0

10

20

SC index

-200 0 200-15

-10

-5

0

5

SC index

Alice

Bob

Eve


60 / 60 / C

OM

EL

EC

TP

T a

nd

F D

elav

eau T

CS

- 2

017M

Ay 0

4 :

"P

hysi

cal

Lay

er S

ecuri

ty –

Tec

hno

log

ies

and

Per

spec

tives

"

Sourc

e –

pro

ject P

HY

LA

WS

funded b

y EC

-FP

7-IC

T-2

01

1-8

GN

317

562


Amplitude Phase


Processing stage III: CFR estimation + reciprocity restauration 2nd normalization stage

-200 0 200-30

-20

-10

0


RX

#0

-200 0 200-3

-2

-1

0

1


-200 0 200-15

-10

-5

0

5


-200 0 200-2

0

2

4

6


-200 0 200-30

-20

-10

0


-200 0 200-10

-5

0


-200 0 200-30

-20

-10

0


-200 0 200-6

-4

-2

0


-200 0 200-30

-20

-10

0

10

RX

#1

-200 0 200-10

-5

0

5

-200 0 200-20

-10

0

10

-200 0 200-10

-5

0

5

10

-200 0 200-30

-20

-10

0

10

-200 0 200-10

-5

0

5

-200 0 200-30

-20

-10

0

10

-200 0 200-10

-5

0

5

10

-200 0 200-30

-20

-10

0

10

RX

#2

-200 0 200-2

0

2

4

6

8

-200 0 200-30

-20

-10

0

10

-200 0 200-6

-4

-2

0

2

4

-200 0 200-15

-10

-5

0

5

10

-200 0 200-15

-10

-5

0

5

10

-200 0 200-30

-20

-10

0

10

-200 0 200-15

-10

-5

0

5

10

-200 0 200-40

-30

-20

-10

0

10

SC index

RX

#3

-200 0 200-15

-10

-5

0

5

10

SC index

-200 0 200-30

-20

-10

0

10

SC index

-200 0 200-15

-10

-5

0

5

SC index

-200 0 200-20

-10

0

10

SC index

-200 0 200-5

0

5

10

SC index

-200 0 200-30

-20

-10

0

10

SC index

-200 0 200-15

-10

-5

0

5

10

SC index

Alice

Bob

Eve


61 / 61 / C

OM

EL

EC

TP

T a

nd

F D

elav

eau T

CS

- 2

017M

Ay 0

4 :

"P

hysi

cal

Lay

er S

ecuri

ty –

Tec

hno

log

ies

and

Per

spec

tives

"

Sourc

e –

pro

ject P

HY

LA

WS

funded b

y EC

-FP

7-IC

T-2

01

1-8

GN

317

562


ANNEX Development of the SKG into the dedicated Wifi Demonstrator

SKG – Quantization reconciliation and amplification algorythm

More info about SKG => www.phylaws-ict.org, deliverables D3.1, D4.3

1

3 2

1

2

3




62 / 62 / C

OM

EL

EC

TP

T a

nd

F D

elav

eau T

CS

- 2

017M

Ay 0

4 :

"P

hysi

cal

Lay

er S

ecuri

ty –

Tec

hno

log

ies

and

Per

spec

tives

"

Sourc

e –

pro

ject P

HY

LA

WS

funded b

y EC

-FP

7-IC

T-2

01

1-8

GN

317

562


NIST test Freq.

Monobit

Runs

After

Quantization 31/57 22/57

After

Amplification 57/57 57/57

Concatenation

of all keys after

quantization Pass Fail

SKG scheme dual sense, without channel de-correlation No Time neither Freq. de-corr.

Reconciliation FEC=BCH(15,127),

Amplification with 2-Universal

Hash

Test of key quality

Keys after quantization Keys after privacy amplification

BOB‟S

SIDE

Generation of 128 bits keys samples computed from one WiFi frame

Keys after

Quantization

Keys after

amplification

Use of dual sense CSIs: B2 Alice -> Bob and Bob -> Alice

Alice is 4 Tx/Rx antennas A1 to A4 ; Bob is 2 Antennas B1 and B2

Real part of CSI

B1

B2

A1 A2 A3 A4

B1

B2

Imaginary part of CSI


63 / 63 / C

OM

EL

EC

TP

T a

nd

F D

elav

eau T

CS

- 2

017M

Ay 0

4 :

"P

hysi

cal

Lay

er S

ecuri

ty –

Tec

hno

log

ies

and

Per

spec

tives

"

