PIMRC’2016 - Workshop W8

Deployment perspectives of Physical Layer Security into wireless public RATs

2016 September 4 – Morning 9h00 – 12h50

WELCOME - INTRODUCTION

Funded by EC-FP7-ICT-2011-8 GN 317562

www.phylaws-ict.org

François Delaveau, (Thales Communications)

Francois.delaveau@thalesgroup.com

2 / 2 /

PIM

RC

W8

– 2

01

6 S

epte

mb

er 0

4 –

Wel

com

e -

Intr

oducti

on

PH

YLA

WS

pro

ject fu

nded b

y EC

-FP

7-IC

T-2

01

1-8

GN

31

756

2

Summary

Welcome – Thanks

Programm and Agenda of the Work Shop W8

Practical details for the Work Shop

Brief introduction to to PHYsical Layer SECurity (PHYSEC) Some references

Some Acronyms for the following presentations

Studied configuration of wireless links – Hypotheses

PHYsical layer SECurity - Why ? Threats and security challenges –

examples of radiocells

Brief recall the PHYLAWS project Main goals – Our original approach

Our Fundamentals – Our current progresses

Studied Indoor/outdoor environments: Wifi and LTE-TDD

Annex Causes of randomness into radiochannels

Perspectives of Secure Pairing

3 / 3 /

PIM

RC

W8

– 2

01

6 S

epte

mb

er 0

4 –

Wel

com

e -

Intr

oducti

on

PH

YLA

WS

pro

ject fu

nded b

y EC

-FP

7-IC

T-2

01

1-8

GN

31

756

2

Welcome - Thanks

Welcome to PIMRC’2016 and to the Workshop W8 :

“Deployment perspectives of Physical Layer Security

into wireless public RATs”

Thanks to PIMRC’2016 for hosting our Workshop in this very nice Valencia

town and its magnificent congress center.

Thanks to the organizers, Narcis Cardonna, Teresa Pardo and al., for their

constant and precious help.

Thanks to the Chairs, the Speakers and the Authors for their presence and

their investment.

Thanks to EC that funds the Phylaws project(*) and gives the opportunity

for researches, industrial developments and patents, dissemination and

standardization on the Physical Layer Security

(*) Funded by EC-FP7-ICT-2011-8 Grant Number 317562

Coordinator Thales Commnicationand Security (F. Delaveau)

Web site: www.phylaws-ict.org

4 / 4 /

PIM

RC

W8

– 2

01

6 S

epte

mb

er 0

4 –

Wel

com

e -

Intr

oducti

on

PH

YLA

WS

pro

ject fu

nded b

y EC

-FP

7-IC

T-2

01

1-8

GN

31

756

2

Programm and Agenda of the Work Shop W8

20’

5 / 5 /

PIM

RC

W8

– 2

01

6 S

epte

mb

er 0

4 –

Wel

com

e -

Intr

oducti

on

PH

YLA

WS

pro

ject fu

nded b

y EC

-FP

7-IC

T-2

01

1-8

GN

31

756

2

Programm and Agenda of the Work Shop W8

6 / 6 /

PIM

RC

W8

– 2

01

6 S

epte

mb

er 0

4 –

Wel

com

e -

Intr

oducti

on

PH

YLA

WS

pro

ject fu

nded b

y EC

-FP

7-IC

T-2

01

1-8

GN

31

756

2

Practical details for the Work Shop

To all Speakers (beginning with myself of course…):

Please respect the presentation duration

Keynotes are 30’ + 5’ questions

Presentations are 20’ + 5’ Questions

Pause is 10h40 – 11h (20’)

To all Authors

Do you accept

your presentation

been published

at the Phylaws Web site ?

http://www.phylaws-ict.org/?page_id=21

if OK => please give me today or send me a pdf version of it

To everybody

Anticipating paper 5, there will be a presentation and demo of the

Wifi test bed during the pause (with CSI estimates, SKG and SC)

