CD-PHY: Physical Layer Security in Wireless Networks through Constellation Diversity

CD-PHY : Ph ysical Layer Securit y in W ir eless Netw orks thr ough Con stellation Div ersity Mohammad Iftekhar Husain, Suyash Mahant a nd Rama lingam Sridhar , Membe r , IEEE Abstract —A common approach f or introducing security at the physical laye r is to rely on th e channel variations of the wireless en vironment. This type of approach is not always suitable f or wireless netwo rks where th e channel r emains static f or most of the network lifetime. For these scenarios, a channel i ndependen t physical lay er security measure i s mor e app ropriate which will rely on a secret k nown to the sen der and the receiver but not to the ea vesdr opper . In this paper , we propose CD-PHY , a physical lay er security tech nique that exploits the constellation divers ity of wir eless networks which is independ ent of the channel var iations. Th e sender and the rec eive r use a custom bit sequ ence to constellation symbol mapping to secure the physical lay er communication which is n ot kn own a priori to the ea vesdr opper . Through theoretical modeling and ex perimental simulation, we show that this information theoretic construct can achieve Shan non secrecy and any brute forc e attack from the ea vesdr opper in curs high ov erhead and minuscule probability of success. Our results also sh ow that the high bit error rate also makes decoding practically infeasible for the eav esdropper , thus securing t he communication between the sender and r eceiv er . I . I N T R O D U C T I O N In wireless networks, physical ( PHY) lay er security enables nodes to commun icate securely without using resource in- tensiv e encryp tion mechanisms at the application layer . PHY layer security measur es are r esource friend ly due to their informa tion theoretic construct based o n perfect secr ecy [1 ] in con trast with the co mputation al ha rdness approach es [2]. By introdu cing security at the PHY layer, communic ation in wireless networks can av oid the step ping stone of mo st attacks: eav esdr op ping . In gen eral, the br oadcast nature of the the com municatio n makes wireless networks m ore v ulnerab le to eavesdroppin g attacks than the wir ed cou nterpar t. PHY layer security measur es are a ble thwart such attacks to a considerab le extent [ 3], [4]. Most of the existing PHY layer secu rity sch emes are based on the variation o f channel characteristics [5], [6], [7]. How- ev er , without hig hly mob ile or dy namic environment which can introduce sign ificant variation in channel ch aracteristics, these sch emes do not perfor m as expected [8]. Exp erimental results show th at in static scenarios, these scheme mostly provide keys with very low entropy which is n ot desired in many cases [6]. In this pape r , we propo se a PHY layer security technique , CD-PHY , ba sed o n constellation d iversity , which is not depen dent on channel char acteristics a nd the per forman ce does not vary depending on static or mob ile s cenario. The underlying techniq ue fo r CD-PHY is simple. At the physical layer, the sender and the intend ed receiv er uses a custom co nstellation m apping [ 9] wh ich acts as a secret key to secure the commun ication fro m an eavesdropper . I n other words, a sequenc e of bits from th e sen der is co n verted into symbols on th e constellation sp ace based o n a m apping kn own only to the send er and the intend ed r eceiv er . Using the corr ect mapping , the intended receiver will be able to decode the signal and recon struct the or iginal message. Howe ver , the eav esdropp er will not even be able to decode the signal correctly withou t th e kn owledge of co nstellation mapp ing, let alone reconstruction o f the message. The guar antee of security provided by CD-PHY is m uch stronger tha n ju st keep ing the modulation ty pe ( BPSK, QPSK, and QAM 1 , for e xample) a secret between th e sende r and the receiver . Becau se, if the sen der and receiver uses th e standard constellation mappin g for th ese modulatio ns, an eavesdropper can use advanced machine learning techniques [11], [12] to identify the modulation type and th en use the standard mapping to decode the signal. In case of CD-PHY , th e c ustom constellation mapping is k nown only to the sender an d the receiver which is the basis of security for this inform ation theoretic construct. Our theoretical mode lling, security an alysis and experimen- tal simulation r ev eals the following abo ut CD-PHY : • For the eavesdropper, the prob ability of successfully decode the sym bols range from 10 − 3 at 10 dB SNR 2 to 0 . 