Abstract In this paper, secure channel coding schemes based on turbo codes are suggestedfor time reversal ultra wideband (TR-UWB) systems. Turbo code has the capability of errorcorrection near Shannon’s limit. Adding security to turbo code is an attractive idea sinceit could reduce the overall processing cost of providing secure coded data and enjoys theadvantages of high-speed encryption and decryption with high security, smaller encoder anddecoder size and greater efficiency. The proposed turbo code schemes are labeled as follows:secure puncturing rate, secure frame length, and secure interleaving. Using these scenarios,secure turbo code is defined in a way that the redundant information used for error correctionis not pre-determined by the nature of the error correction part of the algorithm but it canbe chosen arbitrarily out of the whole set of possible strings. The lower bound of bit errorprobability for secure turbo code schemes in AWGN and TR-UWB systems are evaluated.Analytical and simulation results show secure turbo code performance is very satisfying. Var-ious crypto-analytical attacks are investigated against these schemes. Based on this analysis,secure turbo code structures changed during the encryption procedure to increase the com-plexity of linear and differential cryptanalysis. It is seen that the performance of conventionalturbo code and random frame length with Poisson distribution are the same. Comparing theseschemes shows, secure interleaving approach has the best performance and secure puncturingrate the worst, but the latter provides the most security. The enhanced security of UWB, dueto rich multipath nature of UWB channel, could be exploited. Due to space-time focusingproperty of time reversal UWB, there is an environmental confidentiality (or spatial security),which is additional security for secure turbo code in this system. Using secure turbo code, itis possible to increase the transmission range of UWB systems.
D. Abbasi-Moghadam (B) · V. T. VakiliSchool of Electrical Engineering, Department of Telecommunications,Iran University of Science & Technology (IUST), Narmak, Tehran, Irane-mail: [email protected]
Error control and security are important aspects of modern digital communications and it isdesirable to have both in a single application. Coding has an important role when the energyefficiency is being optimized. The demand for a reliable, secure, and efficient digital datatransmission system has been accelerated by the emergence of large scale and high speedcommunication networks. Merging security and channel coding processes is an attractiveidea since it may reduce the overall processing cost of providing secure reliable data. Asecret channel coding scheme is one that provides both data secrecy and data reliability inone process to combat problems in an insecure and unreliable channel. In 1978 McElieceproposed a public-key cryptosystem based on algebraic coding theory that revealed to have avery high security level [1]. The rationale of the McEliece algorithm, that adopts a generatormatrix as the private key and one transformation of it as the public key, lies in the difficulty ofdecoding a linear large code with no visible structure. The idea behind this scheme was basedon the fact that the decoding problem of an arbitrary linear code is an NP hard problem. Anew secure channel coding scheme based on [2] introduces secret puncturing of a (parallel orserial) concatenated turbo code. It was shown that this secure puncturing scheme is vulnera-ble to key recovery attack [3]. A chosen ciphertext attack was proposed and showed that thekey is completely recoverable. A combination for a public key cryptographic system, usingturbo code and elliptic curve algorithms are suggested in [4]. Incoming data are embeddedin the interleaver process of the turbo encoder and the security is derived from the one-wayfunctions provided by elliptical curves. In this scheme, coding and elliptic curve algorithmsare serial so its complexity is high and its speed is low. Cryptocoding is one of the morerecently proposed techniques for joint error correction and encryption [5]. This technique isbased on quasigroup (Latin square) string transformation. A quasigroup of order 16 is chosenover 2480 possibilities when encoding and decoding functions are generated. The space ofquasigroup gives the security for such a technique. Although this technique achieves bothsecurity and error correction, the decoding procedure is extremely complicated and cannotbe used in a resource constrained environment.
Study of communications over large bandwidth/high delay spread channels is very prom-ising. Ultra-wideband impulse radio is a scheme that uses very narrow pulses for informationtransmission. UWB has many benefits, including high data rate, availability of low-cost trans-ceivers and low transmit power. Nevertheless the insufficient multipath energy captured bythe receiver results in a poor system range and almost no tolerance to intersymbol interference(ISI) caused by multipath delay. Traditional ISI mitigation techniques include equalization,RAKE receiver and orthogonal frequency-division multiplexing (OFDM), and all of them areexpensive solutions that use coherent detection and require channel estimation at the receiv-ers. Normally a high data rate means a system with high complexity thus more expensive.The temporal focusing feature of time reversal UWB can soften the impact of ISI, while thespatial focusing feature can be utilized to transmit information to an intended location withlimited signal leakage at other locations [6]. Time reversal takes advantage of rich scatteringenvironments to achieve signal focusing both temporally and spatially. Due to the Shannonlimit approaching performance, turbo codes are expected to play a key role in UWB systems.Turbo codes make it possible to increase data rate without increasing the power, or thesecodes could be employed to decrease the amount of power for a certain amount of data rate.The main challenge in implementing turbo codes in the UWB systems is the consequent com-plexity consideration in spite of high bit error rate (BER) and savings in transmission powerconsumption as pointed out above. One approaches for reducing the complexity of turbocode UWB system is turbo code TR-UWB. UWB is somewhat inherently secure, because
its low output power and short pulses make its transmission appear to be white noise froma distance. Nevertheless, UWB signals could be listened by a determined attacker who islocated close to the transmitter; this requires the use of security algorithm.
In this paper, the weakness of [2] is explained first and then some methods are proposedto overcome the weak features. Also application of these schemes in TR-UWB system isevaluated for the first time. The main features of the current paper are as follows:
• Secure turbo code based on secure puncturing rate, secure interleaving, secure frame lengthand dynamic structure are proposed.
