The document proposes enhancing wireless network security through physical layer encryption. It describes threats like data privacy, forgery, and denial of service attacks. The system adds a key to physical layer parameters before transmission and modifies parameters using a second key. This prevents hackers from recording correct encrypted data or replaying messages to forge data. While denial of service through channel jamming cannot be stopped, invalid messages can be filtered at the physical layer. The physical layer encryption substantially increases the difficulty of real-time attacks.

1. An Alternative Approach for EnhancingAn Alternative Approach for Enhancing
Security of Wireless Networks usingSecurity of Wireless Networks using
Physical Layer EncryptionPhysical Layer Encryption
ByBy
Arpan PalArpan Pal
Center of Excellence for Embedded SystemsCenter of Excellence for Embedded Systems
Tata Consultancy ServicesTata Consultancy Services
IndiaIndia

2. AgendaAgenda
• Security Threats of Wireless NetworksSecurity Threats of Wireless Networks
• Proposed System OverviewProposed System Overview
• Proposed System FeaturesProposed System Features
• How the proposed system mitigate the securityHow the proposed system mitigate the security
threatsthreats
• ConclusionConclusion

3. Security Threats of Wireless MANSecurity Threats of Wireless MAN
• Human Initiated EventsHuman Initiated Events
• Data PrivacyData Privacy
• Data ForgeryData Forgery
• Denial of ServiceDenial of Service
• Hardware ErrorsHardware Errors
Data PrivacyData Privacy,, Data ForgeryData Forgery andand Denial of ServiceDenial of Service
are the main security events that need to be addressedare the main security events that need to be addressed

4. Problems of WEPProblems of WEP
The WEP encryption algorithm RC4 is a Vernam Cipher:The WEP encryption algorithm RC4 is a Vernam Cipher:
Pseudo-random
number
generator
Encryption KeyEncryption Key K
Plaintext data bytePlaintext data byte
p
Random byteRandom byte b
⊕
Ciphertext data byteCiphertext data byte
c
Decryption works the same way:Decryption works the same way: p = c ⊕ b
c’ ⊕ p = (c’) ⊕ (c ⊕ b) = b
Known Plain-text Attack: ifKnown Plain-text Attack: if p is known thenis known then b can be found outcan be found out
Source: “Overview of 802.11 Security”, Jesse Walker, Intel Corporation, IEEE 802.15-01/154, March, 2001

5. System Overview – Traditional SystemSystem Overview – Traditional System
Read Transmitted PHY
params info
Configure
Baseband PHY Transmitter
PHY config params
Framed and Encrypted data
from Media Access Control
(MAC) layer
Transmitter
Front-end
sent using prior-known PHY
config
PHY params info
+
Add before
actual data
Transmitter
PHY config params
Framed and Encrypted
data To Media Access
Control (MAC) layer -
Hacker can access
only at here
Receiver
Front-end
ReceiverBaseband PHY Receiver
Configure
Decode Tx PHY params info
using prior-known PHY config

6. System Overview – Proposed SystemSystem Overview – Proposed System
Read Transmitted PHY
params info + KEY2
Configure
Baseband PHY Transmitter
PHY Transmitter
config params
Framed data from
Media Access Control
(MAC) layer
Transmitter
Front-end
sent using prior-known
PHY config
PHY Transmitter param
info + KEY2
+
Add before
actual data
Transmitter
PHY Receiver config
params
Framed data To Media
Access Control
(MAC) layer -
Hacker can access
only at here
Receiver
Front-end
Receiver
Baseband PHY Receiver
Configure
Decode transmitted PHY
params info using prior-known
PHY config
Modifications to Tx Algorithms
based on KEY2
Encrypt with
KEY1
Modifications to Rx Algorithms
based on KEY2
Decrypt with
KEY1

