Elsevier

Physical Communication

Volume 37, December 2019, 100829
Physical Communication

Full length article
Physical layer security over fading wiretap channels through classic coded transmissions with finite block length and discrete modulation

https://doi.org/10.1016/j.phycom.2019.100829Get rights and content

Abstract

The chance to use existing coded transmission schemes for achieving some security at the physical layer besides reliability is of interest for many applications. In this paper, we assess the levels of physical layer security achievable by classic coding schemes over fading wiretap channels, taking into account the effects of finite block lengths and discrete modulations. In order to take these practical constraints into account, some previous works use the error rates experienced by legitimate receivers and eavesdroppers as reliability and security metrics, respectively. However, having a high error rate at the eavesdropper is a necessary but not a sufficient condition for security, thus we resort to more robust information theoretic security metrics for such a purpose. By focusing on mutual information security, we estimate the average number of attempts required by an attacker to recover the whole message in practical conditions and under outage constraints. Based on this metric, higher layer cryptographic protocols can be designed to achieve robust security built upon the physical layer. We obtain lower bounds on the wiretapper equivocation about the secret message, subject to some outage probability, and assess their tightness. We provide some examples considering classic coding and modulation techniques like extended Bose–Chaudhuri–Hocquenghem codes and convolutional codes with binary signaling.

Introduction

Physical layer security (PLS) is gaining a prominent role as a new paradigm for reducing the complexity of higher layers cryptographic techniques. Contrary to the latter, PLS is only based on the differences between the channels experienced by authorized and unauthorized users. All receivers are perfectly aware of the encoding and transmission techniques, and there is no need for the legitimate users to share any secret (like cryptographic keys). In this paper we consider the classic wiretap channel model [1], in which a transmitter (Alice) sends a message to an authorized receiver (Bob) in the presence of an eavesdropper (Eve). We consider transmissions over continuous wiretap channels using a given practical coding scheme, and aim at evaluating which security level can be achieved at the physical layer, and possibly exploited by higher layer cryptographic techniques. For this reason, our focus is on finite (and short) block lengths. Using practical and possibly short codes is of crucial importance to make PLS feasible in practice [2], [3], [4]. Moreover, short block codes are of current interest for 5G and machine-to-machine communications [5].

Following a previous line of research, we use a high error rate at Eve’s as a necessary condition to achieve information theoretic security. However, as shown in [6], [7] for the case of binary erasure channels, such a condition is not sufficient. Therefore, we integrate the analysis based on Eve’s error rate with suitable information theoretic metrics. For this purpose, we exploit Eve’s total equivocation, which provides a lower bound on the size of a list within which she can reliably limit the message [8]. As we will show in Section 5, we estimate Eve’s equivocation by considering the maximum of her mutual information over all message distributions. Therefore, the security notion we use, according to [9], is mutual information security (MIS). In [9] it is proved that MIS and semantic security (SS) are asymptotically equivalent, that confirms the significance of MIS as a robust security notion.

Such a level of secrecy at the physical layer can be exploited jointly with higher layer cryptographic techniques to achieve security. For example, an all-or-nothing transform (AONT) [10], [11] can be used to encrypt and concatenate a set of L messages before transmission, without the need to share any secret. When AONTs are adopted, only users able to receive all the message bits without errors can decrypt the message and read its contents. Therefore, the use of AONTs or other similar higher layer solutions allows dealing with non-complete security at the physical layer, that is the case occurring when practical coding and modulation schemes are used, as we show in this paper.

In order to estimate the PLS level achievable by using a given coding scheme, we suppose that Eve is provided with the best soft-decision decoding algorithm, that is, the maximum likelihood (ML) decoder. This is an assumption on Eve’s capabilities, but it is theoretically proved that such a decoding technique is optimal. On the other hand, decoding cannot be avoided by Eve when she tries to recover the message.

We first evaluate a lower bound on Eve’s equivocation which is straightforward to compute. Then we provide a method to precisely evaluate Eve’s equivocation after ML decoding. Such a method is more accurate than the lower bound, but this is paid in terms of computing burden. However, we show that the lower bound reveals to be tight in the region of low signal-to-noise ratios (SNRs), where Eve is supposed to work based on the error rate targets. Therefore, we find that the lower bound is usable with good accuracy. All analyses are performed considering both static and fading channels, and closed form expressions are provided, when possible, for the metrics of interest over fading channels.