015 at 0 dB SNR, which is v ery lo w ( Section IV), • CD-PHY achiev es perfe ct secrecy as a cipher and ha s a very high unicity distanc e whic h ensure s that the eav esdropp er will no t be a ble to find th e cor rect d ecoding regardless of the amo unt o f ciphertexts it collec ts (Sec- tion V -A), • A brute-force key search attack on CD-PHY has complex- ity # P (Sharp P) 3 which is believed to be much harder than polynomial time algorith ms (Section V -B), and • Perform ance wise, in the presence of CD-PHY , regardless of the locatio n, the bit er ror rate at th e eavesdropper is always as high as 50% which is equivalent to random guessing for the decod ing purp oses (Sectio n VI). I I . B AC K G RO U N D A N D O B S E RV A T I O N S At the physical layer, a m odulation technique prepare s the digital bit sequ ences for tr ansmission over th e ana log wireless medium. A cr ucial part of this operation is to map the bit 1 BPSK and QPSK refers to Bina ry and Quadrature Phase S hift K eying, respect iv ely . QAM refers to Quadratur e Amplitude Modula tion. A n ov ervie w of modulation schemes by Z eimer can be found at [10]. 2 Signal-t o-noise ratio. 3 The set of the counting problems associated with the decision problems in the set NP . 2 sequences to symb ols which can b e r epresented as points on a two d imensional complex plane called the constellation diagram . Figure 1 sho ws an example constellation diag ram from 16-ary Quadrature Amplitude Modulation (16QAM cir - cular). An alternate constellation diagram is shown in Fig ure 2 which is known as 16QAM rectangular . If the transmitter wishes to send a bit sequenc e, it sets the real ( x-axis) and imaginary (y -axis) pa rt acco rding to the constellation d iagram. Mathematically , a sign al can b e expressed by the following equation: s ( t ) = I ( t ) .cos (2 π f o t ) + Q ( t ) .sin (2 π f o t ) where I(t) and Q( t) are real and im aginary parts of the symb ols from the constellatio n diagram and f o is the mod ulating frequen cy . The receiver recovers the real an d imag inary values after dem odulation , and p lots each symbol on the constellation plane. T o correctly decod e the original m essage, the receiver needs to know b oth the type of mod ulation as well as symbo l to bit sequ ence mapping 4 . When o nly th e mo dulation typ e is the secret, th e eavesdrop- per can use machine lea rning based tech niques [ 11], [12] to identify the m odulation type and use standard b it sequence to symbol m apping to decod e the d ata. However , if the sender and receiver use a cu stom co nstellation map ping wh ich is not known to the eavesdropper, the complexity of correct decod ing becomes very high. For an M-ary QAM, the eav esdropp er has to tr y all M ! ma ppings to find ou t the corr ect de coding, wh ich is v ery impractical fo r s cenarios when the value o f M ≥ 8 . Figure 3 shows th e decoding failure when the eavesdrop- per tries to d ecode an origin al 16QAM circular modu lated signal using different modulatio n types: BPSK, QPSK and 16QAM r ectangular . The input data stream conta ined 8 bits, 01100 101 . In 16QAM, each symbol consists of 4 bits. So, two symbo ls will be received by the eavesdropper . The QPSK receiver decodes two symb ols a s 4 bits an d the BPSK re ceiv er decodes it to 2 bits. Since the mod ulation classification was wrong, obviou sly the mapping will also b e wrong re sulting to a de coding failure. In th e case of 1 6QAM rectangu lar , the recei ver will correctly expand the symbols to 8 bits. Howe ver , since the constellation m apping was different 5 , th e final de coded data will be different from the inpu t: 1111 0111 . Another decoding failure, where the origin al symbols belonged to 16QAM rectan gular, is shown in Figure 4. The intuitiv e d esign o f CD-PHY is b ased on th e above mentioned o bservations that withou t knowing the correct constellation mapping, it is not practically feasible fo r an eav esdropp er to correctly de code the original message even though it m ight ha ve the knowledge of modulation ty pe. I I I . A DV E R S A R I A L M O D E L W e assume th at the ad versary (eav esdropp er) is ab le to detect and will try to deco de the com municatio n between the sender an d receiver . It can be either mobile o r static. 4 Constell ation mapping. 5 Refers to Figure 1 and 2. An adversary can also measure th e channel parameter s. It can exploit som e machine learning techniques to id entify the modulatio n type of the wireless communication, but i t does not have prior knowledge of th e constellation mapping between the sender and intended recei ver . W e also assume the eav esdropp er’ s computation and com - munication capability as p owerful as the sender and recei ver . The adversary ca n tr y to handle the origin al signal as noise or try inter ference c ancellation and join t d ecoding . Finally , we assume that the adversary is passiv e and has no inten tion to launch active attack s such as a man-in-th e-midd le attack. This is a common a ssumption among most of the practical wireless security schemes [8]. I V . T H E O R E T I C A L M O D E L L I N G In this section , we derive the p robab ility of an eavesdropper to corr ectly decode the message in the presence o f gaussian noise when it k nows th e modulatio n type b ut doe s not know the constellation mapping . A very intuiti ve example of this case is the inter action between 16QAM circular and rectang u- lar modulations discussed in Section II. W e u se this e xample to der iv e the probability measure o f correct de coding when the sender modulation is 1 6QAM circular and eavesdropper modulatio n is 16QAM r ectangular . As discussed in Section II, each QAM symbol has a r eal and imagin ary value associated with it in the constellation space. Math ematically , f or an M-ary QAM, these real and imaginary values can ran ge ± a, . . . , ± (2 m − 1) a , where m = log 2 M , a 2 = 1 . 