TOWARDS PHYSICAL LAYER CRYPTOGRAPHY FOR UNDERWATER

TOWARDS PHYSICAL LAYER CRYPTOGRAPHY FOR

UNDERWATER ACOUSTIC NETWORKING

Konstantinos Pelekanakis, Camila M. G. Gussen, Roberto Petroccia and João Alves

Science and Technology Organization - Centre for Maritime Research and Experimentation, La Spezia, Italy.

Contact: Konstantinos Pelekanakis, 400 Viale San Bartolomeo, 19126 La Spezia (SP), Tel: +390187527283, email: [email protected]

Abstract: Two main approaches for securing a wireless link are symmetric encryption and

public key encryption [1]. Both of these are applied to upper layers of the Open Systems

Interconnection (OSI) stack. Underwater Acoustic Networks (UANs) typically have an ad-hoc

structure and the use of public keys becomes not practical since there is no infrastructure that

supports key management and authentication. Symmetric key strategies involve the distribution

of new keys when new nodes join the network in the middle of a mission and this may not be

desirable. In addition, if the current key is compromised, and is also used to share the future

key, then secure communications is not possible anymore. Following the line of thought in

radio communications, we investigate Physical Layer Security (PLS) for UANs. PLS leverages

on the uncorrelated nature of multipath over space, and channel reciprocity to independently

generate a cryptographic key between two authenticated nodes even if an eavesdropper is in

their vicinity. In this initial study, we set up a network of two legitimate nodes and one

eavesdropper in a shallow water environment in the Gulf of La Spezia, Italy, and we analyse

thousands of channel-probe signals transmitted over different days and hours between the two

legitimate nodes. We show that typical Channel Impulse Response (CIR) features, such as the

L2/L0 norm, a smooth sparseness measure and the Root-Mean-Square (RMS) delay spread, can

exploit reciprocity between the two legitimate nodes. However, when the eavesdropper is about

a meter away from one of the legitimate nodes, then the smooth channel sparseness yields the

best performance. With this feature, the probability of the legitimate nodes to independently

generate the same key is three orders of magnitude higher than that of the eavesdropper.

Keywords: Underwater acoustic communications, underwater acoustic networks, physical

layer security, cryptography.

UACE2019 - Conference Proceedings

- 271 -

1. INTRODUCTION

Advances in both underwater acoustic communications and marine robotics enable the long-term deployment of networks of heterogeneous underwater assets [2],[3]. As these underwater networks are gaining momentum for future military and commercial applications, network security becomes critical, an issue that is manifested by the recent review papers [4]-[6].

The scenario of interest of this paper is shown in Fig. 1. Alice and Bob are two legitimate underwater assets that aim to establish secure acoustic communications in the presence of the passive adversary Eve. In traditional symmetric key cryptography, Alice and Bob use their pre-agreed keys prior to any encryption/decryption of their data. However, when new legitimate nodes without pre-agreed keys enter into the network, key management becomes an issue because Eve can infer the key if it is transmitted over an unsecure link. Various approaches have been proposed to share a common key in radio ad-hoc networks [7],[8] , however they are either based on some pre-shared secret or suffer from high communication overhead, which may not be practical in UANs.

Physical Layer Security (PLS) is a paradigm shift in symmetric cryptography and aims to generate keys dynamically based on channel propagation physics. It is built upon the theorem of reciprocity, which states that in a time-invariant waveguide the channels between Alice and Bob are equal. Furthermore, the channels observed by Eve are uncorrelated with those of Alice-Bob provided that Eve is a few wavelengths apart from them. Hence, Alice and Bob could use their channels as a common source of randomness to independently generate their keys while Eve cannot do better than a guessing-based exhaustive search for the key.

Fig. 1. Scenario of interest: two legitimate users, Alice and Bob, wish to establish secure

communications in the presence of eavesdropper Eve. 𝐡𝐀𝐁, 𝐡𝐁𝐀, 𝐡𝐀𝐄, 𝐡𝐁𝐄, respectively, denote

the CIR between Alice to Bob, Bob to Alice, Alice to Eve, Bob to Eve.

PLS has been extensively studied in radio communications ([9]-[11] and references therein). Typically, a key generation process includes four steps:

Channel Feature Extraction: Alice sends a channel probe signal to Bob, and he estimates some pre-agreed channel parameters. Then Bob sends the same probe signal to Alice, and she also estimates the same channel parameters.