• Performance of all cases is analyzed based on code and channel parameters.• Security level of these schemes is evaluated and compared with standard RSA (Rivest,
Shamir and Adleman), Elliptic curve and advanced encryption standard (AES) algorithms.• The time delay of proposed schemes are computed and compared with separate imple-
mentation of coding and cryptography.• Secure turbo code schemes are used in TR-UWB systems and its performance are analyzed.
Also range extension of proposed scheme is shown by simulation.
The paper is organized as follows. The second section gives the secure turbo code schemesand their performance analysis. Then security of these schemes is investigated in Sect. 3 andits overall delay is presented in Sect. 4. In Sect. 5, application of secure turbo code schemesin TR-UWB systems are presented. Finally, in Sect. 6 analytical and simulation analysisof secure turbo code schemes are presented. A concluding summary in Sect. 7 containsstatements to the key contributions of this paper.
2 Secure Turbo Code Schemes
Turbo code has raised great interest in the coding community with its astonishing perfor-mance. Its encoder is formed by two or more constituent recursive systematic convolutional(RSC) encoders joined by interleaver. The input information bits feed the first encoder and,after having been scrambled by the interleaver, enter the second encoder. Adding securityto channel coding is an attractive topic, as it could reduce the overall processing cost ofproviding secure encoded data. A secret channel coding scheme is one that provides bothdata secrecy and data reliability in one process, to deal with problems in an insecure andunreliable channel.
An adaptive secure channel coding scheme was proposed based on secret puncturing ofa (parallel or serial) concatenated turbo code and adaptation with channel noise conditions[2]. In this scheme when the channel state is bad, the transmitter picks more redundant bitsfor protection. As the channel condition gets better, less redundancy is needed for protection.The proposed puncturing scheme uses linear feedback shift register. This scheme is basedon a pseudo-random number generator algorithm for selecting N bits from M turbo encodedbits. The weakness of this proposal is that the code sequence bits generated by linear feed-back shift register (LFSR) can be recovered by Berlekamp-Massy algorithm. As a result, theuser’s signal could be recovered through various signal separations and extraction algorithms.Furthermore it was shown that this secure puncturing scheme is vulnerable to key recoveryattack [3]. A chosen ciphertext attack was proposed on the mentioned scheme. In this method,having Lc/log MC chosen ciphertexts obtained from puncturing output of a code with lengthMC by a linear shift register with length Lc, whole key can be exposed. Furthermore, if theproposed scheme uses non-linear shift register, inner state of the non-linear shift register is
Fig. 1 Dynamic Secure turbo code based on cryptographic system
found by having
(NC
log MC
)/(NC − log MC + 1) number of ciphertexts, where NC is the
length of ciphertext. Considering linear/non-linear shift registers and fixed structure of thecode, the key is precisely revealed. In this paper, following methods is proposed to overcomethe mentioned weak points.
(1) Since mentioned attacks are based on linear or non-linear shift registers, a method isproposed which takes advantage of AES cryptography; therefore, resistance againstthese attacks is greatly increased (Fig. 1).
(2) To increase immunity of the proposed method against attacks, a dynamic scheme isproposed and analyzes in individual subsections. In section III, security of proposedschemes are discussed and shown that finding structure of the dynamic code is difficultand attacks based on redundancy are an NP-complete problem and barely will succeeddue to the changing structure of the code.
(3) Presuming a code with length greater than 600 bits, probability of having Hammingcode with small distance is significantly decreased. Thus, the code is immune againstthese attacks and performance of the system is enhanced.
(4) In addition, a look-up table is used and weak Hamming codes with small distances fromthis table are eliminated.
As simulation results show in Sect. 6, considering these steps may lead to degradation inperformance. However, this degradation is not considerable, for example, required signal-to-noise ratio (SNR) of the dynamic structure for BER = 10−5 is 1dB more than the proposedsecure coding based on variable rate.
In this section, secure turbo code schemes are discussed and their performance are ana-lysed in additive white Gaussian noise (AWGN) channel. The advantages of these schemesare reliable security without requiring a large size key and high efficiency of data transmissionsystem.
123
Enhanced Secure Error Correction Code Schemes 407
2.1 Secure Puncturing Rate
The first scheme of secure turbo code is based on secure puncturing rate; in this schemepuncturing rate and its puncturing matrix is changed by nonlinear shift register. Secure punc-turing matrix which is introduced in [3] is a special case of this scheme in which code rateis not changed.
The bit error rate of the channel depends on the instantaneous receiver SNR, code rate,frame length (K ) and constraint length (υ). An estimated error-floor bound (free-distanceasymptote) for the bit error probability over AWGN channel in parallel concatenated convo-lutional code (PCCC) turbo code and secure puncturing matrix may be considered as follows[2]:
Pb(e) ≥ N f reeW f ree
KQ
(√2d f ree R
Eb
N0
)(1)
where d f ree is the free distance of the code, N f ree is the number of code words with outputweight d f ree, W f ree represents the weight of input sequence associated with output weightd f ree, K is the input block length, R is the code rate and Eb
N0is the bit energy to noise density
ratio.The bit error probability bound of serial concatenated convolutional code (SCCC) turbo
code for high EbN0
is given by [7],
Pb(e) ≤ Bm K 1−d f ree × exp
(−hm R
Eb
N0
)(2)
where, Bm is a constant, hm is the minimum weight of code words.For free distance of the outer code (do
f ree), Pb(e) is
Pb(e) ≤
⎧⎪⎪⎪⎨⎪⎪⎪⎩
Beven K−di
f ree2 × exp
(− do
f reedi
f,e f f2 R Eb
N0
)do
free is even
Bodd K−do
f ree2 exp
(−
[(do
f ree−3
)di
f,e f f2 + h′
m
]R Eb
N0
)do
freeis odd
(3)
where h′m is the minimum weight of sequences of the inner code generated by a weight–
input sequence, dif ree is the free distance of the inner code.