7. Proposed System FeaturesProposed System Features
• KEY1 delivered to valid users using some secureKEY1 delivered to valid users using some secure
key distribution mechanismkey distribution mechanism
• Possible Physical layer system parameters encryptedPossible Physical layer system parameters encrypted
using KEY1using KEY1
• Error Control Coding RateError Control Coding Rate
• Type of ModulationType of Modulation
• Length of PacketLength of Packet
• Second Level Key KEY2Second Level Key KEY2
• Possible Physical layer system parameters modifiedPossible Physical layer system parameters modified
using KEY2using KEY2
• Interleaving PatternInterleaving Pattern
• Symbol Phase offsetSymbol Phase offset
• Constellation MappingConstellation Mapping

8. Mitigation of Security ThreatsMitigation of Security Threats
- Data Privacy- Data Privacy
• Known-Plaintext AttackKnown-Plaintext Attack
• Recording of encrypted data at MAC levelRecording of encrypted data at MAC level
• Key can be found out if Data is knownKey can be found out if Data is known
• Proposed Scheme prevents hackers from recording correctProposed Scheme prevents hackers from recording correct
encrypted data at MAC levelencrypted data at MAC level
( wrong FEC rate, wrong modulation, unknown phase( wrong FEC rate, wrong modulation, unknown phase
offset, unknown interleaving pattern etc.)offset, unknown interleaving pattern etc.)

9. Mitigation of Security ThreatsMitigation of Security Threats
- Data Forgery- Data Forgery
• Unauthorized users insert data into network as valid userUnauthorized users insert data into network as valid user
• ReplayReplay
• MimickingMimicking
• Proposed Scheme prevents hackers from both Replay andProposed Scheme prevents hackers from both Replay and
MimickingMimicking
• Replay is not possible as the data recorded at MAC layerReplay is not possible as the data recorded at MAC layer
is totally wrong and hence cannot be replayedis totally wrong and hence cannot be replayed
to generate a valid messageto generate a valid message
• Mimicking is not possible because this needs finding outMimicking is not possible because this needs finding out
the key first (using Known-Plain-Text attack)the key first (using Known-Plain-Text attack)

10. Mitigation of Security ThreatsMitigation of Security Threats
- Denial Of Service- Denial Of Service
• Intruder can flood network with valid and invalid messagesIntruder can flood network with valid and invalid messages
• Channel jamming at RF levelChannel jamming at RF level
• Proposed Scheme prevents hackers from sending validProposed Scheme prevents hackers from sending valid
messages as they don’t know the Keymessages as they don’t know the Key
• Invalid messages can be filtered out in the PHY level asInvalid messages can be filtered out in the PHY level as
the encryption is taking place in PHY layer itselfthe encryption is taking place in PHY layer itself
• Channel jamming at RF level cannot be preventedChannel jamming at RF level cannot be prevented

11. ConclusionConclusion
• Data Privacy, Data Forgery and Denial-of-ServiceData Privacy, Data Forgery and Denial-of-Service
(valid messages) at MAC layer (software) can be prevented(valid messages) at MAC layer (software) can be prevented
• Denial-of-Service (invalid messages) can be preventedDenial-of-Service (invalid messages) can be prevented
using PHY layer message integrity checkusing PHY layer message integrity check
• Denial-of-Service (Channel jamming at RF level)Denial-of-Service (Channel jamming at RF level)
cannot be preventedcannot be prevented
• To break into the proposed security scheme, hackers needTo break into the proposed security scheme, hackers need
costly hardware set-upcostly hardware set-up
• Even with Hardware set-up, breaking the systemEven with Hardware set-up, breaking the system
in Real-time is extremely difficult – the PHY level cipheringin Real-time is extremely difficult – the PHY level ciphering
substantially increases the entry barrier for break-insubstantially increases the entry barrier for break-in
• A good KEY distribution scheme need to be exploredA good KEY distribution scheme need to be explored

12. Thank YouThank You
Email:Email: arpan_pal@tcscal.co.inarpan_pal@tcscal.co.in