This disclosure relates to security in communication systems that use an orthogonal frequency division multiplexing (OFDM) modulation scheme. More specifically, this disclosure relates to the structure of OFDM symbols to create a secured communication system.
Orthogonal frequency division multiplexing (OFDM) has gained considerable interest by the research community and industry due to its highly desirable features for wireless transmission. Consequently, OFDM has been considered for several applications and standards, such as Wireless Local Area Network (WLAN, IEEE 802.11a and IEEE 802.11n), Worldwide Interoperability for Microwave Access (WiMax, IEEE 802.16), and Mobile Broadband Wireless Access (MBWA, IEEE 802.20). Although OFDM is highly robust against various transmission impairments, it does not have any inherent security features. Hence, additional encryption/decryption algorithms should be implemented for data security.
One type of secure communication algorithm is a block cipher. The main building parts of a block cipher are a round function based on a nonlinear operation, mixing component and round keys. If the number of rounds is more than 32, breaking this cipher will be very difficult. The main limitation of commonly designed ciphers is their low speed, which is a major drawback for today's broadband systems.
Digital encryption is usually applied to the transmitted bits at the data link layer or at higher protocol layers of the communication protocol stack. Block encryption techniques permute blocks of bits in a key-dependent way, while stream ciphers first generate a key-dependent pseudo-random binary key stream, which is then XOR-ed with the plaintext bit sequence to produce the cipher text. An eavesdropper without access to the key cannot easily recover the plaintext from an intercepted cipher text.
The Data Encryption Standard (DES) is classified as a block cipher and has been used worldwide in the banking communities and for electronic fund transfers. Due to concerns about security of DES—such as a short key size (e.g., 56 bits), slow operation, and differential and liner cryptanalysis—security communities have sought to replace DES with more robust algorithm. Therefore, a new symmetric key cryptosystem, the Advanced Encryption Standard (AES) was announced in 2001. AES is efficient in hardware and software implementations with various key sizes of 128, 192 and 256 bits.
Although there are several cryptosystems designed to operate at the lowest layers (physical layer) of the protocol stack for OFDM based systems, such techniques are usually designed to function at the bit or symbol level. For example, European Patent No. 1 513 279 B1 describes a system that encrypts the baseband QAM symbols by changing their phase according to a given key sequence before the inverse fast Fourier transform (IFFT) process. Moreover, the training symbols that are embedded for synchronization and channel estimation are encrypted as well. Consequently, the encryption process hides the necessary information required for synchronization and channel estimation, which are necessary to recover the encrypted data symbols. Furthermore, the data symbols themselves are encrypted as well. The main limitation of this approach is that it is suitable only for systems with training symbols. Future communication systems may not rely on pilot symbols for synchronization and channel estimation as several blind techniques have been proposed. Moreover, the performance of this technique mainly relies on channel conditions. If the channel is flat, it should not be difficult to estimate the channel parameters, even with encrypted pilots.
U.S. Pat. Nos. 7,751,488 and 7,649,951 describe a security system for OFDM by mixing the phases of the data symbols and varying the data-to-subcarrier assignment based on a secret key sequence. Therefore, an eavesdropper needs first to know the mapping between data and subcarriers, and then the phase/amplitude of the data symbols. Similar to the above mentioned systems, there are several other encryption systems that are based on the general concept of building an encryption technique by scrambling the frequency domain symbols (e.g., U.S. Patent Application Publication No. US 2011/0033051; A. Chorti and I. Kanaras, “Masked M-QAM OFDM: A simple approach for enhancing the security of OFDM systems,” IEEE 20th International Symposium on Personal, Indoor and Mobile Radio Communications (PIMRC), vol., no., pp. 1682-1686, 13-16 Sep. 2009; and M. Khan, M. Asim, V. Jeoti and R. Manzoor, “On secure OFDM system: Chaos based constellation scrambling,” International Conference on Intelligent and Advanced Systems (ICIAS), pp. 484-488, November 2007).
