Physical Layer Authentication for Mission Critical Machine Type Communication using Gaussian Mixture Model based Clustering

Physical Layer Authentication for Mission Critical Machine T ype Communication using Gaussian Mixture Model based Clustering Andreas W einand, Michael Karrenbauer , Ji Lianghai, Hans D. Schotten Institute for W ireless Communication and Navigation Univ ersity of Kaiserslautern, Germany Email: { weinand, karrenbauer , ji, schotten } @eit.uni-kl.de Abstract —The application of Mission Critical Machine T ype Communication (MC-MTC) in wireless systems is currently a hot resear ch topic. Wireless systems are considered to pro vide numerous advantages over wired systems in e.g. industrial appli- cations such as closed loop control. However , due to the broadcast nature of the wireless channel, such systems are prone to a wide range of cyber attacks. These range fr om passi ve eavesdropping attacks to active attacks like data manipulation or masquerade attacks. Therefor e it is necessary to pro vide reliable and efficient security mechanisms. Some of the most important security issues in such a system are to ensure integrity as well as authenticity of exchanged messages over the air between communicating devices. In the present work, an approach on how to achieve this goal in MC-MTC systems based on Physical Layer Security (PHYSEC) is presented. A new method that clusters channel estimates of different transmitters based on a Gaussian Mixture Model is applied for that pur pose. Further , an experimental proof-of- concept evaluation is given and we compare the performance of our approach with a mean square error based detection method. I . I N T R O D U C T I O N Recently , a new trend in the area of wireless systems is the operation of MC-MTC as for instance closed loop control applications. These ha ve much higher requirements re gard- ing reliability , av ailability and especially latency compared to common applications such as media streaming or web browsing over IEEE 802.11 based wireless systems or today’ s cellular systems. Another important requirement in the area of MC-MTC is the fact that secure transmission of data has to be taken into account. Due to the sensiti ve information transmitted in e. g. industrial or automotive scenarios, it is necessary to guarantee a high degree of information security . Especially authenticity as well as integrity of the transmitted data has to be ensured to prohibit a wide range of possible activ e cyber attacks. For this purpose identification and au- thentication of receiv ed messages is necessary in order to be sure of the originator of that data before it is consumed and processed by the respectiv e application. This is a preprint, the full paper has been published in Proceedings of 2017 IEEE 85th V ehicular T echnology Conference (VTC2017-Spring), c  2017 IEEE. Personal use of this material is permitted. Howev er, permission to use this material for any other purposes must be obtained from the IEEE by sending a request to pubs-permissions@ieee.org. Although there are con ventional cryptography techniques to ensure authenticity as well as integrity of message payload, these require a lot of resources. Especially they lead to increase in message size due to the fact that, for example message authentication codes (MA C) which are used in IEEE 802.15.4 based systems, add a kind of check sum to the actual message payload. In IEEE 802.15.4 based systems either a 4, 8 or 16 Byte MAC is added to the respectiv e payload. The recommendation of the IETF is to either use a CMAC, e. g. based on AES-128 block cipher, or a HMAC which is based on a cryptographic hash function. For AES-128 based CMA C a maximum shortening to 64 Bit is recommended, while for HMA C a minimum MA C size of 80 Bit is recommended. If we now assume that the payload of a MC-MTC pack et has a length of 32 Byte (the dimension of this assumption is e.g. confirmed by [1]), then the payload overhead regarding the MA C size for AES-128 CMA C of 8 Byte would be already 20% . This means that a latency overhead of at least 20% is added by only applying means to guarantee message authenticity and integrity . Another important issue is, that key based schemes such as message authentication codes are only able to protect the message payload from the mentioned attacks. An attacker is still able to perform attacks such as address spoofing, or ev en worse, record a message and replay it after a while. Due to these drawbacks, another idea is to check for authenticity of a message at a lower level by taking physical properties of the radio link signal in time domain, as well as in spatial domain into account. In this work, a keyless approach for this based on estimating the wireless channel at link le vel is presented. As mentioned, MC-MTC and closed loop control applications are considered here, which in combination seems to be a perfect case for our approach, as we can assume that frequent and periodic data transmissions and with this channel estimation at the same rate is carried out. For experimental ev aluation, we consider an OFDM system and based on the respective frequenc y domain channel estimations, we decide from which source a received data packet w as transmitted. The remainder of the work is organized as follows. In section II we giv e a short overvie w on related work with respect to previous considered approaches and in section III we describe the system model. Our approach of Gaussian Mixture Model based clustering is presented in section IV. In section V we present the results of our work and section VI finally concludes the paper . I I . R E L AT ED W O R K Sev eral approaches on exploiting the wireless channel for security purposes, also kno wn as PHYSEC, hav e been in ves- tigated recently . In [2] a good ov erview on this topic is giv en. While many w orks ha ve focused on extracting secret k eys between two communicating devices, such as [3], [4], [5], the focus of our work is on guaranteeing secure transmission with respect to authenticity of data packets from one de vice to another . One of the first works considering that idea has been for example [6], where an approach based on simulation of the wireless channel and hypothesis testing is presented for static scenarios and is later