Quantization: The estimated channel parameters of Alice and Bob are quantized and represented by a bit vector.

Reconciliation: Bob and Alice compare their respective bit vectors. This procedure involves exchange of packets. The objective is to correct the differences between the vectors in order to derive a common cryptographic key.

Privacy Amplification: The goal of this stage is to minimize the amount of information leaked to Eve in the reconciliation process.

In the underwater acoustics literature, only few studies of PLS are available [12]-[16]. In [12]-[13], the key generation is based on the reciprocity of the received signal strength (RSS)

AliceBob

Eve

𝐡

𝐡

𝐡 𝐡


- 272 -

between Alice and Bob. In [14], the amplitude of each sub-carrier of an Orthogonal Frequency-Division Multiplexing (OFDM) system is quantised in order to produce a crypto-key. In [15], a method based on distributed transmitters is proposed in order to minimize the signal strength at the eavesdropper. In [16], an algorithm for authenticating legitimate users by fusing statistics of channel parameters is proposed. However, the authors do not use the algorithm for crypto-key generation.

It is clear that there is great room for exploring PLS in the underwater domain. In this short paper, our focus is on extracting several new features from the multipath structure of the Bob-Alice link. The efficiency of our approach is tested based on an experimental setup of an Alice-Bob-Eve network in the Gulf of La Spezia, Italy. After offline processing thousands of probe signals, we show that the selected channel features exploit channel reciprocity. In addition, we compare their suitability for key generation under the scenario where Eve is very close to Alice.

Notation: vectors are represented in bold face with lowercase letters. The notation ‖𝐱‖𝑝 denotes the p-norm (p≥1) of an n-tap vector 𝐱 defined as ‖𝐱‖𝑝 = (∑ |𝑥𝑖|

𝑝𝑛−1𝑖=0 )1/𝑝. The L0 norm

of 𝐱, ‖𝐱‖0, is defined as the number of non-zero elements of 𝐱.

2. CHANNEL FEATURES AND QUANTIZATION

The channel feature extraction is the first step for key generation. Since in the literature there is no consensus about an optimal feature for key generation purposes, our approach is to estimate the baseband channel impulse responses (CIRs) of the Alice-Bob links.

In general, the CIR, at time n, is represented by a complex-valued L-tap vector

𝐡(𝑛) = [ℎ0(𝑛) ℎ1(𝑛)…ℎ𝐿−1(𝑛)]. (1)

Moreover, each channel tap, ℎ𝑖(𝑛), is associated with a fixed delay, 𝜏𝑖, which is used to understand the time difference between two multipath components. For the three-node network in Fig. 1, the CIR between Alice-to-Bob, Bob-to-Alice, Alice-to-Eve, Bob-to-Eve, is 𝐡𝐀𝐁(n), 𝐡𝐁𝐀(n), 𝐡𝐀𝐄(n), 𝐡𝐁𝐄(n), respectively. Without limiting the generality of our results, the CIRs are estimated by matched filtering (or cross-correlating) the received signals with a known probe signal. After matched filtering, only the dominant taps are retained by normalising 𝐡(𝑛) to 0 dB (i.e., the maximal element of 𝐡(𝑛) is the unity) and substituting all taps whose amplitude fall below -25 dB with the zero value.

After the probe exchange, Alice and Bob compute the following four parameters/features: 1. Normalised L2 norm: the L2 norm of 𝐡(𝑛) has the notion of power because it

characterises channel fading and attenuation. A CIR with higher fading yields a smaller L2 norm. Since 𝐡(𝑛) is normalised to 0 dB, its theoretical maximal value is 𝐿 and consequently the normalised L2 norm is defined as:

1

√𝐿‖𝐡(𝑛)‖2. (2)

2. Normalised L0 norm: The L0 norm of 𝐡(𝑛) characterises channel sparseness since a

sparser CIR yields a lower L0 norm. Due to the normalisation of 𝐡(𝑛), the maximal value of ‖𝐡(𝑛)‖0 is 𝐿. Hence, the normalised L0 norm is given by

1

𝐿‖𝐡(𝑛)‖0. (3)

3. Channel sparseness: A different way to measure channel sparseness is given by

𝛽 =𝐿

𝐿 − √𝐿(1 −

‖𝐡(𝑛)‖1

√𝐿‖𝐡(𝑛)‖2) (4)


- 273 -

For various degrees of sparseness, it can be shown that 0 ≤ 𝛽 ≤ 1, where sparser channels yield larger 𝛽.

