This invention relates generally to wireless communications, and more particularly to secure communications in wireless networks.
In wired communication networks, signal energy is mostly confined in a physical medium, such as conductive wires or optical fibers. Hence, signals can only be accessed by physically attaching to the medium.
In wireless networks, any receiver within range of the transmitter can intercept the signals. Therefore, conventionally secure communication typically uses cryptography and asymmetric public and private keys at the transmitter and the receiver. A public key infrastructure (PKI) generates, distributes and maintains the public keys, in which a trusted certificate authority (CA) binds all the public keys with respective user identity and issues a public key certificate to the respective user. In order to establish secure communication, the transmitter first verifies the receiver's public key certificate. After the public key is verified, messages are encrypted using the receiver's public key, and the messages can only be decrypted using the corresponding private key. Generation of public keys requires significant computational overhead.
For many wireless networks, such as ad hoc network, access to a PKI is difficult, or unavailable. Wireless nodes do not have the computational power to generate public keys either. In such cases, security communication in such wireless networks becomes a challenge. Given this, realizing security in wireless communication networks is of great interest.
Recently, physical layer security has been investigated for wireless networks. Based on information theory, messages transmitted at bit rates higher than a channel capacity cannot be decoded correctly. It is therefore possible to transmit a message to intended users securely, providing that the channels between the transmitter and intended receivers have higher capacity than channels between the transmitter and eavesdroppers. However, in practice, it is difficult to guarantee that such a condition is satisfied.
Another approach generates secret session keys in a wireless node. The reciprocity of wireless channels enables two nodes to generate a pair of secret keys that are made identical by quantizing parameters of the channel. After a matching pair of keys are generated by each node, the keys can be used to encrypt messages between the nodes. Because eavesdroppers have wireless channels that are different than the two nodes, the eavesdroppers cannot produce the same keys, and the secure communication is guaranteed. For that approach, it is essential that the independently generated keys match completely. However, due to the noise, interference and hardware impairment, it is not always guaranteed that the keys generated by a pair of wireless nodes are exactly the same.
Low-density parity check (LDPC) codes can be used for forward error correction (FEC) codes, and are widely used to reduce channel noise and key mismatches. Given the channel statistics, one can design good LDPC codes that perform very closely to the channel capacity. However, in reality, channel parameters cannot always be obtained accurately. Moreover, the channel can be time-variant. Therefore the code rate should be determined dynamically.
The invention describes a method for securely and reliably communicating data between a transmitter and a receiver, generally transceivers or nodes according to embodiments of the invention.
The transmitter encodes the data using a rate-adaptive code to produce a bit stream of encoded data. The rate-adaptive code can be any code that has the capability to incrementally add redundancy, such as rateless codes, rate-compatible LDPC, or convolutional codes, etc. Rateless codes do not exhibit a fixed code rate because the codes can potentially generate a sequence of infinite number of encoded bits, while rate-compatible LDPC codes adjust the code rate by “puncturing” parity check bits. Both of codes have a carefully designed structure, where encoded data is transmitted incrementally to achieve different levels of error correction capability.
The transmitter encrypts the encoded data with a key Ka and transmits a small segment of the encoded data. If the transmitter receives a negative acknowledgement (NACK) from the receiver, or a time out, then additional segments of the encoded bit stream are transmitted. The transmitter keeps transmitting more segments until an acknowledgment (ACK) is received.
The receiver first decrypts the received bit stream with a key Kb, which is highly correlated with the key Ka, but not always exactly the same. The receiver tries to decode the message using all data received. If successful, the receiver sends the ACK to the transmitter of the encoded data. It unsuccessful, the receiver signals the transmitter to send more segments by either sending the NACK, or doing nothing.
Due to an open medium, a wireless transmission is very vulnerable to eavesdropping because potentially any receiver can intercept wireless broadcasts. Therefore, security is an extremely important issue in wireless communications.