7 / 7 /

PIM

RC

W8

– 2

01

6 S

epte

mb

er 0

4 –

Wel

com

e -

Intr

oducti

on

PH

YLA

WS

pro

ject fu

nded b

y EC

-FP

7-IC

T-2

01

1-8

GN

31

756

2

Some References ZEIT, “Wie Merkels Handy abgehört werden konnte,” 18 12 2014. [Online]. Available: http://www.zeit.de/digital/datenschutz/2014-12/umts-

verschluesselung-umgehen-angela-merkel-handy

Metronews, “Une énorme faille de sécurité permet d'écouter vos appels et de lire vos SMS,” [Online]. Available: http://www.metronews.fr/high-

tech/une-enorme-faille-de-securite-permet-d-ecouter-vos-appels-et-de-lire-vos-sms/mnlv!YnqDbOgrtHFYk/

http://media.ccc.de/browse/congress/2014/31c3_-_6531_-_en_-_saal_6_-_201412272300_-_ss7map_mapping_vulnerability_of_the_international_mobile_roaming_infrastructure_-

_laurent_ghigonis_-_alexandre_de_oliveira.html

T. Intercept, «The Great SIM Heist. How Spies Stole the Keys to the Encryption Castle,» 2015. Available:

https://theintercept.com/2015/02/19/great-sim-heist/

“SS7 map: mapping vulnerability of the international mobile roaming infrastructure”, https://media.ccc.de/v/31c3_-_6531_-_en_-_saal_6_-_201412272300_-

_ss7map_mapping_vulnerability_of_the_international_mobile_roaming_infrastructure_-_laurent_ghigonis_-_alexandre_de_oliveira

www.pic-six.com

Hyeran Mun et al., “3G-WLAN interworking: security analysis and new authentication and key agreement based on EAP-AKA”, Wireless

Telecommunications Symposium, 2009. WTS 2009

F. Delaveau, A. Evestti, A. Kotelba, R. Savola and N. Shapira, “Active and passive eavesdropper threats within public and private cililian

networks - Existing and potential future countermeasures - An overview,” in Winncomm, Munich, Ger. 2013.

Y. Zou, J. Zhu, X. Wang, and L. Hanzo, « Survey on Wireless Security: Technical Challenges, Recent Advances, and Future Trends »,

Proceedings of the IEEE, Vol. 104, No. 9, September 2016.

M. Bloch and J. Barros, Physical-Layer Security, Cambridge University Press, 2011.

J. W. Wallace and R. K. Sharma, “Automatic secret keys from reciprocal MIMO Wireless channels: measurement and analysis,” IEEE

Transactions on information forensics and security, vol. 5, no. 3, pp. 381-392, Sept. 2010.

T. Mazloum, F. Mani and A. Sibille, "Analysis of secret key robustness in indoor radio channel measurements," in IEEE Vehicular Tech. Conf.,

Glasgow, Scotland, 2015.

J.-C. Belfiore, C. Ling and L. Luzzi, “Lattice codes achieving strong secrecy over the mod-Λ Gaussian channel,” in IEEE International

Symposium on Information Theory Proceedings, Cambridge, USA, 2012

Project Phaylaws Funded by EC-FP7-ICT-2011-8 GN 317562: www.phylaws-ict.org

Project Prophylaxe Funded by BMBF GN 16KIS0005K: http://www.ict-prophylaxe.de

F. Delaveau, A. Mueller , G. Wunder and ali. “Perspectives of Physec for the improvement of the subscriber privacy and communication

confidentiality at the Air Interface . Results for WLANs, IoT and radiocells”, ETSI WS on fut. radio techn. Air Interface. S.A. 27-28 /01/16

IET book: «Trusted Communications with Physical Layer Security for 5G and Beyond», edited by T.Q.Duong, X.Zhou, and H.V Poor, to be

published in the start of 2017

Brief introduction to to PHYsical Layer SECurity (PHYSEC)

