Watermark-based Secure Communications in Safety-Related Scenarios

Watermark-based Secure Communications in Safety-Related Scenarios Simone Soderi∗ , Lorenzo Mucchi‡ , Matti Hämäläinen∗ , Alessandro Piva‡ Jari Iinatti∗ ∗ Centre for Wireless Communications, University of Oulu, Oulu, Finland email:[email protected] of Information Engineering, University of Florence, Florence, Italy email:[email protected] ‡ Department Abstract—The technological innovation has enabled the spread of safety-related systems in many domains, such as public transport, energy, and medical devices. In these applications, security is one of the primary concerns. This paper proposes a watermark-based blind physical layer security (WBPLSec) utilizing a jamming receiver in conjunction with spread spectrum watermarking technique. The outage probability of the secrecy capacity is analytically derived, being regardless of the eavesdropper position. Results indicate the WBPLSec a valuable technique for deploying physical layer security creating a secure region around the receiver, such as the legitimate medical device. Index Terms—Medical Devices; Physical Layer Security; Spread Spectrum Watermarking; Jamming; WBAN. I. I NTRODUCTION Technological advances have proliferated in several sectors developing additional systems’ capabilities. These improvements enabled the deployment of new products also in safetyrelated domains, such as railway, energy, and medical devices. Safety-related systems are identified as devices, able to prevent dangerous state by taking appropriate safety function, on detection of a condition which may lead to a hazardous event [1]. In this paper, authors focus their attention to medical information and communication technologies (ICT), due to their growth over the past years in the safety-related health applications. As the population’s aging is increasing, even more people will be affected by chronic and debilitating diseases, such as Alzheimer’s disease, Parkinson’s disease, diabetes and heart diseases [2], [3]. In this scenario, worn and implanted medical devices implement wireless body area network (WBAN) to monitor patients’ vital signs. In wireless health, security is one of the major concerns and IEEE 802.15.6 already provides different levels of security throughout encryption and authentication of the data [4]. Furthermore, in several applications security is implemented through cryptography at upper layers in the open system interconnection (OSI) model [5]. In the few past years several techniques based on signal processing have been utilized to secure communications at physical layer. Those are promising methods for the implementation of standalone security solutions [6]. IEEE 802.15.6 standard regulates low-power sensors’ communications between them and an on-body central hub. Actually in WBAN, physical layer security can provide awesome advantages in terms of lower number of computations than cryptography [6]. Security services included in wireless communications are authentication, confidentiality, integrity and availability [5]. The idea proposed in this paper addresses countermeasures against confidentiality attacks. In literature there are several contributions that deals with physical layer security because, due to their nature, wireless communications might suffer eavesdropping attacks. Shannon in 1949 defined the metric information theoretic for secrecy systems [7] and he proved the perfect secrecy condition where the eavesdropper cannot pull out any information from the transmitted signal. Afterwards, Wyner introduced the wiretap channel model defining the secrecy capacity as the maximum transmission rate that is achievable whenever the eavesdropper’s channel observations are more noisy than the legitimate user’s channel [8], [9]. Finally, Csiszár et al. extended Wyner’s results to non-zero secrecy capacity when a non-degraded wiretap channel is utilized [10]. This model includes a transmitter, i.e. Alice, a legitimate receiver, i.e. Bob and a passive eavesdropper named Eve. Bob and Eve receive Alice’s transmissions through independent channels. In the past years, researchers exploited jamming as a fundamental part of original ideas for network security. Recently, a channel independent protocol named iJAM has been introduced [11]. The fundamental iJAM operating principle is shown in Figure 1. Alice, i.e. the sender, transmits two times each symbol and Bob, i.e. the receiver, randomly jams complementary samples over the two symbols. In this scheme, only the legitimate receiver knows which samples it jammed. Later, Bob is able to get a clean signal by discarding corrupted complementary samples from the original signal and its repetition. In contrast, the eavesdropper cannot remove the interference because he does not have any information on the jamming characteristics [11]. The rest of this paper is organized as follows: Section III Fig. 1. iJAM’s operating principle describes the proposed system model for the physical layer security. Section IV introduces the outage probability of secrecy capacity of a jamming receiver. Finally, the paper is concluded in Section V. II. M OTIVATION AND O UR C ONTRIBUTION The primary goal of this study is to develop a new transceiver architecture to ensure secure communication combining watermarking with jamming receiver. As performance metrics, authors utilize outage probability of the secrecy capacity to evaluate the effectiveness of this secure communication. The proposed scheme is partially based on iJAM’s concept and the paper provides also the information theory analysis for the evaluation of this new approach. This paper proposes the watermark-based blind physical layer security (WBPLSec) as a valuable method to secure communication without neither assumptions on eavesdropper’s channel nor jamming from third-party nodes. Authors exploit watermarking concept to increase system performance in terms of outage probability of secrecy capacity. In the multimedia context the digital watermarking process is utilized to hide or embed a desired signal into another signal, e.g. pictures and videos. This process has a lot of similarities with traditional communications. Spread-spectrum (SS) watermarking techniques are frequently utilized to implement physical layer security [12] and we adopt the second paradigm for watermarking described by Cox et al. [13], where the information to be embedded is modified prior to insertion, exploiting hidden data. The truly innovative process for deploying a physical layer security consists of steps showed in Algorithm 1. Authors assume that wireless health monitoring systems can be based on a three network tiers model [14], [15]. In this model each sensor in the WBAN communicates throughout a hub to, e.g., other medical devices in the second tier and then patient’s information are transmitted to a server over network or Cloud. Nowadays, the combination of continuous glucose monitor (CGM) with insulin pump is frequently used by doctors for a better diabetics’ treatment but on the other hand, the wireless link between these medical devices can be attacked with a high risk for patient’s safety. In this transmission chain, security aspects of patient’s vital signs is one of the major concerns because an adversary, i.e., Eve in Figure 2 can perform several attacks [15]. Figure 2 shows the operating scenario of the WBPLSec inside the three network tiers model, in which the proposed solution can mitigate threats, such as man-in-themiddle (MitM) and eavesdropping, within tiers 1 and 2. Algorithm 1 WBPLSec protocol 1: procedure P HYSICAL L AYER S ECURITY 2: SS W atermarking (ALICE): A message is first modulated with SS and then embedded into the host signal. 3: Jamming Receiver (BOB): The receiver jams NW samples for each symbol transmitted by Alice. 