Two wireless nodes (A and B) can generate a pair of keys independently by estimating the channel between the node and the other node. Without noise and other hardware impairment, the channel estimate of node A and that of node B, denoted as Hab and Hba, respectively, are theoretically identical, i.e., Hab=Hba=H. However, because of environmental noise and hardware impairment, the actual channels estimated by each node are often not exactly identical, but highly correlated. The estimated channel can be expressed as:
Ĥab=Hab+za, and
Ĥba=Hba+zb,
where Za and Zb are noise observed by node A and node B, respectively.
Node A can generate a key Ka, based on a channel estimate Ĥab, and node B generates a key Kb, based on a channel estimate Ĥba. Given that Ĥab≈Ĥba, Ka and Kb are not always identical, but typically highly correlated.
The eavesdropper node D 103 can also estimate the channel, Ĥda or Ĥdb, and generate a key Kd based on either channel estimate, or a combination of both. However, the correlation between eavesdropper's channels and H is low, and therefore a mismatch rate using key Kd is much higher than the rate obtained using keys Ka and Kb. Here, a mismatch rate predetermined threshold is defined as the ratio of the number of mismatching bits to the total number of bits in the second (or first) key.
Conventional secure communications using encryption require that keys Ka and Kb are perfectly matched. That is, the receiver cannot decode the data correctly if there are mismatched bits between key pair Ka and Kb.
In contrast, the embodiments of the invention describe a method to transmit data securely using a pair of key that are not perfectly matched, but correlated.
The transmitter gradually adjusts the error correction capability of the transmitted code according to feedback 330 from the receiver 102. If the feedback indicates a failure (NACK) in decoding, the transmitter increase the error correction capability by sending additional symbols of Y 371 to assist the receiver to decode the bit stream.
The transmitter 101 also scrambles (SCBL) 382 the coded data Y 371 with the key Ka to scrambled data Z 372. The transmitter 101 broadcasts the first n bits of Z, denoted as Z(1:n). The bits Z(1:n) are received at the intended receiver node B 102 as Vb (1:n).
The receiver descrambles 392 the bits Vb (1:n) using the first n bits of the key Kb(1:n). If the length of the key is less than n, then a repeated key is used.
The descrambled data are Sb(1:n). A decoder 391 in the receiver attempts to decode data (message) X using Sb(1:n). The receiver sends a feedback 330 to the transmitter according to the decoding result. If the data are decoded successfully, the receiver then sends the ACK to the transmitter. If decoding fails, the receiver can either explicitly send the NACK, or do so implicitly by not transmitting anything.
If after broadcasting the tth segment of Z, i.e., Z((t−1)n+1:tn), the transmitter 101 receives the ACK message, it stops transmitting additional symbols in Z and is ready for the next input data (message).
If after broadcasting the tth segment of Z, i.e., Z((t−1)n+1:tn), the transmitter 101 receives the NACK, or times out in the case of the implicit NACK), and continues by transmitting additional n-bit of Z, Z(tn+1:tn+n).
The scrambling 382 performs symbol-wise operation. Each output symbol z(m) is generated with input symbol y(m) and a key symbol ka(m). As an example, if y(m) and ka(m) are binary, the scrambling can be done by applying an exclusive OR (XOR) operation on the encoded data and the first key, i.e., z(m) y(m) XOR ka(m). Other methods, such as rotating the phase of the symbols, can also be used. If a length q of the key is less than m, a repeated key is used, i.e., z(m)=y(m) XOR ka(m mod q).
The receiver 102 can include an individual descrambling block 392 and a decoder block 391. The descrambling block 392 takes the received symbol vb(m) and the key kb(m), and generates a descrambled symbol sb(m). If both vb(m) and kb(m) are binary, then the XOR operation can be used in the descrambler.
If reliability information for vb(m) or kb(m) or both are known, then an advanced soft descrambling scheme can be used. We denote the reliability of bit s, given an observed value r, by L=log(Pr(s=0|r)/Pr(s=1|r)). Then, the reliability of the received data is Lc(m)=log(Pr(z(m)=0|vb(m))/Pr(z(m)=1|vb(m))). The reliability of individual bits in a key Lk(m) can be obtained from the key generation process. If the key is not known, Kb can be treated as error free, i.e., considering the value of Lk(m) as infinity. When the key Lk(m) is known, the soft output information Ld(m) of the mth symbol after descrambling can be determined according to
Otherwise, if the key Lk(m) is unknown, then
Ld(m)=(1−2·Kb(m))·Lc(m).