5 E s / ( M − 1) with E s being the symb ol energy [13]. T able I shows the bit sequ ence to constellation symbol map ping in 1 6QAM circular a nd 16QAM rectangular Scheme These values are furth er factor ed b y a = p E s / 10 to normalize the average sym bol e nergy to 1. The de cision variable fo r de modulatio n in the pr esence of additive w hite gaussian noise can be obtained as Y ≈ X + n (1) where the noise term n ( t ) is assumed with power spectral density N o 2 , zer o mean and variance o f σ 2 = N o . Th us, the decision v ariable Y is a com plex gau ssian with a complex mean X and variance σ 2 = N o . In o ther word s, Y ha s a two dimensiona l gaussian distrib ution in com plex plane. So, the real an d im aginary p arts o f Y can be sep arated a s in depend ent gaussian variables as Y R and Y I with means at Re ( X ) and I m ( X ) . Y R = Re ( Y ) = R e ( X ) + n R = X R + n R Y I = I m ( Y ) = I m ( X ) + n I = X I + n I where n R and n I are the co mpon ents of noise alo ng real and imaginary axes with a mean zero and variance σ 2 R = σ 2 I = N o 2 . Now , the p robability density fun ction of Y R can be exp ressed as: f ( Y R ) = 1 p 2 π σ 2 R exp − { ( Y R − X R ) 2 2 σ 2 R } = 1 √ π N o exp − { ( Y R − X R ) 2 N o } (2) 3 Img Re 0 0 0 0010 1000 1100 1001 0110 0111 0011 1101 1110 1010 1111 1011 0001 0000 0100 0101 -22.5 o -67.5 o R1 R2 R3 Fig. 1. 16QAM Circul ar Constellati on Re Img 0 R1 R2 0000 0001 0100 0101 0011 0010 0111 0110 1111 -R1 -R2 R1 R2 -R1 -R2 1100 1101 1110 1000 1001 1011 1010 Fig. 2. 1 6QAM Rectangular Constellatio n Fig. 3. De coding failure when the origina l modulation is 16QAM circular . Fig. 4. Decoding fa ilure when the original modulation is 16QAM rectangul ar . Similarly , the p robab ility density function o f Y I can also b e expressed as: f ( Y I ) = 1 √ π N o exp − { ( Y I − X I ) 2 N o } (3) Now , to calculate th e p robab ility o f th e su ccessful decod ing at th e eavesdropper with 16 QAM rectangu lar scheme when the origin al sym bols were transmitted in 16QAM cir cular scheme, we first need to consider the probab ilities at indi vidual symbol le vel. These pro babilities are then aggr egated using the symmetry a nd mutual in depend ence of the symbols. In the following derivations, S r i denotes a symbol S i in 16 QAM rectangu lar scheme, S c i represents a symbol S i in 16QAM circular scheme a nd fou r symbols are ch osen fro m the constel- lation diag ram in such a way tha t symmetrically they repre sent all sixteen po ints o f a QAM scheme. A. Deco ding of symbol 0000 First, we co nsider S c 0 = 0000 being transmitted. From T able I, the re al an d imaginary p arts of 0 000 are X R = 1 . 53 r E s 10 & X I = − 3 . 69 r E s 10 The received symbol Y h as a complex gaussian distrib ution as discussed earlier with the mean at X R + j X I . Now , the probab ility that the symbol Y can be co rrectly dec oded by the eavesdropper using 16 QAM rectan gular decod er can b e found based on the decision space fo r S r 0 = 0000 in 16QAM rectangu lar schem e. Formally , th e prob ability th at decoded symbol is S r 0 giv en S c 0 was tra nsmitted is: P ( Y = S r 0 | S c 0 ) = P  −∞ < Y R < − 2 q E s 10  P  2 q E s 10 < Y I < ∞  P ( Y = S r 0 | S c 0 ) = Z − 2 √ E s 10 −∞ f ( Y R ) d Y R × Z ∞ 2 √ E s 10 f ( Y I ) d Y I 4 T ABLE I B I T S E Q U E N C E TO C O N S T E L L AT I O N S Y M B O L M A P P I N G I N 1 6 Q A M C I R C U L A R A N D 1 6 Q A M R E C TA N G U L A R S C H E M E Bit Sequence 16QAM Circular 16QAM Rectangular Bit Sequence 16QAM Circular 1 6QAM Rectangular 0000 1 . 53 − 3 . 69 j − 3 + 3 j 1000 1 . 53 + 3 . 69 j − 3 − 3 j 0001 . 76 − 1 . 84 j − 1 + 3 j 1001 . 76 + 1 . 84 j − 1 − 3 j 0010 − 1 . 53 + 3 . 69 j 3 + 3 j 1010 − 1 . 53 − 3 . 69 j 3 − 3 j 0011 − . 76 + 1 . 84 j 1 + 3 j 1011 − . 76 − 1 . 84 j 1 − 3 j 0100 3 . 69 − 1 . 53 j − 3 + j 1100 3 . 69 + 1 . 53 j − 3 − j 0101 1 . 84 − . 76 j − 1 + j 1101 1 . 84 + . 76 j − 1 − j 0110 − 3 . 69 + 1 . 53 j 3 + j 1110 − 3 . 69 − 1 . 53 j 3 − j 0111 − 1 . 84 + . 76 j 1 + j 1111 − 1 . 84 − . 76 j 1 − j P ( Y = S r 0 | S c 0 ) = 1 √ π N o R − 2 √ E s 10 −∞ exp − { ( Y R − 1 . 53 √ E s 10 ) 2 N o } d Y R × 1 √ π N o R ∞ 2 √ E s 10 exp − { ( Y I − ( − 3 . 