4: W atermark Extraction (BOB): The receiver extracts the watermark. 5: Symbol Rebuild (BOB): Knowing which samples are jammed the receiver, i.e. Bob, is able to rebuild a clean symbol using information contained into the watermark. 6: end procedure Note: WBPLSec transmits the information through two independent paths implementing data decomposition policy. The information is sent via a narrowband signal and through the SS watermarked signal. The narrowband signal is partially jammed by Bob, but the watermark into the SS signal is utilized to re-compose the entire symbol. III. S YSTEM M ODEL Fig. 2. WBPLSec operating scenario into the communication tiers In this paper, authors address the general problem of physical layer security presented in [16], in which any secure communications shall handle secrecy to avoid confidentiality attacks. WBPLSec system model is shown in Figure 3, where the jamming receiver provides secrecy and on the other hand, the selected watermarking technique provides the needed information destroyed due to the jamming. A modified version of the non-degraded wiretap channel model [10] is used as shown in Figure 3 and it includes the so-called jamming channel utilized to jam the received signal and also the eavesdropper. We assume that Alice and Bob have perfect channel side information (CSI) about main and jamming channels, while Eve has CSI only on the wiretap channel. In addition, we make no assumption about the eavsedropper’s computing power. The source message (xS )N of length N is encoded into codeword (x′S )N of length N . In particular, the encoder embeds the watermark (xW )NW of length NW into paper we use the direct sequence spread spectrum (DSSS) technique for watermarking. On the other hand, the same mechanism developed in WBPLSec can be also implemented throughout frequency hopping spread spectrum (FHSS) as well as OFDM. Correspondingly to iJAM, the utilization of OFDM ensure the jammed samples are indistinguishable from the clean samples1 . With these assumptions the energy of the watermarked signal is given by ES′ = Fig. 3. Non-degraded wiretap channel model with jamming receiver = the host signal (xS )N . The legitimate user, i.e. Alice, transmits (x′S )N to Bob through the main channel, which in this case, is assumed to be a discrete-time Rayleigh fading channel. The i -th sample of the signal received by Bob is given by yM (i) = hM (i)x′S (i) + kJ (i)xJ (i) + nM (i), (1) where hM (i) and kJ (i) represent the main channel’s and the jamming channel’s complex Gaussian fading coefficients, nM (i) is the complex zero-mean Gaussian noise and xJ (i) denotes the jamming signal, which is generated by Bob. Figure 3 shows how the eavesdropper, i.e. Eve, is capable to observe Alice’s transmission over an independent discretetime Rayleigh channel, i.e. non-degraded wiretap channel. The i-th sample of the signal received by Eve is given by yE (i) = hE (i)x′S (i) + gJ (i)xJ (i) + nE (i), (2) where hE (i) is the wiretap channel’s complex Gaussian fading coefficient between Alice and Eve, nE (i) is the complex zeromean Gaussian noise, gJ (i) is the jamming channel complex Gaussian fading coefficient. It is assumed that all channels are quasi-static fading channels, which mean that, the channel gain coefficients remain constant during the transmission of a codeword: hM (i) = hM , hE (i) = hE , kJ (i) = kJ and gJ (i) = gJ , ∀i = 1, ..., N . A. Transmitter In accordance with the data decomposition policy proposed in Algorithm 1, Alice conveys the information by means of two independent paths. The information is sent to legitimate user using a narrowband signal and on the other hand, Alice also embeds a SS watermark in the host narrowband signal. The watermark conveys part of the information at the legitimate user, i.e. Bob, through a secondary channel. In accordance with the framework presented by Cox et al. [17], transmitter combines the original