A Randomized Space-Time Transmission Scheme for Secret-Key Agreement

1

A Randomized Space-Time Transmission Scheme for Secret-Key Agreement

Xiaohua (Edward) Li1, Mo Chen1 and E. Paul Ratazzi2 1Department of Electrical and Computer Engineering

State University of New York at Binghamton{xli, mchen0}@binghamton.edu,

http://ucesp.ws.binghamton.edu/~xli2Air Force Research Lab, AFRL/IFGB, [email protected]

2

Major Contributions

• Develop new wireless security schemes with unconditional secrecy

• Provide a practical solution for the interesting challenge in information theory: Wyner’s wire-tap channel for perfect secrecy

• Propose cross-layer security designs, integrating redundancy of space-time transmission, limit of blind deconvolution, and secret key distribution

3

Contents

1. Introduction

2. Randomized space-time transmission scheme

3. Transmission weights design

4. Trade power for secrecy

5. Simulations

6. Conclusions

4

1. Introduction

• Secret-key agreement– Classic Shannon model

• Alice & Bob try to exchange encryption keys for encrypted data transmission

• Eve can acquire all (and identical) messages received by Alice or Bob

– Perfect secrecy impractical under Shannon model– Computational secrecy achievable

• Based on some intractable computation problem• Intractability unproven

5

Perfect Secrecy

• Perfect secrecy: significant theoretically, important practically– Increased computing power, new computation

concepts (such as Quantum computer) are challenging computational secrecy schemes

• Ways for achieving perfect secrecy– Quantum communications: quantum secrecy– Wireless transmissions (possibly):

information-theoretical secrecy

6

Wireless Secrecy

• Quantum secrecy– Successful, but unknown of wireless network

applications

• Unconditional wireless secrecy– Provide an alternative to quantum secrecy for network

key management– Target to the wide spread of wireless communications

and wireless networks

• Objective: – Design information-theoretically secret wireless

transmission schemes

7

New Secrecy Model

• Perfect secrecy realizable with model different than Shannon’s– Eve’s channels, and thus received signals, are

different from Alice’s or Bob’s– A reality in quantum communication, and wireless

transmissions

8

Background of Information-Theoretic Secrecy: A. D. Wyner’s wire-tap channel (1975)• Secret channel capacity from Alice to Bob

• Positive secret channel capacity requires Eve’s channel being noisier not practical enough

• Theoretically significant– Widely referred– One of his major contributions

)1log()1(log)( here w

better) channel(Eve' else,0

noiser) channel s(Eve' if),()(1

ppppph

hhC

9

Background of Information-Theoretic Secrecy: U. Maurer: Common Information (1993,2003)• Alice & Bob exchange information by public

discussion, secret channel capacity increases to

• Large capacity requires Eve have large error rate still not practical enough

)()2(2 hhC

10

2. Randomized Space-Time Transmission

• Can we guarantee a large or in practice?

• Possible: randomized space-time transmission• Basic idea:

– Use redundancy of antenna array to create a difficult blind deconvolution problem

– Exploit the limit of blind deconvolution– Eve can not estimate channel/symbol blindly

11

Transmission Scheme• Alice: antenna array (secure, public, pilot)

– Does not send training signals

• Bob: estimate symbols, no channel knowledge

12

Signal Model and Assumptions

)()()()( :receives Eve

)()()()( :receives Bob

nnbnn

nvnbnnx

uuu

H

vwHx

wh

Alice, Bob & Eve do not know channels. Alice estimate h by reciprocity.Eve depends on blind channel estimation.

