In this paper we consider tandem error control coding and cryptography in the setting of the {\em wiretap channel} due to Wyner. In a typical communications system a cryptographic application is run at a layer above the physical layer and assumes the channel is error free. However, in any real application the channels for friendly users and passive eavesdroppers are not error free and Wyner's wiretap model addresses this scenario. Using this model, we show the security of a common cryptographic primitive, i.e. a keystream generator based on linear feedback shift registers (LFSR), can be strengthened by exploiting properties of the physical layer. A passive eavesdropper can be made to experience greater difficulty in cracking an LFSR-based cryptographic system insomuch that the computational complexity of discovering the secret key increases by orders of magnitude, or is altogether infeasible. This result is shown for two fast correlation attacks originally presented by Meier and Staffelbach, in the context of channel errors due to the wiretap channel model.
Deep Dive into Physical-Layer Security: Combining Error Control Coding and Cryptography.
In this paper we consider tandem error control coding and cryptography in the setting of the {\em wiretap channel} due to Wyner. In a typical communications system a cryptographic application is run at a layer above the physical layer and assumes the channel is error free. However, in any real application the channels for friendly users and passive eavesdroppers are not error free and Wyner’s wiretap model addresses this scenario. Using this model, we show the security of a common cryptographic primitive, i.e. a keystream generator based on linear feedback shift registers (LFSR), can be strengthened by exploiting properties of the physical layer. A passive eavesdropper can be made to experience greater difficulty in cracking an LFSR-based cryptographic system insomuch that the computational complexity of discovering the secret key increases by orders of magnitude, or is altogether infeasible. This result is shown for two fast correlation attacks originally presented by Meier and Staffe
Traditionally communication systems have implemented security measures by cryptographic means.
However, with the introduction of the wiretap channel model by Wyner [1], it became clear that security can also be achieved through means of channel coding. The wiretap channel model portrays two friendly users sharing information over a main communications channel c m (e.g. a fading wireless channel [2]) and a passive eavesdropper observing a degraded version of the information through a wiretap channel c w . As in [1], we will assume that both channels are discrete and memoryless. This work has been submitted and accepted to IEEE International Conference on Communications, and will be presented there June [14][15][16][17][18]2009. between the friendly users and security against the eavesdropper through some encoding technique. The purpose of this paper is to quantify the additional complexity that the eavesdropper faces when the security problem is addressed with channel errors at the physical layer in mind.
The existence of codes providing reliability to friendly parties while maintaining some level of confidentiality is crucial to increasing necessary computations for an eavesdropper, and has been proven by Wyner in [1] as well as Csiszar and Corner in [3]. Practical codes of this kind, however, were not discovered until much later [4]. It has since been shown for many varying circumstances and channels that practical codes exist which satisfy both design constraints of reliability and secrecy. For example, it has been shown in [5] that practical low-density parity-check (LDPC) codes exist which achieve these two criteria for a noiseless channel c m and a binary erasure channel c w . Similar results have been shown in [6], also making use of LDPC codes as well as multilevel coding for the case of independent quasi-static fading channels c m and c w . In this paper we address a practical scenario where both c m and c w are treated as BSCs with probabilities of a bit flip p m and p w , respectively. It is assumed that the wiretap channel quality is less than that of the main channel, that is p w > p m . This might be the case, for example, in a zoned-security application where the friendly parties are inside a building and the eavesdropper is outside the building monitoring communications.
The rest of the paper is outlined as follows. First we give some discussion on the general setting. We focus our attention on linear feedback shift register (LFSR) cryptographic applications because attacks against them have been well documented and we are able to quantify the increase in complexity that the eavesdropper experiences due to errors in the wiretap channel. Two well-known attacks originally given in [7] will be considered, and it will be shown that an eavesdropper can be made to fail in obtaining the secret key in an otherwise successful scenario by considering the effects of channel errors presented by some physical means. The background for the LFSR-based cryptography is given in section II, while the attacks are presented briefly in section III. Afterwards, section IV provides evidence of a physical-layer of security under the conditions of the attacks presented in the previous section. Theoretical results as well as simulation output for the two attacks are also included in this section. Finally conclusions of these findings are provided in section V.
It has been shown by Shannon and others that a one-time pad can achieve perfect secrecy as a cryptographic encoding technique [8], meaning that knowing the codeword or encoded sequence gives no information on the value of the original message. However, implementation of a one-time pad relies on a perfectly random key sequence. Assuming that a user is capable of generating this sequence of elements, the problem of communicating with absolute secrecy can be solved, but at the expense of requiring distribution of a secret key which is the same length as the original message [9].
Due to the issue of key distribution inherent in the one-time pad encoding mechanism, other methods are used to attempt to emulate the secrecy aspects of the one-time pad while providing a more practical key length. One such system is given in [7], [10], [11], and [12]. The encoder for this system is comprised of a keystream generator that produces a pseudorandom key sequence (z n ) by combining M LFSR output sequences using a function f . The notation (z n ) = (z 0 , z 1 , . . .) denotes a sequence or vector whose nth element is z n . Assuming all data sequences to be binary, a ciphertext bit sequence (s n ) is produced using a bit-wise exclusive or (XOR) operation between the message sequence (m n ) and the keystream sequence (z n ), as portrayed in Fig. 1. The sequence (a n ) is the output sequence of a single LFSR, say the ith one. The effective key of the system consists of the initial conditions of the M shift registers, and hence is fixed in length regardless of the length of (m
…(Full text truncated)…
This content is AI-processed based on ArXiv data.