PLS represents an active research area since many years, and recently it has known renewed interest. For these reasons, a vast amount of literature exists in this area. For a comprehensive and up-to-date overview of PLS solutions, we refer the reader to [12] and references therein. If we focus on wiretap coding techniques, that are of interest in this work, existing literature can be grouped in two classes:

  • i.

    Works considering information theoretic secrecy notions in asymptotic or ideal conditions (e.g., Gaussian distributions, infinite length codes, etc.).

  • ii.

    Works considering error rate-based secrecy metrics in practical conditions (e.g., finite length coding and discrete modulations).

Works in the first group (i) consider information theoretic security metrics like the secrecy capacity, with an underlying notion of secrecy like weak or strong secrecy [13], [14] that is only achievable asymptotically and in ideal conditions. In particular, if we focus on fading channels, that are of interest in this paper, several previous works have studied PLS by considering asymptotic secrecy targets and ideal coding [15], [16], [17]. In these works, codes are often specifically designed for achieving such asymptotic secrecy targets. This is done, for example, in [18], where wiretap polar codes are designed to be used with the aid of artificial noise. In [19], multiple-input multiple-output (MIMO) wiretap channels with fast Rayleigh fading are considered, assuming that Alice only has statistical channel state information (CSI). By taking into account both Gaussian signaling and finite constellations, transmit signals are optimized and a transmission scheme based on precoding and artificial noise (AN) injection is designed. Similarly, in [20], the authors take into account the constraint of a finite input alphabet into the optimization of precoding matrices and AN power levels for secrecy transmissions over MIMO wiretap channels. In these works, the secrecy capacity and the achievable ergodic secrecy rate are used as PLS metrics under the ideal assumption of random coding, and with an underlying notion of weak secrecy. An overview of works considering the constraint of finite input alphabets in PLS can be found in [21]. In [22], He et al. aim at improving classic secrecy metrics used for studying fading wiretap channels. Similarly to our approach, they consider the partial secrecy regime and define three new metrics: (a) a generalized secrecy outage probability taking into account the level of secrecy measured by the eavesdropper’s equivocation, (b) an asymptotic lower bound on the eavesdropper’s decoding error probability and (c) the average information leakage. However, these metrics are not focused on finite length coding schemes (that are left for future work by the authors) and ideal conditions (like unconstrained capacity and capacity achieving codes) are considered.

Differently from these previous works, our aim is to study the achievable security levels when already existing, practical codes with finite (and short) length are used, rather than performing asymptotic analyses and designing specific wiretap codes. Moreover, we take into account the effect of discrete modulation formats and consider input-constrained capacity.

Works in the second group (ii) instead use the error rate experienced by Eve as a secrecy metric for assessing coded transmission schemes over wiretap channels. Several papers are focused on low-density parity-check (LDPC) and polar coded transmissions [23], [24], [25], [26], [27], while a first implementation of wiretap lattice codes is described in [28]. Following the same approach, in [29], [30], [31] we have shown that non-systematic coded transmissions exploiting information scrambling and frame concatenation achieve good performance in terms of Eve’s error rate, and may outperform other solutions, like those based on puncturing presented in [26]. The aim of these techniques is to artificially create a bad channel to the eavesdropper [32], and an extension of this approach to statistically distributed parallel channels has appeared in [3]. In [33], approaches based on puncturing and scrambling have been further improved by resorting to a precoder with feed-forward structure. In [34], instead, substitution permutation networks (SPNs) are proposed to produce amplified and uncorrelated errors at Eve in such a way as to improve the security performance under error rate-based metrics. Error rate-based security metrics are also used in [35], where an interleaved coding technique for the wiretap channel exploiting jamming during transmission of a secret interleaving key is proposed. Interleaved schemes are further studied in [36], where the authors deepen the error rate-based analysis by introducing two new metrics employing the cumulative distribution function of the error rate over short block lengths.