4. RMS delay spread: The Root-Mean-Square (RMS) delay spread represents a measure of the multipath power delay spread (in seconds). In particular, it is the deviation of the multipath power about the average multipath delay. It is defined as:

√∑ (𝜏𝑖 − 𝜏̅(𝑛))2|ℎ𝑖(𝑛)|2𝐿−1𝑖=0

‖𝐡(𝑛)‖2

(5)

where

𝜏̅(𝑛) =∑ 𝜏𝑖|ℎ𝑖(𝑛)|

2𝐿−1𝑖=0

‖𝐡(𝑛)‖22 (6)

For almost all practical links, the RMS delay spread falls below one second [17].

After Alice and Bob compute their respective channel features, they must convert their measurements into a bit sequence. In this work, we test the following approach: each estimated feature, 𝑥 ∈ [0,1], is quantized and then multiplied by 232 -1, i.e., the highest unsigned 32-bit integer. As a result, every quantized value is mapped onto the set of unsigned 32-bit integers. In the remainder of this paper, any 32-bit representation of a channel feature is called a key. Let 𝒌 , 𝒌 denote the 32-bit key of a channel feature of Alice, Bob, respectively. To assess the feature suitability for key generation, we define the Bit Disagreement Rate (BDR),

𝐵𝐷𝑅 =‖𝒌 − 𝒌 ‖0

𝑁 (7)

where 𝑁 = 32 in our case and note that 𝐵𝐷𝑅 ∈ [0,1]. Similarly, we define the BDRs between Alice-to-Eve and Bob-to-Eve.

3. EXPERIMENTAL RESULTS

Here, we analyse data acquired during the Littoral Acoustic Communications Experiment 2017 (LACE’17). The LACE’17 took place in the Gulf of La Spezia, Italy, in November 2017 and the experimental setup is shown in Fig. 2. A bi-directional link was established between two bottom mounted structures, M0 and M4 where M0 was placed close to the pier and M4 was at a range of 465 m. The bathymetry in the area was flat and the depth was about 11 m. Both M0 and M4 were equipped with projectors (sources) and hydrophones to emulate the scenario of Alice, Bob and Eve at different positions. For the purposes of this work, Alice is at M0 and her source and hydrophone is, respectively, 2,1 m and 1,8 m above the seabed. Bob is at M4 and his source and hydrophone is at the same altitude as Alice. Eve’s hydrophone is at M0 and is located 1,2 m below Alice’s hydrophone. Note that we address a particular challenging scenario since Eve and Alice are very close to each other. For instance, other researchers have considered Eve to be tens of meters [14] or kilometres [16] away from Alice and Bob.

The transmitted signal was a 1-sec-long up-sweep chirp (probe signal) followed by a 6-sec-long phase-modulated signal. The signal bandwidth was 8-12 kHz and it was exchanged between Alice and Bob every 10 seconds. A portion of the spectrograms of the received signals of Alice and Bob can be seen in Fig. 2. Note that Alice’s received signal includes her own transmission (red intensity) followed by Bob’s transmission (blue intensity) and this pattern continues every 10 seconds. Similarly, Bob’s received signal includes Alice’s transmission (blue intensity) followed by his own transmission (red intensity) and this pattern continues every 10 seconds. In total, Alice and Bob exchanged 3078 signals during the following four time slots (all times are in UTC):


- 274 -

1. 22/11/2017, 17:40:29 – 23/11/2017, 05:16:41 2. 23/11/2017, 16:46:29 – 23/11/2017, 20:26:28 3. 23/11/2017, 22:26:01 – 24/11/2017, 01:31:34 4. 24/11/2017, 02:40:07 – 24/11/2017, 04:37:51 To compare the BDRs of the proposed four features, Alice and Bob first estimate their

respective CIRs based on the chirp signal. Assuming that Eve has knowledge of the signal processing chain of Alice and Bob, she estimates her CIR based on Bob’s transmission with the aim to extract the same key. The Alice-to-Eve link is not processed because Alice’s transmission saturated Eve’s hydrophone during the experiment.