8 / 8 /

PIM

RC

W8

– 2

01

6 S

epte

mb

er 0

4 –

Wel

com

e -

Intr

oducti

on

PH

YLA

WS

pro

ject fu

nded b

y EC

-FP

7-IC

T-2

01

1-8

GN

31

756

2

AN - BF Artificial Noise – Beam Forming

BCH Bose Ray-Chaudhuri Hocquenghem

BER Bit Error Rate

BTS Base Transceiver Station

CIR Channel Impulse Response

CFR Channel Frequency Response

CQA Channel Quantization Algorithm

COMSEC Communication Security

CRS Cell-specific Reference Signal

FDD Frequency Division Duplex

FEC Forward Error Correction

FuDu Full Duplex

GSM Global System for Mobile communications

IFF Interrogation Friend or Foe

IMSI International Mobile Subscriber Identity

IoT Internet of Things

LDPC Low Density Parity Check

LOS, NLOS Line Of Sight, Non Line Of Sight

LTE Long Term Evolution

MAC Media Access Control

MISO/MIMO Multiple Input Single Output / Multiple Input Multiple Output

NIST National Instrument of Standards and Technology

NETSEC Network Transmission Security

PHYSEC Physical Layer Security

OoM Order of Magnitude

PSS / SSS Primary Synchr. Sequence / Secondary Synchr. Seq. (LTE)

RAT Radio Access Technology

RNG Random Number Generator

Rx Receiver

SIM Subscriber Identity Module – Self Interference Mitigation

SISO/SIMO Single Input Single Output / Single Input Multiple Output

SKG,SC,SP Secret Key Generation , Secrecy Coding, Secure Pairing

SNR, SINR Signal to Noise Ratio, Signal to Noise + Interference Ratio

SS7 Signaling System No.7

STF, LTF Short Training Field, Long Training Field (Wifi)

TBD - TBS To Be Defined - To Be Studied

TDD Time Division Duplex

TMSI Temporary Mobile Subscriber Identity

TJ Time Jitter

TRANSEC Transmission Security

Tx Transmitter

UE User Equipment

UMTS Universal Mobile Telecommunications System

USS Unccordinated Spread Spectrum

Some Acronyms for the following presentations

Brief introduction to to PHYsical Layer SECurity (PHYSEC)

9 / 9 /

PIM

RC

W8

– 2

01

6 S

epte

mb

er 0

4 –

Wel

com

e -

Intr

oducti

on

PH

YLA

WS

pro

ject fu

nded b

y EC

-FP

7-IC

T-2

01

1-8

GN

31

756

2

LEGITIMATE links are Alice to/from Bob

Transmits and receives

A

B

E

Intercepts and monitors

May emit, jam, spoof or impersonate A or B

EAVESDROPPER and RADIO HACKER links are

• Alice to Eve…and even (active) Eve to Alice

• Bob to Eve… and even (active) Eve to Bob

• THREAT MODELS

• Passive Eve

• Intelligent (protocol aware) jamming Eve

• Man in The Middle / Wormhole Eve, etc.

TRANSEC (Transmission Security) is the protection of the transmitted Alice’s and Bob’s signals face to

interception and intrusion attempts of the user receiver (and even jamming and direction finding)

NETSEC (Network Transmission Security) is the protection of the signalling and acces messages of Alice and Bob

(usual solutions are authentication and integrity control, sometimes ciphering of signalling in military networks)

COMSEC (Communication Security) is the protection of the data messages of Alice and Bob (voice, sms, mms,

high speed data). Most of solutions are based on ciphering+integrity control schemes of signalling and data.

OUR MAIN APPLICATIONS

Most usual academic hypothesis are:

• complete information of Eve

about legitimate RATs/waveforms

• no Information of Eve about legitimate

Keys (e.g. Ki Keys on SIM cards)

=> they may be no more valid nowadays

especially into public RATs (ex : hacking of Subscriber datat bases)

Studied configuration of wireless links - Hypotheses

Brief introduction to to PHYsical Layer SECurity (PHYSEC)

10 / 10 /

PIM

RC

W8

– 2

01

6 S

epte

mb

er 0

4 –

Wel

com

e -

Intr

oducti

on

PH

YLA

WS

pro

ject fu

nded b

y EC

-FP

7-IC

T-2

01

1-8

GN

31

756

2

Threats and security challenges – examples of radiocells

PHYsical layer SECurity - Why ?

MITM EVE CAN IMPERSONATE

Can be hacked

or disclosed – see ref.