69 √ E s 10 )) 2 N o } d Y I Using the simp lification of above in tegrals, P ( Y = S r 0 | S c 0 ) = 1 √ π Z ∞ 3 . 53 q E s 10 N o exp {− t 2 } dt × 1 √ π Z ∞ 5 . 69 q E s 10 N o exp {− z 2 } dz P ( Y = S r 0 | S c 0 ) = 1 2 erf c  3 . 53 q E s 10 N o  1 2 erf c  5 . 69 q E s 10 N o  = 1 4 erf c  3 . 53 q E s 10 N o  erf c  5 . 69 q E s 10 N o  (4) Here, erf c () is the complementary err or function . B. Deco ding of symbol 0100 Now , we conside r the symb ol S c 1 = 0100 being tra nsmitted. Similar to the previous examp le, X R = 3 . 6 9 r E s 10 & X I = − 1 . 53 r E s 10 So, the p robab ility that the ea vesdroppe r correctly decodes th e symbol 0100 is: P ( Y = S r 1 | S c 1 ) = P  −∞ < Y R < − 2 q E s 10  P  0 < Y I < 2 q E s 10  (5) Now , the left part of the rig ht hand side of E quation 5 gives us the fo llowing: P  −∞ < Y R < − 2 q E s 10  = 1 √ π N o R − 2 √ E s 10 −∞ exp − { ( Y R − 3 . 69 √ E s 10 ) 2 N 0 } d Y R = 1 2 erf c  5 . 69 q E s 10 N o  (6) Next, th e r ight part yields the following: P  0 < Y I < 2 q E s 10  = 1 − P  Y I < 0 , Y I > 2 q E s 10  P  0 < Y I < 2 q E s 10  = 1 − [ 1 √ π N o R 0 −∞ exp − { ( Y I − ( − 1 . 53 √ E s 10 ))) 2 N o } d Y I + 1 √ π N o R ∞ 2 √ E s 10 exp − { ( Y I − ( − 1 . 53 √ E s 10 ))) 2 N o } d Y I ] P  0 < Y I < 2 q E s 10  = 1 − 1 2 erf c  1 . 53 q E s 10 N o  − 1 2 erf c  3 . 53 q E s 10 N o  (7) Using Equation 6, 7 on Equ ation 5, we ha ve th e follo wing: P ( Y = S r 1 | S c 1 ) = 1 2 erf c  5 . 69 q E s 10 N o  × h 1 − 1 2 erf c  1 . 53 q E s 10 N o  − 1 2 erf c  3 . 53 q E s 10 N o i P ( Y = S r 1 | S c 1 ) = 1 2 erf c  5 . 69 q E s 10 N o  − 1 4 erf c  5 . 69 q E s 10 N o  erf c  1 . 53 q E s 10 N o  − 1 4 erf c  5 . 69 q E s 10 N o  erf c  3 . 53 q E s 10 N o )  (8) C. Decodin g of symbol 0101 Now , we c onsider, S c 2 = 01 01 is being transmitted. In this case: X R = 1 . 84 r E s 10 & X I = − 0 . 76 r E s 10 So, the p robab ility that the ea vesdroppe r correctly decodes the symbol is : P ( Y = S r 2 | S c 2 ) = P  − 2 q E s 10 < Y R < 0  P  0 < Y I < 2 q E s 10  (9) W e first con sider the left part of the right hand side of Equation 9: P  − 2 q E s 10 < Y R < 0  = 1 − P  Y R > 0 , Y R < − 2 q E s 10  P  − 2 q E s 10 < Y R < 0  = 1 − [ 1 √ π N o R ∞ 0 exp − { ( Y R − 1 . 84 √ E s 10 ) 2 N o } d Y R × 1 √ π N o R − 2 √ E s 10 −∞ exp − { ( Y R − 1 . 84 √ E s 10 ) 2 N o } d Y R ] 5 P  − 2 q E s 10 < Y R < 0  = 1 − 1 2 erf c  3 . 84 q E s 10 N o  − 1 2 erf c  − 1 . 84 q E s 10 N o  (10) Similarly , we consider th e right part o f the r ight h and side of Equation 9: P  0 < Y I < 2 q E s 10  = 1 − P  Y I < 0 , Y I > 2 q E s 10  P  0 < Y I < 2 q E s 10  = 1 − [ 1 √ π N o R 0 −∞ exp − { ( Y I − ( − 0 . 76 √ E s 10 )) 2 N o } d Y I + 1 √ π N o R ∞ 2 √ E s 10 exp − { ( Y I − ( − 0 . 76 √ E s 10 )) 2 N 1 } d Y I ] P  0 < Y I < 2 q E s 10  = 1 − 1 2 erf c  − 0 . 76 q E s 10 N o  − 1 2 erf c  2 . 76 q E s 10 N o  (11) Thus, combining Eq uation 10, 11, we ha ve: P ( Y = S r 2 | c 2 ) = h 1 − 1 2 erf c  3 . 84 q E s 10 N o  − 1 2 erf c  − 1 . 84 q E s 10 N o i × h 1 − 1 2 erf c  − 0 . 76 q E s 10 N o  − 1 2 erf c  2 . 76 q E s 10 N o i (12) D. Decod ing o f symbol 0 001 Finally , we consid er symbol S c 3 = 0001 being tran smitted. In this case: X R = 0 . 76 r E s 10 & X I = − 1 . 84 r E s 10 So, the prob ability that ea vesdropper correctly decodes symbol 0001 is: P ( Y = S r 3 | S c 3 ) = P  − 2 q E s 10 < Y R < 0  P  2 q E s 10 < Y I < ∞  (13) Considering the lef t part o f the rig ht h and side o f E quation 13: P  − 2 q E s 10 < Y R < 0  = 1 − P  Y R < − 2 q E s 10 , Y R > 0  P  − 2 q E s 10 < Y R < 0  = 1 − [ 1 √ π N o R − 2 √ E s 10 −∞ exp − { ( Y R − 0 . 76 √ E s 10 ) 2 N o } d Y R + 1 √ π N o R ∞ 0 exp − { ( Y R − 0 . 76 √ E s 10 ) 2 N o } d Y R ] P  − 2 q E s 10 < Y R < 0  = 1 − 1 2 erf c  2 . 76 q E s 10 N o  − 1 2 erf c  − 0 . 76 q E s 10 N o  (14) Similarly , the rig ht part yields: P  2 q E s 10 < Y I < ∞  = 1 √ π N o R ∞ 2 √ E s 10 exp − { ( Y I − ( − 1 . 84 √ E s 10 )) 2 N o } d Y I P  2 q E s 10 < Y I < ∞  = 1 2 erf c  3 . 84 q E s 10 N o  (15) By co mbining the outcomes of Equation 14, 15, we get the following: P ( Y = S r 3 | S c 3 ) = 1 2 erf c  3 . 84 q E s 10 N o  − 1 4 erf c  3 . 84 q E s 10 N o  erf c  2 . 76 q E s 10 N o  − 1 4 erf c  3 . 84 q E s 10 N o  erf c  − 0 . 76 q E s 10 N o  (16) As men tioned earlier , based on the symmetry of QAM co n- stellation d iagrams, other symbols will also have probab ilities equal to one of the follo wing symbols: S 0 , S 1 , S 2 or S 3 . As- suming all symb ols have eq ual p robability of being gen erated and transmitted i.e . P ( S k ) = 1 / 16 where ( k = 0 . . . 15) , the total probability P ( C ) that the data transmitted by 16QAM circular tran smitter and correctly d ecoded by 16QAM rectan- gular ea vesdro pper is: P ( C ) = P ( S k ) × 4 × [ P ( Y = S r 0 | S c 0 ) + P ( Y = S r 1 | S c 1 ) + P ( Y = S r 2 | S c 2 ) + P ( Y = S r 3 | S c 3 )] P ( C ) = 1 4 [ − 1 4 erf c 5 . 69 r E s 10 N o ! erf c 1 . 