1. 1
Enhancement of Security of WirelessEnhancement of Security of Wireless
Networks using Physical Layer ProtectionNetworks using Physical Layer Protection
Arpan PalArpan Pal 11
, Srinivasa Rao Ch., Srinivasa Rao Ch. 11
, Suvra Sekhar Das, Suvra Sekhar Das 22
, Balamuralidhar P., Balamuralidhar P. 11
,,
Harish ReddyHarish Reddy 11
1
Embedded Systems Group, Tata Consultancy Services Ltd., India
2
Embedded Systems Group, Tata Consultancy Services Ltd., India
and
Center for TeleInFrastruktur (CTiF), Aalborg University, Denmark
2. 2
AgendaAgenda
Conventional Encryption Systems
Proposed System
Communication System Performance Requirement
Hacking Complexity
Simulation Study
Future Work
Conclusion
References
3. 3
Stream CiphersStream Ciphers
Conventional Encryption SystemsConventional Encryption Systems
Block CiphersBlock Ciphers
Examples
RC4, A5
Advantages
Relatively Less Complex (LFSR
based implementation) and hence
faster implementation
Normally Consumes less area
and power – important for
handheld devices
Disadvantages
mostly uses Vernam ciphers
− easy for known-plain text attack,
substitution attack, key-reuse
attack
Examples
DES, 3DES, AES
Advantages
Highly Secure (for block sizes >
64 and key lengths > 80)
Disadvantages
Padding inefficiency if input data
is less than the block length
Relatively Complex and hence
CPU-intensive implementation
Consumes large area and power
– bottleneck for handheld devices
Block Ciphers, in general provideBlock Ciphers, in general provide
greater security but at the cost ofgreater security but at the cost of
significant complexity and powersignificant complexity and power
4. 4
Conventional Encryption Systems for StreamConventional Encryption Systems for Stream
CiphersCiphers
MAC
PHY
PHY
Channel
Encryption
Function
MAC
Data Path
Encryption
Algorithm
Key K
MAC
Decryption
Function
MAC
Data Path
Decryption
Algorithm
Key K
Recording Point &
Decryption Point
Coincide
Hardware
Encryption done at MAC layer
At the receiver
The decrypted data is available
at Hardware-Software interface –
hence recordable
Commutative Property of the
operator makes it prone to attacks
Possible remedy – Use of
Initialization Vector (IV) and
frequent changing of IV and Master
Key
Length of IV limited
Changing of Master Key calls for
sophisticated key distribution
algorithms
5. 5
Proposed Encryption SystemProposed Encryption System
MAC
Channel
Encoder
Modulator
Channel
Demodulator
Channel
DecoderMAC
PHY
PHY
Encryption
Function
Encryption
Algorithm
Key K
Decryption
Function
Encryption
Algorithm
Key K
Encryption done at
PHY layer
Encryption
Function - XOR or
some other PHY layer
transforms like
Scrambling
Phase Shift
between I and Q
channels etc.
Advantages
Decrypted data directly not available to the Hacker for Recording as normally PHY is
located within a embedded chipset.
Presence of Difficult-to-Invert blocks like Channel Decoder between the recording
point at MAC-PHY interface and Decryption point makes known plain-text attack very
difficult
Recording
Point
Decryption
Point
Hardware
Decryption can
be moved here also
Encryption can
be moved here also
6. 6
How ‘difficult’ is ‘difficult-to-invert’How ‘difficult’ is ‘difficult-to-invert’
• Channel decoders employ error control decodingChannel decoders employ error control decoding
• Any error control decoder, by property is a many-to-one mapper andAny error control decoder, by property is a many-to-one mapper and
hence is difficult-to-inverthence is difficult-to-invert
Upper Bound for hacking complexityUpper Bound for hacking complexity
(n.k) block code (convolutional code can also be seen as a block code)(n.k) block code (convolutional code can also be seen as a block code)
:: nn andand kk are the number of output and input bits respectivelyare the number of output and input bits respectively
Total No. of codewords – 2Total No. of codewords – 2kk
Therefore, 2Therefore, 2(n-k)(n-k)
sequences can be mapped to a particular code word.sequences can be mapped to a particular code word.