Sourc

e –

pro

ject P

HY

LA

WS

funded b

y EC

-FP

7-IC

T-2

01

1-8

GN

317

562


SKG scheme dual sense, without channel de-correlation

AT BOB’S SIDE: Near 0 BER Reconciliation + key vérification are OK

at Alice and Bob

After quantization

After reconciliation

After amplification

Bin

ary

Err

or

Ra

te

Bin

ary

Err

or

Ra

te

Test of Key agreement between Alice and Bob

0 10 20 30 40 50 600

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

key block number

BE

R

BER between Eve and Bob keys after each SKG step

quantization

reconciliation

amplification

AT EVE’S SIDE: Near 0.5 BER No information of Eve

on Alice’s and Bob’s keys

After quantization


After amplification

Test of Information leakage towards Eve


64 / 64 / C

OM

EL

EC

TP

T a

nd

F D

elav

eau T

CS

- 2

017M

Ay 0

4 :

"P

hysi

cal

Lay

er S

ecuri

ty –

Tec

hno

log

ies

and

Per

spec

tives

"

Sourc

e –

pro

ject P

HY

LA

WS

funded b

y EC

-FP

7-IC

T-2

01

1-8

GN

317

562


Keys after quantization Keys after privacy amplification

NIST test

Freq.

Monobit

Runs

After

Quantization 7/7 7/7

After

Amplification 7/7 7/7

Concatenation

of all keys after

quantization Pass Pass

Time and Freq. de-correlation.

Reconciliation FEC=BCH(15,127),

Amplification with 2-Universal Hash

Generation of 128 bits keys from

CSI samples computed from one WiFi frame

BOB‟S

SIDE

1 2 3 4 5 6 70

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

key block number

BE

R

BER between Eve and Bob keys after each SKG step

quantization

reconciliation

amplification

After quantization


After amplification

SKG scheme dual sense with channel de-correlation

BOBS’S SIDE: near 0.5 BER

=> Reconciliation + key vérification

are still OK at Alice and Bob

EVE’S SIDE: Near 0.5 BER

=> No information on Alice‟s and Bob‟s keys

Test of information leakage towards Eve

Test of Key agreement between Alice and Bob


65 / 65 / C

OM

EL

EC

TP

T a

nd

F D

elav

eau T

CS

- 2

017M

Ay 0

4 :

"P

hysi

cal

Lay

er S

ecuri

ty –

Tec

hno

log

ies

and

Per

spec

tives

"

Sourc

e –

pro

ject P

HY

LA

WS

funded b

y EC

-FP

7-IC

T-2

01

1-8

GN

317

562


0

0,05

0,1

0,15

0,2

0,25

0,3

3 4 5

perT

itle

MCS

alphaSIR,Tx,Alice= 0.0 rhoSIR,Tx,Alice = ∞

alphaSIR,Tx,Alice = 0.1 rhoSIR,Tx,Alice = 9

alphaSIR,Tx,Alice= 0.25 rhoSIR,Tx,Alice = 3

alphaSIR,Tx,Alice = 0.5 rhoSIR,Tx,Alice = 1

(no AN)

Thales Communications

Values of power ratio and Bob's PER

(Packet Error Rate) at different MCSs

Tx/Rx radio parameters

1 user and 3 noise spatial streams among 4

AN is uniformly distributed over the antennas

Table of Wifi

Modulation and Coding Scheme (MCS)

ANNEX Performance of the AN into the dedicated Wifi Demonstrator

MCS BW

MHz

Rate

Mbps

Carrie

rNb

Modulatio

n

coding

Limit of

Rx ; NR

dBm ; dB

2 20 19.5 52 +

4 QPSK ¾

-77 ; 5,5

3 20 26 52 +

4

16QAM

½

-74 ; 8,5

4 20 39 52 +

4

16QAM ¾ -70 ;

12,5

5 20 52 52 +

4

64QAM 2/3

-66 ;

16,5

> 5 20 ≥ 58 52 +

4

≥64QAM

≥¾

≤-65;

≥17.5

66 / 66 / C

OM

EL

EC

TP

T a

nd

F D

elav

eau T

CS

- 2

017M

Ay 0

4 :

"P

hysi

cal

Lay

er S

ecuri

ty –

Tec

hno

log

ies

and

Per

spec

tives

"

Sourc

e –

pro

ject P

HY

LA

WS

funded b

y EC

-FP

7-IC

T-2

01

1-8

GN

317

562


ANNEX Performance of the SC into the dedicated Wifi Demonstrator

67 / 67 / C

OM

EL

EC

TP

T a

nd

F D

elav

eau T

CS

- 2

017M

Ay 0

4 :

"P

hysi

cal

Lay

er S

ecuri

ty –

Tec

hno

log

ies

and

Per

spec

tives

"

Sourc

e –

pro

ject P

HY

LA

WS

funded b

y EC

-FP

7-IC

T-2

01

1-8

GN

317

562

COMELEC Seminar - 04 May 2017 Telecom Paris Tech Thales Communications

Pre-industrial results of Secrecy coding Performance of the SC into the dedicated Wifi Demonstrator

SC is Polar, (R,I,F) = (102, 409, 513)

ceci est mon titre - comelec.telecom-paristech.fr · comelec seminar - 04 may 2017 telecom paris...

Documents