WHEN EVE GETS THE KEY K/Ki

SHE BREAKS ALL PROTECTIONS

… BY PASSIVE MEANS ONLY

Figure source

11 / 11 /

PIM

RC

W8

– 2

01

6 S

epte

mb

er 0

4 –

Wel

com

e -

Intr

oducti

on

PH

YLA

WS

pro

ject fu

nded b

y EC

-FP

7-IC

T-2

01

1-8

GN

31

756

2

PHYLAWS

PHYsical Layer Wireless Security

Project Coordinator:

Thales Communications and Security François Delaveau

Tel: +33 (0)1 46 43 31 32

Fax: +33 (0)1 46 13 25 55

Email: francois.delaveau@thalesgroup.com

Project website: www.phylaws-ict.org

+ Five Partners:

Institut Mines-Telecom ParisTech (France,

Imperial College of Science, Technology and

Medicine (Unted Kingdom),

Teknologian tutkimuskeskus VTT – OY (Finland),

Celeno Communications Israel Ldt (Israël).

Duration 4 years:

November, 2012 – October, 2016

Funding scheme: STREP

Contract Number: CNECT-ICT-317562

OUR ORIGINAL APPROACH:

Merging academic and industrial skills on radio-

propagation, radio-communications and

security.

Integrating usual hypothesis with return of

practical experience

Considering any kind of threats at physical

layer: passive Eve + various active Eve

Concentrating on signaling and access phases

of RATs, and not only on established data links.

MAIN GOALS:

To improve security of wireless links: . Radio cell and WLAN

. Slight to strong mobility

(of terminal or scatters)

To search for key-free solutions based on

Physec

To experiment these solutions in real field

To search for practical implantations in existing

and future public RATs

Brief recall the PHYLAWS project - EC-FP7-ICT-2011-8 Grant Number 317562

12 / 12 /

PIM

RC

W8

– 2

01

6 S

epte

mb

er 0

4 –

Wel

com

e -

Intr

oducti

on

PH

YLA

WS

pro

ject fu

nded b

y EC

-FP

7-IC

T-2

01

1-8

GN

31

756

2

Our Fondamentals = academic knowledge about PHYSEC: Key-less security technique exploiting propagation randomness to establish secret

Theory is OK since 1980’s, academic reasearch is intensive, Applications in realistic

radio-environment now exist (IoTs: Prophylaxe, radiocells and WLANs:Phylaws)

Our recent progresses = 3 protection schemes: Secure Pairing (SP) with Tag Signals (TS) & Interrog. Ackn. Sequences (IASs)

new concepts invented, study in progress (cf. annex of the present introduction)

Secret Key Generation (SKG)

Simulated for LTE (cf. paper 4)

Experimented for WLAN (cf. paper 5)

Artificial Noise-Beam Forming (AN-BF) + Secrecy Coding (SC)

Simulated for LTE (cf. paper 4)

Experimented for WLAN (cf. paper 5)

Brief recall the PHYLAWS project - EC-FP7-ICT-2011-8 Grant Number 317562 Our Fondamentals – Our current progresses

For More informations of the newest industrial and experimental works

Complements on security flaws and threats of public RATs => www.phylaws-ict.org, del. D2.1, references.

Complements on legitimate and attacker signals => www.phylaws-ict.org, del. D2.4, D4.1, D. 4.2, D4.3, D4.4, references.

Brief synthesis of the fundations of Physical layer security => ww.phylaws-ict.org, del. D2.3,D3.1,D3.2,D3.3,D3.4,D3.5,Publications.

Project Phylaws Funded by EC-FP7-ICT-2011-8 GN 317562: www.phylaws-ict.org

Project Prophylaxe: Funded by BMBF GN 16KIS0005K http://www.ict-prophylaxe.de

IET book: «Trusted Communications with Physical Layer Security for 5G and Beyond»,

edited by T.Q.Duong, X.Zhou, and H.V Poor, to be published in the start of 2017

13 / 13 /

PIM

RC

W8

– 2

01

6 S

epte

mb

er 0

4 –

Wel

com

e -

Intr

oducti

on

PH

YLA

WS

pro

ject fu

nded b

y EC

-FP

7-IC

T-2

01

1-8

GN

31

756

2

Open space LOS and NLOS Street LOS and NLOS Indoor/Outdoor

Classroom/office LOS and NLOS Corridor Amphitheater

Studied Indoor/outdoor environments: Wifi and LTE-TDD

Brief recall the PHYLAWS project – Investigated environments

Studied with test beds (esp: real field Wifi experiments) and simulation (LTE links)

14 / 14 /

PIM

RC

W8

– 2

01

6 S

epte

mb

er 0

4 –

Wel

com

e -

Intr

oducti

on

PH

YLA

WS

pro

ject fu

nded b

y EC

-FP

7-IC

T-2

01

1-8

GN

31

756

2

Thank you for your presence

and your attention

Good Workshop !