Obviously, the lack of knowledge about the frame length along with the presence ofrandom puncturing matrix improves the security of the proposed system even further withrespect to secure puncturing matrix. Secure turbo code performance varies according to thedistribution of R. If probability density function (PDF) of R is fR(r), then BER of Eq. 1 (thebest performance) will be:
Pb(e |R ) ≈ N f reeW f ree
KQ
(√2d f ree R
Eb
N0
)(4)
Pb(e) ≈ N f reeW f ree
K
1∫0
Q
(√2d f reer
Eb
N0
)fR(r)dr (5)
123
408 D. Abbasi-Moghadam, V. T. Vakili
Assuming
γ = Eb
N0(6)
Substituting (6) in (5)
Pb(e) ∼= N f reeW f ree
K
∫r
Q(√
2d f reerγ)
fR(r)dr (7)
An alternative representation for Gaussian Q-function is [8]
Q(x) = 1
π
π/2∫0
exp
(− x2
2 sin2(θ)
)dθ, x > 0 (8)
Substituting (8) in (7)
Pb(e) ≈ N f reeW f ree
Kπ
∫r∈R
π/2∫0
exp
(− d f reeγ
sin2(θ)r
)fR(r)dθdr (9)
Remembering that φ(s) = E (esx ) = ∫esx fX (x)dx is moment generating function,
where fX (x) is the PDF of x , therefore Pb(e) will be
Pb(e) ≈ N f reeW f ree
Kπ
π/2∫0
φ
(− γ d f ree
sin2(θ)
)dθ (10)
We can obtain the following upper bound by noting that the integral is maximized forsin2(θ) = 1, so that
Pb(e) ≤ N f reeW f ree
2K
∫r∈R
exp(−d f ree γ r
)fR(r)dr (11)
or
Pb(e) ≤ N f reeW f ree
2Kφ
(−d f ree γ)
(12)
For uniform distribution of R in interval of [a , b], Pb(e) is
Pb(e) ≈ N f reeW f ree
2K (b − a)d f reeγ(e−ad f reeγ − e−bd f reeγ ) (13)
If [a, b] = [0, 1], Pb(e)is
Pb(e) ∼= N f reeW f ree
2K d f reeγ(1 − e−d f reeγ ) (14)
It is observed that the error rates decrease almost inversely with SNR. In contrast, the decreasein error rate on a secure puncturing rate turbo code with low variance is exponential in termsof SNR. This means that, on a system with high variance puncturing rate, the transmittermust transmit a large amount of power in order to obtain a low probability of error.
By the same way, performance of a secure SCCC turbo code is
Pb(e) ≤ Bm K (1−d f ree)φ (−hmγ ) (15)
123
Enhanced Secure Error Correction Code Schemes 409
Equations 14 and 15 show that the performance of secure puncturing rate is not as good asthe conventional turbo code and its performance degrades due to low free distance of somepunctured matrix.
2.2 Secure Frame Length
This scheme is based on random frame length. Large frame length will increase complexity.By randomly changing frame length, security is enhanced dramatically. In this scheme BERof PCCC turbo code is
Pb(e) ≤Nc∑
d=1
A(d)P(d) (16)
where Nc is block length of turbo codeword, A(d)is the number of codeword with Hammingdistance d , and P(d) is decoding error probability of a codeword with weight d. By averagingover all possible interleavers, average weight distribution is obtained by Vucetic et al. [9]
A(d) =N ′∑
i=1
(N ′i
)p(d |i ) (17)
where p(d |i ) is the probability that an input codeword with Hamming weight i produces acodeword with Hamming weight d, N ′ is the interleaver size. The average upper bound forbit error probabilities is given by
P(d, i) ≤N ′∑
i=1
n∑d=d ′
f ree
(N ′i
)i
N ′ p(d |i )p(d) (18)
where d ′f ree
is a minimum distance between codewords. For secure random code length withPN (n) distribution, upper bound of BER (Eq. 18) is
Pb(e) =∑
n
P(d, i |n )PN (n) (19)
Pb(e) ≤∑
n
n∑d=d ′
f ree
N ′∑i=1
i
N ′
(N ′i
)p(d |i )p(d)PN (n) (20)
Alternatively, performance for high EbN0
could be approximated by combining Eqs. 1 and 8.Therefore,
Pb(e |K ) ≈ N f reeW f ree
KQ
(√2d f ree R
Eb
N0
)(21)
Pb(e) ≈ N f reeW f ree Q(√
2d f ree Rγ)∑
n
1
nfN (n) (22)
We know that �(z) = E (zn) = ∑n zn fN (n) is moment generating function [10] and
Using a similar method, Pb(e) for combined secure frame length and secure puncturing ratein SCCC turbo code is
Pb(e) ≈ N f reeW f ree
2φ
(−d f reeγ) 1∫
0
�(z)dz (25)
If K is a Poisson variable with parameter λ then Pb(e)of secure frame length is
fK (k) = P(x = k) = e−λ λk
k! , k = 0, 1, 2, . . . (26)
Then
Pb(e) ≈ N f reeW f ree × (1 − e−λ)
λQ
(√2d f ree Rγ
)(27)
If code length is large enough, then e−λ ≈ 0 and Eqs. 27 and 1 are the same for λ =K , therefore the code performance is not degraded. Hence it could be concluded that theperformance of secure turbo code based on random frame length with Poisson distributionand high Poisson parameter (λ) is the same as conventional turbo code.