Unlike the approaches described in the previous paragraph, very little research has been conducted to perform encryption/decryption using the time-domain samples of OFDM signals. However, U.S. Pat. No. 6,650,616 describes introducing intentional group delay to one or more subcarriers at the transmitter using a series of filters. The group delay is supposed to destroy the frequency orthogonality of the signal and hence prevent correct data detection. In principle, there are a very large number of different group delays that may be applied. Therefore, it should be infeasible for an eavesdropper to ascertain the introduced group delay. However, the main limitation of this system is the high computational complexity as the number of divisions and multiplications to encrypt each OFDM symbol is quite large.
In this disclosure, described is a highly efficient encryption/decryption algorithm for OFDM based systems. Unlike other systems, the disclosed system operates on the time-domain samples after the IFFT. Consequently, the disclosed system will have strong security as well as low computational complexity, which makes the system attractive for high speed broadband communication systems.
The development of a highly secured cryptosystem that is specifically tailored for OFDM systems may remarkably improve the system's efficiency because conventional cryptosystems are considered as overhead since they are implemented as a separate layer in OFDM-based systems. Developing a new cryptosystem that utilizes the unique structure of OFDM systems leads to combined modulation and security that eliminates the extra overhead introduced by conventional cryptosystems. In this disclosure, the OFDM unique structure is exploited to develop a secured wireless communication system that relies on the sensitivity of OFDM systems to synchronization errors. At the transmitter side, encryption is performed by hiding some necessary synchronization information based on a secret key sequence. At the receiver side, decryption is impeded without the knowledge of the correct synchronization parameters. For an attacker who does not have the correct key, the received signal will appear as a noise-like signal. In this sense, the developed system is denoted as a chaotic cryptographic system.
The subject matter of the disclosure will be explained in more detail in the following text with reference to preferred exemplary embodiments that are illustrated in the attached drawings, in which:
OFDM is a multicarrier technique in which the serial data stream dk is converted to N parallel streams d(l)=[do(l), d1(l), . . . , dN-1(l)]T that are used to modulate N orthogonal subcarriers during the lth OFDM symbol block l=0, . . . , L−1.
The elements of the data sequence d are complex symbols that are drawn uniformly from a quadrature amplitude modulation (QAM) or M-ary phase shift keying (MPSK) symbol constellations. As depicted in
x(l)=FHd(l) (1)
The matrix FH is the Hermetian transpose of a normalized N×N FFT matrix. The IFFT matrix may be defined as set forth in Equation 2, where
Therefore, the nth sample in the sequence x(l) may be expressed as set forth in Equation 3.
In multipath fading channels, inter-symbol-interference (ISI) may occur due to the delayed arrival of the multipath components. To combat the ISI and assure ISI-free reception, a time-domain guard-band, denoted as CP, is created by copying the last NCP samples of the IFFT output and appending them at the beginning of the symbol to be transmitted. The value of NCP is preferably greater than the channel impulse response.
Therefore, the transmitted OFDM block, denoted as xCP, consists of N+NCP samples with the following frame structure of Equation 4.
x
CP(l)=[XN-N
The useful part of the OFDM symbol does not include the NCP prefix samples and has a duration of Tu seconds.
At the receiver front-end, the received signal is applied to a matched filter and then it is sampled at a rate
After dropping the NCP samples, the received sequence y(l)=[yo(l), y1(l), . . . , yN-1(l)]T is obtained as in Equation 5.
y(l)=H(l)x(l)+z(l) (5)
The system noise z(l)=[zo(l), z1(l), . . . , zN-1(l)]T is modeled as a white Gaussian process with zero mean and variance σz2=E[|zn|2], H(l) denotes the channel frequency response matrix during the lth OFDM block. By dropping the block index l, to simplify the notations, and assuming that the channel remains fixed for one block period, the matrix H may be expressed as set forth in Equation 6.
The discrete-time channel impulse response samples hp=0 ∀ p≧P where P is the channel order and P<NCP. It may be observed from Equation 6 that His a circulant matrix hence it will be diagonalized by the IFFT/FFT matrices FHFH=HD where HD is N×N diagonal matrix whose ith diagonal elements may be expressed using Equation 7.
The received samples may be written using Equation 8.
y(l)=FHHD(l)d(l)+z(l) (8)
In equation 8, the nth element of y may be expressed using Equation 9.
The N time-domain samples are then applied to the fast Fourier transform (FFT) to produce the decision variables that will be used to reproduce the transmitted symbols, which may be achieved using Equation 10.