modulated signal with a SS watermark, with an embedding rule defined as x′S (i) = xS (i) + µw(i), (3) where xS (i) is the i-th sample of the amplitude shift keying (ASK) transmitted signal, µ is the scaling parameter and w(i) is SS watermark. Without loss in generality, in the rest of the N X i=1 N X |x′S (i)|2 = (4) |xS (i)|2 + µ2 i=1 N X |w(i)|2 + 2µ i=1 = ES + µ 2 E W , N X |xS (i)w(i)| = i=1 where ES is the energy of xS signal and EW is the energy of xW . It is assumed that the host signal and its watermark are uncorrelated. The signal watermarking is done utilizing the traditional spread-spectrum based approach [18]. The main idea implemented in the watermark embedding phase is that the transmitter marks, utilizing SS, the host signal xS utilizing its first NW over N samples. Then xW is given by ( xS (i), for 1 ≤ i ≤ NW , xW (i) = (5) 0, elsewhere. Alternatively, the receiver can jam NW discontinuous samples for each symbol but even if this randomness requires a wide-band jammer, the work presented in this paper is still valid. With NW < N , the energy of the watermark is given by NW ES . (6) EW = N Finally, the signal is mixed to carrier frequency fc and radiated by the antenna. B. Jamming Receiver In this paper, authors propose a different strategy to implement the jamming receiver’s architecture when compared with iJAM [11]. Indeed, the proposed scheme of receiver works with jammed samples as well as watermark extraction. It is assumed that both the jamming signal and the host signal have the same energy over N samples as ES = N X i=1 |xS (i)|2 = N X |xJ (i)|2 . (7) i=1 Assuming N samples for symbol, as Bob jams M samples over N with M < N , the energy of the jamming signal is given by M ES . (8) EJ = N 1 OFDM time samples approximate Gaussian distribution and if jamming signal has the same distribution, the overall distribution after jamming does not modify the distribution of an OFDM signal [11]. The received signal after the antenna is down-converted to the baseband but due to jamming, it is corrupted and unusable. In order to stitch unjammed samples and create a clean symbol, in parallel, the received signal is led to an additional DSSS demodulator used to recover the watermark xW . Afterwards, as in iJam protocol [11], the receiver replaces corrupted samples into the host signal, with non-jammed samples from the watermark. In the end, the clean symbol xS is achieved and then demodulated. C. Secrecy Capacity of WBPLSec Win et al. [19] utilized a general wireless propagation model to characterize network interference in wireless systems. In accordance with that model, the received power, i.e. Prx , is ∝ Ptx/d2b n where Ptx denotes the transmitted power, dn the distance between the two nodes and b is the propagation loss exponent. 2 2 where both α = |hM | , α̃ = |kJ | follow an exponential distri
′ ′ ′ EJ /N ′ . bution, N0′ = N0 +EW , γtr = ES′ / N0′ d2b 0 tr and γjr = Due to the proposed jamming receiver architecture, the EJ does not undergo any attenuation at the legitimate receiver. Channels are power limited and it is assumed that P = ES′ /N is the average transmit power, PJ = EJ /M is the average jamming power when Bob jams M samples over N with M < N . Moreover, it is assumed that nM and nE have the same noise spectral density, i.e. N0 . The instantaneous SINR at eavesdropper, i.e. γE , is given by γE = |hE |2 ES d2b te N0′ 2 + |gJ |2 EJ d2b je = βγte , 1 + β̃γje (11) 2 where both β = |hE | and β̃ = |gJ | follow an exponential
′ distribution, N0′ = N0 + EW , γte = ES/ N0′ d2b and te