For SCCC, Pb(e) is
Pb(e) =∑
K
Pb(e |K )P(K ) ≤ Bm exp
(−hm R
Eb
N0
) ∑K
K (1−d f ree)P(K ) (28)
If K is a uniform random variable in interval [a, b], then
Pb(e) ≈ N f reeW f ree
b − aQ
(√2d f ree Rγ
) b∑K=a
1
K(29)
In mathematics,∑n
k=11k is the n-th harmonic number, it is shown that [11]
Hn =n∑
k=1
1
K≈ ς + ln(n) + 1
2n− 1
12n2 + 1
120n4 (30)
whereς = 0.57722.Substituting (30) in (29) Pb(e)is
Pb(e) ≈ Hb − Ha
b − aN f reeW f ree Q
(√2d f ree Rγ
)(31)
where Ha and Hb is the a-th and b-th harmonic numbers respectively. For SCCC turbo codeand uniform frame length,
Pb(e) ≈ Bm
b − aexp (−hm Rγ )
b∑K=a
K (1−d f ree) (32)
123
Enhanced Secure Error Correction Code Schemes 411
The generalized harmonic number of order n of m is given by [11]
Hn,m =n∑
k=1
1
km(33)
Substituting (33) in (32), Pb(e) is
Pb(e) ≈ Hb,1−d f ree − Ha,1−d f ree
b − aBm exp (−hm Rγ ) (34)
In the limit as n → ∞, the generalized harmonic number converges to the Riemann Zetafunction, i.e. ζ(.).
b∑K=a
K (1−d f ree) < ζ(1 − d f ree) =∞∑
K=1
K (1−d f ree) (35)
Therefore Pb(e) is
Pb(e) ≤ Bm
b − aζ(1 − d f ree) × exp (−hm Rγ ) (36)
For d f ree = 2 Riemann Zeta function is equal to generalized harmonic number and ford f ree ≥ 3, ζ(1 − d f ree) < 1.645, hence for secure frame length SSCC turbo code, Pb(e)will be
Pb(e) ≤ 1.645Bm
b − aexp (−hm Rγ ) (37)
As it is seen from (37) performance is degraded, but for high SNR, performance of conven-tional turbo code and secure frame length with Poisson distribution are the same.
2.3 Adding Security by Random Interleaving
In a turbo code scheme, interleaving is employed before the information data is encoded bythe second component encoder. The first role of the interleaver is to construct a long randomcode, because long codes can approach the Shannon capacity limit. Second, the interleaverbreaks low-weight input sequences. A turbo code interleaver is designed to transform low-weight parity sequences of the first constituent code into high-weight parity sequences ofthe second constituent code, with high probability. Hence, it increases the turbo code freeHamming distance and reduces the number of lower weight codewords in the code distancespectrum [9]. The final function of the interleaver is to spread the outputs from one decoderto provide the other decoders with less correlated inputs. This improves the performance ofthe iterative decoding algorithm. We can improve security by random interleaving process. Ithas been shown in [1,8] that the pseudorandom property of interleaver is an important factor,especially for large interleaver sizes. The effects induced by changing the interleaver structureat low SNR region are not significant. At high SNRs, the interleaver structure determines thecode performance. The size and the type of interleaver structure affect the code performance.If the interleaver was truly random, it would be extremely difficult for an attacker to estimateit using other than a brute- force search. In proposed secure turbo codes, before applyingpuncturing process, output of RSCs (in turbo coder branch) are scrambled in order to enhancesecurity. This procedure and interleaver act as a diffusion step which helps improving thesecrecy of the overall system. The lack of knowledge about interleaver improves the securityof the proposed system against ciphertext-only, linear and differential attacks.
The security of the proposed schemes lies in the fact that the unauthorized decoder does notknow some information which is necessary for decoding. The desired security level can beobtained by just setting appropriate values for the parameters of the turbo code cryptosystem.The highest level of security is obtained when all the parameters are kept secret, since thisincreases the complexity of any cryptanalytic attack. The security of these systems is based onexhaustive search on the key space and the turbo decoding of a random punctured sequence.
For decoding attacks on secure puncturing matrix scheme [3], the basic problem to besolved is decoding a punctured sequence without knowing the puncturing pattern. Becauseof linearity in secure turbo code, all possible cases for secure puncturing matrix scheme aresmaller than
key_space ≤ (M)N = M !N !(M − N )! (38)
where ! denotes factorial and M, N are punctured and unpunctured data length respectively.As mentioned in Sect. 2, all possible cases is very smaller than(M)N .
Number of all possible cases for random interleaving turbo codes is L I !, where L I is theinterleaver length. Computation of this number for random puncturing rate (NR) is compli-cated and dependent on frame lengths. Secure puncturing rate has a good security becauseboth puncturing rate and puncturing matrix are random. By comparison of different secureturbo code schemes, it is seen that secure puncturing rate coding has the best security andsecure frame length without consideration of random puncturing matrix is the worst.
Finally, it is suggested, unlike most of the symmetric cryptosystems that have been pro-posed and studied in the literature, secure turbo code structures change during the encryptionprocedure (or combination of all schemes). The purpose of adding such properties to a secureturbo code is thus to increase the complexity of linear and differential cryptanalysis. The high-est level of security is obtained when all the parameters are kept secret, since this increasesthe complexity of any cryptanalytic attack. For a dynamic secure turbo code with M, N andL I parameters, all possible cases are more than
key_space = L I !M !(M − N )!N ! =
√2π L I M(L I )
L I M M
√(M − N )NeL I (M − N )M−N N N
(39)
Let us consider M = 1000, N = 400 and L I = 333, then there will be over 10982 possiblecode pattern. Due to the poor distance properties and resultant performance & security deg-radation associated with short length turbo codes, at low data rates we consider both randominterleaver and data input blocks to have length, at least, of 600 bits. Using these scenarios,secure turbo code is defined in a way that the redundant information used for error-correctionis not pre-determined by the nature of the error-correction part of the algorithm but it canbe chosen arbitrarily out of the whole set of possible strings. Furthermore a look-up table isused and weak Hamming weight codes with small distances from this table are eliminated.
