xiaohua (edward) li 1 and e. paul ratazzi 2 1 department of electrical and computer engineering
DESCRIPTION
MIMO Transmissions with Information Theoretic Secrecy for Secret-Key Agreement in Wireless Networks. Xiaohua (Edward) Li 1 and E. Paul Ratazzi 2 1 Department of Electrical and Computer Engineering State University of New York at Binghamton [email protected], - PowerPoint PPT PresentationTRANSCRIPT
MILCOM'2005 1
MIMO Transmissions with Information Theoretic Secrecy for Secret-Key Agreement in Wireless Networks
Xiaohua (Edward) Li1 and E. Paul Ratazzi2 1Department of Electrical and Computer Engineering
State University of New York at [email protected],
http://ucesp.ws.binghamton.edu/~xli2Air Force Research Lab, AFRL/IFGB, [email protected]
MILCOM'2005 2
Contents
1. Introduction
2. Secure MIMO transmission scheme
3. Transmission weights design
4. Transmission secrecy
5. Simulations
6. Conclusions
MILCOM'2005 3
1. Introduction
• Secure wireless transmission: necessary PHY security techniques for wireless information assurance– Wireless transmissions have no boundary,
susceptible to listening/analyzing, location, jamming
– Wireless nodes have severe energy and bandwidth constraints “light” techniques
– Unreliable link and dynamic network topology
MILCOM'2005 4
Secure Wireless Transmissions
• Traditional secure transmission design– Data encryption, spread spectrum, etc
• New idea: use antenna array diversity and array redundancy– A completely different approach of secure (LPI)
waveform design
MILCOM'2005 5
Significance to Cryptography
• Provable (information-theoretic) secrecy– Inherently secure transmission, no encryption keys
involved– Comparable to quantum cryptography
• Provide PHY-layer LPI, and assist higher layer data encryption– PHY-layer assisted secret key agreement
MILCOM'2005 6
Secret-Key Agreement
• Classic Shannon model– Alice & Bob try to exchange encryption keys for
encrypted data transmission– Eve can acquire all (and identical) messages
received by Alice or Bob– Perfect secrecy impractical under Shannon model– Computational secrecy achievable
MILCOM'2005 7
PHY-layer Transmission Secrecy Model
• Information theoretic secrecy realizable with model different than Shannon’s– Eve’s channels, and thus received signals, are
different from Alice’s or Bob’s– A reality in quantum communication, and wireless
transmissions
MILCOM'2005 8
Information-Theoretic Secrecy
• Wyner’s wire-tap channel: secret capacity
• Maurer’s common information concept
• High secret channel capacity requires Eve’s channel being noisier not practical enough
)1log()1(log)( here w
better) channel(Eve' else,0
noiser) channel s(Eve' if),()(1
ppppph
hhC
)()2(2 hhC
MILCOM'2005 9
2. Secure MIMO transmission scheme
• Can we guarantee a large or in practice?
• Possible: randomized MIMO transmission• Basic idea:
– Use redundancy of antenna array – Exploit the limit of blind deconvolution
• Eve can not estimate channel/symbol blindly
MILCOM'2005 10
Transmission Scheme
• Alice: antenna array (secure, public, pilot)– Does not send training signals
• Bob: estimate symbols, no channel knowledge required
MILCOM'2005 11
Signal Model and Assumptions
Bob receives: ( ) ( ) ( ) ( )
Eve receives: ( ) ( ) ( ) ( )u u u
n n n n
n n n n
x HW b v
x H W b v
Alice, Bob & Eve do not know channels.– Alice estimate H by reciprocity– Bob need not know channel.– Eve depends on blind estimation.
MILCOM'2005 12
MIMO Transmission Procedure
• Alice select transmit antenna weights so that
• Bob receives signal – By estimating received signal power, Bob can detect
signals
• Key points:– No channel information required for Bob, no training
required no training available to Eve– Redundancy in selecting weights
( ) :
is diagonal with positive elements
n
K K
HW A
A
( ) ( ) ( )n n n x Ab v
1ˆ ( ) ( )n nb A x
( )nW
MILCOM'2005 13
3. Transmission Weights Design
• Existing array transmission schemes are susceptible to Eve’s blind deconvolution attack?– Eve can easily estimate by blind deconvolution
if with optimal transmit beamforming
( )nb
1
2
( ) ,
where , , /
and can be zero or random
Hopt opt opt
opt opt
Hopt opt opt opt K
n
tr
D U AW V
B
H U D 0 V A I D
B
MILCOM'2005 14
Select Weights with Randomization
• W1(n): Redundancy in transmitting weights
• Procedure:
10 1 1
0 11
( )( ) , where
( )
nn
n
H A H WW H H H
W
1
1 1
10 0 1
1
In each symbol block interval, select randomly ( ) such that
( ) ( ) ( ) ~ ( , ),
and then calculate transmitted vector ( ) ( ) as
( ) ( ) ( )
( )
J K
n
n n n
n n
n nn
n
W
s W b
W b
s H Ab H ss
s
N μ
1
1
( )
( )
n
n
s
MILCOM'2005 15
4. Transmission Secrecy
• Eve’s received signal becomes
which has distribution
• Objective: Eve can not estimate channel Hu from xe(n), which relies on– Assumption that Eve & Bob’s channels are sufficiently
different wireless channels fade independently when separated a fractional of wavelength
– Unknown to Eve:
1 11 0 1 0( ) ( )
( ) , where ,( )u u M uu J K
n nn
n
s H H H Abx H F I H f F f
v I 0
2( ) ~ ( , )H He M u u u u v Mn x H F H f H F F H IμN
1 1 ( ) ( ) ( ) ~ ( , ),J Kn n n s W b N μ
MILCOM'2005 16
Indeterminacy of Blind Channel Estimation
• Proposition:For unknown symbol ( ) and unknown , , ,
from the distribution of ( ), the channel matrix
is indistinguishable from with ambuiguity
matrix .
u u
u
n
n
J J
b H μ Σ
x H
H P
U GV UGP
0 V
MILCOM'2005 17
Indeterminacy of Blind Symbol Estimation
• Proposition:
• Result: – Eve’s error rate: high– Bob’s error rate: low (identical to optimal MIMO
eigen-beamforming)– Cost paid: higher transmission power
Assume ( ) is generated by transmitting ( ).
Then ( ) has identical distribution as those generated
by transmitting any other symbol vector ( ).
u
u
n n
n
n
x b
x
d
MILCOM'2005 18
Transmission secrecy
• Weights are selected randomly and unknown to Eve, blind deconvolution is made impossible
• Weights are selected by Alice, no need to tell Bob equivalently one-time pad
• Information theory guarantees high and positive secret channel capacity provable (information theoretic) secrecy
MILCOM'2005 19
Eve’s Exhaustive Search Attack
• Eve may exhaustively try all possible channels (both ).
• The complexity can be at least , according to quantization level Q– Low quantization level reduces complexity, but
increases symbol estimation error still makes high positive secret channel capacity possible
– Example,
, and uH H2 22 2( )K J KQ Q
1282 when 4, 4, 16 (for 0.1).J K Q
MILCOM'2005 20
5. Simulations
• BER of the proposed transmission scheme
J=6.K=4.QPSK.
MILCOM'2005 21
• Secret channel capacity with the simulated BER
MILCOM'2005 22
Conclusions
• Proposed a randomized MIMO transmission scheme – Use array redundancy and channel diversity for
transmission security– Enhance transmission LPI in the PHY-layer by
increasing the adversary’s receiving error – Proof of secrecy with weight randomization and limit
of blind deconvolution