MILCOM'2005 1

MIMO Transmissions with Information Theoretic Secrecy for Secret-Key Agreement in Wireless Networks

Xiaohua (Edward) Li1 and E. Paul Ratazzi2 1Department of Electrical and Computer Engineering

State University of New York at Binghamtonxli@binghamton.edu,

http://ucesp.ws.binghamton.edu/~xli2Air Force Research Lab, AFRL/IFGB, paul.ratazzi@afrl.af.mil

MILCOM'2005 2

Contents

1. Introduction

2. Secure MIMO transmission scheme

3. Transmission weights design

4. Transmission secrecy

5. Simulations

6. Conclusions

MILCOM'2005 3

1. Introduction

• Secure wireless transmission: necessary PHY security techniques for wireless information assurance– Wireless transmissions have no boundary,

susceptible to listening/analyzing, location, jamming

– Wireless nodes have severe energy and bandwidth constraints “light” techniques

– Unreliable link and dynamic network topology

MILCOM'2005 4

Secure Wireless Transmissions

• Traditional secure transmission design– Data encryption, spread spectrum, etc

• New idea: use antenna array diversity and array redundancy– A completely different approach of secure (LPI)

waveform design

MILCOM'2005 5

Significance to Cryptography

• Provable (information-theoretic) secrecy– Inherently secure transmission, no encryption keys

involved– Comparable to quantum cryptography

• Provide PHY-layer LPI, and assist higher layer data encryption– PHY-layer assisted secret key agreement

MILCOM'2005 6

Secret-Key Agreement

• Classic Shannon model– Alice & Bob try to exchange encryption keys for

encrypted data transmission– Eve can acquire all (and identical) messages

received by Alice or Bob– Perfect secrecy impractical under Shannon model– Computational secrecy achievable

MILCOM'2005 7

PHY-layer Transmission Secrecy Model

• Information theoretic secrecy realizable with model different than Shannon’s– Eve’s channels, and thus received signals, are

different from Alice’s or Bob’s– A reality in quantum communication, and wireless

transmissions

MILCOM'2005 8

Information-Theoretic Secrecy

• Wyner’s wire-tap channel: secret capacity

• Maurer’s common information concept

• High secret channel capacity requires Eve’s channel being noisier not practical enough

)1log()1(log)( here w

better) channel(Eve' else,0

noiser) channel s(Eve' if),()(1

ppppph

hhC

)()2(2 hhC

MILCOM'2005 9

2. Secure MIMO transmission scheme

• Can we guarantee a large or in practice?

• Possible: randomized MIMO transmission• Basic idea:

– Use redundancy of antenna array – Exploit the limit of blind deconvolution

• Eve can not estimate channel/symbol blindly

MILCOM'2005 10

Transmission Scheme

• Alice: antenna array (secure, public, pilot)– Does not send training signals

• Bob: estimate symbols, no channel knowledge required

MILCOM'2005 11

Signal Model and Assumptions

Bob receives: ( ) ( ) ( ) ( )

Eve receives: ( ) ( ) ( ) ( )u u u

n n n n

n n n n

x HW b v

x H W b v

Alice, Bob & Eve do not know channels.– Alice estimate H by reciprocity– Bob need not know channel.– Eve depends on blind estimation.

MILCOM'2005 12

MIMO Transmission Procedure

• Alice select transmit antenna weights so that

• Bob receives signal – By estimating received signal power, Bob can detect

signals

• Key points:– No channel information required for Bob, no training

required no training available to Eve– Redundancy in selecting weights

( ) :

is diagonal with positive elements

n

K K

HW A

A

( ) ( ) ( )n n n x Ab v

1ˆ ( ) ( )n nb A x

( )nW

MILCOM'2005 13

3. Transmission Weights Design

• Existing array transmission schemes are susceptible to Eve’s blind deconvolution attack?– Eve can easily estimate by blind deconvolution

if with optimal transmit beamforming

( )nb

1

2

( ) ,

where , , /

and can be zero or random

Hopt opt opt

opt opt

Hopt opt opt opt K

n

tr

D U AW V

B

H U D 0 V A I D

B

MILCOM'2005 14

Select Weights with Randomization

• W1(n): Redundancy in transmitting weights

• Procedure:

10 1 1

0 11

( )( ) , where

( )

nn

n

H A H WW H H H

W

1

1 1

10 0 1

1

In each symbol block interval, select randomly ( ) such that

( ) ( ) ( ) ~ ( , ),

and then calculate transmitted vector ( ) ( ) as

( ) ( ) ( )

( )

J K

n

n n n

n n

n nn

n

W

s W b

W b

s H Ab H ss

s

N μ

1

1

( )

( )

n

n

s

MILCOM'2005 15

4. Transmission Secrecy

• Eve’s received signal becomes

which has distribution

• Objective: Eve can not estimate channel Hu from xe(n), which relies on– Assumption that Eve & Bob’s channels are sufficiently

different wireless channels fade independently when separated a fractional of wavelength

– Unknown to Eve:

1 11 0 1 0( ) ( )

( ) , where ,( )u u M uu J K

n nn

n

s H H H Abx H F I H f F f

v I 0

2( ) ~ ( , )H He M u u u u v Mn x H F H f H F F H IμN

1 1 ( ) ( ) ( ) ~ ( , ),J Kn n n s W b N μ

MILCOM'2005 16

Indeterminacy of Blind Channel Estimation

• Proposition:For unknown symbol ( ) and unknown , , ,

from the distribution of ( ), the channel matrix

is indistinguishable from with ambuiguity

matrix .

u u

u

n

n

J J

b H μ Σ

x H

H P

U GV UGP

0 V

MILCOM'2005 17

Indeterminacy of Blind Symbol Estimation

• Proposition:

• Result: – Eve’s error rate: high– Bob’s error rate: low (identical to optimal MIMO

eigen-beamforming)– Cost paid: higher transmission power

Assume ( ) is generated by transmitting ( ).

Then ( ) has identical distribution as those generated

by transmitting any other symbol vector ( ).

u

u

n n

n

n

x b

x

d

MILCOM'2005 18

Transmission secrecy

• Weights are selected randomly and unknown to Eve, blind deconvolution is made impossible

• Weights are selected by Alice, no need to tell Bob equivalently one-time pad

• Information theory guarantees high and positive secret channel capacity provable (information theoretic) secrecy

MILCOM'2005 19

Eve’s Exhaustive Search Attack

• Eve may exhaustively try all possible channels (both ).

• The complexity can be at least , according to quantization level Q– Low quantization level reduces complexity, but

increases symbol estimation error still makes high positive secret channel capacity possible

– Example,

, and uH H2 22 2( )K J KQ Q

1282 when 4, 4, 16 (for 0.1).J K Q

MILCOM'2005 20

5. Simulations

• BER of the proposed transmission scheme

J=6.K=4.QPSK.

MILCOM'2005 21

• Secret channel capacity with the simulated BER

MILCOM'2005 22

Conclusions

• Proposed a randomized MIMO transmission scheme – Use array redundancy and channel diversity for

transmission security– Enhance transmission LPI in the PHY-layer by

increasing the adversary’s receiving error – Proof of secrecy with weight randomization and limit

of blind deconvolution