Y(l)=Fy(l) (10)
The kth information symbol in Y may be expressed using Equation 11.
In Equation 11,
is a Gaussian random variable with the same statistical properties as zn. The decision variables Yk are then fed to the detector, which is based on the maximum likelihood (ML) criterion, to reproduce the transmitted data. As shown in
Without loss of generality, it may be assumed that the channel is noiseless (σz2=0) and the channel matrix H=I. Therefore, the output of the FFT may be expressed using Equation 12, where the time-domain samples are given by Equation 3.
As may be noted from Equation 12, each sample xn is formed by mixing all data symbols d0, . . . , dN-1. To recover the data symbols, all the time-domain samples xn, n=0, . . . , N−1 should be known at the receiver. Hiding the original values of xn or loosing part of them will prevent correct data recovery. Consequently, if a particular function is used to hide the original values of each sample xn it will be, for practical purposes, impossible to recover the data symbols dk without errors if is not known at the receiver side. Therefore, if is chosen such that it cannot be guessed by the attackers, and the information loss due to the absence of information about is maximized, the data symbols dk, k=0, . . . , N−1 may be considered to be secured. However, the samples xn are analog,
hence one-way functions based on discrete mathematics that are used in conventional security systems may not be suitable for this system.
It may be observed that the data symbols dk cannot be recovered correctly unless:
However, the information loss is proportional to the number of samples included from other OFDM blocks, and/or the number of samples that are out of order. In general, the output of the FFT when the N-samples block comprises samples from other OFDM symbols, or out of order samples, may be expressed using Equation 13.
d
k(l)=αk(l)dk(l)+βk(l) (13)
In Equation 13, α is an attenuation factor and β is the interference. Both α and β depend on how many samples belong to the lth OFDM symbol, and how many samples are in correct order. Consequently, the useful data symbols at the output of the FFT will be significantly attenuated and heavily buried in interference. As a result, the transmitted data is secured by either reordering the time-domain samples xn(l), mixing the samples of the L different OFDM symbols, or both mixing and reordering the samples of L OFDM blocks.
A high level block diagram of a secured OFDM system 16 is depicted in
First, the serial data symbols are converted to parallel frames using the serial/parallel converter shown in FIG. 2., where each parallel block consists of N data symbols.
Second, the parallel data blocks are used to modulate N orthogonal subcarriers using the IFFT block as described in Equation 1.
Third, the encryption process may be implemented with the encryption assembly 22 shown in
Fourth, the CP is added by copying the last NCP samples and appending them at the beginning of each column.
Fifth, the encrypted samples and the CP are converted to a serial stream, which is then upconverted to a particular carrier frequency.
At the receiver 20 side, perfect frequency and symbol timing and phase synchronization are assumed, as well as perfect channel state information. Consequently, the following steps are performed to recover the original data.
First, the received signal is down converted to baseband and sampled at a rate equal to the transmitted samples rate. The process includes frequency synchronization between the transmitter and the receiver.
Second, the CP samples are discarded. This process includes symbol timing synchronization.
Third, compensation for channel effects is performed before the FFT process. The estimated channel matrix Ĥ is assumed to be equal to the channel matrix H.
Fourth, the decryption process is performed using the same configuration shown in
For an enhanced explanation, but without limiting inventive aspects of the disclosure, two examples are considered as possible scenarios in which the encryption/decryption processes are implemented. In the first example, the case where the samples of OFDM block are randomly permutated among themselves to perform the encryption is considered. In the second example, the samples from two consecutive OFDM blocks are randomly mixed, without changing the order of the samples.
Assume that before transmission, the N time-domain samples of the lth OFDM symbol at the IFFT output are reordered according to a pseudorandom sequence K=[K0, K1, . . . , KN-1], Kiε{0, 1, . . . , N−1}. Hence the value of Ki indicates the original location of the sample before encryption. Therefore, the encrypted symbol may be expressed using Equation 14, where is the function used to mix the samples of the vector x. For example, if Ki=λ, then {tilde over (x)}i=xλ.
{tilde over (x)}(l)=(x(l),K)≠FHd(l) (14)
The transmitted samples sequence passes through a multipath channel with Lh taps. The received signal, after removing the CP samples, is given by {tilde over (y)}(l)=H(l){tilde over (x)}(l)+z(l).