Fig. 3 shows all 3078 snapshots of the estimated 𝐡𝐀𝐁(n), 𝐡𝐁𝐀(n), and 𝐡𝐁𝐄(n) during these four transmission intervals. The snapshots are stack in chronological order (y-axis) based on the signal transmissions. All CIRs are shown in a common delay axis (x-axis) whose maximal value is 70 ms. The zero delay corresponds to the line-of-sight (earliest arrival). Given that there is no mobility, the observed time variability is mainly due to the sea surface interaction with the transmitted signal. We can clearly see that 𝐡𝐀𝐁(n) and 𝐡𝐁𝐀(n) are highly correlated due to the principle of reciprocity while 𝐡𝐁𝐄(n) exhibits low correlation with 𝐡𝐀𝐁(n) and 𝐡𝐁𝐀(n).

Fig. 4 shows the unquantised and quantised channel features for the Alice-to-Bob, Bob-to-Alice, Bob-to-Eve links. When quantised, all chosen features are equal most of the time between Alice and Bob. Yet, we note that after November 23rd, 12:00 pm, the measurements of Eve approach those of Alice and Bob, especially for the L2/L0 norm. This is due to the fact that environment is less in rich in multipath structure after that time (as can be seen in Fig. 3).

Fig. 2. Top left: experimental area in the Gulf of La Spezia. Top right: the location of the nodes

M0 and M4 are with yellow marks. Bottom left: Positions of Alice, Bob and Eve on nodes M0

and M4. Bottom right: spectrograms of the received signals at the hydrophones of Alice and

Bob. The colorbar represents the signal power in logarithmic scale.

projector

hydrophone

M0 M4

21

0 c

m12

0cm

18

0 c

m

Eve

Alice Bob

𝐡

𝐡

𝐡

Alice

Bob


- 275 -

Fig. 3. Snapshots of the estimated CIRs of Alice-to-Bob, Bob-to-Alice and Bob-to-Eve links.

The horizontal axis represents multipath delay, the vertical axis represents the signal probe

number in transmission order. The colorbar represents the amplitude in logarithmic scale.

Fig. 4. The computed channel features unquantised (left) and quantised (right) for the Alice-to-

Bob (AB), Bob-to-Alice (BA), Bob-to-Eve (BE) links.


- 276 -

Fig. 5 shows the computed BDR vs. time for all four features. Note that Eve’s computed BDR for L2/L0 norm is similar to that of Alice-Bob after November 23rd, 12:00 pm. This result challenges the suitability of those parameters for this type of environment. Table 1 presents the BDR averaged over the entire experiment as well as the number of 32-bit key agreements per channel probe. Note that the channel sparseness, 𝛽, shows the smallest BDR ratio and so yields the best performance out of all proposed features. In addition, we see that Eve managed to get only one 32-bit key agreement out of 3078 probes when computing 𝛽. On the contrary, Alice got 1715 key agreements, which translates into three orders of magnitude higher probability to get the correct key than Eve.

Fig. 5: BDR between Alice-Bob and Bob-Eve for normalised L2 norm, normalised L0 norm,

channel sparseness, RMS delay spread.

Channel feature 𝐵𝐷𝑅̅̅ ̅̅ ̅̅ 𝐵𝐷𝑅̅̅ ̅̅ ̅̅

𝐵𝐷𝑅̅̅ ̅̅ ̅̅

𝐵𝐷𝑅̅̅ ̅̅ ̅̅

# of key

agreements Alice-Bob

prob. of key agreement Alice-Bob

# of key agreements Bob - Eve

prob. of key agreement Bob - Eve

Normalised L2 norm 0.26 0.48 0.55 1333 0.43 106 0.034 Normalised L0 norm 0.26 0.39 0.66 1268 0.41 339 0.110 Channel sparseness 0.20 0.58 0.35 1715 0.56 1 3.2 ∙ 10−4 RMS delay spread 0.19 0.42 0.45 1890 0.61 4 1.2 ∙ 10−3

Table 1: average BDR and number of 32-bit key agreements per channel probe between Alice-

Bob and Bob-Eve.