13

3. Transmission Weights Design

• Alice select proper weights so that

• Bob receives signal • By estimating received signal power, Bob can

detect signals

• Key points:– No channel information required for Bob, no training

required no training available to Eve– Redundancy in selecting weights

hwh )(nH

)()()( nvnbnx h

)()(ˆ1nxnb

h

)(nw

14

Blind Deconvolution Attack

• Why do we need randomized array transmission?– Eve can easily estimate by blind deconvolution

methods otherwise– Examples: with optimal transmit beamforming

)(nb

)()()(

1)(

or

)()()/()(

nnbn

n

nnbn

uuu

uuu

vz

VHx

vhhHx

15

Select Weights with Randomization

• Objective: choose transmitting weights so that

• Procedure:

hwh

)(

)(

)(1

**1

nw

nw

hhn

J

JH

)(

)()(

is vector weightsThe ).( calcualte thenand

),()](,),(),(,),([

weights1randomly select interval, symbol each In

*

11

nh

nn

nw

nnwnwnwnw

J

i

i

iHi

i

i

TiJii

z

zhhPw

z

16

4. Trade-off: Power and Secrecy

• Eve’s received signal becomes

• Secrecy relies on– Assumption that Eve & Bob’s channels are sufficiently

different wireless channels fade independently when separated a fractional of wavelength

– Eve can not estimate channels blindly – Eve’s knowledge on is useless

)()()(

/)]([)(

*

nnbn

hnn u

i

iiHi

iuu vz

zhhPHx

hwh )(nH

17

Secrecy Against Blind Deconvolution Attack

• Blind deconvolution requires strong source statistical properties, – Example: known distribution, independence, non-

Gaussian distribution, distinct power spectral

• Weights are selected randomly and unknown to Eve, blind deconvolution property can all be violated– Example: can have a distribution unknown

to Eve, with certain mean and variance

• Weights are selected by Alice, no need to tell Bob equivalently one-time pad

)(niz

18

Secrecy Under Known

• Randomization eliminates the possibility of exploiting such information

• We have been able to show

matrix.

econvarianc and vector mean inmatrix ambiguity unknown an with

Gaussian,jointly be can )( signal received s Eve'of ondistributi the

, interval symbol each in properly, (n) choosing By 1. Propostion

n

n

u

i

x

z

hwh )(nH

).( sample )(noiseless same thegeneratethat

)(~ weightsingcorrespondexist theresymbols, possibleother any For

).( weightsand )( symbol teda transmitConsider 2. nPropositio

n

n

nnb

u

i

i

x

z

z

19

Information-Theoretic Secrecy

• The ambiguity for Eve when estimating channel and symbols increases her error rate

• Bob’s error rate is due to noise and Alice’s channel knowledge mismatch. It can be much less than Eve’s error rate

• Information theory guarantees high and positive secret channel capacity information theoretic secrecy

• Ways for implementing secret-key agreement protocol remains unknown

20

Complexity of Exhaustive Attack

• Eve may exhaustively estimate channels (both ).

• The complexity can be at least , according to quantization level– Low quantization level reduces complexity, by

increases symbol estimation error still makes high positive secret channel capacity possible

– Example,

• Complexity can be much higher with MIMO and space-time transmissions

hH and ,u2)2( JK

).1.0for (4,4 when2128 KJ

21

Trade-off in Transmission Power

• Cost of realizing secrecy: increased transmission power– transmission rate is not traded

• Transmission power has to be controlled to avoid the possibility of blind deconvolution– One transmitting antenna with dominating

transmission power should be avoided

22

Transmission Power

• Assume weights have zero mean

.t coefficien channel choosing when

valueda threshol is weights,of varianceis where

),,0()1)(1(1)1( ispower ontransmissi

total thechannels, fading RayleightWith 3. nPropositio22

i

t

h

JJP

2

2

,

, ),0()1)(1(1 is

antenna ting transmit, thebetween ratiopower The 4. nPropositio

J

P

P

jthi

jt

it

23

5. Simulations

• BER of the proposed transmission scheme

24

• Secret channel capacity with the simulated BER

25

Analysis Results on Transmission Power

• Choice of parameters changes power

26

Simulation Results on Transmission Power

• Total transmission power and the power of a single transmitter

27

6. Conclusions• Propose a randomized array transmission

scheme for wireless secret-key agreement• Enhance information-theoretic secret channel

capacity by increasing the adversary’s receiving error

• Demonstrate that information-theoretic secrecy concept may be practical based on space-time transmissions and the limit of blind deconvolution