53 r E s 10 N o ! + 1 4 erf c − 1 . 84 r E s 10 N o ! erf c 2 . 76 r E s 10 N o ! + 1 4 erf c − 1 . 84 r E s 10 N o ! erf c − 0 . 76 r E s 10 N o ! − 1 2 erf c − 0 . 76 r E s 10 N o ! − 1 2 erf c 2 . 76 r E s 10 N o ! + 1 2 erf c 5 . 69 r E s 10 N o ! − 1 2 erf c − 1 . 84 r E s 10 N o ! + 1] (17) Here, N o is th e power spectr al den sity o f th e n oise an d E s is the symb ol energy of the signal. So , the term E s / N o is a representative of the SNR at the receiver . Since Equ ation 17 contains er f c () fu nction, as we increase th e v a lue of SNR in the er f c () fun ction, the proba bility will decre ase. So, the probab ility of corr ect decodin g is adversely affected by the SNR of the wireless medium at receivers. This theoretical fact is illustrated furthe r in Figure 5. The line with circles refers to the probability of correct d ecoding and the lin e with c rosses refer s to the proba bility of er ror . At 0 dB SNR, the p robab ility of erro r fo r the eaves drop per is 0 . 002 . At SNR v alues ab ove 20 dB , the p robab ility of error is nearly 1 which makes th e decoding almost infeasible in pr actice. In compariso n, fo r an intended receiv er with 16QAM cir cular scheme, the p robability of erro r at 0 dB SNR is ar ound 1 , an d 0 for a SNR of 2 0 dB [13]. 6 0 2 4 6 8 10 12 14 16 18 20 0 0.002 0.004 0.006 0.008 0.01 0.012 0.014 0.016 SNR(dB) PROBABILITY OF CORRECT DECODING 0 2 4 6 8 10 12 14 16 18 20 0.984 0.986 0.988 0.99 0.992 0.994 0.996 0.998 1 PROBABILITY OF ERROR Fig. 5. Probabi lity that the eave sdropper decodes correctly and incorrect ly at differe nt signal-to-noise ratio. V . S E C U R I T Y A N A L Y S I S In this section , we analy ze CD-PHY in term s of info rmation theoretic secur ity , secu rity by complexity and resistance to potential mo dulation classification scheme s such as Au tomatic Modulation Classification ( AMC) [1 2] and Dig ital Mod ulation Classification (DMC) [ 11]. The basis of informatio n theoretic security is the fact that the bit sequ ence to con stellation symbol mapping is kn own only to the sen der and r eceiv er(s). Th e eaves drop per do es n ot have any a p rior knowledge of the mapping . In the subseque nt section, by applying Shan non’ s secr ecy mo del ( Figure 6) to CD-PHY , we show tha t it can in deed achiev e info rmation theoretic security . In ad dition, any decoding attempt on the eav esdropp er side incurs high com plexity a s it blindly tries to find th e mappin g. Finally , we show how CD-PHY th warts the classification attempts b y AMC and DMC. A. In formation theor etic security INFORMATION SOURCE ENCIPHERER T K KEY SOURCE DECIPHERER T K -1 PLAIN TEXT P CIPHER TEXT C C KEY K KEY K C PLAIN TEXT P EAVESDROPPER CRYPTANALYST Fig. 6. Shannon’ s Secrecy Model In CD-PHY , the act o f fin ding the cor rect m apping f rom the constellation po ints to bit sequ ences is essentially a de cipher- ing op eration for the eavesdropper . Here, the transmitted bit sequences ar e plain text P , signal r eceived by the eavesdropper is the ciphertext C , the mapping is the key K . For an M-ary QAM, th e plaintext can hav e M sym bols, each o f which are log 2 M bits. The ke y , m apping o f bit sequ ences to constellation points, has M ! v ariations. No w , we define perfect secr ecy and un icity d istance wh ich is due to Shannon [1]. Definition 1 . A cip her achieves perfect secr ecy , if without knowing the secr et ke y , th e plaintext P is indep endent of the ciphertext C , f ormally: prob ( P = P | C = E K ( P )) = pr ob ( P = P ) (18) Equivalen tly , prob ( C = C | P = E − 1 K ( C )) = pr ob ( C = C ) (19) P 1 P 2 P n C 1 C 2 C n K a ... ... K b Fig. 7. An illu stration of plainte xt to cipherte xt ma pping. Definition 2. Unicity distance of a cipher is the minimum amount of ciph ertext needed for brute-force attack to succeed. F ormally: U = H ( K ) /D (20) wher e H( K) is the en tr op y is the key and D is th e r edundan cy of the message. Definition 1 leads us to the following th eorem: Theorem 1. CD-PHY achieves pe rfect secr ecy . Pr oo f: Perfect secrecy requir es that without the knowl- edge o f th e key , each ciphertext is equally pro bably to map to any plaintext of that d omain. Sinc e the symbo ls are in de- penden t of e ach o ther and equ ally p robable to map any of the constellation points, fo r an M -ary QAM s cheme, we ha ve the following: prob ( C = C | P = E − 1 K ( C )) = 1 / M = prob ( C = C ) (21) which meets the requ irements of perf ect secrecy . In oth er words, s ince the key K is indep endent of plaintext P and follows unifo rm distribution, it lead s u s to: prob ( P = P | C = E K ( P )) = 1 / M = prob ( P = P ) (22) 7 More rigorously: p rob ( P = P | C = C ) = prob ( P = P , C = C ) prob ( C = C ) = prob ( C = C | P = P ) pr ob ( P = P ) X P ′ ∈ P prob ( C = C | P = P ′ ) pr ob ( P = P ′ ) = prob ( K = C → P ) pr ob ( P = P ) X P ′ ∈ P prob ( K = C → P ′ ) pr ob ( P = P ′ ) = 