The error rate is used as a reliability and security metric along with the so-called security gap also in [37] to study instances of Wyner’s randomized encoding scheme employing convolutional codes and serially concatenated convolutional codes. Bounds on the performance of these schemes in terms of error rate are also derived. The same approach is extended to serially concatenated low density generator matrix (LDGM) codes with randomized encoding in [38] and to randomized turbo codes in [39]. The main limit of approaches using Eve’s error rate as a security metric is that it can only provide a necessary but not sufficient condition for security, differently from information theoretic security metrics. An overview of metrics used in PLS can be found in [40].

In this paper we provide a bridge between the two approaches described above, by using information theoretic security metrics but, at the same time, taking into account practical constraints due to classic, short codes and discrete modulation formats. In fact, differently from most previous works, we do not aim at designing optimized coding schemes to achieve some asymptotic secrecy target like weak or strong secrecy. Instead, our target is to estimate the level of physical layer security which is achievable “for free” by using some given classic coding schemes, with focus on short block codes, and to show that it can be effectively exploited by higher layer cryptographic techniques.

Moreover, apart from some exception like [41], most previous literature is focused on discrete wiretap channels [9], [42], [43], [44], while our focus is on continuous wiretap channels with discrete inputs, which are best suited to model wireless transmissions. Obviously, a continuous channel can be converted into a discrete channel by using hard detection, but this cannot be forced for an adversary.

In our previous works [45], [46], [47], transmissions over fading wiretap channels using classic finite length codes are considered and Bob’s and Eve’s performance is studied using only error rate-based metrics. We started applying information theoretic metrics in the finite code length regime in [48], [49], by exploiting the link between the eavesdropper’s equivocation rate on the secret message and the error rate. However, the analyses in [48], [49] are limited to the case of static additive white Gaussian noise (AWGN) channels. Moreover, the target of those works is to compare the performance achieved in the finite code length regime with that achievable in the asymptotic regime. In such a perspective, a special family of LDPC codes is considered in those works, with the aim to design optimal codes able to approach asymptotic performance.

We focus on continuous-output channel models, which are best suited to describe wireless transmissions, and consider the fading wiretap channel shown in Fig. 1. Both Bob’s and Eve’s channels are subject to Rayleigh fading, with fading coefficients hB and hE, respectively, and affected by AWGN, whose samples are denoted by nB and nE. Using a simple fading model as Rayleigh fading allows us to obtain closed form expressions for the relevant reliability and security metrics we consider. In our model, hB and hE are two independent Rayleigh random variables whose value is known by Bob and Eve, respectively, hence we assume CSI for the receiver. We suppose that a k-bit secret message u is univocally encoded into an n-bit codeword c and then transmitted by Alice. We do not require that secret messages are independent and identically distributed (i.i.d.), hence the entropy of u is H(u)=H(c)=kk. The SNRs of Bob’s and Eve’s channels are generally different, as well as the two vectors (cB and cE) they receive upon transmission of c, and the messages they get after decoding (uB and uE). We consider two fading channel models: the quasi-static fading channel (QSFC), in which the fading coefficient is constant during the transmission of a codeword, and the fast fading channel (FFC), in which the fading coefficient is constant during transmission of a bit.

Following a previous line of research, we first consider a set of reliability and security metrics based on the error rates experienced by Bob and Eve, respectively. Indeed, a sufficiently low error rate at Bob’s is a well accepted reliability target when dealing with finite length codes that cannot achieve error free transmission. On the other hand, a high error rate at Eve’s is a necessary but not sufficient condition for security. Therefore, we extend previous works based on the error rate as a security metric by introducing the use of more robust information theoretic security metrics, while still taking into account practical constraints like finite length codes and discrete modulation formats. For this purpose, we resort to a security metric based on Eve’s total equivocation about the transmitted codeword. Let E=H(c|cE) denote Eve’s equivocation about c. If E=k, then we have perfect secrecy in Wyner’s sense [1]. Otherwise, if E=ks, 0<ks<k, then perfect secrecy is not achieved, but some level of partial secrecy still exists, since Eve has to perform 2ks attempts on average to recover c (and u) from the knowledge of cE [8]. More details about this security metric are provided in Section 5.