15 / 15 /

PIM

RC

W8

– 2

01

6 S

epte

mb

er 0

4 –

Wel

com

e -

Intr

oducti

on

PH

YLA

WS

pro

ject fu

nded b

y EC

-FP

7-IC

T-2

01

1-8

GN

31

756

2

Annex

16 / 16 /

PIM

RC

W8

– 2

01

6 S

epte

mb

er 0

4 –

Wel

com

e -

Intr

oducti

on

PH

YLA

WS

pro

ject fu

nded b

y EC

-FP

7-IC

T-2

01

1-8

GN

31

756

2

(Mobile) obstacles between users:

Multiple paths to reach Bob or Eve

Reflection, Diffraction, Scattering, Shadowing

Waveforms received by Bob and Eve

have been altered differently

Apply either to outdoor and indoor

Complex wave propagation +

unpredictable scattering objects

Channel Randomness

Received waveforms cannot be recovered

by computation

At fixed carrier, same angles on

obstacles for Alice Bob

and for Bob Alice

Same randomness for Alice and Bob

Channel reciprocity in TDD case

ALICE

BOB

EVE

Reflection

Diffraction

Scattering and Shadowing

Additional “radio” random for

disturbing Eve:

Alice and Bob Antennas: patterns and

orientations

Artificial noise and Beamforming : SNR

advantage to A and B.

Causes of randomness of radiochannels

A

B

E

ANNEX

17 / 17 /

PIM

RC

W8

– 2

01

6 S

epte

mb

er 0

4 –

Wel

com

e -

Intr

oducti

on

PH

YLA

WS

pro

ject fu

nded b

y EC

-FP

7-IC

T-2

01

1-8

GN

31

756

2

Modelisation of the radio channel envelope

correlation

Rich scatterer environment => AS > 45°

=> spatial decorrelation when Δd > λ/2

typical exemple : NLOS outdoor and indoor

Poor scatterer environment => AS -> 5°

=> Decorrelation when Δd > 4λ

typical exemple : LOS rural outdoor and LOS indoor

Provisory Conclusion

When reciprocity of the channel

=> Alice and Bob obtain the same channel estimation

NLOS Bob – Eve dist. > λ/2 (WiFi 2.4 GHz -> 6 cm)

or LOS Bob – Eve dist. > 5λ (WiFi 2.4 GHz -> 60 cm)

=> Decorrelated waveforms at Bob and Eve sides

=> Eve cannot obtain the same estimation than Bob

Complex wave propagation and mobile obstacles

=> Eve cannot compute Alice – Bob channel estimate

Channel envelope correlation vs Bob-Eve distance

(X. He, H. Dai, proceeding IEEE INFOCOM 2013)

In any TDD cases, Secret Keys can be

Generated from the channel randomness =>

Achieves security pairing !

In many TDD and FDD cases, Secret Codes

can be computed

=> Provides information theoretic security !

One-ring scatter model.

AS = Angular Spread

Causes of randomness of radiochannels

ANNEX

18 / 18 /

PIM

RC

W8

– 2

01

6 S

epte

mb

er 0

4 –

Wel

com

e -

Intr

oducti

on

PH

YLA

WS

pro

ject fu

nded b

y EC

-FP

7-IC

T-2

01

1-8

GN

31

756

2

Example of RSSI measurement over time - Source = project Prophylaxe Signal is IEEE 802.11n, 2.4 GHz, BW=20 MHz E is located ~ 15cm next to Alice.

Slight mobility of Scatterers.

