Endre søk
RefereraExporteraLink to record
Permanent link

Direct link
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Performance Guarantees for Physical Layer Authentication in Mission-Critical Communications
KTH, Skolan för elektroteknik och datavetenskap (EECS), Intelligenta system, Teknisk informationsvetenskap.ORCID-id: 0000-0003-4961-5973
2021 (engelsk)Doktoravhandling, med artikler (Annet vitenskapelig)
Abstract [en]

As the application areas for wireless communications are expanding, we also see new security vulnerabilities arise due to the open nature of the wire- less medium. One particularly challenging problem is how to guarantee the security of emerging mission-critical communications, e.g., realized by fifth generation (5G) mobile networks, that will enable use-cases like industrial automation, vehicular communications, and smart grids. As the room for security overhead is limited in mission-critical communications, mainly due to the associated strict requirements on latency and reliability, new lightweight security techniques are researched within the area of physical layer security. In particular, feature-based physical layer authentication (PLA), exploiting transmitter-specific features extracted from received signals for device au- thentication, is considered a promising solution for lightweight authentication and intrusion detection in mission-critical communications. In this thesis, we provide mathematical tools for analyzing channel-based PLA schemes, and in particular, for deriving worst-case performance guarantees appropriate for mission-critical contexts. We consider worst-case performance guarantees for feature-based PLA from two perspectives: 

Firstly, we provide mathematical bounds on the delay-performance im- pacts that arise due to the unlikely but inevitable erroneous authentication decisions (i.e., false alarms and missed detections). We model the PLA scheme using queueing analysis, develop models for active impersonation attacks, and derive bounds on the queueing delay violation probability using tools from stochastic network calculus. We consider the performance for both single- and multiple-antenna receiver architectures, and furthermore, a distributed multiple-antenna system in which we analyze varying degrees of distributed processing. These results establish under which practical deployments and channel conditions feature-based PLA would constitute a viable option for mission-critical applications. For instance, we find that for low-mobility scenarios with line-of-sight conditions, as exemplified by an industrial automation scenario with fixed sensor deployment, PLA can be used for strongly enhanced security while simultaneously maintaining mission-critical latency deadlines with high reliability. Moreover, we discuss extensions that would allow analysis of scenarios without line-of-sight and with higher mobility. 

From the second perspective, we provide tools for deriving the worst-case detection performance under optimal attackers that are aware of the PLA scheme. First, we consider a distributed PLA setting where authentication is based on the channel-states observed at multiple distributed radio-heads. We derive the optimal single-antenna attack strategy and corresponding missed detection probability, and provide a heuristic method for finding the optimal spatial attack position with respect to a given deployment. We then extend the results by considering a multiple-antenna attacker, the correspond- ing optimal pre-coding strategies, and the detection performance under the worst-case attacker. Furthermore, we analyze the impacts of limited channel state information (CSI) and power budgets at the attacker and provide a counter-strategy that can be used by the PLA receiver. With the single- antenna attacker, our results show significant detection performance benefits from a distributed antenna setting, which argues for practical relevance of PLA within modern 5G technologies like coordinated multi-point (CoMP) and distributed multiple-input multiple-output (MIMO) systems. For the multiple-antenna attacker, we observe significant impacts given perfect CSI knowledge and favorable channel conditions at the attacker. However, under realistic assumptions on power budget, CSI imperfections, and through the proposed counter-strategy, we find that strict detection performance guarantees can be maintained. 

Abstract [sv]

Tillämpningsområdena för trådlös kommunikation expanderar konstant och möjliggör nya applikationer av informationsteknik. Denna utveckling skapar dock samtidigt nya säkerhetsbrister eftersom det trådlösa mediet är öppet för både avlyssning och extern manipulation. Ett viktigt och utmanande problem är hur man kan leverera säkerhetsgarantier för kritisk trådlös kommunikation, som till exempel kan användas för industriell automation, fordonskommunikation, smarta elnät, samt andra applikationer inom femte generationens (5G) mobilnät. Eftersom kritisk trådlös kommunikation karakteriseras av extremt höga krav på latens och pålitlighet har dessa system mycket begränsade resurser för tidskrävande kommunikation och beräkningar. Den senaste forskningen riktar därför bland annat in sig på säkerhetsmetoder i det fysiska kommunikationslagret (PHY-Layer) för att uppnå säker kommunikation utan att överskrida nämnda begränsningar. Autentisering i det fysiska kommunikationslagret är en sådan metod, vilken utnyttjar sändar-specifika egenskaper som kan avläsas från mottagna trådlösa signaler för att verifiera sändarens identitet och detektera potentiella intrång. Denna avhandling utvecklar matematiska verktyg för att analysera kanalbaserad autentisering i det fysiska lagret, med fokus på att härleda prestandagarantier som är lämpliga för kritisk kommunikation. Vi utvecklar sådana garantier utifrån två perspektiv:

För det första tillhandahåller vi matematiskt härleda begränsningar av de fördröjningar som uppstår på grund av de sällsynta men oundvikliga felbeslut som dessa autentiseringsprotokoll resulterar i. Vi modellerar autentiseringsprotokollen med hjälp av köanalys, utvecklar modeller för aktiva impersonationsbaserade attacker samt härleder övre begränsningar för sannolikheten att systemets krävda latens överskrids. Dessa resultat härleds med hjälp av ramverket stochastic network calculus. Analysen utökas från en-antenns mottagare till fler-antennsystem samt ett distribuerat fler-antennsystem med olika grader av distribuerad beslutsfattning. Våra resultat etablerar de praktiska förutsättningar som krävs för att ett kanalbaserat autentiseringprotokoll ska uppfylla de krav som ställs inom kritisk trådlös kommunikation. Resultaten visar att kanalbaserad autentisering, givet ett scenario med låg mobilitet samt direkt siktlinje mellan sändare och mottagare, kan kan användas för förbättrad säkerhet samtidigt som strikta begränsningar på latens upprätthålls. Vidare diskuterar vi möjliga fall under vilka resultaten kan utökas till scenarier med hög mobilitet samt utan direkt siktlinje.

Den andra typen av garantier handlar om att härleda övre begränsningar för detektionsprestandan, i termer av sannolikheten för ett intrång, under optimalt designade attacker. Först studerar vi ett distribuerat autentiseringsprotokoll baserat på kanalobservationer vid flera distribuerade fler-antennsmottagare. Vi härleder den optimala transmissionsstrategin för en angripare med en antenn samt motsvarande sannolikhet för lyckat intrång. För detta fall tillhandahåller vi även en heuristisk metod för att hitta den optimala attackpositionen. Vidare utvecklar vi resultaten till en angripare utrustad med flera antenner, härleder motsvarande optimala strategier samt detektionsprestandan givet en kompetent angripare med perfekt kanalinformation. Vi analyserar även påverkan av begränsad kanalinformation och effektbegränsningar hos angriparen samt visar en effektiv motstrategi som kan användas av den autentiserande mottagaren. Resultaten visar att en angripare med flera antenner och perfekt kanalinformation kan ha en signifikant påverkan på autentiseringsprestandan. Givet realistiska antaganden om angriparens kanalinformation och effektbudget visar vi dock att säker detektionsprestanda kan garanteras. Resultaten visar även att stora förbättringar erhålls med den distribuerade autentiseringsmetoden, vilket visar praktisk relevans för autentisering i det fysiska lagret inom moderna 5G teknologier så som coordinated multi-point (CoMP) och distribuerade fler-antennsystem.

sted, utgiver, år, opplag, sider
Stockholm, Sweden: - , 2021. , s. 214
Serie
TRITA-EECS-AVL ; 2021:1
Emneord [en]
Physical layer authentication, mission-critical communica- tions, worst-case performance, queueing delay performance, stochastic net- work calculus, optimal attack strategies.
HSV kategori
Forskningsprogram
Elektro- och systemteknik
Identifikatorer
URN: urn:nbn:se:kth:diva-287203ISBN: 978-91-7873-727-7 (tryckt)OAI: oai:DiVA.org:kth-287203DiVA, id: diva2:1506919
Disputas
2021-01-22, F3, Lindstedtsvägen 26, Stockholm, 13:00 (engelsk)
Opponent
Veileder
Prosjekter
CERCES
Merknad

