Comprehensive ExamComprehensive ExamPh.D. in Electrical EngineeringPh.D. in Electrical Engineering
William L. BahnWilliam L. Bahn
14 May 200714 May 2007
The Theory of Concurrent Codes The Theory of Concurrent Codes with Application to with Application to
Omnidirectional Jam-Resistant Omnidirectional Jam-Resistant Communications without Communications without
Shared SecretsShared Secrets
The future of warfare:The future of warfare:Net-centric, Joint, and Net-centric, Joint, and
CoalitionCoalition
What’s the point of this What’s the point of this work?work?
Concurrent codes address one Concurrent codes address one component of component of secure secure communicationscommunications::
The The availabilityavailability of the of the communications link in situations communications link in situations where where high directionalityhigh directionality and/or and/or shared secretsshared secrets are not feasible. are not feasible.
This problem involves This problem involves several disciplines and several disciplines and
needs more overlap than needs more overlap than usually exists.usually exists.
Can the bad guys jam my message?Spread spectrum
Can the bad guys forge my message?Passwords
Can the bad guys change my message?
Hash functions, message digests,
MACs
Can the bad guys read my message?
Encryption usingsymmetric
cryptography
Secure communications involve Secure communications involve four distinct security goals.four distinct security goals.
Confidentiality Integrity
Authenticity Availability
Security
Each goal is achievable when Each goal is achievable when the good guys share secrets the good guys share secrets
that the bad guys don’t know.that the bad guys don’t know.
Secure communications occur Secure communications occur only when all four goals are only when all four goals are
achieved.achieved.
Narrowband communications Narrowband communications work fine in an nice, friendly, work fine in an nice, friendly,
ideal world.ideal world.
NB
But they are easily jammed by But they are easily jammed by any competing signal of similar any competing signal of similar
power.power.
NB
Spread spectrum provides Spread spectrum provides protection against a competing protection against a competing
signal.signal.
SS
In Frequency Hop Spread In Frequency Hop Spread Spectrum (FH/SS), Sender and Spectrum (FH/SS), Sender and Receiver change frequencies Receiver change frequencies
according to a schedule.according to a schedule.
FH/SS
Time Freq1 142 453 234 125 196 317 42
Time Freq1 142 453 234 125 196 317 42
Jammer doesn’t know schedule, Jammer doesn’t know schedule, so… they jam random so… they jam random
frequencies.frequencies.
FH/SS
Time Freq1 142 453 234 125 196 317 42
Time Freq1 142 453 234 125 196 317 42
Time Freq1 38, 27, 242 19, 26, 453 18, 33, 374 15, 25, 295 13, 28, 446 29, 31, 497 22, 30, 42
Problem: Jammer increases bit error rate (BER)
Solution: Error correcting codes
Frequency sequence exchanged Frequency sequence exchanged using a “secure alternate using a “secure alternate
channel.”channel.”
Time Freq1 142 453 234 125 196 317 42
Time Freq1 142 453 234 125 196 317 42
The symmetric key is any and all information that must be kept from the jammer but that both the sender and the receiver must
have access to.
What if the alternate channel What if the alternate channel isn’t so secure?isn’t so secure?
Time Freq1 142 453 234 125 196 317 42
Time Freq1 142 453 234 125 196 317 42
An informed jammer knows (or somehow obtains) the symmetric key.
They do not know any private keys - information that only the sender knows or that only the receiver knows.
An informed jammer DOES know An informed jammer DOES know schedule, so they jam the right schedule, so they jam the right
frequencies.frequencies.
Time Freq1 142 453 234 125 196 317 42
Time Freq1 142 453 234 125 196 317 42
Time Freq1 142 453 234 125 196 317 42
FH/SS
Problem: An “informed jammer” can reduce processing gain to unity.
Solution: ????
Traditional Spread Spectrum Traditional Spread Spectrum relies on shared secrets staying relies on shared secrets staying
secret.secret.