1 M prob ( P = P ) X P ′ ∈ P 1 M prob ( P = P ′ ) = pr ob ( P = P ) (23) where K = C → P ref ers that key K is a mapping between plaintext P an d ciphertext C . In addition , accor ding to perfect ciph er ke y space theo- r em [1] 6 , if a ciphe r is perfect, there must be at least as many keys ( l ) ar e there are possible m essages ( n ). This leads us to t he followi ng corollary: Corollary 1. Messag es in CD-PHY with M -ary QAM scheme should c ontain less than n symbols such that M ! ≥ M n to maintain perfect secrecy . Definition 2 leads us to the following th eorem: Theorem 2 . The unicity distance of CD-PHY tends to infi nity . Pr oo f: F or a CD-PHY with M -ary QAM, en tropy of the key H ( K ) ≈ log M ! . Since, the symb ols are ind ependen t of each other , the redund ancy D = 0 for the message. So, the unicity distance is U ≈ (lo g M ! / 0) = ∞ . Unicity distance is a theoretical measure of ho w many ciphertexts are required to deter mine a unique plaintext. If one has less tha n u nicity d istance cip hertext, it is not possible to identify if the deciphering is correct. In fact, wh en the redund ancy appr oaches to zero, it is hard to attack even simple cipher . For CD-PHY , a unicity distance of in finity means that the e av esdropp er won’t be able to dete rmine whether the deciphering is correct regardless of the n umber o f the ciphertexts it has in its possession. This is, in fact, a very strong information th eoretic guarantee of CD-PHY security . B. Secu rity b y complexity Now , we model the problem of b rute-fo rce key search attack 7 on CD-PHY as a comple te b ipartite graph perfect matching problem an d analyze the a lgorithmic complexity o f it. Definition 3. A co mplete bipa rtite graph is a bipartite gr aph wher e e very verte x of the one set is con nected to each verte x of th e other set. F ormally , a comp lete bipa rtite graph, G = ( V 1 ∪ V 2 , E ) , is a bipartite graph such that for any two vertices, v 1 ∈ V 1 and v 2 ∈ V 2 , v 1 v 2 is a n edge in G . 6 Also kno wn as Shannon bound . 7 Finding the bit sequence to constel lation point mapping. From the definition of a co mplete bipartite gra ph [14], it is straightfor ward to s ee the follo wing th eorem. Theorem 3 . The b it sequen ce to constellation point map ping in C D-PHY is a comp lete bipartite graph. Pr oo f: A complete bipartite graph partitions t he vertices into two sets | V 1 | = p and | V 2 | = q . Now , we c an see from Figure 7 that each plaintext (bit sequenc e) on the left side of the g raph ca n be c onsidered a vertex of V 1 and each ciphertext (constellation points) on the right can be considere d a v ertex of V 2 . Based on the ke y , it is possible to map e very m ember of V 1 to any member of V 2 . Th us, it constitutes a complete bipartite graph wh ere | V 1 | = | V 2 | = log 2 M fo r an M-ary QAM scheme. Now , to exp lain perf ect matching [15] of the complete bipartite graph, we need the follo wing definition . Definition 4. A matching in a graph is a set of edges witho ut common vertices. I n a perfect matching, every vertex of the graph is connected to only one edge o f th e matching. The counting version of complete bipartite graph per fect matching problem returns the total number of perfect matching where ea ch ed ge in the matching co nnects two uniqu e vertices from V 1 and V 2 . Theorem 3 and Definition 4 le ads us to the following theor em: Theorem 4. Th e bru te-for ce key sear ch a ttack on CD-PHY is: 1) equivalen t to coun ting version of complete bipartite graph pe rfect matching pr oblem, and 2) in comple xity c lass # P (Sharp P) comp lete. Pr oo f: Based on Theorem 3 and Defintion 4, pro of of part 1 is tri vial. Th e p roblem o f co unting the n umber of perfect matching of a com plete bipartite graph can be solved by comp uting the per manent of th e b i-adjacen cy matr ix [1 6] of the gr aph. The p ermanen t o f a ma trix A = n × n is defin ed as: per m ( A ) = X σ n Y 1 a i,σ ( i ) (24) where σ is a perm utation over { 1 , 2 , . . . , n } . The comp lexity of co mputing per manent of a matrix is in complexity class # P complete, as proved by th e s eminal w ork [1 7] of V aliant in 1979. In ge neral, co mputin g the perman ent of a matrix is b eliev ed to be h arder than its d eterminant. While o ne can com pute the determinan t i n po lynom ial tim e by Gau ssian elimination, the same cannot be used to co mpute the permanent. Thus, the computatio nal c omplexity of the brute -force key searc h attack on CD-PHY also adds to the security of th e scheme. C. Defense against modulation classification schemes The section explains wher e does CD-PHY stand when the eav esdropp er tries to app ly some modu lation classification technique s such as AMC [1 2] an d DMC [11]. AMC is based on cyclic feature detection techniq ue co nsid- ering the cyclostation ary p roperty of the modulate d sign als. 8 It considers the fact that modu lated signals in p