Figure 1 presents combination of a cryptographic system such as elliptic curve (ECC) orAES algorithm and a turbo code. Incoming data is embedded in the interleaver process ofthe turbo encoder and its security is derived from cryptographic system and dynamic code.Secure turbo codes with LFSR/NLFSR and static structure are vulnerable in chosen plaintextattack, so we proposed dynamic turbo code. Using combination of a cryptographic system andturbo codes, the complexity of such cryptanalysis increased dramatically. This system has theadvantages of high-speed encryption and decryption with high security, smaller encoder anddecoder size and greater efficiency. Security levels for proposed schemes (dynamic structure
123
Enhanced Secure Error Correction Code Schemes 413
Table 1 Computationallyequivalent key sizes (in bits)
AES ECC RSA Turbo/AES
80 163 1024 65
128 283 3072 110
192 409 7680 167
256 571 15360 234
with M=1000, N=600, υ = 4 (on the average)) and standard RSA, Elliptic curve and AESalgorithms are summarized in Table 1. For the same level of resistance against the best knownattacks, the system parameters for a turbo/AES system can be chosen to be much smallerthan the parameters for RSA [3]. For example, a turbo/AES over a 65-bit gives the same levelof security as a 1024-bit RSA modulus. The difference becomes even more dramatic as thedesired security level increases. For example, 234-bit turbo/AES is equivalent in security to15,360-bit RSA. The fact that the encoding system is intrinsically secure introduces moresecurity to the whole system.
Loss of synchronization in these schemes is fatal. If the shift registers required for theencryption and the decryption are not identical, then the recovered plaintext will be gibberish.Also secure turbo code is the best choice in an error-prone environment, because it has errorcorrection capability. If a bit is added or lost from the ciphertext stream, then all subsequentblocks are shifted one bit out of position and all subsequent ciphertext will decrypt incorrectlyunless there is some kind of frame structure to realign the block boundaries. It is obvious thatCiphertext will be longer than plaintext.
Considering the space-time focusing property of TR-UWB, low spatial focusing gainof TR-UWB system at distance d away from the intended receiver, indicates that a nearbyreceiver at that location would not be able to detect the signal. It was shown that the direc-tivity drops by 10 dB when the unauthorized receiver is 20 cm away from the authorizedreceiver [12]. Therefore, if a reasonable distance separates the eavesdroppers from each ofthe authorized users, the channel impulse response is a source of unique and secret infor-mation between those users. So the channel of each transceiver pair can be viewed as beingindependent and therefore environmental confidentiality (or spatial security) is provided,which is additional security for secure turbo code in this system. Besides prefilter (h∗(−t)) israndom in nature which makes eavesdropping more difficult. Even though the eavesdroppingmay acquire the prefilter information during the feedback stage of the, the attacker has toovercome a serious ISI effect in order to decode the received data correctly in other locations.
4 Overall Delay
The secure turbo code delay depends on processor performance and proposed schemes com-plexity. The secure turbo code complexity depends on code parameters such as frame length,constraint length, decoding algorithm and iteration number of decoding. The encoding com-plexity can be safely neglected, because the encoders consist of simple shift registers. Theoverall complexity of a turbo decoder depends on how efficient the decoding algorithm isimplemented. The MAP decoding is not a practical algorithm for implementation in realsystems. The logarithmic version of the MAP algorithm such as Log-MAP, Max-Log-MAPand the Soft Output Viterbi Algorithm (SOVA) are the practical decoding algorithms forimplementation [13]. SOVA has the least computational complexity and the worse bit errorrate performance among these algorithms, while the Log-MAP algorithm has the best BER
performance. It was shown that, decoder complexity has an exponential form in terms of con-straint length [13]. The computational complexity of the iterative decoders also is linearlydependent on the number of iterations performed for the decoder. Furthermore the complexityof encryption algorithm should be added to proposed turbo code complexity. This complexitydepends on used encryption algorithm.
If time delay of cryptographic system is tcr ypt then the overall delay of proposed secureturbo code schemes, due to parallel processing, is
ttot = max{td , tcr ypt
}(40)
Time delay of a conventional procedure, first encryption then coding, is
ttot = td + tcr ypt (41)
By comparison of (40) and (41) it is seen that, secure turbo code schemes has the advantagesof high-speed encryption and decryption.
It can be shown that for a turbo code with N=1000, R=1/2, υ = 3, 50 Mbit data anditeration number of 5, the maximum code delay is 4 sec and for an AES encryption with keylength of 192, the overall delay is 0.15 sec on a Pentium 4 & 2.1 GHz, and the time delayof secure turbo code schemes is 4.0 sec but the time delay of a conventional procedure is4.15 sec, therefore the proposed system is %4 faster. For complicated system such as ECCthe proposed system is also faster. It can be shown that for an ECC with key size of 163 andrate of 10 Mbps, ECC delay is 0.406 s [14] and for turbo code with the same rate, time delayis 1.12 s, therefore the ECC/Turbo code system is %26 faster than conventional system. Itis possible to increase data rate by using ASIC technology. ASIC technology in compari-son with FPGA has the advantage of simplicity and higher speed per cost, therefore ASICtechnology is an appropriate choice for implementing proposed secure turbo code. Hencethe secure turbo code can be implemented with high data rate by using ASIC technology orFPGA technology such as Virtex-5 and Virtex-6.
It could be concluded that, in a same security level, complexity of proposed secure turbocode is less than conventional system due to its smaller key size. Also because of parallelprocessing in secure turbo coded schemes, overall delay of proposed schemes decreases incomparison with conventional systems. Hence secure turbo coded schemes have the advanta-ges of high-speed encryption and decryption with high security, smaller encoder and decodersize and greater efficiency. In a conventional method, if there is even a single error in thereceived ciphertext (after channel decoding), there will be a huge number of errors in thedecrypted plaintext, whereas, in the proposed scheme, it is not so.
