Practical Known-Plaintext Attacks against Physical Layer Security in Wireless MIMO Systems Matthias Schulz, Adrian Loch, Matthias Hollick Practical Known-Plaintext Attacks against Physical Layer Security in Wireless MIMO Systems Matthias Schulz, Adrian Loch, Matthias Hollick – NDSS 2014
Motivation Application Transport Cryptography Network computational security Data Link powerful attack models Physical Layer Security Physical aims at information-theoretical security no computational restrictions on eavesdropper Practical Known-Plaintext Attacks against Physical Layer Security in Wireless MIMO Systems 2 Matthias Schulz, Adrian Loch, Matthias Hollick – NDSS 2014
Motivation STROBE: Orthogonal Blinding § Published at INFOCOM 2012 § Practical Orthogonal Blinding implementation § Eavesdropper limited to one antenna STROBE: Actively Securing Wireless Communications using Zero-Forcing Beamforming Narendra Anand Rice University Houston, USA Email: nanand@rice.edu Sung-Ju Lee Hewlett-Packard Laboratories Abstract —We present the design and experimental evalua- Palo Alto, USA Edward W. Knightly tion of S imultaneous TR ansmission with O rthogonally B linded Email: sjlee@hp.com E avesdroppers (STROBE). STROBE is a cross-layer approach Rice University that exploits the multi-stream capabilities of existing technologies Houston, USA such as 802.11n and the upcoming 802.11ac standard where multi- Email: knightly@rice.edu antenna APs can construct simultaneous data streams using Zero- upcoming 802.11ac 1 employ physical layers (PHYs) that can Forcing Beamforming (ZFBF). Instead of using this technique for implement ZFBF to construct multiple parallel transmission simultaneous data stream generation, STROBE utilizes ZFBF by streams to a single user (11n) or simultaneously to multiple allowing an AP to use one stream to communicate with an intended user and the remaining streams to orthogonally “blind” (actively users (11ac). Because such existing technologies are already interfere with) any potential eavesdropper thereby preventing able to create multiple parallel streams, STROBE can be eavesdroppers from decoding nearby transmissions. implemented in these systems with minor AP Practical Known-Plaintext Attacks against Physical Layer Security in Wireless MIMO Systems 3 extensive experimental evaluation, we no client modification. STROBE sistently outperforms Omnidir Matthias Schulz, Adrian Loch, Matthias Hollick – NDSS 2014 encryption methods (SUBF), and by
Contents § Motivation § Introduction to Orthogonal Blinding § Contribution: Known-Plaintext Attack § Evaluation § Conclusion Practical Known-Plaintext Attacks against Physical Layer Security in Wireless MIMO Systems 4 Matthias Schulz, Adrian Loch, Matthias Hollick – NDSS 2014
Contents § Motivation § Introduction to Orthogonal Blinding § Contribution: Known-Plaintext Attack § Evaluation § Conclusion Practical Known-Plaintext Attacks against Physical Layer Security in Wireless MIMO Systems 5 Matthias Schulz, Adrian Loch, Matthias Hollick – NDSS 2014
From Shannon to Wyner Alice Bob X n Y n encoder channel decoder M M Degraded Wiretap Channel Eve Z n according to Wyner channel à Secrecy measured as information leakage to Eve Practical Known-Plaintext Attacks against Physical Layer Security in Wireless MIMO Systems 6 Matthias Schulz, Adrian Loch, Matthias Hollick – NDSS 2014
How to reduce information leakage? Alice Bob X n Y n encoder channel decoder M M Degraded Wiretap Channel Eve Z n according to Wyner channel channel The channel to Eve should introduce additional noise Practical Known-Plaintext Attacks against Physical Layer Security in Wireless MIMO Systems 7 Matthias Schulz, Adrian Loch, Matthias Hollick – NDSS 2014
Orthogonal Blinding Bob Alice X n Y n channel decoder M M encoder AN Eve Z n Artificial Noise (AN) channel channel f(M,AN) transmitted orthogonally to Bob’s channel: The channel to Eve should “blinding” only Eve introduce additional noise Practical Known-Plaintext Attacks against Physical Layer Security in Wireless MIMO Systems 8 Matthias Schulz, Adrian Loch, Matthias Hollick – NDSS 2014
Orthogonal Blinding Practical Implementation Data Data Filter Artificial Noise Alice Bob multi-antenna node single-antenna node Noise Noise Noise Multiple Eves multiple single-antenna nodes Practical Known-Plaintext Attacks against Physical Layer Security in Wireless MIMO Systems 9 Matthias Schulz, Adrian Loch, Matthias Hollick – NDSS 2014
Contents § Motivation § Introduction to Orthogonal Blinding § Contribution: Known-Plaintext Attack § Evaluation § Conclusion Practical Known-Plaintext Attacks against Physical Layer Security in Wireless MIMO Systems 10 Matthias Schulz, Adrian Loch, Matthias Hollick – NDSS 2014
Known Plaintext Attack System Model Data Data Filter Artificial Noise Alice Bob multi-antenna node single-antenna node Noise Eve Adaptive Data Known multi-antenna node Filter by Eve OR multiple cooperating Data single-antenna nodes Practical Known-Plaintext Attacks against Physical Layer Security in Wireless MIMO Systems 11 Matthias Schulz, Adrian Loch, Matthias Hollick – NDSS 2014
Known Plaintext Attack System Model Adaptive Filter Data ant. 1 Data Filter filter Artificial Noise output ant. 2 Alice Bob Known ω 0 ω 1 Data multi-antenna node single-antenna node Filter Update Calculation Noise Evaluation (LMS or NLMS with step-size µ ) Eve Adaptive Data Known multi-antenna node Filter by Eve OR multiple cooperating Data single-antenna nodes Practical Known-Plaintext Attacks against Physical Layer Security in Wireless MIMO Systems 12 Matthias Schulz, Adrian Loch, Matthias Hollick – NDSS 2014
Known Plaintext Attack Noise to Data Ratio Noise to Data Ratio (NDR) Evaluation low med. high Data Filter NDR NDR NDR Alice Bob multi-antenna node single-antenna node Noise Eve Adaptive Data Known multi-antenna node Filter by Eve OR multiple cooperating Data single-antenna nodes Practical Known-Plaintext Attacks against Physical Layer Security in Wireless MIMO Systems 13 Matthias Schulz, Adrian Loch, Matthias Hollick – NDSS 2014
Known Plaintext Attack Noise introduced by Wireless Channel Noise to Data Ratio (NDR) low med. high Data Filter NDR NDR NDR Alice Bob multi-antenna node single-antenna node Noise introduced by the wireless channel Noise Signal to Noise Ratio (SNR) Eve Adaptive Data Known multi-antenna node Evaluation Filter by Eve OR multiple cooperating Data single-antenna nodes Practical Known-Plaintext Attacks against Physical Layer Security in Wireless MIMO Systems 14 Matthias Schulz, Adrian Loch, Matthias Hollick – NDSS 2014
Contents § Motivation § Introduction to Orthogonal Blinding § Contribution: Known-Plaintext Attack § Evaluation § Conclusion Practical Known-Plaintext Attacks against Physical Layer Security in Wireless MIMO Systems 15 Matthias Schulz, Adrian Loch, Matthias Hollick – NDSS 2014
Evaluation Testbed Alice Bob WARPLab and MATLAB Eve Practical Known-Plaintext Attacks against Physical Layer Security in Wireless MIMO Systems 16 Matthias Schulz, Adrian Loch, Matthias Hollick – NDSS 2014
Evaluation Eve’s Filter Convergence (measurement) 10 0 µ NLMS = 0.1 Eve’s Symbol Error Rate µ NLMS = 0.3 µ NLMS = 0.9 minimum achievable Symbol Error Rate after convergence step-size of the Normalized Least Mean Squares 10 − 0.5 adaptive filtering algorithm 0 20 40 60 80 100 120 140 Symbol Error Rate converges Number of training symbols for certain number of training symbols Noise to Data Ratio (NDR) = 4 Practical Known-Plaintext Attacks against Physical Layer Security in Wireless MIMO Systems 17 Matthias Schulz, Adrian Loch, Matthias Hollick – NDSS 2014
Evaluation Convergence performance (measurement) Noise to Data Ratio (NDR) higher step-size à faster convergence 8 10 µ NLMS = 0.3 80 µ NLMS = 0.9 6 in training samples Convergence time µ NLMS = 1.4 60 Bob 4 40 2 lower step-size à lower Symbol Error Rate 20 6 8 10 2 4 0 10 − 1.4 10 − 1.2 10 − 1 10 − 0.8 10 − 0.6 10 − 0.4 10 − 0.2 For comparison: Eve’s Symbol Error Rate at convergence Bob’s Symbol Error Rate Practical Known-Plaintext Attacks against Physical Layer Security in Wireless MIMO Systems 18 Matthias Schulz, Adrian Loch, Matthias Hollick – NDSS 2014
Evaluation Many eavesdropper antennas (simulation) 10 0 SNR TX = 10 dB SNR TX = 25 dB Eve’s Symbol Error Rate find additional results in our paper more antennas à lower SER 10 − 1 filtering complexity increases linearly 2 4 6 8 10 12 14 16 18 20 22 24 Number of Eve’s antennas 100 training symbols, Noise to Data Ratio (NDR) = 10, filter step-size: µ NLMS = 0.3 Practical Known-Plaintext Attacks against Physical Layer Security in Wireless MIMO Systems 19 Matthias Schulz, Adrian Loch, Matthias Hollick – NDSS 2014
Contents § Motivation § Introduction to Orthogonal Blinding § Contribution: Known-Plaintext Attack § Evaluation § Conclusion Practical Known-Plaintext Attacks against Physical Layer Security in Wireless MIMO Systems 20 Matthias Schulz, Adrian Loch, Matthias Hollick – NDSS 2014
Recommend
More recommend