Due to the sensitive nature of information exchanged over ever-expanding wireless networks, the security problem is becoming more critical and, thus, the ability to share secret information reliably in the presence of adversaries is extremely important to address. Common used security methods rely on cryptographic techniques at the upper layers of the protocol stack. These techniques are based on the assumption of insufficient computational capabilities of non-legitimate parties. It is clear, however, that with increased computational powers and improved algorithms, these techniques become less secure. As such, rather than increasing the complexity of current cryptographic schemes, physical layer security (PLS) techniques use the physical (PHY) properties of the wireless channel to establish an additional level of security.
Due to multipath effect, the channel impulse response (CIR) between a pair of transceivers at specific locations preserves a space-time uniqueness and can be treated as a signature for their wireless link, termed as link-signature. Such kind of a PHY feature is extremely difficult to predict by adversaries due to the random nature of the wireless channel and CIR spatial decorrelation at different locations. Such an observation can be leveraged as a source of secrecy to provide security services at the PHY-layer. To this end, this research explores the concept of link-signature for the provision of three security schemes at the PHY-layer, namely: PHY-key generation, PHY-authentication, and discriminatory channel estimation (DCE).
PHY-key generation uses link-signature as a shared secrecy to generate keys at two legitimate parties. This research derives a theoretical bound on the key generation rate (KGR) that can be realized with such approach. It also provides a mathematical framework that signals out factors crucial for achieving high KGR. Such a framework characterizes the effect of non-perfect reciprocity due to asymmetric additive noises and severe fading on the KGR. While previous works used the mutual information as a bound on the KGR, the LCR in a fading environment characterized by Nakagami-m model is adopted. Simulations are conducted to validate our theoretical findings by developing a key generation protocol to extract secret keys between two nodes communicating over a wireless channel that incurs multipath and asymmetric additive noises. The Nakagami-m fading process is generated using the sum-of-sinusoids (SOS) approach to provide a flexibility in characterizing various fading conditions, parameterized through the number of paths and the maximum Doppler frequency. Since Nakagami-m model demonstrates good approximations of realistic wireless channels and offers universality in characterizing these channels, based on fading severity, the proposed analytical and simulation frameworks enable a practical PLS scheme.
PHY-authentication, on the other hand, is realized through a machine learning (ML) framework trained on CIR-based and carrier frequency offset (CFO) based PHY features extracted from received OFDM bursts. The CIR-based approach uses the space-time uniqueness of link-signature to derive features to distinguish between different transmitters, while the CFO-based one finds features that discriminate the unique hardware behaviors of different transmitters due to imperfect manufacturing. For the former, a feature extraction method, named pattern-described link-signature (PDLS), is proposed to derive link-signatures by transforming captured CIRs vectors (52 sub-CIR values) into four-dimensional features vectors to define CIRs patterns. Due to multipath, the sub-CIR values in a CIR vector are not equivalent, rather, they form into an arbitrary pattern. PDLS devises four unique features to define such pattern, which can be classified using pattern recognition methods. The CFO-based approach, on the other hand, extracts frequency offsets that stem from local oscillators mismatch of different transceivers. Such features are mainly dependent of the hardware behavior more than the channel behavior, and are more suitable for mobility scenarios where channels become more dynamic. Real-world evaluation is performed for both approaches by capturing OFDM bursts using a software-defined radio (SDR) testbed that comprises an IEEE 802.11 a/g/p transceiver. The testbed incorporates our custom created logic to extract the pertinent features for both schemes, which are used to train various supervised ML classifiers.
Finally, a DCE scheme is devised to provide PLS for OFDM-based transceivers, termed LS-DCE. Such a scheme can be an alternative data confidentiality solution for constrained devices where conventional encryption can not inherited. It also can work alongside conventional methods to provide an additional level of security by enabling reliable and secure communications, without added complexity and resources. LS-DCE exploits the space-time uniqueness of link-signatures to facilitate a distinctive signal recovery performance at legitimate parties as compared to non-legitimate ones. This is achieved at the channel estimation phase by contaminating the training pilot sequence with the link-signature of the legitimate channel, inducing a poor detection probabilities at the non-legitimate receivers as compared to legitimate ones due to the spatial decorrelation of CIRs at locations δλ apart. A space-time correlation analysis in macrocells and microcells is established to parse δ values that induce low spatial decorrelation. Analytical, simulated, and experimental analyses are provided to evaluate the effectiveness of LS-DCE in terms of the probability of bit error (PBE)/bit error rate (BER). For simulations, a correlated Nakagami-m model is developed to generate the multipath effect; while for experimentation, an SDR testbed is utilized to collect real wireless channel in indoor and outdoor environments.