5 Applications of Proposed Schemes in TR-UWB Systems
When dealing with wireless communication such as UWB systems, information should beprotected by using cryptographic techniques. Based on authors knowledge, up to now, there isnot any suggestion for security techniques applicable to UWB systems. The other challengeof UWB system is its low transmission range and complex receiver. It was shown that in orderto capture most part of received energy (%85) in high SNR transmission, a rake receiver with120 fingers is required. A rake receiver with more than 3–5 fingers will lead to an exponen-tial increase in complexity because multipath acquisition, multipath tracking, and channelestimation consume too much processing resources [15]. Suboptimal schemes such as timereversal UWB system is proposed to perform successful multipath energy capture. Further-more TR-UWB has an inherent security level due to its spatial focusing property. According
to the experimental result [16], the spatial correlation between two TR-UWB channels isless than 0.01 if two receivers are separated by more than 20 cm. Thus, the channel of eachtransceiver pair can be viewed as being independent. The TR pre-filter that is random innature can be used to encode every transmit symbol, which makes eavesdropping more diffi-cult. Based on these reasons we propose secure turbo coded TR-UWB for data transmission,which possesses increased transmission range, low power and very high secured data.
In this section performance of secure turbo code scheme in TR-UWB system is ana-lyzed. A TR-UWB system uses the channel impulse response as transmit prefilter [16–18].The transmitted time-reversed signal retraces its path through the channel, resulting in anautocorrelation of the response being received.
where x(t) is the transmitted signal and heq(t) = Rauto(t) is the channel autocorrelationfunction.
Using signal and noise equation, for SISO TR-UWB system and second order derivativeGaussian pulses as the transmitted pulse [15], and doing some simplification, SNR is:
SN R = (0.29/BW + a)
T
Eb
N0(43)
where a is a constant and T is delay spread of UWB system.However, TR alone may not effectively reduce the channel delay spread, considering
the fact it maximizes the peak amplitude but does not impose any constraint at its sidelobelevels. For multiple input/single output (MISO) TR-UWB with Mt transmitting antenna,heq-M I SO (t) is:
heq-M I SO (t) =Mt∑
k=1
h∗k(−t) ⊗ hk(t) (44)
For MISO TR-UWB with symbol rate less than coherence bandwidth and uncorrelated scat-tering property, we have
SN R = Mt × (0.29/BW + a) Eb
T N0(45)
where Mt is the number of transmitted antennas. As it is seen, in this scenario a gain of10 log(Mt ) dB can be achieved by using an MISO system.
For symbol rate greater than coherence bandwidth ISI occurred, so signal to interferenceratio (SINR) is [15]:
SINR = Mt × (0.29 + a × BW ) Eb
T × N0 × BW + L0×0.29
2T(
exp(
TsT
)−1
) Eb(46)
where L0=Min ( 2d/λ� + 1, Mt − 1) , λ is the central wavelength and d is the spatial focus-ing depth (the focusing depth is circular and its size is about λ/2 for wideband signals, 2λ
for SISO-UWB systems and smaller than λ/2 for MISO and MIMO-UWB [12,17], so forwideband signals and MISO/MIMO UWB system L0 will be 1 and for SISO-UWB signalsL0 = 2). For indoor application, due to wide despreading angle of arrival, d is smaller thanλ/2, therefore L0 = 1. As it is seen from (46), with increasing bandwidth (or symbol rate),this gain reduces to10 log(Mt/L0).
By substituting (45) and (46) in (12) the lower bound of bit error probability for secureturbo codes in ISI and without ISI scenario is computed. Analytical performances of secureturbo code schemes in SISO TR-UWB are similar to AWGN but SNR replaced by (43).
6 Coding Analytical and Simulation Results
In this section, analytical and simulation results of secure turbo code schemes are presented.In all figures, four iterations have been considered (excluding Fig. 3), constraint length isthree, and number of transmitter and/or receiver antennas is four. It should be noticed thatfor Figs. 2, 3, 4, 5, 6, and 7, the assumed channel is AWGN and signalling format is binaryantipodal.
Figure 2 shows the code rate versus Eb/N0 for secure turbo codes in AWGN and MISO-TR UWB channel, assuming BE R = 10−5. As it could be seen, by decreasing coderate, Eb/N0 enhances dramatically but its security degraded due to added redundancy bits.
Fig. 2 Code rate versus Eb/N0 for secure turbo codes in BE R = 10−5 for AWGN and MISO-TR (analytical)
Fig. 3 Comparison of secure turbo code and convolutional coding in AWGN channels (simulation)
123
Enhanced Secure Error Correction Code Schemes 417
Fig. 4 Secure SCCC turbo code based on Random Rate scheme in AWGN (analytical)
Fig. 5 Secure turbo code performance based on random puncturing rate with uniform distribution (analytical)
Performance of secure turbo code based on secure puncturing matrix in AWGN channels isshown in Fig. 3. This code has 3 dB gains relative to convolutioal code with same complexityin SNR of 10−3 and frame length of 1000. It is noticeable that, increasing number of iterationsand code length could enhance the performance dramatically. For example in turbo code withd f ree = 5, W f ree = 2 and N f ree = 3, K = L = 1024 and different puncturing rate, Pb(e)is shown in Fig. 4, as it is seen secure puncturing rate coding for uniform distribution in[0.5, 1] degraded 1 dB (Relative to conventional turbo code). Figure 5 shows the perfor-mance of secure turbo code based on random puncturing rate with uniform distribution fordifferent varying ranges [a, b]. In order to have a satisfying performance we can concludethat in [0, 1] and B E R = 10−5, SNR should be greater than 19 dB and for B E R = 10−4,SNR should be greater than 10 dB. It is obvious that when the variance of puncturing rate
Fig. 6 Secure turbo code based on random frame length in AWGN (simulation)
Fig. 7 Mismatch interleaving effects in secure turbo codes with L=1000, r=1/2 (simulation)
decreases, the performance is enhanced, though the security is deteriorated. The reason forthis phenomenon is when the variance of puncturing rate decreases, the number of codeswith short hamming distance will be also reduced, resulting in a performance enhancement.Simulation results for the turbo codes based on random frame length are shown in Fig. 6. Asit is seen, performance of conventional turbo code and random frame length with poisons dis-tribution are nearly the same. Furthermore it should be noticed that for uniform distributionwith greater variance, the performance is degraded because of smaller Hamming distance.Figure 7 shows the mismatch effects between interleavers of the transmitter and receiver onturbo code performance. The figure shows the decoder bit error rate for an interleaver sizeof 1000 bits. If the interleaver is known exactly at both transmitter and receiver, error-freetransmission can be achieved; otherwise, an irreducible error floor appears such high errorrates due to interleaver mismatch can make the process of retrieving the original data impos-sible.