0 1 2 3 4 5

approx Time(s) → In addition: Indoor time

coherence is

50 to 100 ms

100 ms

Same RSSI figure (after normalisation)

In forward sens Alice -> Bob

In sense Bob -> Alice

Channel

Reciprocity

Different RSSI figure

In sense Bob -> Eve

In sense Bob -> Alice

Channel

spatial decorrelation

Causes of randomness into radiochannels

ANNEX

RSSI example

Source = project Prophylaxe

Alice Bob

Eve

19 / 19 /

PIM

RC

W8

– 2

01

6 S

epte

mb

er 0

4 –

Wel

com

e -

Intr

oducti

on

PH

YLA

WS

pro

ject fu

nded b

y EC

-FP

7-IC

T-2

01

1-8

GN

31

756

2

Built with wide band low DSP Direct Spread Sequences signals (DSSS)

FWD and RTN Under beacon frequencies/msgs Ssig => Self interfered

=> negative « tag to Signal + noise » ratio

A- Building – Relevant Radio parameters

Dominant

Signal ssig

Total Signal ssig + ttag + nnoise

Noise level

Tag Signal ttag freq.

Power

SNR

TSR Tag to Signal Ratio

TSNR at Input Tag to Signal + Noise Ratio

Signal and Noise

ssig + nnoise

Tag Signals (TS) – building and processing

Perspectives of Secure Pairing

B- Processing = Matched filtering CIR est. No RAKE

Unauthorized Rx:

no tag detection, no CIR

“Authorized” Rx: tag detection + CIR estimation

Detection

threshold

Output detection criteria

TSNR’

= Output

Tag to Signal

+ Noise Ratio

Optimal time resolution for accurate CIR estimation

DSSS codes change fast and the chose is made adaptively dependent on channel measurement

ANNEX

20 / 20 /

PIM

RC

W8

– 2

01

6 S

epte

mb

er 0

4 –

Wel

com

e -

Intr

oducti

on

PH

YLA

WS

pro

ject fu

nded b

y EC

-FP

7-IC

T-2

01

1-8

GN

31

756

2

2) Return Tag Signal TRTN, in a public set (when USS), random time (when TJ)

After synchronizing TFWD , Bob transmits TRTN dependent on TFWD and CIRFWD

Alice estimates CIRRTN on received TRTN

4) Return TS’RTN propagation dependent

Bob transmits T’RTN dependent on estimated TFWD’ and CIR’FWD

Alice recognizes Bob by estimating CIR’RTN on received T’RTN, Eve can no more

1) Forward Tag Signal TFWD, in a public set (when USS), random time (when TJ)

Alice transmits TFWD

Bob estimates CIRFWD on received TFWD

3) Forward T’FWD, propagation dependent

Alice transmits T’FWD dependent on TSRTN and CIRRTN

Bob recognizes Alice by estimating CIR’FWD on received T’FWD, Eve can no more

ALICE

I- SECURE PAIRING TROUGH CIR ESTIMATION WITH TAG SIGNALS

1st

IAS

2nd

IAS

BOB

II- ESTABLISHMENT OF PHYSEC SCHEME

Forward and return Secret Keys and Secrecy Codes / Artificial Noise

ALICE

BOB

Interrogation and Acknowledgement Sequences (IAS) – principle

& resilience analysis

Perspectives of Secure Pairing

1 /1 /

PR

OP

HY

LA

XE

AN

D P

HY

LA

WS

WO

RK

SH

OP

Re

nnin

gen

–27 A

ugust 2015.

Presentation of PHYLAWS project FP7 ICT Id-317562

Workshop PROPHYLAXE and PHYLAWS 2015-08-27

IASs Resilience to passive Eve

Current works of the phylaws project

I- Secured protocol for communication starting

EVE BOB ALICE1) Alice transmits a first tag signal

(from a public set)

Bob dispreads and estimates the channel

2) Bob acknowledges by sending a tag signal

3) Alice acknowledges by sending a new tag signal

dependent on her channel measurement

1) Eve dispreads and estimates the channel.

Due to spatial decorrelation, Eve’s estimation

is independent from Bob’s one

4) Bob sends a tag signal dependent on his channel

measurement and eventually on other parameters

Establishment of a PHYSEC scheme

5) Secret Key or Secrecy coding can be added

on tag signal to enhance protection of CSI, of

auth messages and of subscriber data

3) Eve cannot follow TS exchanges as they

turn dependent on the radio-link

(she loses the capability for match filtering

and she has radio disadvantage)

?

?

5) PHYSEC scheme Eve cannot decode any

information exchanged on Alice-Bob radio link ?

=> No real need for USS and TJ at first IAS when facing Passive Eve

1st

IAS

2nd

IAS

.

.

.

ANNEX