Biblio

We consider the problem of covert communication when Channel State Information (CSI) is available non-causally, causally, and strictly causally at both transmitter and receiver, as well as the case when channel state information is only available at the transmitter. Covert communication with respect to an adversary referred to as the "warden", is one in which the distribution induced during communication at the channel output observed by the warden is identical to the output distribution conditioned on an innocent channel-input symbol. In contrast to previous work, we do not assume the availability of a shared key at the transmitter and legitimate receiver; instead shared randomness is extracted from the channel state, in a manner that keeps it secret from the warden despite the influence of the channel state on the warden's output. When CSI is available at both transmitter and receiver, we derive the covert capacity region; when CSI is only available at the transmitter, we derive inner and outer bounds on the covert capacity. We also derive the covert capacity when the warden's channel is less noisy with respect to the legitimate receiver. We provide examples for which covert capacity is zero without channel state information, but is positive in the presence of channel state information.

We discuss the threat that hardware Trojans (HTs) impose on wireless networks, along with possible remedies for mitigating the risk. We first present an HT attack on an 802.11a/g transmitter (TX), which exploits Forward Error Correction (FEC) encoding. While FEC seeks to protect the transmitted signal against channel noise, it often offers more protection than needed by the actual channel. This margin is precisely where our HT finds room to stage an attack. We, then, introduce a Trojan-agnostic method which can be applied at the receiver (RX) to detect such attacks. This method monitors the noise distribution, to identify systematic inconsistencies which may be caused by an HT. Lastly, we describe a Wireless open-Access Research Platform (WARP) based experimental setup to investigate the feasibility and effectiveness of the proposed attack and defense. More specifically, we evaluate (i) the ability of a rogue RX to extract the leaked information, while an unsuspecting, legitimate RX accurately recovers the original message and remains oblivious to the attack, and (ii) the ability of channel noise profiling to detect the presence of the HT.