Biblio

With the improvement in technology and with the increase in the use of wireless devices there is deficiency of radio spectrum. Cognitive radio is considered as the solution for this problem. Cognitive radio is capable to detect which communication channels are in use and which are free, and immediately move into free channels while avoiding the used ones. This increases the usage of radio frequency spectrum. Any wireless system is prone to attack. Likewise, the main two attacks in the physical layer of cognitive radio are Primary User Emulation Attack (PUEA) and replay attack. This paper focusses on mitigating these two attacks with the aid of authentication tag and distance calculation. Mitigation of these attacks results in error free transmission which in turn fallouts in efficient dynamic spectrum access.

The number of sensors and embedded devices in an urban area can be on the order of thousands. New low-power wide area (LPWA) wireless network technologies have been proposed to support this large number of asynchronous, low-bandwidth devices. Among them, the Cooperative UltraNarrowband (C-UNB) is a clean-slate cellular network technology to connect these devices to a remote site or data collection server. C-UNB employs small bandwidth channels, and a lightweight random access protocol. In this paper, a new application is investigated - the use of C-UNB wireless networks to support the Advanced Metering Infrastructure (AMI), in order to facilitate the communication between smart meters and utilities. To this end, we adapted a mathematical model for C-UNB, and implemented a network simulation module in NS-3 to represent C-UNB's physical and medium access control layer. For the application layer, we implemented the DLMS-COSEM protocol, or Device Language Message Specification - Companion Specification for Energy Metering. Details of the simulation module are presented and we conclude that it supports the results of the mathematical model.

Secure network coding realizes the secrecy of the message when the message is transmitted via noiseless network and a part of edges or a part of intermediate nodes are eavesdropped. In this framework, if the channels of the network has noise, we apply the error correction to noisy channel before applying the secure network coding. In contrast, secure physical layer network coding is a method to securely transmit a message by a combination of coding operation on nodes when the network is given as a set of noisy channels. In this paper, we give several examples of network, in which, secure physical layer network coding realizes a performance that cannot be realized by secure network coding.

Key derivation from the physical layer features of the communication channels is a promising approach which can help the key management and security enhancement in communication networks. In this paper, we consider a key generation technique that quantizes the received signal phase to obtain the secret keys. We then study the effect of a jamming attack on this system. The jammer is an active attacker that tries to make a disturbance in the key derivation procedure and changes the phase of the received signal by transmitting an adversary signal. We evaluate the effect of jamming on the security performance of the system and show the ways to improve this performance. Our numerical results show that more phase quantization regions limit the probability of successful attacks.

Close physical proximity among wireless devices that have never shared a secret key is sometimes used as a basis of trust. In these cases, devices in close proximity are deemed trustworthy while more distant devices are viewed as potential adversaries. Because radio waves are invisible, however, a user may believe a wireless device is communicating with a nearby device when in fact the user's device is communicating with a distant adversary. Researchers have previously proposed methods for multi-antenna devices to ascertain physical proximity with other devices, but devices with a single antenna, such as those commonly used in the Internet of Things, cannot take advantage of these techniques. We investigate a method for a single-antenna Wi-Fi device to quickly determine proximity with another Wi-Fi device. Our approach leverages the repeating nature Wi-Fi's preamble and the characteristics of a transmitting antenna's near field to detect proximity with high probability. Our method never falsely declares proximity at ranges longer than 14 cm.

Recent advances in Cross-Technology Communication (CTC) enable the coexistence and collaboration among heterogeneous wireless devices operating in the same ISM band (e.g., Wi-Fi, ZigBee, and Bluetooth in 2.4 GHz). However, state-of-the-art CTC schemes are vulnerable to spoofing attacks since there is no practice authentication mechanism yet. This paper proposes a scheme to enable the spoofing attack detection for CTC in heterogeneous wireless networks by using physical layer information. First, we propose a model to detect ZigBee packets and measure the corresponding Received Signal Strength (RSS) on Wi-Fi devices. Then, we design a collaborative mechanism between Wi-Fi and ZigBee devices to detect the spoofing attack. Finally, we implement and evaluate our methods through experiments on commercial off-the- shelf (COTS) Wi-Fi and ZigBee devices. Our results show that it is possible to measure the RSS of ZigBee packets on Wi-Fi device and detect spoofing attack with both a high detection rate and a low false positive rate in heterogeneous wireless networks.