Public
Information
Private
Secrets
Shared
Secrets
Private
Secrets
The management of symmetric The management of symmetric keys is not scaleable and keys is not scaleable and cannot meet the requirements cannot meet the requirements of the GIG.of the GIG. Very small unit level (10 people)Very small unit level (10 people)
– Key Pairs: 45Key Pairs: 45 Medium unit level (1,000 people)Medium unit level (1,000 people)
– Key Pairs: ~500,000Key Pairs: ~500,000 Small theater-scale: (100,000 Small theater-scale: (100,000
people)people)– Pair Keys: 5 billionPair Keys: 5 billion
Coalition-scale: (1,000,000 people)Coalition-scale: (1,000,000 people)– Pair Keys: 500 billionPair Keys: 500 billion
An “informed jammer” can An “informed jammer” can exploit all of the shared exploit all of the shared
secrets.secrets.
Public
Information
Private
Secrets
Shared
Secrets
Private
Secrets
But how can we communicate But how can we communicate securely without shared securely without shared
secrets?secrets?First, how do we do it with shared First, how do we do it with shared
secrets?secrets?
A single key both encrypts and decrypts a A single key both encrypts and decrypts a message. message. Both sender and receiver must possess it.Both sender and receiver must possess it.Attacker must NOT possess it. Attacker must NOT possess it. An attacker can compromise the distribution An attacker can compromise the distribution process.process.
Symmetric Cryptography
Attack at dawn! Attack at dawn!
U&3ro0+wn@”}EJnSENDER RECEIVER
K K
Asymmetric Cryptography Asymmetric Cryptography simply uses two keys!simply uses two keys!
Anything encrypted with one key can only be Anything encrypted with one key can only be decrypted with the other key: P = T(T(P,A),B); P = decrypted with the other key: P = T(T(P,A),B); P = T(T(P,B),A)T(T(P,B),A)Receiver generates Receiver generates AA and and B.B.
Key A is distributed – to everyone (Public Key A is distributed – to everyone (Public Key).Key).
Key B is kept secret – from everyone (Private Key B is kept secret – from everyone (Private Key).Key).
Asymmetric Cryptography
Attack at dawn! Attack at dawn!
kO$7*jfMsi@4ifnnYSENDER RECEIVER
A B
Three of the four security Three of the four security goals can be achieved using goals can be achieved using
PKI.PKI.
GoalGoal OperationOperation SenderSender ReceiverReceiver OperatioOperationn
ConfidentialityConfidentiality EncryptEncrypt C = T(P,AC = T(P,ARR)) P = T(C,BP = T(C,BRR)) DecryptDecrypt
IntegrityIntegrity
AuthenticationAuthenticationSignSign C = T(P,BC = T(P,BSS)) P = T(C,AP = T(C,ASS)) UnsignUnsign
BothBothSignSign
EncryptEncrypt
CC00 = T(P,B = T(P,BSS))
C = C = T(CT(C00,A,ARR))
CC00 = = T(C,BT(C,BRR))
P = P = T(CT(C00,A,ASS))
DecryptDecrypt
UnsignUnsign
NOTE: This is a highly simplified description of how PKI works in the real world.
Can the bad guys jam my message?
Highly directional links or spread
spectrum
Omnidirectional SS links jammed as
easily as NB
Can the bad guys forge my message?PasswordsDigital Signatures
Can the bad guys change my message?
Hash functions, message digests,
MACsDigital Signatures
Can the bad guys read my message?
Encryption usingsymmetric
cryptography
Encryption usingasymmetric
cryptography
Confidentiality Integrity
Authenticity Availability
Security
Each goal is achievable when Each goal is achievable when the good guys share secrets the good guys share secrets
that the bad guys don’t know.that the bad guys don’t know.
If a shared secret is not available, If a shared secret is not available, a hole emerges for omnidirectional a hole emerges for omnidirectional
links.links.
What’s the point of this What’s the point of this work?work?
Concurrent codes address one Concurrent codes address one component of component of secure secure communicationscommunications::
The The availabilityavailability of the of the communications link in situations communications link in situations where where high directionalityhigh directionality and/or and/or shared secretsshared secrets are not feasible. are not feasible.
Error detecting and correcting codes are Error detecting and correcting codes are great for dealing with random noise – great for dealing with random noise – concurrent codes are designed to deal concurrent codes are designed to deal with malicious non-random noise.with malicious non-random noise.
