Page 1
1
A Randomized Space-Time Transmission Scheme for Secret-Key Agreement
Xiaohua (Edward) Li1, Mo Chen1 and E. Paul Ratazzi2 1Department of Electrical and Computer Engineering
State University of New York at Binghamton{xli, mchen0}@binghamton.edu,
http://ucesp.ws.binghamton.edu/~xli2Air Force Research Lab, AFRL/IFGB, [email protected]
Page 2
2
Major Contributions
• Develop new wireless security schemes with unconditional secrecy
• Provide a practical solution for the interesting challenge in information theory: Wyner’s wire-tap channel for perfect secrecy
• Propose cross-layer security designs, integrating redundancy of space-time transmission, limit of blind deconvolution, and secret key distribution
Page 3
3
Contents
1. Introduction
2. Randomized space-time transmission scheme
3. Transmission weights design
4. Trade power for secrecy
5. Simulations
6. Conclusions
Page 4
4
1. Introduction
• Secret-key agreement– Classic Shannon model
• Alice & Bob try to exchange encryption keys for encrypted data transmission
• Eve can acquire all (and identical) messages received by Alice or Bob
– Perfect secrecy impractical under Shannon model– Computational secrecy achievable
• Based on some intractable computation problem• Intractability unproven
Page 5
5
Perfect Secrecy
• Perfect secrecy: significant theoretically, important practically– Increased computing power, new computation
concepts (such as Quantum computer) are challenging computational secrecy schemes
• Ways for achieving perfect secrecy– Quantum communications: quantum secrecy– Wireless transmissions (possibly):
information-theoretical secrecy
Page 6
6
Wireless Secrecy
• Quantum secrecy– Successful, but unknown of wireless network
applications
• Unconditional wireless secrecy– Provide an alternative to quantum secrecy for network
key management– Target to the wide spread of wireless communications
and wireless networks
• Objective: – Design information-theoretically secret wireless
transmission schemes
Page 7
7
New Secrecy Model
• Perfect secrecy realizable with model different than Shannon’s– Eve’s channels, and thus received signals, are
different from Alice’s or Bob’s– A reality in quantum communication, and wireless
transmissions
Page 8
8
Background of Information-Theoretic Secrecy: A. D. Wyner’s wire-tap channel (1975)• Secret channel capacity from Alice to Bob
• Positive secret channel capacity requires Eve’s channel being noisier not practical enough
• Theoretically significant– Widely referred– One of his major contributions
)1log()1(log)( here w
better) channel(Eve' else,0
noiser) channel s(Eve' if),()(1
ppppph
hhC
Page 9
9
Background of Information-Theoretic Secrecy: U. Maurer: Common Information (1993,2003)• Alice & Bob exchange information by public
discussion, secret channel capacity increases to
• Large capacity requires Eve have large error rate still not practical enough
)()2(2 hhC
Page 10
10
2. Randomized Space-Time Transmission
• Can we guarantee a large or in practice?
• Possible: randomized space-time transmission• Basic idea:
– Use redundancy of antenna array to create a difficult blind deconvolution problem
– Exploit the limit of blind deconvolution– Eve can not estimate channel/symbol blindly
Page 11
11
Transmission Scheme• Alice: antenna array (secure, public, pilot)
– Does not send training signals
• Bob: estimate symbols, no channel knowledge
Page 12
12
Signal Model and Assumptions
)()()()( :receives Eve
)()()()( :receives Bob
nnbnn
nvnbnnx
uuu
H
vwHx
wh
Alice, Bob & Eve do not know channels. Alice estimate h by reciprocity.Eve depends on blind channel estimation.