A decoder capable of accepting soft input can be used and Ld can be used to initialize the decoding process.
If the eavesdropper node 103 has the same structure as a legitimate receiver, as shown in
The transmitter 101 first encodes 401 the input data X 301 with an inner code. The output of the inner encoder, Yin 411, is then scrambled 403 with Ka to produce a scrambled sequence Zin 412. The outer encoder 402 takes Zin as inputs and outputs Zout, which is broadcast.
The receiver 102 decodes the received coded signal Vb with the side information Kb. If the receiver does not decode successfully, the receiver sends an implicit or explicit NACK to the transmitter 101. Otherwise, the receiver sends an ACK to the transmitter 101. During the broadcasting, the outer code encoder 402 in the transmitter 101 continuously produces additional bits until the ACK is received from the receiver 102.
If the message is decoded correctly, then the node B 102 sends 503 the ACK 506, and broadcasting terminate 507.
Compared to fixed rate transmissions, the invention can improve the security level of wireless communication networks. The invention is especially effective in a time variant channel.
When the rate is lower than the channel capacity Cab 602 (solid line), and the receiver can decode the data correctly, the transmission stops. This allows the rate to be adaptive to instantaneous channel capacity, and guarantees that only the intended receiver can receive the message successfully and minimizes the probability of the data being decoded by the eavesdropper.
Although the invention has been described by way of examples of preferred embodiments, it is to be understood that various other adaptations and modifications may be made within the spirit and scope of the invention. Therefore, it is the object of the appended claims to cover all such variations and modifications as come within the true spirit and scope of the invention.
Number | Name | Date | Kind |
---|---|---|---|
6307487 | Luby | Oct 2001 | B1 |
6678856 | Jordan et al. | Jan 2004 | B1 |
6810502 | Eidson et al. | Oct 2004 | B2 |
7050511 | Jeong et al. | May 2006 | B2 |
7068729 | Shokrollahi et al. | Jun 2006 | B2 |
7310768 | Eidson et al. | Dec 2007 | B2 |
7484165 | Griesser et al. | Jan 2009 | B2 |
7765402 | Clark et al. | Jul 2010 | B2 |
7991160 | Guccione et al. | Aug 2011 | B2 |
8280046 | Rudolf et al. | Oct 2012 | B2 |
20030022629 | Miyoshi et al. | Jan 2003 | A1 |
20030039229 | Ostman | Feb 2003 | A1 |
20030095498 | Sato et al. | May 2003 | A1 |
20030112978 | Rodman et al. | Jun 2003 | A1 |
20040052306 | Ibrahim et al. | Mar 2004 | A1 |
20060133338 | Reznik et al. | Jun 2006 | A1 |
20070036353 | Reznik et al. | Feb 2007 | A1 |
20070165845 | Ye et al. | Jul 2007 | A1 |
20070177729 | Reznik et al. | Aug 2007 | A1 |
20080219374 | Fernandez-Corbaton et al. | Sep 2008 | A1 |
20090141900 | Ye et al. | Jun 2009 | A1 |
20090225895 | Sheu et al. | Sep 2009 | A1 |
20100034389 | Sakharov | Feb 2010 | A1 |
20100070991 | Kaag et al. | Mar 2010 | A1 |
20100185791 | Pons et al. | Jul 2010 | A1 |
20100265897 | Kwon et al. | Oct 2010 | A1 |
20100318796 | Reznik et al. | Dec 2010 | A1 |
20110078453 | Mueck et al. | Mar 2011 | A1 |
20120015653 | Paliwal et al. | Jan 2012 | A1 |
20120140922 | Annavajjala et al. | Jun 2012 | A1 |
Entry |
---|
Pukkila, Markku “Channel Estimation Modeling” [Online], Dec. 19, 2000 [Retrieved on: Nov. 17, 2012], Nokia Research Center, [Retrieved from: http://www.ee.oulu.fi/˜zoquinta/CSPII/chan—est.pdf]. |
Number | Date | Country | |
---|---|---|---|
20120148046 A1 | Jun 2012 | US |