For coherent detection, the channel matrix should be estimated and compensated accurately before the FFT computation. To simplify the presentation of the system, we assume that the estimated channel matrix Ĥ perfectly matches the actual channel matrix H, i.e., Ĥ=H. Consequently, the received samples after the compensation of the channel effects may be expressed using Equation 15, where η(l)=H−1(l)z(l).
{tilde over (y)}
C(l)==H−1(l){tilde over (y)}(l)+H−1(l)z(l)={tilde over (x)}(l)+η(l) (15)
Assuming high signal-to-noise ratio (SNR), H−1(l)z(l)˜0. Thus, {tilde over (y)}C(l)≈{tilde over (x)}(l)
The original order of the samples may be restored by applying the inverse of the process applied at the transmitter side. However, an attacker does not know the function because it is based on the unknown sequence K. Hence, another sequence ≠K may be chosen randomly by the attacker in the effort to break the system. The outcome of applying the inverse function −1 may be expressed as, y(l)=−1({tilde over (x)}(l), ), and decision variables at the output of the FFT may be expressed using Equation 16, where the kth k sample of Y is expressed with Equation 17.
From Equation 4, a perfect recovery of the data symbols requires that =K. Using exhaustive search methods to find K requires N! trials. However, the value of N is typically greater than 256, as in WiMax and DVB-T systems. Therefore, the number of trials required to find K is about 256! trials. It may be concluded that breaking the system using exhaustive search approaches is impractical, if not infeasible.
To assess the performance of this approach, a general OFDM system is simulated over AWGN channels. In the simulation, the number of subcarriers N is 256, the data symbols are selected from a QAM constellations with 4, 16 and 64 levels, and the SNR is set to 30 dB. The number of samples mixed varies from zero to 256. The key size needed to represent K is equal to log2 ()≦2048 bits.
To quantitatively evaluate the performance of the disclosed system 16, a simulation of the symbol error rate (SER) for different values of using different QAM levels may be carried out. As depicted in
in such a case the receiver is just selecting any of the M possible symbols randomly. The results of
In the second example, the samples from two consecutive OFDM blocks are randomly mixed, without changing the order of the samples. In this approach, L OFDM symbols are buffered and then the L symbols are interleaved according to a secret key K. The simplest case is when L equals 2, and the mixed samples keep their original order. For example, the first sample in the transmitted block is actually the first sample of OFDM block l or l+1, etc. In such a case, the transmitted block will consist of samples that belongs to either x(l) or x(l+1). Consequently, the transmitted block may be expressed using Equation 18, where denotes the pseudo random interleaving based on the key K=[K0, K1, . . . , K−1], Kiε{0,1}.
{tilde over (x)}(l)={x(l),x(l+1),K) (18)
For example, Ki equaling zero means that the ith sample belongs to x(l+1), otherwise it belongs to x(l). As will be apparent, the key length is equal to K≦N, which should be sufficient for OFDM systems with large N values such as DVB-T where N is at least 2048. For OFDM systems with small N values, L OFDM symbols may be invoked in the interleaving process. Another possible solution is to interleave the samples of the two symbols as well as to change their order.
Similar to the single system case, the system performance is evaluated for an OFDM system with N=256, SNR=30 dB, and L=2. The samples are interleaved without changing their order, thus the key length is 256 bits. The SER for the considered system is presented in
This disclosure describes a communications security system (e.g., a modem with a transmitter and a receiver (e.g., a transceiver), or a transmitting device and a remote receiving device) for data encryption in the physical layer of an Orthogonal Frequency Division Multiplex (OFDM) transmission protocol. The data is encrypted by altering, at the IFFT output at the transmitter, each of a sequence of the time-domain samples according to an element Kn,l of a key stream sequence K, thus creating encrypted samples {tilde over (x)}n, to be transmitted to the receiver, where the encrypted samples belong to one or more distinct OFDM blocks. The receiver includes a synchronizer/channel estimator for removing channel effects before decryption. Decryption is performed by rearranging the received N×L samples according to the key sequence K. The original data symbols are obtained by applying the decrypted samples to a fast Fourier transform (FFT) and a detector.