In the partial secrecy regime, part of the secret message, corresponding to kks bits, is leaked to the eavesdropper. Therefore, such a setting does not provide any significant security condition if messages are transmitted naively. However, suitable transformations can be used to process messages before transmission in such a way as to exploit the advantage of the legitimate user and achieve a significant level of security. An example of these techniques is represented by AONTs [10], [11]. Let us suppose that L consecutive secret messages u1,u2,u3,,uL are concatenated and processed through an AONT. The output of the AONT is then split again into L messages u1,u2,u3,,uL. Each ui,i=1,,L, is then used to replace u in Fig. 1, and is hence encoded and transmitted by Alice. Because of the AONT, the whole set of ui,i=1,,L, must be correctly received to recover the secret messages by inverting the AONT. If any transformed message ui is not correct (even in part) at the receiver, then the AONT cannot be inverted correctly and no secret information is recovered. As mentioned, in the setting we consider, 2ks attempts must be performed on average by an eavesdropper to correctly recover any transmitted message. Therefore, 2ksL attempts are required on average by Eve to correctly recover the whole set of received messages and invert the AONT to recover the secret bits. As a counterpart, the value of L can be adjusted to achieve the desired security level. The classic formulation of an AONT is based on symmetric ciphers and hash functions, hence relies on computational security. When an AONT of this type is used in the setting we consider, the level of computational security of the cryptographic primitives it is built upon must be not less than 2ksL. On the other hand, in [50] some AONTs have been studied that are able to provide unconditional security.

The organization of the paper is as follows. In Section 2, we study the performance of unscrambled and uncoded transmissions from the error rate standpoint. In Section 3, we introduce information scrambling and coding. In Section 4 we assess the error rate performance over FFCs. Section 5 describes the information theoretic security metrics we use and the methods to compute them. Numerical examples with practical codes are provided and discussed in Section 6. Finally, Section 7 concludes the paper.

Section snippets

Unscrambled uncoded transmissions

Let us consider the case of a static AWGN channel and let us denote by γb(B) and γb(E) Bob’s and Eve’s channels average SNR per bit, respectively. Similarly, Pb(B) is Bob’s bit error rate (BER) and Pb(E) is Eve’s BER. In order to achieve reliable transmissions, Pb(B) must be sufficiently low, namely, Pb(B)Pb,th(B), being Pb,th(B) some prefixed threshold. Oppositely, as a necessary security condition at Eve’s we require that the BER is at least as high as another threshold Pb,th(E), namely, 0.5

Scrambled and coded transmissions over the QSFC

In this section, we introduce two techniques to process the information prior to being transmitted in order to achieve the desired error rate targets with smaller SNR gaps. We consider a QSFC, in which the fading coefficient remains constant within each frame of n transmitted bits.

Scrambled and coded transmissions over the FFC

Let us consider an FFC characterized by a vector of n SNR values γ1,γ2,,γn, with γi=αi2EbN0, corresponding to n transmitted symbols. As in the case of a QSFC, we need to estimate the minimum average SNR at Bob’s and the maximum average SNR at Eve’s which are needed to meet the error rate targets under an outage constraint. In formulas γ̄min(B)=minγ̄(B):PPf(B)Pf,th(B)ω,γ̄max(E)=maxγ̄(E):PPf(E)<Pf,th(E)ζ, where ω and ζ are Bob’s and Eve’s outage probabilities, respectively. Once having found γ

Security assessment through information theoretic metrics

According to the analysis reported in the previous sections, we know the conditions under which Bob and Eve experience an error rate respectively below and above some fixed threshold. This can be considered enough to achieve the reliability requirements at Bob’s. Instead, having a high error rate at Eve’s is a necessary but not a sufficient condition to achieve security [6], [7]. So, in this section we resort to information theoretic secrecy metrics in order to assess the security level that

Examples

In this section we consider some examples of classic coded transmission schemes and assess the achievable levels of security through the approaches presented in the previous sections. The purpose of these examples is not to drive the selection of codes to be used in the considered setting, but to show how the proposed method can be applied in some practical cases and provide some reproducible results. Nevertheless, the proposed method is general, and can be easily applied to other coded

Conclusion

We have studied and assessed the levels of physical layer security achievable by leveraging classic and simple coding schemes over fading wiretap channels. For this purpose, and following some recent literature, we have first imposed some error rate targets on Bob’s and Eve’s channels, that is a necessary although not sufficient condition to achieve secrecy. We have shown that information scrambling and channel coding allow achieving significant reductions in the required SNR gap between Bob’s

Declaration of Competing Interest

The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.