Page 13
13
3. Transmission Weights Design
• Alice select proper weights so that
• Bob receives signal • By estimating received signal power, Bob can
detect signals
• Key points:– No channel information required for Bob, no training
required no training available to Eve– Redundancy in selecting weights
hwh )(nH
)()()( nvnbnx h
)()(ˆ1nxnb
h
)(nw
Page 14
14
Blind Deconvolution Attack
• Why do we need randomized array transmission?– Eve can easily estimate by blind deconvolution
methods otherwise– Examples: with optimal transmit beamforming
)(nb
)()()(
1)(
or
)()()/()(
nnbn
n
nnbn
uuu
uuu
vz
VHx
vhhHx
Page 15
15
Select Weights with Randomization
• Objective: choose transmitting weights so that
• Procedure:
hwh
)(
)(
)(1
**1
nw
nw
hhn
J
JH
)(
)()(
is vector weightsThe ).( calcualte thenand
),()](,),(),(,),([
weights1randomly select interval, symbol each In
*
11
nh
nn
nw
nnwnwnwnw
J
i
i
iHi
i
i
TiJii
z
zhhPw
z
Page 16
16
4. Trade-off: Power and Secrecy
• Eve’s received signal becomes
• Secrecy relies on– Assumption that Eve & Bob’s channels are sufficiently
different wireless channels fade independently when separated a fractional of wavelength
– Eve can not estimate channels blindly – Eve’s knowledge on is useless
)()()(
/)]([)(
*
nnbn
hnn u
i
iiHi
iuu vz
zhhPHx
hwh )(nH
Page 17
17
Secrecy Against Blind Deconvolution Attack
• Blind deconvolution requires strong source statistical properties, – Example: known distribution, independence, non-
Gaussian distribution, distinct power spectral
• Weights are selected randomly and unknown to Eve, blind deconvolution property can all be violated– Example: can have a distribution unknown
to Eve, with certain mean and variance
• Weights are selected by Alice, no need to tell Bob equivalently one-time pad
)(niz
Page 18
18
Secrecy Under Known
• Randomization eliminates the possibility of exploiting such information
• We have been able to show
matrix.
econvarianc and vector mean inmatrix ambiguity unknown an with
Gaussian,jointly be can )( signal received s Eve'of ondistributi the
, interval symbol each in properly, (n) choosing By 1. Propostion
n
n
u
i
x
z
hwh )(nH
).( sample )(noiseless same thegeneratethat
)(~ weightsingcorrespondexist theresymbols, possibleother any For
).( weightsand )( symbol teda transmitConsider 2. nPropositio
n
n
nnb
u
i
i
x
z
z
Page 19
19
Information-Theoretic Secrecy
• The ambiguity for Eve when estimating channel and symbols increases her error rate
• Bob’s error rate is due to noise and Alice’s channel knowledge mismatch. It can be much less than Eve’s error rate
• Information theory guarantees high and positive secret channel capacity information theoretic secrecy
• Ways for implementing secret-key agreement protocol remains unknown
Page 20
20
Complexity of Exhaustive Attack
• Eve may exhaustively estimate channels (both ).
• The complexity can be at least , according to quantization level– Low quantization level reduces complexity, by
increases symbol estimation error still makes high positive secret channel capacity possible
– Example,
• Complexity can be much higher with MIMO and space-time transmissions
hH and ,u2)2( JK
).1.0for (4,4 when2128 KJ
Page 21
21
Trade-off in Transmission Power
• Cost of realizing secrecy: increased transmission power– transmission rate is not traded
• Transmission power has to be controlled to avoid the possibility of blind deconvolution– One transmitting antenna with dominating
transmission power should be avoided
Page 22
22
Transmission Power
• Assume weights have zero mean
.t coefficien channel choosing when
valueda threshol is weights,of varianceis where
),,0()1)(1(1)1( ispower ontransmissi
total thechannels, fading RayleightWith 3. nPropositio22
i
t
h
JJP
2
2
,
, ),0()1)(1(1 is
antenna ting transmit, thebetween ratiopower The 4. nPropositio
J
P
P
jthi
jt
it
Page 23
23
5. Simulations
• BER of the proposed transmission scheme
Page 24
24
• Secret channel capacity with the simulated BER
Page 25
25
Analysis Results on Transmission Power
• Choice of parameters changes power
Page 26
26
Simulation Results on Transmission Power
• Total transmission power and the power of a single transmitter
Page 27
27
6. Conclusions• Propose a randomized array transmission
scheme for wireless secret-key agreement• Enhance information-theoretic secret channel
capacity by increasing the adversary’s receiving error
• Demonstrate that information-theoretic secrecy concept may be practical based on space-time transmissions and the limit of blind deconvolution