′ 2b E γje = J / N0 dje . When Bob has a better channel realization than Eve, i.e. γM > γE , the secrecy capacity (Cs ) of the legitimate link for non-degraded Gaussian wiretap channel [10] is defined as Cs = max{CM − CE , 0}, where (12) 1 bit/transmission CM = log2 (1 + γM ) 2 1 CE = log2 (1 + γE ) bit/transmission 2 Fig. 4. Power spectra densities of proposed blind physical layer security The power spectral densities of the signals discussed above are illustrated in Figure 4. The received signal by Bob is split in two arms, the first despreads and extract the watermark. The latter filters the received signal in order to limit the bandwidth before the signal recovery. The ideal low-pass filter at receiver rejects a large fraction of the SS watermark and the magnitude of the residual watermark power density is given by ′ EW = EW Bhs EW = , Bss Gp γM = IV. O UTAGE P ROBABILITY OF S ECRECY C APACITY OF A JAMMING R ECEIVER (9) where Bhs = 1/Tsa is the bandwidth of the host signal, Tsa is the host signal symbol duration, Bss = 1/Tc is the bandwidth of SS signal, Tc the is pulse duration of the pseudo-noise code ′ utilized for DSSS, and Gp = Tsa/Tc is the processing gain. EW interferes with the narrowband demodulator and Gp is defined as the inverse of EW reduction factor [20]. Therefore, the instantaneous signal-to-interference-plusnoise ratio (SINR) at the legitimate receiver, i.e. γM , is given by ′ |hM |2 ES d2b tr 2 N0′ + |kJ | EJ where CM is the channel capacity from Alice to Bob, i.e. main channel, and CE is the channel capacity from Alice to Eve, i.e. wiretap channel exploited by the eavesdropper. Otherwise, if Eve has a better SINR than Bob, Cs is set to 0. In Rayleigh channel, the secrecy capacity is conditioned to hM , hE , kJ , gJ , and without loss in generality in the rest of the paper we impose E[h2M ] = E[h2E ] = E[kJ2 ] = E[gJ2 ] = 1, [21]. The outage probability of secrecy capacity was defined by Bloch et al. [16] as Pout = P [Cs < Rs ] = # ! " 1 + γM 1 =P log2 < Rs = 2 1 + γE !# " 1 + α̃γjr = P α < p(1 + α̃γjr ) + qβ (13) 1 + β̃γje ′ where Rs is the target secrecy rate, p = 24Rs − 1 /γtr and
4Rs ′ 2 γ te /γtr . Therefore, in the case of WBPLSec, the q = results follow simple algebra and can be expressed as [22]
= ′ αγtr ′ , 1 + α̃γjr (10) Pout = 1 − Z∞ ZZ e −p(1+α̃γjr )−qβ 0 ·e  1+α̃γjr 1+β̃γje  −α̃ −β −β̃ e e dα̃dβdβ̃ = 1 · =1− (γje γjr p + γje − γjr q)2 q + 1 e−p −qΩ (γje (γjr p + γjr + 1) − γjr q)− γje ! (q + 1)(γjr p + 1)  Ω γje γjr p − (γje + 1)γjr q+ γjr q !  γje + γje (γje γjr p + γje − γjr q) , (14) R∞ where Ω(x) = ex E1 (x), E1 = 0 (e−t/t)dt is the exponential integral. It is assumed that the fading channels’ coefficients are zero-mean complex Gaussian random variables (RVs). Authors assume that α, α̃, β and β̃ are exponential distributed. Figure 5 shows the outage probability of Cs versus γM for different Eve’s positions along the line that connects Alice with Bob. Furthermore, author considered the near-field region limit at 1 m around Alice and Bob [21] and as it is shown in Figure 5, with this model Eve cannot be closer than 1 m to both Alice and Bob. Figure 5 depicts a region around Bob, i.e. a medical device, in which the secure communication occurs. The size of this region depends on the acceptable Pout , e.g., when it is lower than 0.3. P ou t of C s , E J = 25 1 16 E S EV E 0.9 20 0.8 Distance [m] 15 0.7 BOB 10 0.6 5 0 NEAR−FIELD REGION 0.5 A LI C E 0.4 0.3 −5 0.2 −10 0.1 −15 −15 −10 −5 0 γ M [dB] 5 10 Po ut Fig. 5. Outage probability versus γM when Eve moves from Bob to Alice. V. C ONCLUSIONS In this paper, physical layer security in wireless health system was considered because malicious attacks can compromise patients’ safety. WBPLSec protocol is developed against information disclosure attacks, such as eavesdropping. With reference to multiple tiers network model, WBPLSec is an attractive solution, compared with encryption, in intraWBAN communications due to limited power and processing capability of worn nodes. Furthermore, in tier 2 due to the greater range of radios, an adversary can more easily attack the wireless link and the utilization of WBPLSec can create a secure region around the legitimate receiver, such as doctor’s laptop or other medical devices. R EFERENCES [1] “Functional safety of electrical/electronic/programmable electronic safety-related systems,” IEC 61508, April 2010. [2] K. Kinsella and W. He, “An aging world: 2008,” International Population Reports, Washington DC, Tech. Rep. P95/09-1, 2009. [3] P. Kumar and H.