ractice ha ve parameters that vary periodica lly with time. These h idden periodicities are used to classify the mod ulation tec hniques. Although , AMC is able to differentiate m odulation s such as BPSK, QPSK, and QAM based on large am ount of training data and supe rvised learnin g, it can not ide ntify the shap e of the constellation and c onstellation mapp ing of symbols to constellation poin ts. Also, for high er order QAM, the complexity of AMC makes it practically infeasible e ven to classify the mo dulation. DMC uses con stellation shape as th e basis of modulatio n classification. In this algorithm, the receiv er con structs a scatter d iagram o f th e re ceiv ed no isy symbo ls in a comp lex plane and u ses fuzzy c- means clusterin g to re cover robust con- stellation. The modu lation ty pe is identified u sing max imum likelihood (ML) classification with pre defined constellation templates. Similar to AMC, digital mod ulation cla ssification also requ ires a large amoun t of training data a nd supervised learning to identify templates. Thus, although it can identify pre-defin ed con stellation shapes, it is no t able to identify constellation mapping fr om sy mbols to c onstellation points. In sum mary , CD-PHY can withstand existing modulatio n classification techniq ues and secure against the attacks exploit- ing such techn iques in prac tice. Sender 16QAMc Group 1 Receivers Group 2 Receivers Group 3 Receivers d1=10m d2=50m d3=100m Group1 Receiver 1 → 16QAMc Eavesdropper1 → 16QAMr Eavesdropper2 → QPSK Eavesdropper3 → BPSK Group2 Receiver 1 → 16QAMc Eavesdropper1 → 16QAMr Eavesdropper2 → QPSK Eavesdropper3 → BPSK Group3 Receiver 1 → 16QAMc Eavesdropper1 → 16QAMr Eavesdropper2 → QPSK Eavesdropper3 → BPSK Fig. 14. Simulate d wire less netwo rk scenario. The sender uses 16QAM circul ar scheme. At dif ferent distances, each group has an intended recei ve r with 16QAM circular scheme and three eav esdroppe rs each with 16QAM rectan gular , QPSK and BPSK scheme. V I . P E R F O R M A N C E E V A L U A T I O N A N D S I M U L A T I O N R E S U LT S In this section, we show the impact of CD-PHY on the network perfo rmance of the eavesdropper . A very intu itiv e measure of such perfo rmance ev aluation is to show how m any bits are received in error at different signal and noise power . T ypically , when the sign al power increases, the receiver is able to de code the b its mor e accurately leadin g to a lower bit er ror rate (BER). In the follo wing exp eriment, we show that the BER of CD-PHY receiver conforms to this pattern whereas the BER of th e eavesdroppers does not decrea se e ven for high er signal po wer . The experim ental scenario is sh own in Figure 14. W e designate a CD-PHY sender with 16QAM cir cular m odulation scheme. The r eceivers are divided into three g roup s b ased on their distances fr om the sender . Gro up 1, gro up2 and group 3 are at 10m, 50m and 100m distance, respectively . Each group has an in tended CD-PHY rece iv er with 16QAM circular scheme an d three eav esdropp ers with 16QAM rec tangular, QPSK and BPSK scheme. W e measu re the BER at dif ferent rec eiv ers for different SNRs. Experimental scenarios contain bo th fr ee space and indoor environments. Figu re 8, 9 and 10 sho w the m easure- ments fro m free spa ce environment. F or the CD-PHY receiv er , with th e inc rement o f SNR, the bit error rate decrea ses fol- lowing the u sual p attern o f wireless commu nication. Howev er , for ea vesdroppers with different schem es, the bit err or r ate is m ore than 50 % regradless of the increment of SNR. The error rate is the highest in BPSK wh ich is consistent with our analysis in Section II. As the distance increases, BER of BPSK scheme can go as h igh as 60% , resulting in a near to impossible decoding pr ocess. Figure 1 1, 12 an d 13 sh ow BER v s SNR fo r indoor envi- ronmen t. The bit error rates of the eaves drop pers are also as high as 50% througho ut the measurem ents for dif ferent SNR values. Similar to the free space en vironme nt, th e d istance of the recei vers also adversely affect the bit error rate. Figure 1 5 aggregates the BER measurements for different locations of the eavesdropper . The median BER is a round 50% and the ran ge is 40% to 6 0% . I t shows that in the presence of CD-PHY , the eavesdroppers experience such a hig h bit erro r rate tha t it is almo st equivalent of rand omly gu essing the bits. This is true f or b oth indoo r and free space e n vironm ent and ensures that the eavesdropper can not comprehen d the signal when CD-PHY is in action. 