In this paper a new physical layer security method is proposed against eavesdropping attacks. Our purpose is to demonstrate that performance of the legitimate receiver can be increased and performance of the eavesdropper can be decreased by matching between the roll of factors of root raised cosine filters in the transmitter and receiver. Through the matching between the roll of factors (a), a performance difference is generated between the legitimate receiver and the eavesdropper. By using three software defined radio nodes error vector magnitude of the legitimate receiver and the eavesdropper is measured according to roll of factors. Performance differences the receiver are demonstrated when the roll off factor is matched and mismatched.

This paper proposes a game-theoretic approach to analyze the interactions between an attacker and a defender in a cyber-physical system (CPS) and develops effective defense strategies. In a CPS, the attacker launches cyber attacks on a number of nodes in the cyber layer, trying to maximize the potential damage to the underlying physical system while the system operator seeks to defend several nodes in the cyber layer to minimize the physical damage. Given that CPS attacking and defending is often a continual process, a zero-sum Markov game is proposed in this paper to model these interactions subject to underlying uncertainties of real-world events and actions. A novel model is also proposed in this paper to characterize the interdependence between the cyber layer and the physical layer in a CPS and quantify the impact of the cyber attack on the physical damage in the proposed game. To find the Nash equilibrium of the Markov game, we design an efficient algorithm based on value iteration. The proposed general approach is then applied to study the wide-area monitoring and protection issue in smart grid. Extensive simulations are conducted based on real-world data, and results show the effectiveness of the defending strategies derived from the proposed approach.

In cognitive radio network, the primary user (PU) network and the secondary user (SU) network interfered with each other because of sharing the spectral resource. Also interference among multi-downlinks in SU network decreased the sum rate in SU network and the eavesdropper in PU network decreased the secrecy rate in PU network. Focusing on above problem, this paper raised two channel selection and beamforming methods based on singular value decomposition (SVD) and uplink-downlink duality respectively, and then analyzed the performance of them in physical layer security.

In this paper, we address the physical layer security problem for Wireless Sensor Networks in the presence of passive eavesdroppers, i.e., the eavesdroppers' channels are unknown to the transmitter. We use a multi-antenna relay to guarantee physical layer security. Different from the existing work, we consider that the relay works in full duplex mode and transmits artificial noise (AN) in both stages of the decode-and-forward (DF) cooperative strategy. We proposed two optimal power allocation strategies for power constrained and power unconstrained systems respectively. For power constrained system, our aim is to minimize the secrecy rate outage probability. And for power unconstrained systems, we obtain the optimal power allocation to minimize the total power under the quality of service and secrecy constraints. We also consider the secrecy outage probability for different positions of eavesdropper. Simulation results are presented to show the performance of the proposed strategies.

The cyclostationary characteristics of signals has some important applications in such as blind channel equalization, blind adaptive beamforming, and system identification. However, the cyclostationary characteristics also can be a weak link in physical layer security. With high-order cyclostationary theory, some system information can be obtained easily. In this paper, we proposed a new algorithm based on constellation phase rotation and amplitude randomization, during which the cyclostationary feature of signals can be suppressed.