4. CONCLUSION

In this work, we proposed four CIR features for symmetric key generation between two legitimate nodes, Alice and Bob. These were the L2/L0 norm, a smooth metric of channel sparseness and the RMS delay spread. After analysing a large set of channel probes transmitted


- 277 -

in a short-range, shallow water environment, we found that all features exhibited highly correlated values and so they are suitable for independent key generation between Alice and Bob. However, in the particularly challenging scenario where Eve is about a meter away from Alice, the smooth channel sparseness showed superior performance. In particular, we found that the probability of Alice-Bob key agreement was three orders of magnitude higher than that for Bob-Eve. Key reconciliation and privacy amplification will be pursued as a future work.

ACKNOWLEDGEMENTS

This work was supported by the NATO Allied Command Transformation (ACT) Future Solutions Branch under the Autonomous Security Network Programme and the Office of Naval Research Global under grant no N62909-17-1-2093

REFERENCES

[1] J. Buchmann, Introduction to Cryptography, Springer, New York, NY, 2004. [2] T. Melodia, H. Khulandjian, L.-C. Kuo, and E. Demirors, Advances in underwater

acoustic networking, in Mobile Ad Hoc Networking: Cutting Edge Directions, Hoboken, NJ, USA: Wiley, ch. 23, pp. 804-852, 2013.

[3] G. Ferri et al., Cooperative robotic networks for underwater surveillance: an overview, IET Radar, Sonar & Navigation, vol. 11, no. 12, pp. 1740-1761, 2017.

[4] M. Domingo, Securing underwater wireless communication networks, IEEE Wireless Communications, vol. 18, no. 1, pp. 22–28, 2011.

[5] G. Han, J. Jiang, N. Sun, and L. Shu, Secure communication for underwater acoustic

sensor networks, IEEE Communications Magazine, vol.53, no.8, pp.54-60, 2015. [6] C. Lal, R. Petroccia, K. Pelekanakis, M. Conti and J. Alves, Toward the Development

of Secure Underwater Acoustic Networks, IEEE Journal of Oceanic Engineering, vol. 42, no. 4, pp. 1075-1087, 2017.

[7] M. A. Simplício et al, A survey on key management mechanisms for distributed wireless

sensor networks, Computer Networks, vol. 54, no. 15, pp. 2591–2612, 2010. [8] S. Seo, J. Won, S. Sultana and E. Bertino, Effective Key Management in Dynamic

Wireless Sensor Networks, IEEE Transactions on Information Forensics and Security, vol. 10, no. 2, pp. 371-383, 2015.

[9] K. Ren, H. Su and Q. Wang, Secret key generation exploiting channel characteristics in

wireless communications, IEEE Wireless Communications, vol. 18, no. 4, pp. 6-12, 2011. [10] K. Zeng, Physical layer key generation in wireless networks: challenges and

opportunities, IEEE Communications Magazine, vol. 53, no. 6, pp. 33-39, 2015. [11] J. Zhang, T. Q. Duong, A. Marshall and R. Woods, Key Generation From Wireless

Channels: A Review, IEEE Access, vol. 4, pp. 614-626, 2016. [12] Y. Liu, J. Jing, and J. Yang, Secure underwater acoustic communication based on a

robust key generation scheme, in 9th International Conference on Signal Processing, pp. 1838-1841, 2008.

[13] Y. Luo, L. Pu, Z. Peng, and Z. Shi, RSS-based secret key generation in underwater

acoustic networks: advantages, challenges, and performance improvements, IEEE Communications Magazine, vol. 54, no. 2, pp. 32–38, 2016.

[14] Y. Huang, S. Zhou, Z. Shi, and L. Lai, Channel frequency response-based secret key

generation in underwater acoustic systems, IEEE Transactions on Wireless Communications, vol. 15, no. 9, pp. 5875–5888, 2016.


- 278 -

[15] C. Wang and Z. Wang, Signal alignment for secure underwater coordinated multipoint

transmissions, IEEE Transactions on Signal Processing, vol. 64, no. 23, pp. 6360–6374, 2016.

[16] R. Diamant, P. Casari, and S. Tomasin, Cooperative authentication in underwater

acoustic sensor networks, IEEE Transactions on Wireless Communications, vol. 18, no. 2, pp. 954–968, 2019.

[17] P. A. van Walree, Propagation and Scattering Effects in Underwater Acoustic Communication Channels, IEEE Journal of Oceanic Engineering, vol. 38, no. 4, pp. 614-631, 2013.


- 279 -


- 280 -

Documents

TOWARDS PHYSICAL LAYER CRYPTOGRAPHY FOR UNDERWATER