Comparison of the proposed schemes with conventional turbo coding scheme is shownin Fig. 8. As it is seen, secure interleaving performance is better than conventional turbo
123
Enhanced Secure Error Correction Code Schemes 419
Fig. 8 Comparison of different proposed schemes in AWGN with υ = 3, K=1000, R=1/2, iter=4 (simu-lation)
Fig. 9 Secure turbo code based on secure puncturing rate performance in TR-UWB with L=1000 and forSISO and MISO (Simulation)
code and the performance of random frame length and random puncturing rate is worse thanconventional turbo code.
In Figs. 9, 10, and 11, the assumed channel is TR-UWB and signaling format is PAM.Simulation performance of secure turbo code in SISO and MISO TR-UWB communicationsystems is shown in Fig. 9. By comparison of uncoded data and MISO-TR secure turbocode a gain of 6 dB is achieved in BER of 10−3. Comparison of secure turbo code with10% puncturing rate and Reed-Solomon shows that a gain of nearly 4 dB is achieved inBER of 10−4. Evaluated and simulated results for bit error probability of the secure turbocode in SISO and MISO TR-UWB are presented in Fig. 10. As it is seen for SNR=5dB, MISO TR-UWB with 10% puncturing rate is 100 times better than SISO TR-UWB.Figure 11 also shows that in higher SNR, simulated results approach to bit error probabilitybound. As it was noted, the performance of secure frame length in AWGN channel is the same
123
420 D. Abbasi-Moghadam, V. T. Vakili
Fig. 10 Secure SCCC turbo code schemes in SISO and MISO TR-UWB, average frame size is 2750(analytical)
Fig. 11 Comparison of different random interleaver turbo code schemes performance in MISO TR-UWBwith L=1000, puncturing=33% (simulation)
as conventional turbo code and it was shown analytically that the same result will be obtainedin TR-UWB channel. Comparison of different secure turbo code schemes performances inMISO TR-UWB is illustrated in Fig. 11. It could be seen that secure interleaving has the bestperformance and secure puncturing rate is the worst. Comparison of secure interleaving andsecure puncturing rate shows that a gain of nearly 2 dB is achieved in BER of 10−5. Also itis observed that secure interleaving has a gain of 0.8 dB relative to secure puncturing matrix.Figure 12 shows range increment, using coding schemes (coherent) such as Reed Solomon,convolutional, turbo code and non coherent MISO turbo code in LOS and NLOS UWBchannels. It is seen that turbo codes provide a 60% increase in range relative to uncoded.Simulation result shows that MISO TR provides a 50% increase in range in the worse case(NLOS). It could be concluded that the propagation channel impresses less attenuation on
123
Enhanced Secure Error Correction Code Schemes 421
Fig. 12 Increase in range by using of different coding scheme in TR-UWB channel and BER of 10−4
the transmitted signal and in turn the received power will be higher when TR is used. Con-sidering these figures, the advantages/disadvantages of different secure turbo code schemesin AWGN and TR-UWB channel could be extracted. These results suggest that the securechannel coding and time reversal can significantly extend the communication range withoutconsuming extra transmitted power. To apply for the UWB channel, the turbo decoder shouldbe modified to incorporate the UWB channel characteristics. Finally for TR-UWB system asecure turbo coded with υ = 3, mean length of 1000, code rate (or mean rate) of 1/2, iterationnumber of 4 and SOVA or Max-Log-MAP decoding algorithm is proposed.
7 Conclusion
Secure coding schemes combine data encoding and data encryption into one process. Inthis paper, the design and modelling of secure turbo code schemes in TR-UWB systemwere investigated along with their performance analysis and simulation. Analytical and/orsimulation results show that code performance is degraded slightly and level of security isdramatically enhanced compared to conventional coded transmission systems. The securityof these schemes is based on exhaustive search on the key space and the dynamic secure turbodecoding structure. Considering various crypto-analytical attacks against these schemes, itcould be concluded that security level of secure puncturing rate is higher than others. The ideaof combining these proposed schemes were proposed and analyzed, illustrating much higherlevels of security without a noticeable increase in complexity. In return, due to dynamicstructure of this combined scheme, the complexity of standard cryptanalytic attacks such aslinear and differential cryptanalysis is increased. Mixing of cryptographic systems such asAES, ECC and combined turbo code scheme enhances the immunity of this code against cho-sen plaintext attack, because the probability of encountering the codes with short hammingdistance will be reduced. Considering time-space focusing of TR-UWB, an environmentalconfidentiality or spatial security is added to secure turbo code systems. These schemes havethe advantages of high-speed encryption and decryption with high security, smaller encoderand decoder size and greater efficiency.