Next generation 5G wireless networks pose several important security challenges. One fundamental challenge is key management between the two communicating parties. The goal is to establish a common secret key through an unsecured wireless medium. In this paper, we introduce a new physical layer paradigm for secure key exchange between the legitimate communication parties in the presence of a passive eavesdropper. The proposed method ensures secrecy via pre-equalization and guarantees reliable communications by the use of Low Density Parity Check (LDPC) codes. One of the main findings of this paper is to demonstrate through simulations that the diversity order of the eavesdropper will be zero unless the main and eavesdropping channels are almost correlated, while the probability of key mismatch between the legitimate transmitter and receiver will be low. Simulation results demonstrate that the proposed approach achieves very low secret key mismatch between the legitimate users, while ensuring very high error probability at the eavesdropper.

We propose a multi-level CSI quantization and key reconciliation scheme for physical layer security. The noisy wireless channel estimates obtained by the users first run through a transformation, prior to the quantization step. This enables the definition of guard bands around the quantization boundaries, tailored for a specific efficiency and not compromising the uniformity required at the output of the quantizer. Our construction results in an better key disagreement and initial key generation rate trade-off when compared to other level-crossing quantization methods.

A cross-layer secure communication scheme for multiple input multiple output (MIMO) system based on spatial modulation (SM) is proposed in this paper. The proposed scheme combined the upper layer stream cipher with the distorted signal design of the MIMO spatial modulation system in the physical layer to realize the security information transmission, which is called cross-layer secure communication system. Simulation results indicate that the novel scheme not only further ensure the legitimate user an ideal reception demodulation performance as the original system, but also make the eavesdropper' error rate stable at 0.5. The novel system do not suffer from a significant increasing complexity.

Cooperative MIMO communication is a promising technology which enables realistic solution for improving communication performance with MIMO technique in wireless networks that are composed of size and cost constrained devices. However, the security problems inherent to cooperative communication also arise. Cryptography can ensure the confidentiality in the communication and routing between authorized participants, but it usually cannot prevent the attacks from compromised nodes which may corrupt communications by sending garbled signals. In this paper, we propose a cross-layered approach to enhance the security in query-based cooperative MIMO sensor networks. The approach combines efficient cryptographic technique implemented in upper layer with a novel information theory based compromised nodes detection algorithm in physical layer. In the detection algorithm, a cluster of K cooperative nodes are used to identify up to K - 1 active compromised nodes. When the compromised nodes are detected, the key revocation is performed to isolate the compromised nodes and reconfigure the cooperative MIMO sensor network. During this process, beamforming is used to avoid the information leaking. The proposed security scheme can be easily modified and applied to cognitive radio networks. Simulation results show that the proposed algorithm for compromised nodes detection is effective and efficient, and the accuracy of received information is significantly improved.

This paper describes and verifies a method of implementing bit error rate (BER) calculation for FPGA-based physical layer security techniques for Software Defined Radio (SDR). Specifically, we describe an independent source signal processing architecture for an efficient calculation of BER for wireless communication modules across the transmitter and receiver nodes. The source components at the transmitter and the receiver both generate identical random bits independently from each other, allowing for the received data to be compared to the original bit stream to calculate BER completely on hardware. The described method is implemented on a Xilinx Virtex-6 ML605 FPGA and reduces processing time by more than four orders of magnitude less than hardware simulation techniques in regression testing and validation over billions of bits, shortening design turn around times and accelerating Physical layer based security development for wireless communication research. The described independent source approach utilizes a minimal amount of board resources, allowing it to be integrated seamlessly into SDR hardware designs. Experimental validation of the independent source based BER calculation is performed for an Orthogonal Frequency Division Multiplexing signal, and a comparison between different stages of hardware design for the execution time required for BER testing of a large number of bits is provided.

This paper investigates physical layer security of non-orthogonal multiple access (NOMA) in cognitive radio (CR) networks. The techniques of NOMA and CR have improved the spectrum efficiency greatly in the traditional networks. Because of the difference in principles of spectrum improving, NOMA and CR can be combined together, i.e. CR NOMA network, and have great potential to improving the spectrum efficiency. However the physical layer security in CR NOMA network is different from any single network of NOMA or CR. We will study the physical layer security in underlay CR NOMA network. Firstly, the wiretap network model is constructed according to the technical characteristics of NOMA and CR. In addition, new exact and asymptotic expressions of the security outage probability are derived and been confirmed by simulation. Ultimately, we have studied the effect of some critical factors on security outage probability after simulation.