QC 20201208

Tilgjengelig fra: 2020-12-08 Laget: 2020-12-04 Sist oppdatert: 2022-06-25bibliografisk kontrollert
Delarbeid
1. On the Impact of Feature-Based Physical Layer Authentication on Network Delay Performance
Åpne denne publikasjonen i ny fane eller vindu >>On the Impact of Feature-Based Physical Layer Authentication on Network Delay Performance
2017 (engelsk)Inngår i: Globecom 2017 - 2017 IEEE Global Communications Conference, Institute of Electrical and Electronics Engineers (IEEE), 2017Konferansepaper, Publicerat paper (Fagfellevurdert)
Abstract [en]

Feature-based authentication schemes that verify wireless transmitter identities based on physical-layer features allow for fast and efficient authentication with minimal overhead. Hence, they are interesting to consider for safety-critical applications where low latency and high reliability is required. However, as erroneous authentication decisions will introduce delays, we propose to study the impact of feature-based schemes on the system-level performance. In this paper, we therefore study the queuing performance of a line-of-sight wireless link that employs a feature-based authentication scheme based on the complex channel gain. Using stochastic networks calculus, we provide bounds on the delay performance which are validated by numerical simulations. The results show that the delay and authentication performance is highly dependent on the SNR and Rice factor. However, under good channel conditions, a missed-detection rate of 10(-8) can be achieved without introducing excessive delays in the system.

sted, utgiver, år, opplag, sider
Institute of Electrical and Electronics Engineers (IEEE), 2017
Serie
IEEE Global Communications Conference, ISSN 2334-0983
HSV kategori
Identifikatorer
urn:nbn:se:kth:diva-226848 (URN)10.1109/GLOCOM.2017.8254003 (DOI)000428054300083 ()2-s2.0-85046437823 (Scopus ID)978-1-5090-5019-2 (ISBN)
Konferanse
IEEE Global Communications Conference (GLOBECOM), DEC 04-08, 2017, Your, Singapore
Prosjekter
CERCES
Forskningsfinansiär
Swedish Civil Contingencies Agency
Merknad

QC 20180507

Tilgjengelig fra: 2018-05-07 Laget: 2018-05-07 Sist oppdatert: 2024-03-15bibliografisk kontrollert
2. Performance Analysis of Distributed SIMO Physical Layer Authentication
Åpne denne publikasjonen i ny fane eller vindu >>Performance Analysis of Distributed SIMO Physical Layer Authentication
2019 (engelsk)Inngår i: ICC 2019 - 2019 IEEE International Conference on Communications (ICC), Institute of Electrical and Electronics Engineers (IEEE), 2019, artikkel-id 8761666Konferansepaper, Publicerat paper (Fagfellevurdert)
Abstract [en]

This paper proposes a new approach for physical layer authentication where transmissions are authenticated based on the single-input/multiple-output channel-states observed at multiple distributed antenna-arrays. The receiver operating characteristics (ROC) are derived in terms of closed form expressions for the false alarm and missed detection probability in order to evaluate the effectiveness compared to single-array authentication. To this end, we study the worst-case missed detection probability based on the optimal attacker position. Finally, we apply our previously developed queueing analytical tools, based on stochastic network calculus, in order to assess the delay performance impacts of the physical layer authentication scheme in a mission-critical communication scenario. Our results show that the distributed approach significantly outperforms single-array authentication in terms of worst-case missed detection probability and that this can help mitigating the delay performance impacts of authentication false alarms.

sted, utgiver, år, opplag, sider
Institute of Electrical and Electronics Engineers (IEEE), 2019
Serie
IEEE International Conference on Communications, ISSN 1550-3607 ; 8761666
HSV kategori
Identifikatorer
urn:nbn:se:kth:diva-258169 (URN)10.1109/ICC.2019.8761666 (DOI)000492038803139 ()2-s2.0-85070211836 (Scopus ID)9781538680889 (ISBN)
Konferanse
2019 IEEE International Conference on Communications, ICC 2019; Shanghai International Convention Center, Shanghai; China; 20-24 May 2019
Prosjekter
CERCES
Merknad