So how is it done?So how is it done?BBC Algorithm 101BBC Algorithm 101
Encode by placing “indelible Encode by placing “indelible marks” at locations dictated by marks” at locations dictated by progressively longer prefixes of progressively longer prefixes of the message.the message.
Decode by looking for “indelible Decode by looking for “indelible marks” at locations dictated by marks” at locations dictated by progressively longer prefixes of progressively longer prefixes of the message.the message.
An “indelible mark” is a An “indelible mark” is a transmission that is very transmission that is very difficult for an attacker to difficult for an attacker to
suppress.suppress. UWBUWB
– Short of noise at a specific time.Short of noise at a specific time. FHFH
– Noise at a specific carrier frequency.Noise at a specific carrier frequency. DSDS
– Random data at a given code/offset.Random data at a given code/offset.
The mark is not data modulated – it is data placed.
No data is present in the mark – the presence of the mark is the data.
The attacker can distort the mark – as long as we can still detect it.
The attacker can add additional marks – we can deal with that.
Checksum bits appended to Checksum bits appended to message eliminate terminal message eliminate terminal
hallucinations.hallucinations.
Appended 0-bits act as checksum bits.Appended 0-bits act as checksum bits. Terminal hallucinations survive each Terminal hallucinations survive each
checksum bit at a rate equal to the checksum bit at a rate equal to the packet mark density.packet mark density.
Overall rate for k checksum bits:Overall rate for k checksum bits:
k = 19 => 1ppb at 33% density.k = 19 => 1ppb at 33% density.
Impulse-based UWB Impulse-based UWB Implementation.Implementation.
Simple receiver leaves Simple receiver leaves little for attacker to little for attacker to
attack.attack.
BBC: Sequential BBC: Sequential decoding performs depth decoding performs depth
first search in linear first search in linear time.time.
Exponential Receiver Blow-up Exponential Receiver Blow-up does not occur below 50% mark does not occur below 50% mark
density.density.
Steady-state hallucination level:Steady-state hallucination level:
Receiver effort doubled at 33% Receiver effort doubled at 33% density.density.
Receiver effort 10x at 47% density.Receiver effort 10x at 47% density. If attacker can afford to broadcast If attacker can afford to broadcast
33%, they can likely afford to 33%, they can likely afford to broadcast 100%.broadcast 100%.
Actual and predicted Actual and predicted receiver workload in very receiver workload in very
close agreement.close agreement.
Audio BBC recordings of 1 Audio BBC recordings of 1 through 4 concurrent through 4 concurrent
messages.messages.
1
2
3
4
Actual workload at 99% packet Actual workload at 99% packet density oscillates in close density oscillates in close agreement with predicted agreement with predicted
bounds.bounds.
Concurrent codes have Concurrent codes have potential applications potential applications beyond hostile jam-beyond hostile jam-
resistance.resistance. RFIDRFID
– Jamming an issue for item-level tagging.Jamming an issue for item-level tagging. MAC-less networksMAC-less networks
– Wired or wireless.Wired or wireless.– No collision detection/avoidance – just No collision detection/avoidance – just
transmit!transmit!– To prevent self-jamming, devices monitor To prevent self-jamming, devices monitor
mark density and adjust data rate accordingly.mark density and adjust data rate accordingly. Information RetrievalInformation Retrieval
– Can perform more powerful searches than Can perform more powerful searches than present techniques.present techniques.
Concurrent codes are NOT Concurrent codes are NOT Nirvana!Nirvana!
The system can still be jammed.The system can still be jammed.– As can all the others.As can all the others.
There is a penalty to be paid.There is a penalty to be paid.– As there is with the others.As there is with the others.
The goal is to not to be more jam-resistant The goal is to not to be more jam-resistant than uncompromised spread spectrum.than uncompromised spread spectrum.– It isn’t.It isn’t.
The goal is to retain a comparable level of The goal is to retain a comparable level of jam-resistance without a shared secret.jam-resistance without a shared secret.– It retains roughly half of the data rate. It retains roughly half of the data rate.
Demo ProgramsDemo Programs
JAVA Image DemoJAVA Image Demo BBC Image DemoBBC Image Demo JAVA Audio DemoJAVA Audio Demo BBC Audio DemoBBC Audio Demo