From performance point of view, at first, QOS of different secure turbo code schemesin AWGN channel were analyzed, simulated and compared. It was observed that the per-formance of secure frame length is the same as conventional turbo code. Simulation andanalytical results show that in a same code rate, secure interleaving has better performance
123
422 D. Abbasi-Moghadam, V. T. Vakili
and secure puncturing rate is the worst in both SISO and MISO. It is seen that for secureinterleaving MISO-TR, a gain of 1 dB is achieved for BER of 10−4. Comparison of securepuncturing rate turbo code (10%) with Reed-Solomon shows that a gain of nearly 4 dB isachieved for BER of 10−4. Secure interleaving scheme has a gain of 2 dB over secure framerate scheme while the former shows 0.8 dB gains over puncturing matrix for BER of 10−4.Using combination of those schemes (dynamic structure), it is expected to have a degradationof 1 dB in performance.
Acknowledgements The authors would like to thank ITRC (Iran telecommunication Research Center) fortheir invaluable assistance and funding for this research.
References
1. McEliece, R. J. (1978). A public-key cryptosystem based on algebraic coding theory. JPL DSNProgress Rep.
2. Payandeh, A., Ahmadian, M., & Aref, M. R. (2006). Adaptive secure channel coding based onpunctured turbo codes. IEE Proceeding-Communications, 153(2).
3. Orumiehchi, M. (2007). Key recovery attack on adaptive secure channel coding. In 3th informationand knowledge technology conference (IKT07), Mashhad, Iran, 26–28 (in Persian).
4. Magli, E., Grangetto, M., & Olmo, G. (2007). Joint source, channel coding, and secrecy. EURASIPJournal on Information Security, 79048, 7. doi:10.1155/2007/79048.
5. Gligoroski, D., Knapskog, S., & Andova, S. (2006). Cryptcoding—Encryption and error correctioncoding in a single step. In International conference on security and management (SAM 2006), LasVegas, Nevada, USA, 26–29.
6. Guo, N., Qiu, R. C., & Sadler, B. M. (2005). An ultra-wideband autocorrelation demodulation schemewith low-complexity time reversal enhancement. In Proceedings of IEEE MILCOM’05, Atlantic City,NJ, 17–20.
7. Benedetto, S., et al. (1998). Serial concatenation of interleaved codes: Performance analysis, design,and iterative decoding. IEEE Transactions on Information Theory, 44(3).
8. Craig, J. W. (1991). A new, simple and exact result for calculating the probability of error fortwo-dimensional signal constellation. In Proceedings of IEEE military communications conference(MILCOM) (pp. 571–575).
9. Vucetic, B., Li, Y., Perez, L. C., & Jiang, F. (2007). Recent advances in turbo code design and theory.Proceedings of the IEEE, 95(6)
10. Papoulis, A., & Pillai, S. U. (2002). Probability, random variables and stochastic processes (4th ed.).NY: McGraw-Hill.
11. Ireland, K., & Rosen, M. (1998). A classical introduction to modern number theory. New York: Springer.12. Abbasi-Moghadam, D., Tabataba Vakili, V. (2010). Characterization of indoor time reversal UWB
communication systems: Spatial, temporal and frequency properties. Wiley International Journal ofCommunication Systems. doi:10.1002/dac.1140.
13. Sadjadpour, H. R. (2000). Maximum A Posteriori decoding algorithms for turbo codes. In Proceedingsof SPIE, July 2000 (Vol. 4045, pp. 73–83).
14. Nabi, M. N., Mahmud, S., & Rahman, M. L. (2007). Implementation and performance analysis ofelliptic curve digital signature algorithm. Daffodil International University Journal of Science andTechnology, 4(1).
15. Abbasi-Moghadam, D., & Tabataba Vakily, V. (2010). Channel characterization of time reversal UWBcommunication systems. Annals of Telecommunications, 65(9–10), 601–614.
16. Zhou, C., Guo, N., Sadler, B., & Qiu, R. C. (2007). Performance study on time reversed impulse MIMOfor UWB communications based on measured spatial UWB channels. In Military communicationsconference, IEEE MILCOM 2007, Orlando, FL, USA, 29–31 (pp. 1–6).
17. Lerosey, G., de Rosny, J., Tourin, A., Derode, A., & Fink, M. (2006). Time reversal of widebandmicrowaves. Applied Physical Letter, 154101.
18. Khaleghi, A. (2009). Measurement and analysis of ultra-wideband time reversal for indoor propagationchannels. Springer Wireless Personal Communication. doi:10.1007/s11277-009-9727-y.
Dariush Abbasi-Moghadam was born in Kerman, Iran on July 21,1976. He received the B.S. degree in Electrical Engineering fromShahid Bahonar University, Kerman, Iran, in 1998 and the M.S. degreein Iran University of Science and Technology, Tehran, Iran, in 2001,in Electrical Engineering. He was primary with the Advanced Elec-tronic Research Center (AERC)—Iran from 2001–2003 and workedon the design and analysis of satellite communication systems. InSeptember 2004, he joined Iranian Telecommunications Company,Tehran, as a Research Engineer. He is currently a Ph.D. student in theDepartment of Electrical Engineering at Iran University of Science andTechnology. His research interests are in the area of wireless communi-cations, satellite communication systems, Power line communications,Ultra Wideband communication systems, and signal processing forcommunications.
Vahid Tabataba Vakili received the B.S. degree from Sharif Univer-sity of Technology, Tehran, Iran, in 1970, the M.S. degree from theUniversity of Manchester, Manchester, UK, in 1973, and the Ph.D.degree from the University of Bradford, Bradford, UK, in 1977, all inElectrical Engineering. In 1985, he joined the Department of ElectricalEngineering, Iran University of Science and Technology, Tehran. Hewas promoted to Professor in 2010. He has served as the Head of theCommunications Engineering Department and as the Head of postgrad-uate studies. His research interests are in the areas of mobile cellularsystems, interference cancellation for CDMA systems, ultra widebandcommunication system and space–time processing and coding.