QC 20190910

Tilgjengelig fra: 2019-09-10 Laget: 2019-09-10 Sist oppdatert: 2022-06-26bibliografisk kontrollert
3. Physical Layer Authentication in Mission-Critical MTC Networks: A Security and Delay Performance Analysis
Åpne denne publikasjonen i ny fane eller vindu >>Physical Layer Authentication in Mission-Critical MTC Networks: A Security and Delay Performance Analysis
2019 (engelsk)Inngår i: IEEE Journal on Selected Areas in Communications, ISSN 0733-8716, E-ISSN 1558-0008, Vol. 37, nr 4, s. 795-808Artikkel i tidsskrift (Fagfellevurdert) Published
Abstract [en]

We study the detection and delay performance impacts of a feature-based physical layer authentication (PLA) protocol in mission-critical machine-type communication (MTC) networks. The PLA protocol uses generalized likelihood-ratio testing based on the line-of-sight (LOS), single-input multiple- output channel-state information in order to mitigate imper- sonation attempts from an adversary node. We study the de- tection performance, develop a queueing model that captures the delay impacts of erroneous decisions in the PLA (i.e., the false alarms and missed detections), and model three different adversary strategies: data injection, disassociation, and Sybil attacks. Our main contribution is the derivation of analytical delay performance bounds that allow us to quantify the delay introduced by PLA that potentially can degrade the performance in mission-critical MTC networks. For the delay analysis, we utilize tools from stochastic network calculus. Our results show that with a sufficient number of receive antennas (approx. 4-8) and sufficiently strong LOS components from legitimate devices, PLA is a viable option for securing mission-critical MTC systems, despite the low latency requirements associated to corresponding use cases. Furthermore, we find that PLA can be very effective in detecting the considered attacks, and in particular, it can significantly reduce the delay impacts of disassociation and Sybil attacks.

sted, utgiver, år, opplag, sider
Institute of Electrical and Electronics Engineers (IEEE), 2019
HSV kategori
Forskningsprogram
Telekommunikation
Identifikatorer
urn:nbn:se:kth:diva-245235 (URN)10.1109/JSAC.2019.2899421 (DOI)000461853500008 ()2-s2.0-85061989373 (Scopus ID)
Prosjekter
CERCES
Merknad

QC 20191120

Tilgjengelig fra: 2019-03-07 Laget: 2019-03-07 Sist oppdatert: 2024-03-15bibliografisk kontrollert
4. Worst-Case Detection Performance for Distributed SIMO Physical Layer Authentication
Åpne denne publikasjonen i ny fane eller vindu >>Worst-Case Detection Performance for Distributed SIMO Physical Layer Authentication
(engelsk)Manuskript (preprint) (Annet vitenskapelig)
Abstract [en]

Feature-based physical layer authentication (PLA) schemes, using position- specific channel characteristics as identifying features, can provide lightweight protection against impersonation attacks in overhead-limited applications like e.g., mission-critical and low-latency scenarios. However, with PLA-aware at- tack strategies, an attacker can maximize the probability of successfully im- personating the legitimate devices. In this paper, we provide worst-case detec- tion performance bounds under such strategies for a distributed PLA scheme that is based on the channel-state information (CSI) observed at multiple distributed remote radio-heads. This distributed setup exploits the multiple- channel diversity for enhanced detection performance and mimics distributed antenna architectures considered for 4G and 5G radio access networks. We consider (i) a power manipulation attack, in which a single-antenna attacker adopts optimal transmit power and phase; and (ii) an optimal spatial po- sition attack. Interestingly, our results show that the attacker can achieve close-to-optimal success probability with only statistical CSI, which signifi- cantly strengthens the relevance of our results for practical scenarios. Fur- thermore, our results show that, by distributing antennas to multiple radio- heads, the worst-case missed detection probability can be reduced by 4 orders of magnitude without increasing the total number of antennas, illustrating the superiority of distributed PLA over a co-located antenna setup.