Marco Baldi received the Laurea degree (Hons.) in electronic engineering and the Ph.D. degree in electronic, computer science and telecommunications engineering from the Università Politecnica delle Marche, Ancona, Italy, in 2003 and 2006, respectively. Since 2016, he has been a tenure-track Assistant Professor with the same university. He has co-authored over 140 scientific papers, one book, and three patents. His research is focused on coding and cryptography for information security and

References (62)

  • GüvenkayaE. et al.

    On physical-layer concepts and metrics in secure signal transmission

    Phys. Commun.

    (2017)
  • WynerA.D.

    The wire-tap channel

    Bell Syst. Tech. J.

    (1975)
  • HarrisonW.K. et al.

    Coding for secrecy

    IEEE Signal Process. Mag.

    (2013)
  • BaldiM. et al.

    Secrecy transmission on parallel channels: Theoretical limits and performance of practical codes

    IEEE Trans. Inf. Forensics Secur.

    (2014)
  • WongC.W. et al.

    Secret-sharing LDPC codes for the BPSK-constrained Gaussian wiretap channel

    IEEE Trans. Inf. Forensics Secur.

    (2011)
  • DurisiG. et al.

    Towards massive, ultra-reliable, and low-latency wireless communication with short packets

    Proc. IEEE

    (2016)
  • WickramasooriyaA. et al.

    Comparison of equivocation rate of finite-length codes for the wiretap channel

  • BlochM. et al.

    Error-control coding for physical-layer secrecy

    Proc. IEEE

    (2015)
  • CuffP.

    A framework for partial secrecy

  • BellareM. et al.

    Semantic security for the wiretap channel

  • RivestR.L.

    All-or-nothing encryption and the package transform

  • BoykoV.

    On the security properties of OAEP as an all-or-nothing transform

  • LiuY. et al.

    Physical layer security for next generation wireless networks: Theories, technologies, and challenges

    IEEE Commun. Surv. Tutor.

    (2017)
  • CsiszárI.

    Almost independence and secrecy capacity

    Probl. Inform. Transm.

    (1996)
  • BlochM. et al.

    Strong secrecy from channel resolvability

    IEEE Trans. Inform. Theory

    (2013)
  • GopalaP.K. et al.

    On the secrecy capacity of fading channel

    IEEE Trans. Inform. Theory

    (2008)
  • LiangY. et al.

    Secure communications over fading channels

    IEEE Trans. Inform. Theory

    (2008)
  • RennaF. et al.

    Physical layer secrecy for OFDM transmissions over fading channels

    IEEE Trans. Inf. Forensics Secur.

    (2012)
  • ZhangY. et al.

    Secure transmission over the wiretap channel using polar codes and artificial noise

    IET Commun.

    (2017)
  • AghdamS.R. et al.

    Transmit signal design for MIMO wiretap channels with statistical CSI and arbitrary inputs

  • AghdamS.R. et al.

    Joint precoder and artificial noise design for MIMO wiretap channels with finite-alphabet inputs based on the cut-off rate

    IEEE Trans. Wirel. Commun.

    (2017)
  • AghdamS.R. et al.

    An overview of physical layer security with finite-alphabet signaling

    IEEE Commun. Surv. Tutor.

    (2019)
  • HeB. et al.

    On secrecy metrics for physical layer security over quasi-static fading channels

    IEEE Trans. Wirel. Commun.

    (2016)
  • KlincD. et al.

    LDPC codes for physical layer security

  • KlincD. et al.

    LDPC codes for the Gaussian wiretap channel

  • KwakB.-J. et al.

    Physical layer security with Yarg code

  • KlincD. et al.

    LDPC codes for the Gaussian wiretap channel

    IEEE Trans. Inf. Forensics Secur.

    (2011)
  • ZhangY. et al.

    Polar-LDPC concatenated coding for the AWGN wiretap channel

    IEEE Commun. Lett.

    (2014)
  • LuJ. et al.

    A USRP implementation of wiretap lattice codes

  • BaldiM. et al.

    Coding with scrambling, concatenation, and HARQ for the AWGN wire-tap channel: A security gap analysis

    IEEE Trans. Inf. Forensics Secur.

    (2012)
  • BaldiM. et al.

    Increasing physical layer security through scrambled codes and ARQ

  • Cited by (6)

    • Key less physical layer security for wireless networks: A survey

      2022, Engineering Science and Technology, an International Journal
    • Iterative geometric mean decomposition based secure hybrid precoder design for mmWave massive MIMO communication systems

      2021, AEU - International Journal of Electronics and Communications
      Citation Excerpt :

      Physical layer security (PLS) has become a headline topic for researchers and scientists in future communication systems, especially in massive multiple-input multiple-output (MIMO) millimeter wave (mmWave) systems [1–5].

    • Analysis of secrecy outage performance of TAS–CIOD systems over wireless Rayleigh fading channels

      2020, Physical Communication
      Citation Excerpt :

      Secure data transmission is one of the most important issues in the wireless communication systems. The physical layer (PHY) security methods have been widely proposed and considered as efficient techniques to improve the security of the transmissions, where the channel characteristics such as noise and fading and other transmission methods such as coding, diversity techniques, have been used [1–8]. On the other hand, antenna selection technique has been proposed as a low-complexity technique to improve the signal-to-noise ratio at the receiver side and enhance the performance of the transmission in multiple-input multiple-output (MIMO) systems [9–15].

    Marco Baldi received the Laurea degree (Hons.) in electronic engineering and the Ph.D. degree in electronic, computer science and telecommunications engineering from the Università Politecnica delle Marche, Ancona, Italy, in 2003 and 2006, respectively. Since 2016, he has been a tenure-track Assistant Professor with the same university. He has co-authored over 140 scientific papers, one book, and three patents. His research is focused on coding and cryptography for information security and reliability. He serves as an Associate Editor for the EURASIP Journal on Wireless Communications and Networking and the IEEE Communications Letters.

    Nicola Maturo received his Ph.D. in Telecommunication Engineering (cum laude) from the Università Politecnica delle Marche, Ancona (Italy), in 2015. Until July 2017 he was a Post-Doctoral Researcher at the Department of Information Engineering of the Università Politecnica delle Marche, where he worked on reliability and security in telecommunications. Since August 2017 he is a Research Associate at the Interdisciplinary Centre for Security, Reliability and Trust of the University of Luxembourg. His research activities are mainly focused on satellite communication. He is an IEEE member since 2013 and a member of the CCSDS Coding and Synchronization Working Group since 2014.

    Giacomo Ricciutelli received his Ph.D. in Electronic Engineering from the Università Politecnica delle Marche, Ancona (Italy), in 2018. Until March 2018 he was a Post-Doctoral Researcher at the Department of Information Engineering of the Università Politecnica delle Marche, where his work was mainly focused on coding schemes for reliable and secure communications. Since June 2018 he is a Project Leader at Gitronica S.P.A. in Montelupone, Italy, where his research topics concern internet of things (IoT) applications and communications among low power devices. He is an IEEE member since 2014 and a member of the CCSDS Coding and Synchronization Working Group since 2015.

    Franco Chiaraluce was born in Ancona, Italy, in 1960. He received the ”Laurea in Ingegneria Elettronica” (summa cum laude) from the University of Ancona in 1985. Since 1987 he joined the Department of Electronics and Automatics of the same university. At present, he is an Associate Professor at the Polytechnic University of Marche. His main research interests involve various aspects of communication systems theory and design, with special emphasis on error correcting codes, cryptography and physical layer security. He is co-author of about 300 scientific papers and two books. He is senior member of IEEE and member of IEICE.

    View full text