Physical-Layer Authentication
Summary (3 min read)
Introduction
- Authentication may be transmitted in this manner [4], [5] and the addition is stealthy.
- Similarly, Kleider et al. [9] proposed a scheme where a low-power watermark signal is added to the data signal with spread-spectrum techniques.
- For a packet-based multicarrier system, Kleider et al. [15] showed that SI pilots can be utilized for channel acquisition while incurring only a 1-dB penalty when compared to a TDM training scheme.
A. Scenario
- The authors consider the scenario depicted in Fig. 1 where four nodes share a wireless medium.
- This network has no privacy, so Carol and Eve can understand what Alice is sending to Bob.
- 1We use the term “tag” to refer to the authentication signal that is superimposed at the physical layer.the authors.the authors.
- Eve knows the scheme, but without the secret key, she also cannot authenticate Alice’s messages.
- A scheme has stealth if it: 1) does not significantly impact unaware receivers and 2) is not easily detectable.
B. Reference System
- The authors consider single-antenna transceivers transmitting narrowband signals in flat fading channels.
- The authors introduce the reference system as the baseline communications system upon which they build their proposed scheme.
- The authors assume that the message symbols are independent, identically distributed (i.i.d.) random variables.
- The authors assume a Rayleigh block fading channel so that different message blocks experience independent fades.
- Pilot symbols are typically used to aid in channel estimation, and the authors insert them in the middle of the block as in Global System for Mobile Communications (GSM).
C. Proposed System With Authentication
- The proposed authentication system builds upon the reference system introduced in Section II-B. 1) Signal Model: Since for their proposed scheme, the pilot symbols should be scaled accordingly with .
- Since the message numbers are known, the receiver is always able to generate valid tags using this scheme.
- After estimating the channel, the receiver proceeds to perform message estimation and obtains .
- The threshold of this test is determined for a false alarm probability according to the distribution of (23) where is the standard Gaussian cumulative distribution function and the authors estimate the SNR and .
III. PROPERTIES
- The authors examine how the scheme proposed in Section II-C can achieve the properties of stealth, robustness, and security.
- The authors elaborate on the definitions and provide performance estimates.
C. Security
- First, the authors define the adversary model and then they examine the security of their proposed scheme.
- In order to succeed with goal 1), Eve needs to remove or corrupt the authentication tag, and to succeed with goal 2), Eve needs to have her malicious block accepted by Bob since she is unable to intelligently alter Alice’s messages.
- Eve may take a more direct approach and attempt to gain information about the secret key.
- In the presence of noise, however, the equivocation is nonzero for finitely many observations and, hence, the probability of key recovery is strictly less than unity.
- Suppose that the receiver estimates the tag sequence 000.
D. Security
- When multiple blocks are used for the authentication, the additional robustness gives the adversary more opportunities to pass inauthentic blocks to Bob.
- The security of the scheme is demonstrated by its stealth and the analysis in Section III-C.
- Since each coefficient contains a single bit of tag information, equivocations near 1 keep adversaries in confusion about the tag, and, hence, their search space grows by nearly the worst case per block.
- Eve has difficulty understanding the stealthy transmissions, and even if she can correct any errors in her observation, she still has the nontrivial task of breaking the tag generation.
E. Operating Point
- The choice of parameters is guided by the relative importance of stealth, robustness, and security.
- In their example system, the authors see that their stealth requirements are satisfied when 0.985.
- The corresponding equivocation for this power allocation is 0.51 b/coefficient.
- The tag detection probability over a single tag is decreased depending on .
- For all but relatively long coherence times ( 1024), the authentication probability should be increased by using multiple blocks for the decision.
V. EXTENSION TO TIME-VARYING FADING CHANNELS
- A natural question that may arise is how well the scheme works in fast fading channels.
- To tackle this question, the authors introduce another channel model and the associated channel estimation algorithm.
- The authors find that the aware receiver can even improve his or her message recovery by treating the authentication tag as pilot symbols, and they detail the necessary changes.
B. Channel Estimation
- By modeling the channel as an AR-1 process, the authors are able to use the Kalman filter to provide the linear minimum mean square error (MMSE) channel estimate.
- Once the intended receiver verifies the presence, it may use the tag as extra information to estimate the channel.
- The authors have the following filter update equations during the training period [14]: Kalman gain (38) Estimate (39) (40).