HSV kategori
Forskningsprogram
Elektro- och systemteknik
Identifikatorer
urn:nbn:se:kth:diva-287162 (URN)
Prosjekter
CERCES
Merknad

QC 20201204

Tilgjengelig fra: 2020-12-03 Laget: 2020-12-03 Sist oppdatert: 2022-06-25bibliografisk kontrollert
5. Delay Performance of Distributed Physical Layer Authentication Under Sybil Attacks
Åpne denne publikasjonen i ny fane eller vindu >>Delay Performance of Distributed Physical Layer Authentication Under Sybil Attacks
(engelsk)Manuskript (preprint) (Annet vitenskapelig)
Abstract [en]

Physical layer authentication (PLA) has recently been discussed in the context of URLLC due to its low complexity and low overhead. Nevertheless, these schemes also introduce additional sources of error through missed de- tections and false alarms. The trade-offs of these characteristics are strongly dependent on the deployment scenario as well as the processing architec- ture. Thus, considering a feature-based PLA scheme utilizing channel-state information at multiple distributed radio-heads, we study these trade-offs analytically. We model and analyze different scenarios of centralized and de- centralized decision-making and decoding, as well as the impacts of a single- antenna attacker launching a Sybil attack. Based on stochastic network cal- culus, we provide worst-case performance bounds on the system-level delay for the considered distributed scenarios under a Sybil attack. Results show that the arrival-rate capacity for a given latency deadline is increased for the distributed scenarios. For a clustered sensor deployment, we find that the distributed approach provides 23% higher capacity when compared to the centralized scenario.

HSV kategori
Forskningsprogram
Elektro- och systemteknik
Identifikatorer
urn:nbn:se:kth:diva-287164 (URN)
Prosjekter
CERCES
Merknad

Under review for IEEE ICC, 2021, QC 20201208

Tilgjengelig fra: 2020-12-03 Laget: 2020-12-03 Sist oppdatert: 2022-06-25bibliografisk kontrollert
6. Worst-Case Detection Performance of Physical Layer Authentication Under Optimal MIMO Attacks
Åpne denne publikasjonen i ny fane eller vindu >>Worst-Case Detection Performance of Physical Layer Authentication Under Optimal MIMO Attacks
(engelsk)Manuskript (preprint) (Annet vitenskapelig)
Abstract [en]

This paper analyzes the worst-case detection performance of a feature- based physical layer authentication (PLA) scheme subject to optimal multiple- antenna impersonation attacks. The PLA scheme is based on the location- specific channel in the uplink towards a multiple-antenna receiver, and the attacker is using pre-coding with the objective of maximizing the missed de- tection probability. We solve the optimal attack strategy problem under per- fect channel-state information (CSI) at the attacker, imperfect CSI at the attacker, and for a power constrained attacker. As a counter strategy, we propose to reserve a subset of silent receive antennas for reception only, in order to limit the CSI that an attacker can extract from overhearing downlink transmissions. We evaluate the performance under the attack- and counter- strategies, both analytically and for recorded real-world channel traces, and show that the worst-case performance is determined by the feature-energy outside the attacker’s channel range and the attack-power constraints. Re- sults indicate that an unconstrained attacker with favorable conditions can achieve a success probability close to 1; however, under more realistic channel constraints, detection performance guarantees in the order of 10−6 − 10−4 can be obtained. Moreover, we find that performance can be improved by 1-2 orders of magnitude through the proposed counter strategy.

HSV kategori
Forskningsprogram
Elektro- och systemteknik
Identifikatorer
urn:nbn:se:kth:diva-287165 (URN)
Prosjekter
CERCES
Merknad

Under review for IEEE ICC, 2021, QC 20201208

Tilgjengelig fra: 2020-12-03 Laget: 2020-12-03 Sist oppdatert: 2022-06-25bibliografisk kontrollert

Open Access i DiVA

fulltext(778 kB)782 nedlastinger
Filinformasjon
Fil FULLTEXT01.pdfFilstørrelse 778 kBChecksum SHA-512
9149056f3c1301ed7cb47891d9d07dff761e5277c66bcd187849fbc113a215643b6637d3d367c5aef73cfc391c08e99f99640fad492c6532193b09b4c658b52c
Type fulltextMimetype application/pdf

Andre lenker

zoom link for online defense

Søk i DiVA

Av forfatter/redaktør
Forssell, Henrik
Av organisasjonen

Søk utenfor DiVA

GoogleGoogle Scholar
Totalt: 783 nedlastinger
Antall nedlastinger er summen av alle nedlastinger av alle fulltekster. Det kan for eksempel være tidligere versjoner som er ikke lenger tilgjengelige

isbn
urn-nbn

Altmetric

isbn
urn-nbn
Totalt: 676 treff
RefereraExporteraLink to record
Permanent link

Direct link
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf