US20170188235A1 - Authentication for secure wireless communication - Google Patents

Authentication for secure wireless communication Download PDF

Info

Publication number
US20170188235A1
US20170188235A1 US15/455,412 US201715455412A US2017188235A1 US 20170188235 A1 US20170188235 A1 US 20170188235A1 US 201715455412 A US201715455412 A US 201715455412A US 2017188235 A1 US2017188235 A1 US 2017188235A1
Authority
US
United States
Prior art keywords
cir
signal
wireless unit
higher layer
template
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US15/455,412
Inventor
Liang Xiao
Chunxuan Ye
Suhas Mathur
Yogendra C. Shah
Alexander Reznik
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
InterDigital Patent Holdings Inc
Original Assignee
InterDigital Patent Holdings Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by InterDigital Patent Holdings Inc filed Critical InterDigital Patent Holdings Inc
Priority to US15/455,412 priority Critical patent/US20170188235A1/en
Publication of US20170188235A1 publication Critical patent/US20170188235A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0875Generation of secret information including derivation or calculation of cryptographic keys or passwords based on channel impulse response [CIR]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/068Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/50Secure pairing of devices
    • H04L2209/38
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • H04L2209/805Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/79Radio fingerprint

Definitions

  • This application is related to wireless communications.
  • Information-theoretically secure cryptographic techniques eliminate the reliance on computational difficulty.
  • Alice and Bob may employ the reciprocity of a wireless channel to extract secret keys.
  • These techniques usually rely on exchanging signals, or probing, the wireless channel, such as in a time division duplex (TDD) manner, to collect correlated information from which common secret bits are obtained.
  • TDD time division duplex
  • a method an apparatus for providing authentication for secure wireless communication would be advantageous.
  • a method and apparatus for use in authentication for secure wireless communication is provided.
  • a received signal is physically authenticated and higher layer processed.
  • Physical authentication includes performing hypothesis testing using a channel impulse response (CIR) measurement of the received signal and predetermined referenced data.
  • Higher layer processing includes validating the signal using a one-way hash chain value in the signal.
  • FIG. 1 shows a block diagram of an example of a network for performing authentication for secure wireless communication
  • FIG. 2 shows a block diagram of an example of a wireless transmit/receive unit and a base station for performing authentication for secure wireless communication
  • FIG. 3 shows a diagram of an example of a method of authentication for secure wireless communication
  • FIG. 4 is a flow chart of an example of a method of double-authentication
  • FIG. 5 shows a diagram of an example a method of double-authentication using one-way hash chain based higher layer processing
  • FIG. 6 shows a block diagram of an example of a method of authentication for secure wireless communication with re-authentication.
  • wireless transmit/receive unit includes but is not limited to a user equipment (UE), a mobile station, a fixed or mobile subscriber unit, a pager, a cellular telephone, a personal digital assistant (PDA), a computer, or any other type of user device capable of operating in a wireless environment.
  • base station includes but is not limited to a Node-B, a site controller, an access point (AP), or any other type of interfacing device capable of operating in a wireless environment.
  • WTRU and “base station” are not mutually exclusive.
  • a WTRU may be an enhanced Home Node-B (H(e)NB).
  • H(e)NB enhanced Home Node-B
  • the term “Alice” includes a WTRU or a base station that is a legitimate communicating entity.
  • the term “Bob” includes a WTRU or a base station that is a legitimate communicating entity.
  • the term “information-theoretically secure” includes but is not limited to perfectly secure, unconditionally secure, and nearly information-theoretically secure.
  • the terms “trust”, “trusted”, and “trustworthy”, as well as variations thereof, indicate a quantifiable and observable manner of assessing whether a unit will function in a particular manner.
  • FIG. 1 shows a block diagram of an example of a wireless communication network 100 for performing authentication for secure wireless communication.
  • the network 100 includes a first WTRU 110 (Alice), a base station 120 (Bob), and an illegitimate communicating entity 130 (Eve). Alice is in communication Bob. Eve is attempting to interfere.
  • wireless communication network 100 may be any combination of wireless and wired devices.
  • FIG. 2 is a more detailed block diagram of an example of the wireless communication network 100 including Alice, shown as a WTRU 110 , and BOB, shown as a base station 120 . As shown Alice and Bob are configured to perform a method of authentication for secure wireless communication.
  • the WTRU 110 includes a processor 211 with an optional linked memory 213 , at least one transceiver 215 , an optional battery 217 , and an antenna 219 .
  • the processor 211 is configured to perform a method of authentication for secure wireless communication.
  • the transceiver 215 is in communication with the processor 211 and the antenna 219 to facilitate the transmission and reception of wireless communications.
  • a battery 217 is used in the WTRU 110 , it powers the transceiver 215 and the processor 211 .
  • the base station 120 includes a processor 221 with an optional linked memory 223 , transceivers 225 , and antennas 227 .
  • the processor 221 is configured to perform a method of authentication for secure wireless communication.
  • the transceivers 225 are in communication with the processor 221 and antennas 227 to facilitate the transmission and reception of wireless communications.
  • a physical-layer, channel-based, method that combines channel probing, M complex frequency response samples over a bandwidth W, with hypothesis testing may be used to determine whether current and prior communication attempts are made by the same communicating entity. In this way, legitimate entities can be authenticated and illegitimate entities can be detected.
  • the receiver may fail to detect a certain percentage of illegitimate signals, called the miss rate, and accept the spoofed messages as valid. Once an attack is missed, the receiver may generate a certain percentage of false rejections, called the false alarm rate, when the legitimate communicating entity attempts to authenticate.
  • the false alarm rate a certain percentage of false rejections
  • a one-way hash chain that relies on purely cryptographic properties of hash functions and provides cryptographic protections based on the computational difficulty of inverting a one-way function, F(.), may be combined with the channel-based method.
  • FIG. 3 is a flow diagram of an example of a method of authentication for secure wireless communication.
  • Alice sends a signal A 1 including a unique identifier, such as a medium access control (MAC) address, to Bob to establish a connection at 310 .
  • Bob receives the signal A 1 and uses a double-authentication algorithm, which includes channel-based validation and purely cryptographic validation, to authenticate the signal at 320 .
  • Eve attempts a spoofing attack to gain illegitimate access by sending a spoofing signal E 1 including Alice's MAC address to Bob at 330 .
  • Bob receives Eve's spoofing signal E 1 and detects Eve's spoofing attack using the double-authentication algorithm at 340 .
  • Bob performs a security algorithm, for example a system-dependent method, at 350 .
  • FIG. 4 is a flow chart of an example of a method of double-authentication.
  • Bob receives a signal including a unique identifier (MAC address) and generates a channel impulse response (CIR) measurement based on the received signal at 410 .
  • Bob examines a reference table to determine whether valid reference CIR data associated with the MAC address exists at 420 . If the CIR reference data exists, Bob performs a Fingerprints in the Ether (FP) method at 430 .
  • a typical FP method includes the configuration of a storage mechanism for recording the shape of a CIR measurement associated with a particular WTRU, such as, via a MAC address.
  • the receiver Upon receipt of a signal purporting to have originated from the WTRU, the receiver obtains a CIR measurement for the signal and compares it with the recorded CIR. If the two CIRs match, the signal is interpreted as being authentic.
  • a CIR measurement may become stale over time. For example, after a period equal to the channel coherence time has passed, a CIR may completely decorrelate. The use of stale channel data may lead to false alarms. Accordingly, the CIR reference table includes a timer for each CIR record. When the timer reaches the maximum lifetime, N T , the CIR record expires and, optionally, is deleted. The maximum lifetime of the CIR record, N T , is set such that each CIR record expires within the relevant channel coherence time.
  • the FP method at 430 uses CIR data and hypothesis testing to differentiate among transmitters and detect spoofing messages.
  • Hypothesis testing includes performing a test statistic function which provides a metric that is compared with a test threshold to produce hypothesis results.
  • a test statistic function, L(H 0 , H 1 ) is calculated to evaluate the difference between the input CIR data, H 1 , and the reference CIR data, H 0 .
  • the result of the test statistic function is compared with a test threshold, Thre. If H 0 and H 1 are not similar enough L(H 0 , H 1 )>Thre and the FP method reports an alarm.
  • I(k) indicates the result of the FP method at time k
  • the FP method may be expressed as:
  • I ⁇ ( k ) ⁇ 0 , L ⁇ ( H 1 ⁇ ( k ) , H 0 ⁇ ( k ) ) ⁇ Thre 1 , L ⁇ ( H 1 ⁇ ( k ) , H 0 ⁇ ( k ) ) ⁇ Thre 2 , No ⁇ ⁇ H 0 ⁇ ( k ) . Equation ⁇ ⁇ ( 1 )
  • the test statistic function approximately represents a generalized likelihood ratio test based on a time-invariant channel model.
  • the channel parameters such as channel coherence time, may vary significantly over time, and may depend on environment changes. It should be apparent that other functions may be implemented depending on the particular channel model without exceeding the scope of the present application. Table 1 shows several exemplary applications of the test statistic function.
  • L1-L6 and L8 utilize a complex scalar, e jArg(H H) 0 1 , to counteract the phase drifting of the channel response due to the changes of the receiver's local oscillator.
  • a CIR Post-Process (CPP) method may be used to align the channel impulse response in the time domain where two CIR vectors shift in time to increase the overlap in shape.
  • the CPP method may reduce the affect of timing errors in channel estimation, and may reduce the false alarm rate.
  • the CPP method may optionally include, for example, CIR shape pruning, up sampling, and normalization of power.
  • the threshold, Thre may be a pre-assigned threshold. For example, a fixed threshold based on empirical data may be used. Alternatively, an adaptive threshold may be used. To establish an adaptive threshold, Alice sends N train training messages to Bob, so as to teach Bob the range of the test statistics. Bob determines a percentile value of the test statistic as the test threshold. For example, Bob may select a low threshold for a channel that exhibits low time variation in order to balance between a false alarm rate and miss rate.
  • Bob executes a security policy at 450 .
  • Bob simply discards the signal without performing higher layer processing.
  • Bob performs higher layer processing to further evaluate the authenticity of the received signal. If the signal also fails the higher layer processing, it is then discarded. For example, Bob may perform a one-way hash chain to further evaluate the authenticity of the received signal.
  • FIG. 5 is a diagram of an example method of double-authentication using one-way hash chain based higher layer processing.
  • each signal Alice sends includes an element from a one-way hash chain.
  • a one-way hash chain includes a sequence of elements based on a publicly known one-way hash function F(.), such that, using knowledge of X i , X j may be computed for all j>i, In addition, it is computationally difficult to compute F(X k ) for any k ⁇ i.
  • the one-way hash chain may be expressed as:
  • Alice chooses a random seed X 1 and a value of N at 510 .
  • the value of N is based on Alice's estimate of the total number of probes she expects to transmit.
  • Alice and Bob agree on the rate at which the signals will be sent at 515 .
  • Alice and Bob may agree on a value of N in a prior communication.
  • Alice's choice of N may be configured as a protocol parameter. It should be apparent that any method of agreeing on the value of N may be performed without exceeding the scope of the application.
  • Alice successively computes and stores N hash function values based on X 1 at 520 .
  • the one-way hash chain may be pre-computed and stored.
  • Alice transmits a series of N signals including her MAC address and the calculated hash values to Bob beginning at 530 .
  • Alice includes the element X N in the first signal A 1 at 530 , the element X N ⁇ 1 in the second signal A 2 at 540 , and so on at 560 - 570 .
  • the elements of the chain are revealed in reverse order.
  • Bob receives the first signal A 1 and the second signal A 2 and validates them at 532 , 542 using the FP method.
  • convinced Receiving the signals may compute the hash of the element contained in a signal using the publicly known function F(.) to verify that it equals the element contained in the previous signal, thereby being confident that the signal was sent by the same entity that transmitted the previous signal.
  • Alice transmits a third signal A 3 containing the one-way hash chain element X N ⁇ 2 at 550 . However, Bob does not receive the third signal. Alice transmits a fourth signal A 4 , containing the one-way hash chain element X N ⁇ 3 , at 560 . Bob receives the fourth signal A 4 and recognizes that a signal has been missed at 562 .
  • Bob determines the number of missed signals, m, based on the rate at which he and Alice have agreed to send signals on the channel.
  • Bob computes the hash F(F(F . . . F(X n ))) . . . ) where X n is the hash element in the latest signal, and the hash function is applied m times at 566 .
  • Bob compares the new hash value with the hash value contained in the previous correctly received signal A 2 , and validates the signal A 4 at 568 .
  • Authentication based on one-way hash chains does not depend upon the wireless channel and does not reveal any part of any secret keys derived between Alice and Bob. For example, if Alice and Bob derive secret encryption keys based on common randomness of a wireless channel, these keys are not publicly revealed during one-way hash chain authentication and are preserved for use during encryption. Since the number of signals that need to be exchanged in order to extract a key of a certain length may be conservatively upper bounded by a constant number N, a constant amount of memory is used to store the one-way hash chain.
  • a Message Authentication Code of each signal including the preamble bits, the hash element disclosed, and a sequence number may be attached at the end of the signal.
  • the Message Authentication Code is computed using the next hash element to be revealed in the next signal as a key.
  • the one-way hash chain is extended to protect further signals by cascading a second one-way hash chain after the first. Elements from the start of the second chain are included with elements from the end of the first chain. This effectively authenticates the start of the second chain before the first chain has ended.
  • channel-based and one-way chain based data-origin consistency may be used in a number of ways, by attributing an appropriate amount of importance to the outcome of the hypothesis test computed for each received probe. For example, one-way chain authentication or channel-based authentication may be performed for a subset of the messages.
  • the overall authentication determination I a (k) may be expressed as:
  • H 1 (k) is the CIR derived from a signal received at time k
  • H 0 (k) may be expressed as:
  • the source of the CIR vector H may be designated S(H).
  • S(H 0 (k)) Alice and I(k) ⁇ 2.
  • P fa , P m The false alarm rate, P fa , and miss rate, P m , may be denoted as:
  • P FAA the overall false alarm rate
  • the performance of the overall false alarm rate depends more on P FA and P M , than P fa , and P m ; however, the evaluation of P FA and P M , takes more effort due to the dependence on the timer limit, N T , higher layer processing, and transmission pattern of both Alice and Eve. For example, if Eve sends spoofing messages more frequently, both P FA and P M increase, even though everything else including P fa , and P m remains relatively constant. Since the generalized closed-form expressions of P FA and P M are hard to obtain, they may be bound as functions of P fa , and P m , which are much easier to evaluate.
  • the identically distributed signals may be expressed as:
  • the FP method may be expressed as:
  • FIG. 6 shows a block diagram of an example of a method of authentication for secure wireless communication with re-authentication.
  • Alice sends a first signal A 1 to Bob at 610 .
  • Bob receives the signal A 1 and authenticates it using higher layer processing at 612 .
  • Bob stores Alice's CIR reference data, including a timer T 1 at 614 .
  • Alice sends a second signal A 2 to Bob at 620 .
  • Bob receives the signal A 2 , generates a CIR measurement based on the received signal, locates the stored CIR reference data, performs the FP method, and authenticates Alice at 622 .
  • Eve attempts to gain illegitimate access using a spoofed signal E 1 including Alice's MAC address at 630 .
  • Bob receives Eve's signal E 1 , generates a CIR measurement based on the received signal, locates the stored CIR reference data, and detects the spoofed signal at 632 .
  • the timer T 1 expires at 640 .
  • Alice sends a third signal A 3 to Bob at 650 .
  • Bob receives the signal A 3 , generates a CIR measurement based on the received signal, looks for, but does not locates stored CIR reference data, authenticates the signal A 3 using higher layer processing, and stores Alice's CIR reference data, including a timer T 2 at 652 .
  • Bob may authenticate the signal A 3 using the one-way hash chain method described in reference to FIG. 6 .
  • Eve attempts to gain illegitimate access using a spoofed signal E 2 including Alice's MAC address at 660 .
  • Bob receives Eve's signal E 2 , generates a CIR measurement based on the received signal, locates the stored CIR reference data, and detects the spoofed signal at 662 .
  • ROM read only memory
  • RAM random access memory
  • register cache memory
  • semiconductor memory devices magnetic media such as internal hard disks and removable disks, magneto-optical media, and optical media such as CD-ROM disks, and digital versatile disks (DVDs).
  • Suitable processors include, by way of example, a general purpose processor, a special purpose processor, a conventional processor, a digital signal processor (DSP), a plurality of microprocessors, one or more microprocessors in association with a DSP core, a controller, a microcontroller, Application Specific Integrated Circuits (ASICs), Application Specific Standard Products (ASSPs); Field Programmable Gate Arrays (FPGAs) circuits, any other type of integrated circuit (IC), and/or a state machine.
  • DSP digital signal processor
  • ASICs Application Specific Integrated Circuits
  • ASSPs Application Specific Standard Products
  • FPGAs Field Programmable Gate Arrays
  • a processor in association with software may be used to implement a radio frequency transceiver for use in a wireless transmit receive unit (WTRU), user equipment (UE), terminal, base station, Mobility Management Entity (MME) or Evolved Packet Core (EPC), or any host computer.
  • WTRU wireless transmit receive unit
  • UE user equipment
  • MME Mobility Management Entity
  • EPC Evolved Packet Core
  • the WTRU may be used in conjunction with modules, implemented in hardware and/or software including a Software Defined Radio (SDR), and other components such as a camera, a video camera module, a videophone, a speakerphone, a vibration device, a speaker, a microphone, a television transceiver, a hands free headset, a keyboard, a Bluetooth® module, a frequency modulated (FM) radio unit, a Near Field Communication (NFC) Module, a liquid crystal display (LCD) display unit, an organic light-emitting diode (OLED) display unit, a digital music player, a media player, a video game player module, an Internet browser, and/or any Wireless Local Area Network (WLAN) or Ultra Wide Band (UWB) module.
  • SDR Software Defined Radio
  • other components such as a camera, a video camera module, a videophone, a speakerphone, a vibration device, a speaker, a microphone, a television transceiver, a hands free headset, a keyboard

Abstract

A method and apparatus for use in authentication for secure wireless communication is provided. A received signal is physically authenticated and higher layer processed. Physical authentication includes performing hypothesis testing using a channel impulse response (CIR) measurement of the received signal and predetermined referenced data. Higher layer processing includes validating the signal using a one-way hash chain value in the signal. Once a signal is authenticated, secure wireless communication is performed.

Description

    CROSS REFERENCE TO RELATED APPLICATIONS
  • This application is a continuation of National Stage Application Ser. No. 13/121,190 filed on Dec. 16, 2013 which is a 371 of International Application PCT/US2009/057477 filed on Sep. 18, 2009 which claims the benefit of provisional application 61/098,480 filed on Sep. 19, 2008, the disclosures of which are incorporated herein by reference in their entirety.
  • TECHNICAL FIELD
  • This application is related to wireless communications.
  • BACKGROUND
  • In typical wireless communications two wireless transmit/receive units (WTRUs), Alice and Bob, communicate with each other on a channel. To exclude an illegitimate entity, Eve, Alice and Bob cryptographically protect their communications. Traditional cryptographic techniques, which rely on computational difficulty, are increasingly ineffective as the availability of computing power increases. In addition, an Eve may use a spoofing to disrupt legitimate communications in variety of ways, such as through denial of service or signals by impersonating a legitimate communicating entity.
  • Information-theoretically secure cryptographic techniques eliminate the reliance on computational difficulty. For example, Alice and Bob may employ the reciprocity of a wireless channel to extract secret keys. These techniques usually rely on exchanging signals, or probing, the wireless channel, such as in a time division duplex (TDD) manner, to collect correlated information from which common secret bits are obtained. During the probing, it may be difficult for Alice and Bob to be sure that the signals they received originated from a legitimate source. Thus a method an apparatus for providing authentication for secure wireless communication would be advantageous.
  • SUMMARY
  • A method and apparatus for use in authentication for secure wireless communication is provided. A received signal is physically authenticated and higher layer processed. Physical authentication includes performing hypothesis testing using a channel impulse response (CIR) measurement of the received signal and predetermined referenced data. Higher layer processing includes validating the signal using a one-way hash chain value in the signal. Once a signal is authenticated, secure wireless communication may be performed.
  • BRIEF DESCRIPTION OF THE DRAWINGS
  • A more detailed understanding may be had from the following description, given by way of example in conjunction with the accompanying drawings wherein:
  • FIG. 1 shows a block diagram of an example of a network for performing authentication for secure wireless communication;
  • FIG. 2 shows a block diagram of an example of a wireless transmit/receive unit and a base station for performing authentication for secure wireless communication;
  • FIG. 3 shows a diagram of an example of a method of authentication for secure wireless communication;
  • FIG. 4 is a flow chart of an example of a method of double-authentication;
  • FIG. 5 shows a diagram of an example a method of double-authentication using one-way hash chain based higher layer processing; and
  • FIG. 6 shows a block diagram of an example of a method of authentication for secure wireless communication with re-authentication.
  • DETAILED DESCRIPTION OF ILLUSTRATIVE EMBODIMENTS
  • When referred to hereafter, the terminology “wireless transmit/receive unit (WTRU)” includes but is not limited to a user equipment (UE), a mobile station, a fixed or mobile subscriber unit, a pager, a cellular telephone, a personal digital assistant (PDA), a computer, or any other type of user device capable of operating in a wireless environment. When referred to hereafter, the terminology “base station” includes but is not limited to a Node-B, a site controller, an access point (AP), or any other type of interfacing device capable of operating in a wireless environment. The terms “WTRU” and “base station” are not mutually exclusive. For example, a WTRU may be an enhanced Home Node-B (H(e)NB).
  • When referred to hereafter, the term “Alice” includes a WTRU or a base station that is a legitimate communicating entity. When referred to hereafter, the term “Bob” includes a WTRU or a base station that is a legitimate communicating entity. When referred to hereafter, the term “information-theoretically secure” includes but is not limited to perfectly secure, unconditionally secure, and nearly information-theoretically secure. When referred to hereafter, the terms “trust”, “trusted”, and “trustworthy”, as well as variations thereof, indicate a quantifiable and observable manner of assessing whether a unit will function in a particular manner.
  • FIG. 1 shows a block diagram of an example of a wireless communication network 100 for performing authentication for secure wireless communication. The network 100 includes a first WTRU 110 (Alice), a base station 120 (Bob), and an illegitimate communicating entity 130 (Eve). Alice is in communication Bob. Eve is attempting to interfere.
  • Although shown as a WTRU for simplicity, Alice may be a base station, or any other apparatus capable of performing wireless communication. Although shown as a base station for simplicity, Bob may be a WTRU, or any other apparatus capable of performing wireless communication. In addition, it should be apparent that any combination of wireless and wired devices may be included in the wireless communication network 100.
  • FIG. 2 is a more detailed block diagram of an example of the wireless communication network 100 including Alice, shown as a WTRU 110, and BOB, shown as a base station 120. As shown Alice and Bob are configured to perform a method of authentication for secure wireless communication.
  • In addition to the components that may be found in a typical WTRU, the WTRU 110 includes a processor 211 with an optional linked memory 213, at least one transceiver 215, an optional battery 217, and an antenna 219. The processor 211 is configured to perform a method of authentication for secure wireless communication. The transceiver 215 is in communication with the processor 211 and the antenna 219 to facilitate the transmission and reception of wireless communications. In case a battery 217 is used in the WTRU 110, it powers the transceiver 215 and the processor 211.
  • In addition to the components that may be found in a typical base station, the base station 120 includes a processor 221 with an optional linked memory 223, transceivers 225, and antennas 227. The processor 221 is configured to perform a method of authentication for secure wireless communication. The transceivers 225 are in communication with the processor 221 and antennas 227 to facilitate the transmission and reception of wireless communications.
  • In a typical rich scattering environment, the radio channel response decorrelates rapidly in space. A physical-layer, channel-based, method that combines channel probing, M complex frequency response samples over a bandwidth W, with hypothesis testing may be used to determine whether current and prior communication attempts are made by the same communicating entity. In this way, legitimate entities can be authenticated and illegitimate entities can be detected.
  • In response to a spoofing attack, the receiver may fail to detect a certain percentage of illegitimate signals, called the miss rate, and accept the spoofed messages as valid. Once an attack is missed, the receiver may generate a certain percentage of false rejections, called the false alarm rate, when the legitimate communicating entity attempts to authenticate. To counteract the non-zero probabilities of false alarm and missed detection, and the possibility of decorrelation due to missed or lost signals, a one-way hash chain that relies on purely cryptographic properties of hash functions and provides cryptographic protections based on the computational difficulty of inverting a one-way function, F(.), may be combined with the channel-based method.
  • FIG. 3 is a flow diagram of an example of a method of authentication for secure wireless communication. Alice sends a signal A1 including a unique identifier, such as a medium access control (MAC) address, to Bob to establish a connection at 310. Bob receives the signal A1 and uses a double-authentication algorithm, which includes channel-based validation and purely cryptographic validation, to authenticate the signal at 320. Eve attempts a spoofing attack to gain illegitimate access by sending a spoofing signal E1 including Alice's MAC address to Bob at 330. Bob receives Eve's spoofing signal E1 and detects Eve's spoofing attack using the double-authentication algorithm at 340. In response to detecting Eve's spoofing attack, Bob performs a security algorithm, for example a system-dependent method, at 350.
  • FIG. 4 is a flow chart of an example of a method of double-authentication. Bob receives a signal including a unique identifier (MAC address) and generates a channel impulse response (CIR) measurement based on the received signal at 410. Bob examines a reference table to determine whether valid reference CIR data associated with the MAC address exists at 420. If the CIR reference data exists, Bob performs a Fingerprints in the Ether (FP) method at 430. For example, a typical FP method includes the configuration of a storage mechanism for recording the shape of a CIR measurement associated with a particular WTRU, such as, via a MAC address. Upon receipt of a signal purporting to have originated from the WTRU, the receiver obtains a CIR measurement for the signal and compares it with the recorded CIR. If the two CIRs match, the signal is interpreted as being authentic.
  • If the FP method does not detect a possible attack (I(k)=0), or if no CIR reference data exists (I(k)=2), Bob performs higher layer processing, such as MAC layer authentication, at 440. Optionally, the higher lay processing may be nominal, such that I2(k)=0, or may be omitted. If the CIR reference data is authenticated, it is recorded in the reference table.
  • A CIR measurement may become stale over time. For example, after a period equal to the channel coherence time has passed, a CIR may completely decorrelate. The use of stale channel data may lead to false alarms. Accordingly, the CIR reference table includes a timer for each CIR record. When the timer reaches the maximum lifetime, NT, the CIR record expires and, optionally, is deleted. The maximum lifetime of the CIR record, NT, is set such that each CIR record expires within the relevant channel coherence time.
  • Referring back to FIG. 4, the FP method at 430 uses CIR data and hypothesis testing to differentiate among transmitters and detect spoofing messages. Hypothesis testing includes performing a test statistic function which provides a metric that is compared with a test threshold to produce hypothesis results. A test statistic function, L(H0, H1), is calculated to evaluate the difference between the input CIR data, H1, and the reference CIR data, H0. The result of the test statistic function is compared with a test threshold, Thre. If H0 and H1 are not similar enough L(H0, H1)>Thre and the FP method reports an alarm. Where I(k) indicates the result of the FP method at time k, the FP method may be expressed as:
  • I ( k ) = { 0 , L ( H 1 ( k ) , H 0 ( k ) ) < Thre 1 , L ( H 1 ( k ) , H 0 ( k ) ) Thre 2 , No H 0 ( k ) . Equation ( 1 )
  • The test statistic function approximately represents a generalized likelihood ratio test based on a time-invariant channel model. The channel parameters, such as channel coherence time, may vary significantly over time, and may depend on environment changes. It should be apparent that other functions may be implemented depending on the particular channel model without exceeding the scope of the present application. Table 1 shows several exemplary applications of the test statistic function.
  • TABLE 1
    No Test statistic, L(H0, H1) H0 & H 1
    1 ||H1 − H0ejArg(H 0 k H 1 )||2 CIR vectors obtained at time k − 1 and k
    2 ||H1 − H0ejArg(H 0 k H 1 )||2/min(||H1|2, ||H0||2)
    3 ||H1 − H0ejArg(H 0 k H 1 )||2 CIR vectors (Fourier transform of CIR)
    4 ||H1 − H0ejArg(H 0 k H 1 )||2/min(||H1|2, ||H0||2) obtained at time k − 1 and k
    5 ||H1 − H0ejArg(H 0 k H 1 )||2 CPP of CIR vectors obtained at time k − 1
    and k
    6 Same as L5, except exclusion of power
    normalization in CPP
    7 ||H1 − H0||2 CPP of CIR vectors obtained at time k − 1
    and k
    8 ||H1 − H0ejArg(H 0 k H 1) ||2 CPP of CIR vectors obtained at time k − 1
    and k, and then do Fourier transform
  • As shown in Table 1, the test statistics, L1, L3, and L5, process CIR data in the time domain, while their counterparts, L2, L4, and L8, process the channel frequency responses. In addition, L1-L6 and L8 utilize a complex scalar, ejArg(H H) 0 1, to counteract the phase drifting of the channel response due to the changes of the receiver's local oscillator.
  • A CIR Post-Process (CPP) method may be used to align the channel impulse response in the time domain where two CIR vectors shift in time to increase the overlap in shape. The CPP method may reduce the affect of timing errors in channel estimation, and may reduce the false alarm rate. To support time shifting, the CPP method may optionally include, for example, CIR shape pruning, up sampling, and normalization of power.
  • The threshold, Thre, may be a pre-assigned threshold. For example, a fixed threshold based on empirical data may be used. Alternatively, an adaptive threshold may be used. To establish an adaptive threshold, Alice sends Ntrain training messages to Bob, so as to teach Bob the range of the test statistics. Bob determines a percentile value of the test statistic as the test threshold. For example, Bob may select a low threshold for a channel that exhibits low time variation in order to balance between a false alarm rate and miss rate.
  • Referring again to FIG. 4, if the FP algorithm detects a possible attack (I(k)=1), such as a spoofing attack, and reports an alarm, Bob executes a security policy at 450. In some embodiments, Bob simply discards the signal without performing higher layer processing. Alternatively, Bob performs higher layer processing to further evaluate the authenticity of the received signal. If the signal also fails the higher layer processing, it is then discarded. For example, Bob may perform a one-way hash chain to further evaluate the authenticity of the received signal.
  • FIG. 5 is a diagram of an example method of double-authentication using one-way hash chain based higher layer processing. In this embodiment, each signal Alice sends includes an element from a one-way hash chain. A one-way hash chain includes a sequence of elements based on a publicly known one-way hash function F(.), such that, using knowledge of Xi, Xj may be computed for all j>i, In addition, it is computationally difficult to compute F(Xk) for any k<i.
  • Where the integer N denotes a predetermined number of signals, the one-way hash chain may be expressed as:

  • X 1 →X 2 =F(X 1)→X 3=F(X 2)→ . . . . →X N =F(X N−1).   Equation (2)
  • As shown in FIG. 5, Alice chooses a random seed X1 and a value of N at 510. The value of N is based on Alice's estimate of the total number of probes she expects to transmit. Alice and Bob agree on the rate at which the signals will be sent at 515. For example, Alice estimates N and sends a message to Bob indicated N. Alternatively, Alice and Bob may agree on a value of N in a prior communication. Optionally, Alice's choice of N may be configured as a protocol parameter. It should be apparent that any method of agreeing on the value of N may be performed without exceeding the scope of the application.
  • Alice successively computes and stores N hash function values based on X1 at 520. For example, the hash of X1 may be expressed as X2=F(X1), and the hash of X2 may be expressed as X3=F(F(X1)). Optionally, the one-way hash chain may be pre-computed and stored.
  • Alice transmits a series of N signals including her MAC address and the calculated hash values to Bob beginning at 530. For example, Alice includes the element XN in the first signal A1 at 530, the element XN−1 in the second signal A2 at 540, and so on at 560-570. Thus the elements of the chain are revealed in reverse order. Bob receives the first signal A1 and the second signal A2 and validates them at 532, 542 using the FP method.
  • Eve attempts to spoof Alice by sending a signal E1 including Alice's MAC address to Bob at 545. Anyone receiving the signals may compute the hash of the element contained in a signal using the publicly known function F(.) to verify that it equals the element contained in the previous signal, thereby being confident that the signal was sent by the same entity that transmitted the previous signal. Moreover, since the hash function F(.) is one-way, knowledge of hash elements contained in received signals, t=t0, cannot be used to predict the hash elements contained in later received signals, such as signals arriving at t>t0. Therefore, Bob receives Eve's signal E1, computes the hash value, and determines that CIR and hash values do not match, and rejects Eve's spoofing attempt at 547.
  • Alice transmits a third signal A3 containing the one-way hash chain element XN−2 at 550. However, Bob does not receive the third signal. Alice transmits a fourth signal A4, containing the one-way hash chain element XN−3, at 560. Bob receives the fourth signal A4 and recognizes that a signal has been missed at 562.
  • If a signal is lost, the legitimacy of the next received signal may be ascertained by recursively computing the hash of the element in the latest received signal. Thus, at 564, Bob determines the number of missed signals, m, based on the rate at which he and Alice have agreed to send signals on the channel. Bob computes the hash F(F(F . . . F(Xn))) . . . ) where Xn is the hash element in the latest signal, and the hash function is applied m times at 566. Bob compares the new hash value with the hash value contained in the previous correctly received signal A2, and validates the signal A4 at 568.
  • Authentication based on one-way hash chains does not depend upon the wireless channel and does not reveal any part of any secret keys derived between Alice and Bob. For example, if Alice and Bob derive secret encryption keys based on common randomness of a wireless channel, these keys are not publicly revealed during one-way hash chain authentication and are preserved for use during encryption. Since the number of signals that need to be exchanged in order to extract a key of a certain length may be conservatively upper bounded by a constant number N, a constant amount of memory is used to store the one-way hash chain.
  • Optionally, to protect against a simple substitution attack, wherein Eve reads the hash element from a signal and uses those numbers to spoof a signal, a Message Authentication Code of each signal including the preamble bits, the hash element disclosed, and a sequence number, may be attached at the end of the signal. The Message Authentication Code is computed using the next hash element to be revealed in the next signal as a key.
  • In some embodiments, the one-way hash chain is extended to protect further signals by cascading a second one-way hash chain after the first. Elements from the start of the second chain are included with elements from the end of the first chain. This effectively authenticates the start of the second chain before the first chain has ended.
  • It should be apparent that the combination of channel-based and one-way chain based data-origin consistency may be used in a number of ways, by attributing an appropriate amount of importance to the outcome of the hypothesis test computed for each received probe. For example, one-way chain authentication or channel-based authentication may be performed for a subset of the messages.
  • Regardless of the higher layer processing method used, the result may be denoted I2(k)=0 if Alice is authenticated, and I2(k)=1 if a possible attack is detected. Thus, the overall authentication determination Ia(k), may be expressed as:
  • I a ( k ) = { 1 , if I ( k ) = 1 I 2 ( k ) , else Equation ( 3 )
  • Where H1(k) is the CIR derived from a signal received at time k, H0(k) may be expressed as:
  • H 0 ( k ) = { H 1 ( k - 1 ) , if I a ( k - 1 ) = 0 H 0 ( k - 1 ) , else if Timer of H 0 ( k - 1 ) N T NA , o . w . . Equation ( 4 )
  • Where Bob has a reliable reference channel response, resulting from a message sent by Alice for which the timer has not expired, the source of the CIR vector H may be designated S(H). For example, S(H0(k))=Alice and I(k)<2. The false alarm rate, Pfa, and miss rate, Pm, may be denoted as:

  • P fa =P{I(k)=1|S(H 1(k))=S(H 0(k))}

  • P m =P{I(k)=0|S(H 1(k)≠S(H 0(k))}.   Equation (5)
  • Where Bob does not have a reliable reference channel response the false alarm rate, PFA, and miss rate, PM, may be denoted as:

  • P FA =P{I(k)=1|S(H 1(k))=Alice}

  • P M =P{I(k)≠1|S(H 1(k))=Eve}.   Equation (6)
  • Where Pfa2 and Pm2 denote the false alarm rate and the miss rate of the higher layer processing respectively, the overall false alarm rate, PFAA, may be denoted as:

  • PMA=PMPm2

  • P FAA =P FA+(1−P FA)P fa2.   Equation (7)
  • The performance of the overall false alarm rate depends more on PFA and PM, than Pfa, and Pm; however, the evaluation of PFA and PM, takes more effort due to the dependence on the timer limit, NT, higher layer processing, and transmission pattern of both Alice and Eve. For example, if Eve sends spoofing messages more frequently, both PFA and PM increase, even though everything else including Pfa, and Pm remains relatively constant. Since the generalized closed-form expressions of PFA and PM are hard to obtain, they may be bound as functions of Pfa, and Pm, which are much easier to evaluate.
  • For example, if Bob receives one signal from either Alice, Pa, or Eve, Pe, every time unit, and the source of the message is time independent, the identically distributed signals may be expressed as:
  • P = { P a , S ( H 1 ( k ) ) = Alice 1 - P a , S ( H 1 ( k ) ) = Eve . Equation ( 8 )
  • Where the CIR timer NT is less than the channel coherence time, and the correlation of any two CIR vectors of the same channel is constant within the channel coherence time, the lower-bound of the overall false alarm rate and miss rate the FP method may be expressed as:

  • P FA =P fa −P fa(1−P a +P a P FA)N T

  • P M =P m+(1−P m)(1−P a(1−P FA))N T .   Equation (9)
  • FIG. 6 shows a block diagram of an example of a method of authentication for secure wireless communication with re-authentication. Alice sends a first signal A1 to Bob at 610. Bob receives the signal A1 and authenticates it using higher layer processing at 612. Bob stores Alice's CIR reference data, including a timer T1 at 614.
  • Alice sends a second signal A2 to Bob at 620. Bob receives the signal A2, generates a CIR measurement based on the received signal, locates the stored CIR reference data, performs the FP method, and authenticates Alice at 622.
  • Eve attempts to gain illegitimate access using a spoofed signal E1 including Alice's MAC address at 630. Bob receives Eve's signal E1, generates a CIR measurement based on the received signal, locates the stored CIR reference data, and detects the spoofed signal at 632.
  • The timer T1 expires at 640. Alice sends a third signal A3 to Bob at 650. Bob receives the signal A3, generates a CIR measurement based on the received signal, looks for, but does not locates stored CIR reference data, authenticates the signal A3 using higher layer processing, and stores Alice's CIR reference data, including a timer T2 at 652. For example, Bob may authenticate the signal A3 using the one-way hash chain method described in reference to FIG. 6.
  • Eve attempts to gain illegitimate access using a spoofed signal E2 including Alice's MAC address at 660. Bob receives Eve's signal E2, generates a CIR measurement based on the received signal, locates the stored CIR reference data, and detects the spoofed signal at 662.
  • Although features and elements are described above in particular combinations, each feature or element can be used alone without the other features and elements or in various combinations with or without other features and elements. The methods or flow charts provided herein may be implemented in a computer program, software, or firmware incorporated in a computer-readable storage medium for execution by a general purpose computer or a processor. Examples of computer-readable storage mediums include a read only memory (ROM), a random access memory (RAM), a register, cache memory, semiconductor memory devices, magnetic media such as internal hard disks and removable disks, magneto-optical media, and optical media such as CD-ROM disks, and digital versatile disks (DVDs).
  • Suitable processors include, by way of example, a general purpose processor, a special purpose processor, a conventional processor, a digital signal processor (DSP), a plurality of microprocessors, one or more microprocessors in association with a DSP core, a controller, a microcontroller, Application Specific Integrated Circuits (ASICs), Application Specific Standard Products (ASSPs); Field Programmable Gate Arrays (FPGAs) circuits, any other type of integrated circuit (IC), and/or a state machine.
  • A processor in association with software may be used to implement a radio frequency transceiver for use in a wireless transmit receive unit (WTRU), user equipment (UE), terminal, base station, Mobility Management Entity (MME) or Evolved Packet Core (EPC), or any host computer. The WTRU may be used in conjunction with modules, implemented in hardware and/or software including a Software Defined Radio (SDR), and other components such as a camera, a video camera module, a videophone, a speakerphone, a vibration device, a speaker, a microphone, a television transceiver, a hands free headset, a keyboard, a Bluetooth® module, a frequency modulated (FM) radio unit, a Near Field Communication (NFC) Module, a liquid crystal display (LCD) display unit, an organic light-emitting diode (OLED) display unit, a digital music player, a media player, a video game player module, an Internet browser, and/or any Wireless Local Area Network (WLAN) or Ultra Wide Band (UWB) module.
  • Embodiments
    • 1. A method for use in wireless communication, the method comprising:
    • receiving a signal from a wireless transmit/receive unit (WTRU); and authenticating the received signal.
    • 2. A method as in any one of the preceding embodiments wherein the authenticating includes double-authentication.
    • 3. A method as in any one of the preceding embodiments wherein the authenticating includes physically authenticating the received signal.
    • 4. A method as in any one of the preceding embodiments wherein the authenticating includes higher layer processing the received signal.
    • 5. A method as in any one of the preceding embodiments wherein the physically authenticating includes fingerprints in the ether (FP) authenticating the signal.
    • 6. A method as in any one of the preceding embodiments wherein the physically authenticating includes determining whether a predetermined physical attribute is available based on data included in the signal.
    • 7. A method as in any one of the preceding embodiments wherein the physically authenticating includes determining whether a physical attribute of the received signal matches a predetermined physical attribute associated with data included in the received signal. 8. A method as in any one of the preceding embodiments wherein the physically authenticating includes evaluating a channel impulse response (CIR) measurement of the received signal.
    • 9. A method as in any one of the preceding embodiments wherein the evaluating a CIR measurement includes comparing a shape of a CIR measurement of the received signal with a shape of a predetermined CIR measurement associated with data included in the received signal.
    • 10. A method as in any one of the preceding embodiments wherein the authenticating the received signal includes storing a physical attribute of the received signal in association with data included in the received signal.
    • 11. A method as in any one of the preceding embodiments wherein the storing a physical attribute includes storing a timer.
    • 12. A method as in any one of the preceding embodiments wherein the physically authenticating includes ignoring information associated with an expired timer.
    • 13. A method as in any one of the preceding embodiments further comprising:
    • executing a security policy in response to an authentication failure.
    • 14. A method as in any one of the preceding embodiments wherein the physically authenticating includes hypothesis testing.
    • 15. A method as in any one of the preceding embodiments wherein the hypothesis testing includes calculating a hypothesis result using a test statistic function.
    • 16. A method as in any one of the preceding embodiments wherein the hypothesis testing includes comparing the hypothesis result with a threshold.
    • 17. A method as in any one of the preceding embodiments wherein the hypothesis testing includes adaptively determining the threshold.
    • 18. A method as in any one of the preceding embodiments wherein the adaptively determining includes receiving a signal indicating a threshold from the WTRU.
    • 19. A method as in any one of the preceding embodiments wherein the higher layer processing includes purely cryptographic validation.
    • 20. A method as in any one of the preceding embodiments wherein the higher layer processing includes one-way hash chain authentication.
    • 21. A method as in any one of the preceding embodiments wherein the one-way hash chain authentication includes extracting a Message Authentication Code from each signal in a plurality of signals.
    • 22. A method as in any one of the preceding embodiments wherein the message authentication code includes a preamble bit.
    • 23. A method as in any one of the preceding embodiments wherein the message authentication code includes a one-way hash chain element.
    • 24. A method as in any one of the preceding embodiments wherein the message authentication code includes a sequence number.
    • 25. A method as in any one of the preceding embodiments wherein the receiving a signal includes receiving a plurality of signals.
    • 26. A method as in any one of the preceding embodiments wherein each signal in the plurality of received signals includes an element of a one-way hash chain.
    • 27. A method as in any one of the preceding embodiments wherein the higher layer processing includes determining whether a hash value of a first one-way hash chain element in a first signal in the plurality of signals matches a second one-way hash chain element in a second signal in the plurality of signals.
    • 28. A method as in any one of the preceding embodiments further comprising: receiving a signal indicating a signal count for the plurality of signals.
    • 29. A method as in any one of the preceding embodiments further comprising:
  • receiving a signal indicating a transmission rate for the plurality of signals.
    • 30. A method as in any one of the preceding embodiments the determining includes recursively computing a missing hash value using the first one-way hash chain element and the second one-way hash chain element.
    • 31. A method as in any one of the preceding embodiments wherein the higher layer processing includes determining whether a hash value of a third one-way hash chain element in a third signal in the plurality of signals matches a fourth one-way hash chain element in the second signal in the plurality of signals.
    • 32. A method as in any one of the preceding embodiments further comprising: performing secure wireless communication with the WTRU.
    • 33. A method as in any one of the preceding embodiments wherein the authenticating includes channel-based validation.
    • 34. A method as in any one of the preceding embodiments wherein the authenticating includes rejecting a spoofing attack.
    • 35. A method as in any one of the preceding embodiments wherein the signal includes information that indicates an identity of the WTRU.
    • 36. A method as in any one of the preceding embodiments wherein the test statistic function represents a generalized likelihood ratio test.
    • 37. A method as in any one of the preceding embodiments wherein the likelihood ratio test is based on a time-invariant channel model.
    • 38. A method as in any one of the preceding embodiments wherein the test statistic function depends on a channel model.
    • 39. A method as in any one of the preceding embodiments wherein the test statistic function includes processing CIR data in the time domain.
    • 40. A method as in any one of the preceding embodiments wherein the test statistic function includes processing a channel frequency response.
    • 41. A method as in any one of the preceding embodiments wherein the test statistic function includes using a complex scalar to counteract phase drift.
    • 42. A method as in any one of the preceding embodiments wherein measuring a CIR includes performing CIR post-processing.
    • 43. A method as in any one of the preceding embodiments wherein the CIR post-processing includes aligning the CIR measurement.
    • 44. A method as in any one of the preceding embodiments wherein the CIR post-processing includes CIR shape pruning
    • 45. A method as in any one of the preceding embodiments wherein the CIR post-processing includes up sampling.
    • 46. A method as in any one of the preceding embodiments wherein the CIR post-processing includes normalization of power.
    • 47. A method as in any one of the preceding embodiments wherein the threshold is pre-assigned.
    • 48. A method as in any one of the preceding embodiments wherein the threshold is based on empirical data.
    • 49. A method as in any one of the preceding embodiments wherein the threshold is adaptively assigned.
    • 50. A method as in any one of the preceding embodiments wherein the adaptively assigning includes receiving a training message from the WTRU.
    • 51. A method as in any one of the preceding embodiments wherein the receiving a training message includes determining a range of test statistics.
    • 52. A wireless transmit/receive unit (WTRU) configured to perform at least part of any one of the preceding embodiments.
    • 53. A base station configured to perform at least part of any one of the preceding embodiments.
    • 54. An integrated circuit configured to perform at least part of any one of the preceding embodiments.

Claims (20)

What is claimed:
1. A method for use in authenticating wireless communications from a wireless unit, the method comprising:
receiving a signal from the wireless unit
determining a channel impulse response (CIR) of the signal;
storing the CIR as a temporary CIR;
performing higher layer authentication of the wireless unit using data received in the received signal; and
upon successful higher layer authentication using the data received in the received signal, computing a CIR template using the stored temporary CIR.
2. The method of claim 1, further comprising, in subsequent communications:
receiving a signal from the wireless unit and determining a corresponding CIR for the signal; and
using the CIR template and corresponding CIR to authenticate the wireless unit.
3. The method of claim 2, wherein after successfully authenticating the wireless unit, the CIR template and the corresponding CIR are processed to compute a new CIR template.
4. The method of claim 2, wherein a test statistic function is calculated to evaluate the similarity between the corresponding CIR and the CIR template.
5. The method of claim 4, wherein the test statistic function is compared with a test threshold to authenticate the wireless unit.
6. The method of claim 4, wherein the test statistic function is a correlation coefficient.
7. The method of claim 1, wherein the higher layer authentication of the wireless unit is performed using cryptographic means.
8. The method of claim 1, wherein the higher layer authentication of the wireless unit includes validating the received signal using a one-way hash chain value in the received signal.
9. The method of claim 1, further comprising re-performing higher layer authentication of the wireless unit when a timer expires, a certain number of CIR samples have been received, or the result of a test statistic indicates an unacceptable false alarm probability or miss rate.
10. The method of claim 1, wherein the CIR template is updated based on the corresponding CIR and higher layer information validating the received signal as being from the wireless unit.
11. The method of claim 1, wherein the wireless unit is a wireless transmit/receive unit (WTRU).
12. A device comprising: a receiver configured to receive a signal from a wireless unit and a processor configured to authenticate the received signal by:
receiving a signal from the wireless unit
determining a channel impulse response (CIR) of the signal;
storing the CIR as a temporary CIR;
performing higher layer authentication of the wireless unit using data received in the received signal; and
upon successful higher layer authentication using the data received in the received signal, computing a CIR template using the stored temporary CIR.
13. The device of claim 12, further comprising, in subsequent communications:
receiving a signal from the wireless unit and determining a corresponding CIR for the signal; and
using the CIR template and corresponding CIR to authenticate the wireless unit.
14. The device of claim 13, wherein after successfully authenticating the wireless unit, the CIR template and the corresponding CIR are processed to compute a new CIR template.
15. The device of claim 13, wherein a test statistic function is calculated to evaluate the similarity between the corresponding CIR and the CIR template.
16. The device of claim 15, wherein the test statistic function is compared with a test threshold to authenticate the wireless unit.
17. The device of claim 12, wherein the higher layer authentication of the wireless unit is performed using cryptographic means.
18. The device of claim 12, wherein the higher layer authentication of the wireless unit includes validating the received signal using a one-way hash chain value in the received signal.
19. The device of claim 12, further comprising re-performing higher layer authentication of the wireless unit when a timer expires, a certain number of CIR samples have been received, or the result of a test statistic indicates an unacceptable false alarm probability or miss rate.
20. The device of claim 12, wherein the CIR template is updated based on the corresponding CIR and higher layer information validating the received signal as being from the wireless unit.
US15/455,412 2008-09-19 2017-03-10 Authentication for secure wireless communication Abandoned US20170188235A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US15/455,412 US20170188235A1 (en) 2008-09-19 2017-03-10 Authentication for secure wireless communication

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US9848008P 2008-09-19 2008-09-19
PCT/US2009/057477 WO2010033802A1 (en) 2008-09-19 2009-09-18 Authentication for secure wireless communication
US201313121190A 2013-12-16 2013-12-16
US15/455,412 US20170188235A1 (en) 2008-09-19 2017-03-10 Authentication for secure wireless communication

Related Parent Applications (2)

Application Number Title Priority Date Filing Date
US13/121,190 Continuation US9596599B2 (en) 2008-09-19 2009-09-18 Authentication for secure wireless communication
PCT/US2009/057477 Continuation WO2010033802A1 (en) 2008-09-19 2009-09-18 Authentication for secure wireless communication

Publications (1)

Publication Number Publication Date
US20170188235A1 true US20170188235A1 (en) 2017-06-29

Family

ID=41460098

Family Applications (2)

Application Number Title Priority Date Filing Date
US13/121,190 Expired - Fee Related US9596599B2 (en) 2008-09-19 2009-09-18 Authentication for secure wireless communication
US15/455,412 Abandoned US20170188235A1 (en) 2008-09-19 2017-03-10 Authentication for secure wireless communication

Family Applications Before (1)

Application Number Title Priority Date Filing Date
US13/121,190 Expired - Fee Related US9596599B2 (en) 2008-09-19 2009-09-18 Authentication for secure wireless communication

Country Status (5)

Country Link
US (2) US9596599B2 (en)
EP (1) EP2351289A1 (en)
KR (2) KR20110091041A (en)
CN (2) CN102197624B (en)
WO (1) WO2010033802A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10477522B2 (en) * 2008-10-31 2019-11-12 Interdigital Patent Holdings, Inc. Method and apparatus for transmitting data and control information on multiple uplink carrier frequencies
US11134477B2 (en) 2009-03-13 2021-09-28 Interdigital Patent Holdings, Inc. Method and apparatus for carrier assignment, configuration and switching for multicarrier wireless communications
CN114598495A (en) * 2022-01-20 2022-06-07 北京邮电大学 Physical layer authentication method and device based on multi-time slot channel characteristics

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6688434B2 (en) 2002-02-22 2004-02-10 Ecolab Inc. Conveyor and lubricating apparatus, lubricant dispensing device, and method for applying lubricant to conveyor
JP5706173B2 (en) * 2011-01-26 2015-04-22 任天堂株式会社 Information processing program, information processing apparatus, information processing method, and information processing system
WO2013036794A1 (en) * 2011-09-08 2013-03-14 Drexel University Reconfigurable antenna based solutions for device authentication and instrusion detection in wireless networks
US9078205B2 (en) 2012-03-09 2015-07-07 Qualcomm Incorporated Methods and apparatus for enabling non-destaggered channel estimation
US20150063190A1 (en) * 2013-08-28 2015-03-05 Qualcomm Incorporated Methods and apparatus for multiple user uplink
US9467379B2 (en) 2013-08-28 2016-10-11 Qualcomm Incorporated Methods and apparatus for multiple user uplink
FR3046315B1 (en) * 2015-12-29 2018-04-27 Thales METHOD FOR UNIVALENT AND UNIVERSAL EXTRACTION OF KEYS FROM THE PROPAGATION CHANNEL
CN107046468B (en) * 2017-06-14 2020-10-02 电子科技大学 Physical layer authentication threshold determination method and system
WO2019061515A1 (en) * 2017-09-30 2019-04-04 深圳大学 Robust wireless communication physical layer slope authentication method and device
WO2020182849A1 (en) * 2019-03-14 2020-09-17 Abb Schweiz Ag Method of authentication of wireless communication based on physical layer security
US11402485B2 (en) * 2019-04-30 2022-08-02 Robert Bosch Gmbh Ultra-wideband intelligent sensing system and method
CN113055057B (en) * 2019-12-27 2022-05-20 电子科技大学 Physical layer authentication method based on millimeter wave multi-antenna channel sparse peak characteristics
WO2022159762A1 (en) * 2021-01-22 2022-07-28 Futurewei Technologies, Inc. Method for improved hash chaining security

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5471501A (en) * 1991-06-27 1995-11-28 Hughes Aircraft Company Enhanced digital communications receiver using channel impulse estimates
US6249252B1 (en) * 1996-09-09 2001-06-19 Tracbeam Llc Wireless location using multiple location estimators
US6363131B1 (en) * 1998-04-29 2002-03-26 Hughes Electronics Corporation Method and apparatus for joint timing synchronization and frequency offset estimation
US20030050055A1 (en) * 2001-09-10 2003-03-13 Industrial Technology Research Institute Software defined radio (SDR) architecture for wireless digital communication systems
US20060009209A1 (en) * 2004-06-25 2006-01-12 Rieser Christian J Cognitive radio engine based on genetic algorithms in a network

Family Cites Families (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5943615A (en) * 1997-01-15 1999-08-24 Qualcomm, Incorpoarated Method and apparatus for providing authentication security in a wireless communication system
US6615040B1 (en) * 1999-01-22 2003-09-02 At&T Corp. Self-configurable wireless systems: spectrum monitoring in a layered configuration
US7219368B2 (en) * 1999-02-11 2007-05-15 Rsa Security Inc. Robust visual passwords
US6678270B1 (en) * 1999-03-12 2004-01-13 Sandstorm Enterprises, Inc. Packet interception system including arrangement facilitating authentication of intercepted packets
US6498864B1 (en) * 1999-10-05 2002-12-24 Morton F. Roseman Apparatus for authenticating products and authorizing processes using the magnetic properties of a marker
US7088966B2 (en) * 2001-12-07 2006-08-08 Dell Products L.P. Wireless connection controller
US7320070B2 (en) * 2002-01-08 2008-01-15 Verizon Services Corp. Methods and apparatus for protecting against IP address assignments based on a false MAC address
GB0203152D0 (en) * 2002-02-11 2002-03-27 Univ Manchester Communications apparatus
EP1343286A1 (en) * 2002-03-04 2003-09-10 BRITISH TELECOMMUNICATIONS public limited company Lightweight authentication of information
JP4809766B2 (en) * 2003-08-15 2011-11-09 株式会社エヌ・ティ・ティ・ドコモ Data stream authentication method and apparatus adaptively controlling loss
US8713626B2 (en) * 2003-10-16 2014-04-29 Cisco Technology, Inc. Network client validation of network management frames
JP2007510349A (en) 2003-10-29 2007-04-19 コーニンクレッカ フィリップス エレクトロニクス エヌ ヴィ Reliable forward secret key system and method sharing a physical random function
JP4311174B2 (en) * 2003-11-21 2009-08-12 日本電気株式会社 Authentication method, mobile radio communication system, mobile terminal, authentication side device, authentication server, authentication proxy switch, and program
US8280046B2 (en) * 2005-09-12 2012-10-02 Interdigital Technology Corporation Method and system for deriving an encryption key using joint randomness not shared by others
US7599308B2 (en) * 2005-02-04 2009-10-06 Fluke Corporation Methods and apparatus for identifying chronic performance problems on data networks
US7562228B2 (en) * 2005-03-15 2009-07-14 Microsoft Corporation Forensic for fingerprint detection in multimedia
US20070036353A1 (en) * 2005-05-31 2007-02-15 Interdigital Technology Corporation Authentication and encryption methods using shared secret randomness in a joint channel
CN1747382B (en) 2005-09-06 2011-06-08 湖南泓达科技有限公司 Random encryption and identity authentication
JP2007074618A (en) * 2005-09-09 2007-03-22 Sony Corp Wireless communication apparatus and wireless communication method, and computer program
US20070136587A1 (en) * 2005-12-08 2007-06-14 Freescale Semiconductor, Inc. Method for device authentication
WO2007091779A1 (en) * 2006-02-10 2007-08-16 Lg Electronics Inc. Digital broadcasting receiver and method of processing data
US7934095B2 (en) * 2006-11-10 2011-04-26 Toyota Motor Engineering & Manufacturing North America, Inc. Method for exchanging messages and verifying the authenticity of the messages in an ad hoc network
US8042033B2 (en) * 2006-11-29 2011-10-18 Lg Electronics Inc. Protection of access information in wireless communications
US20100246825A1 (en) * 2007-09-07 2010-09-30 University Of Maryland Wireless communication method and system for transmission authentication at the physical layer

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5471501A (en) * 1991-06-27 1995-11-28 Hughes Aircraft Company Enhanced digital communications receiver using channel impulse estimates
US6249252B1 (en) * 1996-09-09 2001-06-19 Tracbeam Llc Wireless location using multiple location estimators
US6363131B1 (en) * 1998-04-29 2002-03-26 Hughes Electronics Corporation Method and apparatus for joint timing synchronization and frequency offset estimation
US20030050055A1 (en) * 2001-09-10 2003-03-13 Industrial Technology Research Institute Software defined radio (SDR) architecture for wireless digital communication systems
US20060009209A1 (en) * 2004-06-25 2006-01-12 Rieser Christian J Cognitive radio engine based on genetic algorithms in a network

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
Hecker et al., Pre-authenticated signaling in wireless LANs using 802.1X access control, December 2004, Global Telecommunications Conference, Vol. 4, pp. 2180-2184 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10477522B2 (en) * 2008-10-31 2019-11-12 Interdigital Patent Holdings, Inc. Method and apparatus for transmitting data and control information on multiple uplink carrier frequencies
US11051280B2 (en) 2008-10-31 2021-06-29 Interdigital Patent Holdings, Inc. Method and apparatus for transmitting data and control information on multiple uplink carrier frequencies
US11134477B2 (en) 2009-03-13 2021-09-28 Interdigital Patent Holdings, Inc. Method and apparatus for carrier assignment, configuration and switching for multicarrier wireless communications
US11751199B2 (en) 2009-03-13 2023-09-05 Interdigital Patent Holdings, Inc. Method and apparatus for carrier assignment, configuration and switching for multicarrier wireless
CN114598495A (en) * 2022-01-20 2022-06-07 北京邮电大学 Physical layer authentication method and device based on multi-time slot channel characteristics

Also Published As

Publication number Publication date
KR20110057250A (en) 2011-05-31
KR101270372B1 (en) 2013-06-10
KR20110091041A (en) 2011-08-10
US20140173682A1 (en) 2014-06-19
CN102197624A (en) 2011-09-21
CN102197624B (en) 2016-10-12
US9596599B2 (en) 2017-03-14
WO2010033802A1 (en) 2010-03-25
CN107017988A (en) 2017-08-04
EP2351289A1 (en) 2011-08-03

Similar Documents

Publication Publication Date Title
US20170188235A1 (en) Authentication for secure wireless communication
Zhang et al. Physical layer authentication jointly utilizing channel and phase noise in MIMO systems
Singelée et al. Distance bounding in noisy environments
US8208628B2 (en) Systems and methods for key generation in wireless communication systems
Mathur et al. Radio-telepathy: extracting a secret key from an unauthenticated wireless channel
Bicakci et al. Denial-of-Service attacks and countermeasures in IEEE 802.11 wireless networks
Du et al. Physical layer challenge-response authentication in wireless networks with relay
WO2017028323A1 (en) Radio frequency fingerprint-based cross-layer authentication method
Moreira et al. Cross-layer authentication protocol design for ultra-dense 5G HetNets
US11330434B2 (en) Security detection for a physical layer authentication system that considers signal-discriminating capability of an active adversary
CN113614572A (en) Base station location authentication
Zeng et al. Identity-based attack detection in mobile wireless networks
Weinand et al. Physical layer authentication for mission critical machine type communication using Gaussian mixture model based clustering
CN109168166B (en) Safety detection method of physical layer authentication system
Xie et al. Security model of authentication at the physical layer and performance analysis over fading channels
CN109600222B (en) Key generation method based on channel characteristics
Sang et al. Spatial signatures for lightweight security in wireless sensor networks
Sciancalepore et al. EXCHANge: Securing IoT via channel anonymity
Shawky et al. Adaptive chaotic map-based key extraction for efficient cross-layer authentication in VANETs
Tippenhauer et al. UWB-based secure ranging and localization
Zhao et al. Efficient and secure key extraction using CSI without chasing down errors
EP3700234A1 (en) System for trusted distance measurement
Ajit et al. Formal Verification of 5G EAP-AKA protocol
Jannati et al. Achieving an appropriate security level for distance bounding protocols over a noisy channel
Yu et al. AuthCTC: Defending against waveform emulation attack in heterogeneous IoT environments

Legal Events

Date Code Title Description
STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO PAY ISSUE FEE