Therefore, the complexity introduced is 2Therefore, the complexity introduced is 2(n-k)(n-k)
-- the complexity increases with an increase in the coding redundancythe complexity increases with an increase in the coding redundancy
7. 7
Hacking Complexity for well-knownHacking Complexity for well-known
standardsstandards
Standard Error Control Coding (n,k) Hacking
Complexity –
Upper Bound
HSUPA Reed-Muller (32,10) 222
CDMA-2000
EV-DO (traffic
channel)
Convolutional (512,256) 2256
802.16a Wi-Max Convolutional (24,12) 212
802.11g WLAN Convolutional (48,24) 224
Bluetooth Shortened Hamming
Code
(15,10) 25
8. 8
Communication Performance RequirementCommunication Performance Requirement
• The encryption / decryption function should be such that it does not affectThe encryption / decryption function should be such that it does not affect
the communication performance like throughput/BER for AWGN andthe communication performance like throughput/BER for AWGN and
Fading channel scenariosFading channel scenarios
• A criteria needs to be developed to qualify the encryption function againstA criteria needs to be developed to qualify the encryption function against
the above pointthe above point
– Existing stream ciphers like RC4 can also be used as encryptionExisting stream ciphers like RC4 can also be used as encryption
functions as long as they satisfy the criteriafunctions as long as they satisfy the criteria
9. 9
Criteria for Encryption FunctionCriteria for Encryption Function
For AWGN ChannelsFor AWGN Channels
1.1. Encryption/Decryption function should not destroy the minimumEncryption/Decryption function should not destroy the minimum
distance property of the code wordsdistance property of the code words
2.2. Decryption function should not have memory so that it cannot propagateDecryption function should not have memory so that it cannot propagate
error – linear functions satisfy thiserror – linear functions satisfy this
E(v,s) = P.v, v:input stream, s: ciphersteamE(v,s) = P.v, v:input stream, s: ciphersteam
For Fading ChannelsFor Fading Channels
1.1. In addition to the above criteria, |P|In addition to the above criteria, |P|22
= 1= 1
Possible functions to satisfy above criteria: symbol level XOR, scrambler,Possible functions to satisfy above criteria: symbol level XOR, scrambler,
phase shifterphase shifter
10. 10
Simulation StudySimulation Study
• Any existing stream cipher encryption algorithm can be used to generateAny existing stream cipher encryption algorithm can be used to generate
the cipher stream (like RC4)the cipher stream (like RC4)
• Other random number generators like simple PN sequence generatorsOther random number generators like simple PN sequence generators
can also be used to generate the cipher stream with the key as seedcan also be used to generate the cipher stream with the key as seed
• Possible encryption functionsPossible encryption functions
1.1. Symbol level XOR (i.e. invert if cipher stream bit is 1, pass-Symbol level XOR (i.e. invert if cipher stream bit is 1, pass-
through if cipher stream bit is zero) with cipher streamthrough if cipher stream bit is zero) with cipher stream
2.2. Scramble the channel coded data stream according to theScramble the channel coded data stream according to the
cipher stream generatedcipher stream generated
3.3. Introduce a phase shift that is a function of the generated cipherIntroduce a phase shift that is a function of the generated cipher
stream value – constellation rotation / reorientationstream value – constellation rotation / reorientation
11. 11
Simulation Performance ResultsSimulation Performance Results
Simulation Parameters
Convolutional Encoder
Constraint Length=7
Polynomial=[171 133] octal
Viterbi Decoder
Traceback Length = 48
Soft Decision
3 bits quantization
Channel
AWGN with Linear Phase filter
Equalization
Channel response assumed to
be estimated a-priori using
training sequences