We show that elliptic-curve cryptography implementations on mobile devices are vulnerable to electromagnetic and power side-channel attacks. We demonstrate full extraction of ECDSA secret signing keys from OpenSSL and CoreBitcoin running on iOS devices, and partial key leakage from OpenSSL running on Android and from iOS's CommonCrypto. These non-intrusive attacks use a simple magnetic probe placed in proximity to the device, or a power probe on the phone's USB cable. They use a bandwidth of merely a few hundred kHz, and can be performed cheaply using an audio card and an improvised magnetic probe.

As cyber-physical systems (CPS) become prevalent in everyday life, it is critical to understand the factors that may impact the security of such systems. In this paper, we present insights from an initial study of historical security incidents to analyse such factors for a particular class of CPS: industrial control systems (ICS). Our study challenges the usual tendency to blame human fallibility or resort to simple explanations for what are often complex issues that lead to a security incident. We highlight that (i) perception errors are key in such incidents (ii) latent design conditions – e.g., improper specifications of a system's borders and capabilities – play a fundamental role in shaping perceptions, leading to security issues. Such design-time considerations are particularly critical for ICS, the life-cycle of which is usually measured in decades. Based on this analysis, we discuss how key characteristics of future smart CPS in such industrial settings can pose further challenges with regards to tackling latent design flaws.

With cyber-physical systems opening to the outside world, security can no longer be considered a secondary issue. One of the key aspects in security of cyber-phyiscal systems is to deal with intrusions. In this paper, we highlight the several unique properties of control applications in cyber-physical systems. Using these unique properties, we propose a systematic intrusion-damage assessment and mitigation mechanism for the class of observable and controllable attacks. On the one hand, in cyber-physical systems, the plants follow certain laws of physics and this can be utilized to address the intrusion-damage assessment problem. That is, the states of the controlled plant should follow those expected according to the physics of the system and any major discrepancy is potentially an indication of intrusion. Here, we use a machine learning algorithm to capture the normal behavior of the system according to its dynamics. On the other hand, the control performance strongly depends on the amount of allocated resources and this can be used to address the intrusion-damage mitigation problem. That is, the intrusion-damage mitigation is based on the idea of allocating more resources to the control application under attack. This is done using a feedback-based approach including a convex optimization.

Embedded Systems (ES) are an integral part of Cyber-Physical Systems (CPS), the Internet of Things (IoT), and consumer devices like smartphones. ES often have limited resources, and - if used in CPS and IoT - have to satisfy real time requirements. Therefore, ES rarely employ the security measures established for computer systems and networks. Due to the growth of both CPS and IoT it is important to identify ongoing attacks on ES without interfering with realtime constraints. Furthermore, security solutions that can be retrofit to legacy systems are desirable, especially when ES are used in Industrial Control Systems (ICS) that often maintain the same hardware for decades. To tackle this problem, several researchers have proposed using side-channels (i.e., physical emanations accompanying cyber processes) to detect such attacks. While prior work focuses on the anomaly detection approach, this might not always be sufficient, especially in complex ES whose behavior depends on the input data. In this paper, we determine whether one of the most common attacks - a buffer overflow attack - generates distinct side-channel signatures if executed on a vulnerable ES. We only consider the power consumption side-channel. We collect and analyze power traces from normal program operation and four cases of buffer overflow attack categories: (i) crash program execution, (ii) injection of executable code, (iii) return to existing function, and (iv) Return Oriented Programming (ROP) with gadgets. Our analysis shows that for some of these cases a power signature-based detection of a buffer overflow attack is possible.