0 0.2 0.4 0.6 0.8 1 0 0.2 0.4 0.6 0.8 1 BIT ERROR RATE CUMULATIVE FRACTION Freespace Indoor Fig. 15. Eav esdropper bit error rate from indoor and free space experiment s. V I I . C O N C L U S I O N CD-PHY is a simple mechanism that introduces channel indepen dent security at the physical layer of wireless com- munication . W e ha ve shown that in the presence of C D-PHY , the eavesdropper has a very lo w prob ability of successfully decodin g th e signal. The scheme achieves Sh annon secrecy as a cipher an d a b rute-for ce key sear ch attack on CD-PHY falls under complexity class # P which is believed to be harder than 9 0 20 40 60 80 100 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 SNR(dB)−−> BER−−> 16QAMc (Intended Receiver) 16QAMr (Eavesdropper1) BPSK (Eavesdropper2) QPSK (Eavesdropper3) Fig. 8. BER vs SNR for α = 2 and d = 10 m 0 20 40 60 80 100 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 SNR(dB)−−> BER−−> 16QAMc (Intended Receiver) 16QAMr (Eavesdropper1) BPSK (Eavesdropper2) QPSK (Eavesdropper3) Fig. 9. BER vs SNR for α = 2 and d = 50 m 0 20 40 60 80 100 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 SNR(dB)−−> BER−−> 16QAMc (Intended Receiver) 16QAMr (Eavesdropper1) BPSK (Eavesdropper2) QPSK (Eavesdropper3) Fig. 10. BER vs SNR for α = 2 and d = 100 m 0 20 40 60 80 100 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 SNR(dB)−−> BER−−> 16QAMc (Intended Receiver) 16QAMr (Eavesdropper1) BPSK (Eavesdropper2) QPSK (Eavesdropper3) Fig. 11. BER vs SNR for α = 1 . 4 and d = 10 m 0 20 40 60 80 100 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 SNR(dB)−−> BER−−> 16QAMc (Intended Receiver) 16QAMr (Eavesdropper1) BPSK (Eavesdropper2) QPSK (Eavesdropper3) Fig. 12. BER vs SNR for α = 1 . 4 and d = 50 m 0 20 40 60 80 100 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 SNR(dB)−−> BER−−> 16QAMc (Intended Receiver) 16QAMr (Eavesdropper1) BPSK (Eavesdropper2) QPSK (Eavesdropper3) Fig. 13. BER vs SNR for α = 1 . 4 and d = 100 m polyno mial time algo rithms. Our experimen tal resu lts co nfirm the theoretical deriv ations; the bit error rate at the ea vesdropper is significan tly high and it is practically inf easible to decode the si gnal which ensur es the communication secrecy between the sender and the intended recei ver . R E F E R E N C E S [1] C. E. Shannon, “Communi cation theory of secrec y systems, ” Bell Systems T ec hnical J ournal , vol. 28, pp. 656–715, 1949. [2] G. J. W oeginge r , “Combinato rial optimizati on - eurek a, you shrink!” M. J ¨ unger , G. Reinelt, and G. Rinal di, Eds. Ne w Y ork, NY , USA: Springer -V erlag New Y ork, Inc., 2003, ch. Exact algorithms for NP- hard problems: a surve y , pp. 185–207. [3] E. Ekrem and S . U lukus, “Secrec y capa city of a cla ss of broadcast channe ls with an ea vesdropp er , ” EURASIP J . W irele ss Comm. and Network ing , vol. 2009, 2009. [4] P . W ang, G. Y u, and Z. Zhang, “On the secrecy capaci ty of fading wireless channel with mul tiple eav esdroppers, ” in Information Theory , 2007. ISIT 2007. IEEE Internatio nal Symposium on , june 2007, pp. 1301 –1305. [5] J. Croft, N. Patwar i, and S. K. Kasera, “Robust unc orrelate d bit ext raction methodologie s for wireless sensors, ” in IPSN , 2010, pp. 70– 81. [6] S. Jana, S. N. Premnath, M. Clark, S. K. Kase ra, N. Pa twari , and S. V . Krishna murthy , “On the ef fecti veness of secret key extracti on from wireless signa l strength in real en vironments, ” in MOBICOM , 2009, pp. 321–332. [7] S. Mat hur , W . Trappe , N. Mand ayam, C. Y e, and A. Reznik, “R adio- telep athy: extra cting a secret ke y from an unauthenti cated w ireless channe l, ” i n Proc eedings of the 14th ACM internati onal confer ence on Mobile computing and netw orking , ser . MobiCom 2008, 2008, pp. 128– 139. [8] S. Gollakota and D. Katabi, “Physical layer wireless security made fast and cha nnel indep endent, ” in INFOCOM, 2011 Pr oceedin gs IEEE , april 2011, pp. 1125 –1133. [9] G. T akaha ra, F . Alaja ji, N. Beau lieu, and H. Kuai , “Constellat ion mappings for two-di mensional signalin g of nonuniform sources, ” Com- municati ons, IEEE T ransactions on , vol. 51, no. 3, pp. 400 – 408, march 2003. [10] R. Ziemer , “ An overvie w of modulation and coding for wireless com- municati ons, ” in V ehi cular T ec hnolo gy Confer ence, 1996., IEEE 46th , vol. 1, 1996. [11] B. G. Mobasseri, “Digital modulatio n classification using constellat ion shape, ” Signal P r ocess. , vol. 80, pp. 251–277, February 2000. [12] B. Ramkuma r , “ Auto matic m odulati on cla ssification for cogniti ve radios using cycl ic feature detec tion, ” Cir . and Sys. Mag. , vol. 09, pp. 27–45, June 2009. [13] J. R. Barry , E. A. Lee, and D. G. Messerschmitt, Digital c ommunica- tions , 3rd ed. Springer , 1988. [14] T . H. Cormen, C. E. Leiserson, R. L. Ri vest, and C. Stein, Intr oduction to A lgorithms . New Y ork: The MIT Press, 2001. [15] M. D. Plummer , “Matching theory - a sampler: from d ´ enes k ¨ onig to the present, ” Discr ete Mathematics , vol. 100, no. 1-3, pp. 177–219, 1992. [16] D. C. Koze n, The design and analysis of algorithms . Ne w Y ork, NY , USA: Springer-V erlag New Y ork, Inc., 1992. [17] L. G. V ali ant, “The complexi ty of computing the permanent , ” Theoret - ical Computer Science , vol. 8, no. 2, pp. 189 – 201, 1979.