Physical Layer Securities in Wireless Communication Systems
Due to the tremendous advancement in the semiconductor and microelectronics technologies, wireless technologies have blossomed in the recent decades. The large scale deployment of wireless networks have revolutionized the way people live. They bring a great deal of convenience and enjoyment to us. Undoubtedly, we have become more and more dependent on these wireless technologies. These include cellular and radio frequency identification (RFID) technologies. However, with great technologies also come great risks and threats. Unlike wired transmissions, the nature of wireless transmissions result in the transmitted signals over the channel can be easily intercepted and eavesdropped by malicious adversaries. Therefore, security and privacy of the employed wireless communication system are easily compromised compared to the wired communication system. Consequently, securing wireless network has attracted a lot of attention in the recent years and it has huge practical implications. Securing wireless networks can be and indeed are performed at all layers of a network protocol stack. These include application, network, data link and physical (PHY) layers. The primary focus of our research is on the PHY layer approaches for securing and attacking wireless networks. In this thesis, we identify three research topics and present our results. They are: 1) PHY layer phase encryption (P-Enc) vs XOR encryption (XOR-Enc); 2) PHY layer signaling scheme to ensure the confidentiality of the transmitted messages from the tag to the reader in RFID systems. 3) Active eavesdropping attack framework under frequency hopping spread spectrum (FHSS) RFID systems. In the first work, we introduce a new OFDM encryption scheme which we call OFDM-Enc, different from convectional XOR-Enc, OFDM-Enc encrypts data by multiplying each of in-phase and quadrature component of the time domain OFDM symbol by a keystream bit. We then perform an initial investigation on the security of OFDM-Enc. We show it is secure against all attacks that are considered in this work. Moreover, depending on the modulation type, OFDM would potentially reduce the keystream size required for encryption, while still achieving the required security level. We also conduct simulations to compare OFDM-Enc with conventional XOR-Enc. We show indeed OFDM-Enc is viable and can achieve good performances. Then we extend OFDM-Enc to general communication systems. Since the encryption is essentially done by changing the phase of the data constellations, we just adopt the term P-Enc. In addition, we form mathematical formulations in order to compare between P-Enc and XOR-Enc in terms of efficiency, security and hardware complexity. Furthermore, we show P-Enc at the PHY layer can prevent traffic analysis attack, which cannot be prevented with the upper layer encryptions. Finally, simulations are conducted again to compare the performance of P-Enc and XOR-Enc. In the second work, we are interested in protecting tag's data from leaking or being compromised to malicious adversaries. As discussed earlier, due to the nature of wireless channels, communications between the tag and the reader is susceptible to eavesdropping. The conventional method uses encryption for confidentiality protection of transmitted messages. However, this requires to pre-share keys between the reader and the tag. As a result, a key management and distribution system needs to be put in place. This introduces heavy system overhead. In this work, we first propose a new PHY layer RFID privacy protection method which requires no pre-shared keys and would achieve the same goal. We also perform theoretical analysis to first validate of our proposed scheme. Finally, we conduct experiments to further verify the feasibility our proposed scheme under the passive eavesdropping attack model. In the third work, we present a new attack on the FHSS RFID system called active eavesdropping attack. In most semi-passive and passive RFID systems, tag to reader communications are accomplished via backscattering modulation. This implies the tag is not required to identify the frequency of the legitimate reader's transmitted signal, it simply responds to a reader's query by setting its impedance in the circuitry to low and high to represent bit 1 and 0. The attacker exploits this design weakness of the tag and broadcasts his own continuous wave (CW) at a different frequency. Consequently, the eavesdropper receives two copies of responses: one from his own broadcasted CW and one from reader's CW. We perform theoretical analysis to show the optimal strategy for the attacker in terms of the decoding error probability. Finally, we conduct simulations and experiments to verify with our theoretical results.