- Therefore, they may be used for channel estimation in exactly the way as pilot symbols, provided that the tag is indeed present.
- The channel estimate that assumes the tag is present for the th block is the vector .
C. Message Recovery
- As before, the receiver uses its channel estimate to estimate the message signal (46) and uses (10) to recover the message symbols as before.
- If the receiver decides that the tag is present, not only can it remove it prior to message estimation, it can also use the improved channel estimate .
- The estimated message signal is then (47) and uses (10) to recover the message symbols as before.
E. Example and Results
- The authors consider a system where messages are modulated with BPSK with a root-raised cosine pulse shape (rolloff 0.5).
- Two pilot symbols precede every cluster of eight message and tag symbols ( , ).
- The message and tag are then modulated, scaled with 0.995, and transmitted through the time-varying channel with 0.995.
- The tags are more easily detected at higher SNRs and for longer tag lengths.
VI. CONCLUSION
- A flexible framework for describing and analyzing a large family of physical-layer authentication schemes that can be built over existing transmission systems is presented.
- Authentication information is sent concurrently with data without requiring extra bandwidth or transmission power.
- With a long enough authentication codeword, a useful authentication system can be achieved with very slight data degradation.
- An interesting extension to the framework considers how cross-layer designs may strengthen node security.
- Authentication policies based on the authentication mechanism may adapt according to the environment for example.
Did you find this useful? Give us your feedback
Citations
1,294 citations
948 citations
Cites background from "Physical-Layer Authentication"
...cation solutions [180]–[182], the wireless channel is also considered as an effective metric for device authentication [183]–[187]....
[...]
...As a consequence, in [187]–[189], Yu et al....
[...]
...It was shown in [187]–[189] that a compelling tradeoff between the stealth, security, and robustness can be struck by the deliberate fingerprint embedding-based approach in wireless fading environments....
[...]
854 citations
Cites background from "Physical-Layer Authentication"
...8, physical-layer authentication can be mainly classified into superimposed authentication [128] and link-signature-based authentication [126,127,129]....
[...]
632 citations
530 citations
Cites background from "Physical-Layer Authentication"
...The embedded watermarking scheme is a combination of CSI estimation and cryptographic technologies [122], [137], where watermarking codes are generated by signing a transmitted message D(t), the transmitter’s identity ID, and time information t....
[...]
...Recently, the research has been extended to authentication [122]–[151], which can resist against impersonation attacks....
[...]
References
65,425 citations
13,597 citations
8,781 citations
"Physical-Layer Authentication" refers background in this paper
...In this light, spread-spectrum techniques, such as direct sequence and frequency hopping, may be viewed as examples of physicallayer authentication systems [7]....
[...]
[...]
1,781 citations
Related Papers (5)
Frequently Asked Questions (10)
Q2. What is the definition of a robust scheme?
A robust scheme is resistant to channel and noise effects and can continue the authentication process in the midst of interference.
Q3. What is the statistic when the tagged signal is received?
When the authors assume perfect channel estimation, message recovery , and tag estimation , the statistic when the tagged signal is received is(20)where conditioned on , is a zero-mean Gaussian variable with variance .
Q4. How can a long enough authentication codeword be used to improve the performance of the data?
with a long enough authentication codeword, a useful authentication system can be achieved with very slight data degradation.
Q5. What is the key used to authenticate?
In order to authenticate, Alice sends a proof of authentication, called a tag,1 together with each message for Bob’s verification.
Q6. What is the way to generate a tag?
Even if the message is recovered with errors, in some cases, the tag can be correctly generated if the tag generating function has some robustness against the message error.
Q7. What is the probability that Eve can have her block accepted?
When the authentication considers multiple blocks and requires a certain number of tags to be verified, Eve may be able to have her block accepted even if it does not contain a valid tag.
Q8. What is the tradeoff between robustness and security?
The tradeoff between robustness and security is fundamental—by allowing more errors in the authentication process, Eve has a better opportunity to sneak in her own messages.
Q9. How does Eve determine which tag symbol?
Eve estimates each tag symbol with some nonzero error, her search space for the key expands depending on the tag symbol equivocation.
Q10. Why is Eve unable to interfere with Alice’s signals?
The reason is that any error in estimating the propagation delay, multipath, and possibly mobility between Alice, Bob, and herself will result in noncoherent interruption.