-J. Lee, “Security issues in healthcare applications using wireless medical sensor networks: A survey,” Sensors, vol. 12, no. 1, p. 55, 2011. [Online]. Available: http://www.mdpi.com/1424-8220/12/ 1/55 [4] “IEEE Standard for Local and metropolitan area networks - Part 15.6: Wireless Body Area Networks,” IEEE Std 802.15.6-2012, pp. 1–271, Feb 2012. [5] R. J. Anderson, Security engineering - a guide to building dependable distributed systems (2. ed.). Wiley, 2008. [6] W. Harrison, J. Almeida, M. Bloch, S. McLaughlin, and J. Barros, “Coding for Secrecy: An Overview of Error-Control Coding Techniques for Physical-Layer Security,” IEEE Signal Processing Magazine, vol. 30, no. 5, pp. 41–50, Sept 2013. [7] C. Shannon, “Communication theory of secrecy systems,” The Bell System Technical Journal, vol. 28, no. 4, pp. 656–715, Oct 1949. [8] A. Wyner, “The wire-tap channel,” The Bell System Technical Journal,, vol. 54, no. 8, pp. 1355–1387, Oct 1975. [9] M. Bloch and J. Barros, Physical-Layer Security: From Information Theory to Security Engineering. Cambridge University Press, 2011. [10] I. Csiszar and J. Korner, “Broadcast channels with confidential messages,” IEEE Transactions on Information Theory, vol. 24, no. 3, pp. 339–348, May 1978. [11] S. Gollakota and D. Katabi, “Physical layer wireless security made fast and channel independent,” in 2011 Proceedings IEEE INFOCOM,, April 2011, pp. 1125–1133. [12] X. Li, C. Yu, M. Hizlan, W. tae Kim, and S. Park, “Physical layer watermarking of direct sequence spread spectrum signals,” in IEEE Military Communications Conference, MILCOM 2013, Nov 2013, pp. 476–481. [13] I. J. Cox, M. Miller, and A. McKellips, “Watermarking as communications with side information,” Proceedings of the IEEE, vol. 87, no. 7, pp. 1127–1141, Jul 1999. [14] C. Otto, A. Milenković, C. Sanders, and E. Jovanov, “System architecture of a wireless body area sensor network for ubiquitous health monitoring,” J. Mob. Multimed., vol. 1, no. 4, pp. 307–326, Jan. 2005. [Online]. Available: http://dl.acm.org/citation.cfm?id=2010498.2010502 [15] J. Partala, N. Keränen, M. Särestöniemi, M. Hämäläinen, J. Iinatti, T. Jämsä, J. Reponen, and T. Seppänen, “Security threats against the transmission chain of a medical health monitoring system,” in 2013 IEEE 15th International Conference on e-Health Networking, Applications Services (Healthcom), Oct 2013, pp. 243–248. [16] M. Bloch, J. Barros, M. Rodrigues, and S. McLaughlin, “Wireless information-theoretic security,” IEEE Transactions on Information Theory,, vol. 54, no. 6, pp. 2515–2534, June 2008. [17] I. J. Cox, J. Kilian, F. Leighton, and T. Shamoon, “Secure spread spectrum watermarking for multimedia,” IEEE Transactions on Image Processing, vol. 6, no. 12, pp. 1673–1687, Dec 1997. [18] H. Malvar and D. Florencio, “Improved spread spectrum: a new modulation technique for robust watermarking,” IEEE Transactions on Signal Processing, vol. 51, no. 4, pp. 898–905, Apr 2003. [19] M. Win, P. Pinto, and L. Shepp, “A Mathematical Theory of Network Interference and Its Applications,” Proceedings of the IEEE, vol. 97, no. 2, pp. 205–230, Feb 2009. [20] R. L. Peterson, R. E. Ziemer, and D. E. Borth, Introduction to Spread Spectrum Communications. Englewood Cliffs, NJ: Prentice-Hall, 1995. [21] A. Rabbachin, A. Conti, and M. Win, “Intentional Network Interference for Denial of Wireless Eavesdropping,” in 2011 IEEE Global Telecommunications Conference (GLOBECOM 2011),, Dec 2011, pp. 1–6. [22] J. Vilela, M. Bloch, J. Barros, and S. McLaughlin, “Wireless Secrecy Regions With Friendly Jamming,” IEEE Transactions on Information Forensics and Security, vol. 6, no. 2, pp. 256–266, June 2011.