Additive Manufacturing (AM) uses Cyber-Physical Systems (CPS) (e.g., 3D Printers) that are vulnerable to kinetic cyber-attacks. Kinetic cyber-attacks cause physical damage to the system from the cyber domain. In AM, kinetic cyber-attacks are realized by introducing flaws in the design of the 3D objects. These flaws may eventually compromise the structural integrity of the printed objects. In CPS, researchers have designed various attack detection method to detect the attacks on the integrity of the system. However, in AM, attack detection method is in its infancy. Moreover, analog emissions (such as acoustics, electromagnetic emissions, etc.) from the side-channels of AM have not been fully considered as a parameter for attack detection. To aid the security research in AM, this paper presents a novel attack detection method that is able to detect zero-day kinetic cyber-attacks on AM by identifying anomalous analog emissions which arise as an outcome of the attack. This is achieved by statistically estimating functions that map the relation between the analog emissions and the corresponding cyber domain data (such as G-code) to model the behavior of the system. Our method has been tested to detect potential zero-day kinetic cyber-attacks in fused deposition modeling based AM. These attacks can physically manifest to change various parameters of the 3D object, such as speed, dimension, and movement axis. Accuracy, defined as the capability of our method to detect the range of variations introduced to these parameters as a result of kinetic cyber-attacks, is 77.45%.

The security of critical infrastructures such as oil and gas cyber-physical systems is a significant concern in today's world where malicious activities are frequent like never before. On one side we have cyber criminals who compromise cyber infrastructure to control physical processes; we also have physical criminals who attack the physical infrastructure motivated to destroy the target or to steal oil from pipelines. Unfortunately, due to limited resources and physical dispersion, it is impossible for the system administrator to protect each target all the time. In this research paper, we tackle the problem of cyber and physical attacks on oil pipeline infrastructure by proposing a Stackelberg Security Game of three players: system administrator as a leader, cyber and physical attackers as followers. The novelty of this paper is that we have formulated a real world problem of oil stealing using a game theoretic approach. The game has two different types of targets attacked by two distinct types of adversaries with different motives and who can coordinate to maximize their rewards. The solution to this game assists the system administrator of the oil pipeline cyber-physical system to allocate the cyber security controls for the cyber targets and to assign patrol teams to the pipeline regions efficiently. This paper provides a theoretical framework for formulating and solving the above problem.

Multilateration techniques have been proposed to verify the integrity of unprotected location claims in wireless localization systems. A common assumption is that the adversary is equipped with only a single device from which it transmits location spoofing signals. In this paper, we consider a more advanced model where the attacker is equipped with multiple devices and performs a geographically distributed coordinated attack on the multilateration system. The feasibility of a distributed multi-device attack is demonstrated experimentally with a self-developed attack implementation based on multiple COTS software-defined radio (SDR) devices. We launch an attack against the OpenSky Network, an air traffic surveillance system that implements a time-difference-of-arrival (TDoA) multi-lateration method for aircraft localization based on ADS-B signals. Our experiments show that the timing errors for distributed spoofed signals are indistinguishable from the multilateration errors of legitimate aircraft signals, indicating that the threat of multi-device spoofing attacks is real in this and other similar systems. In the second part of this work, we investigate physical-layer features that could be used to detect multi-device attacks. We show that the frequency offset and transient phase noise of the attacker's radio devices can be exploited to discriminate between a received signal that has been transmitted by a single (legitimate) transponder or by multiple (malicious) spoofing sources. Based on that, we devise a multi-device spoofing detection system that achieves zero false positives and a false negative rate below 1%.

Securing visible light communication (VLC) systems on the physical layer promises to prevent against a variety of attacks. Recent work shows that the adaption of existing legacy radio wave physical layer security (PLS) mechanisms is possible with minor changes. Yet, many adaptations open new vulnerabilities due to distinct propagation characteristics of visible light. A common understanding of threats arising from various attacker capabilities is missing. We specify a new attacker model for visible light physical layer attacks and evaluate the applicability of existing PLS approaches. Our results show that many attacks are not considered in current solutions.