BPSK with channel
1.E-05
1.E-04
1.E-03
1.E-02
1.E-01
1.E+00
-6 -3 0 3 6
SNR(dB)
BER
Conventional
XOR
Scramble
Phase shift
12. 12
Simulation Performance ResultsSimulation Performance Results
Simulation Parameters
Convolutional Encoder
Constraint Length=7
Polynomial=[171 133] octal
Viterbi Decoder
Traceback Length = 48
Soft Decision
3 bits quantization
Channel
AWGN with Linear Phase filter
Equalization
Channel response assumed to
be estimated a-priori using
training sequences
QPSK with channel
1.E-05
1.E-04
1.E-03
1.E-02
1.E-01
1.E+00
-3 -1 1 3 5 7 9
SNR(dB)
BER
Conventional
XOR
Scramble
Phase shift
13. 13
Simulation Performance ResultsSimulation Performance Results
Simulation Parameters
Convolutional Encoder
Constraint Length=7
Polynomial=[171 133] octal
Viterbi Decoder
Traceback Length = 48
Soft Decision
3 bits quantization
Channel
AWGN with Linear Phase filter
Equalization
Channel response assumed to
be estimated a-priori using
training sequences
QAM-16 with channel
1.E-05
1.E-04
1.E-03
1.E-02
1.E-01
1.E+00
0 3 6 9 12 15 18
SNR(dB)
BER
Conventional
XOR
Scramble
Phase shift
14. 14
Future WorkFuture Work
• Simulation level verification on practical standards based systems toSimulation level verification on practical standards based systems to
show that the proposed system does not degrade communicationshow that the proposed system does not degrade communication
performanceperformance
• Performance effects on systems using blind and semi-blind equalizationPerformance effects on systems using blind and semi-blind equalization
• Strict analysis of the hacking complexity for different error control codingStrict analysis of the hacking complexity for different error control coding
schemes – upper-bound reductionschemes – upper-bound reduction
• Suggestion for error control coding schemes that provide better securitySuggestion for error control coding schemes that provide better security
• Exploring a joint Encryption and Error Control Coding schemeExploring a joint Encryption and Error Control Coding scheme
• Extend the idea for block ciphersExtend the idea for block ciphers
15. 15
ConclusionConclusion
• No communication performance degradation if encryption functionNo communication performance degradation if encryption function
chosen according to the criteria developedchosen according to the criteria developed
– For both AWGN and Fading ChannelsFor both AWGN and Fading Channels
• Can enhance the security of the existing stream ciphers significantlyCan enhance the security of the existing stream ciphers significantly
• Simple LFSR based random number generators like PN sequenceSimple LFSR based random number generators like PN sequence
generator can also be used thereby significantly reducing powergenerator can also be used thereby significantly reducing power
consumed and chip areaconsumed and chip area
• No significant increase in hardware complexity as it just repositionsNo significant increase in hardware complexity as it just repositions
existing encryption blocks with minor modificationsexisting encryption blocks with minor modifications
• No effect on existing Key distribution systemsNo effect on existing Key distribution systems
Can be used as a viable alternative to block ciphers at a significantlyCan be used as a viable alternative to block ciphers at a significantly
lower costlower cost
16. 16
ReferencesReferences
[1][1] William Stallings, Cryptography and Network Security, 2ed., 2000William Stallings, Cryptography and Network Security, 2ed., 2000
Prentice Hall, New Jersey.Prentice Hall, New Jersey.
[2][2] Randall K. Nichols, Panos C. Lekkas, Wireless Security, 2002, McGraw-Randall K. Nichols, Panos C. Lekkas, Wireless Security, 2002, McGraw-
HillHill
[3] IEEE Standards for 802.11g, 802.16 rev.D, Bluetooth[3] IEEE Standards for 802.11g, 802.16 rev.D, Bluetooth
[4] Standards for UMTS rel. 6, CDMA 1xEVDO[4] Standards for UMTS rel. 6, CDMA 1xEVDO