in [7] extended to time-variant scenarios. In [8], two approaches based on machine learning, Support V ector Machine and Linear Fisher Discriminant Analysis, are presented. The approach considered in [9] is similar to our approach, as they propose a CSI-based authentication method for a single carrier system. The second approach considered in [9] is whiteness of residuals testing. In [10] an RSS-based approach for body area networks is presented. The work in [11] considers a multilayer approach based on OFDM to guarantee authentication of TCP packets. A Gaussian Mixture Model based technique in combination with exploitation of the channel responses for different antenna modes is considered in [12]. I I I . S Y S T E M M O D E L In this section we describe the system model and the attacker model including the mentioned active attacks. Further , the channel model is introduced and we explain how to exploit PHYSEC techniques, actually frequent channel estimation, in order to ov ercome these attack scenarios. A. Attacker model W e consider two users, Alice and Bob, who want to exchange authenticated messages with each other . For this work we define that Bob is the le gal transmit node who wishes to send some sensiti ve information to the legal receiv er node Alice. Alice must make sure that Bob is the true transmitter of these messages. A third party Eve tries to masquerade as Bob and sends messages to Alice as well (see Fig. 1). A typical scenario for an attacker Eve is that he is at a spatially different location compared to Bob and uses advanced equipment such as directed antennas and high sensitivity receiv ers to maximize his range to his benefit. W e also assume perfect knowledge of the underlying communication protocol at Eve to run active attacks such as masquerade attacks, replay attacks or address spoofing attacks. It is not assumed that Eve is gaining physical access to Alice or Bob to accomplish in vasi ve attacks such as hardware modification. Further , other acti ve attacks such as Denial-of-Service attacks due to jamming are not considered as well. It is assumed, that the legal communicating participants Bob and Alice have Fig. 1: System and Attacker Model already carried out initial user authentication to each other and have set up trust in a secure way . Attacks on the initial authentication stage are not considered. The goal is now to authenticate the messages transmitted from Bob to Alice in a secure way , which as well takes the requirements of MC-MTC into account, especially minimization of transmission latency . B. Channel model and channel estimation Due to the mentioned drawbacks of message authenticity checking based on con ventional cryptography , such as message authentication codes, and the special requirements of MC- MTC, a more promising approach is to use characteristics of the wireless channel and the physical layer to decide about the origin of a recei ved message. In our w ork, we focus on channel estimations which are computed at the receiv er in any OFDM based system to perform for example channel equalization. In contrast to PHYSEC techniques such as secret ke y generation, which are based on the assumption that there is a lot of temporal v ariation in the wireless channel, our approach relies on the fact that the wireless channel does not vary significantly during subsequent channel measurements. Howe ver , the same idea that yields for both is to make use of the advantage of the fast spatial decorrelation property of wireless channels. For our work in particular , this means, that e.g. Alice receiv es messages from the legal transmit node Bob and estimates the actual channel ˆ H as H = [ | h 1 | , . . . , | h M | ] (1) with | h l | being the magnitude of the gain of the l -th subcarrier and l = 1 , . . . , M . Due to the receiv er noise figure or thermal noise, channel estimation is not perfect, which means that errors occur ( H 6 = ˆ H ). These influences can be modelled as a gaussian random variable N with zero mean and variance σ 2 N . The transmit signal X will be received as Y = ˆ H · X + N (2) and consequently the channel is estimated as H = ˆ H + N X . (3) The idea is no w that if an attacker Eve tries to transmit messages masqueraded as Bob, the channel measured by Alice is another one compared to the channel regarding to Bob . Basically , if we denote the channel estimates with H AB and H AE taken due to Bob and Eve respectiv ely , this yields H AE 6 = H AB . Due to the distance d BE between the attacker node Eve and the legal transmitter node Bob (which needs to be more than the wav elength of the transmitted signal), Eve is not able to masquerade without further ef fort due to the mentioned fast spatial decorrelation property of the channel. W e can no w use the estimated channel conditions by Alice to identify the originator of the respectiv e message by means of clustering based on a Gaussian Mixture Model. I V . G AU S S I A N M I X T U R E M O D E L F O R P H Y S E C BA S E D A U T H E N T I C A T I O N This section deals with Gaussian Mixture Models which are used to cluster the channel estimates in combination with the EM algorithm. The result of this process is then used to make a decision about the corresponding transmitter of received data packets. A. Gaussian Mixture Model A mixture of Gaussians f ( x ) = K X k =1 π k N ( x | µ k , Σ k ) (4) is consisting of K Gaussian densities f k ( x ) = N ( x | µ k , Σ k ) which each have a mean µ k and a covariance matrix Σ k . The mixtures are weighted by mixing coefficients π = { π 1 , . . . , π K } which are normalized yielding K X k =1 π k = 1 . (5) These mixing coefficients further fulfill the property to be probabilities, technically they are prior probabilities. The goal is now to calculate the posterior probability p ( j ) i,k = π ( j ) k N ( x i | µ ( j ) k , Σ ( j ) k ) P K k =1 π ( j ) k N ( x i | µ ( j ) k , Σ ( j ) k ) (6) of each ne w set of data points x i with i = 1 , . . . , N , i. e. each new channel estimate, which denotes the lik elihood of this data belonging to a certain component of the mixture. The posterior probability is updated during the expectation step of the EM algorithm. In the maximization step the parameter values are updated. The weighting coefficients are calculated as π ( j +1) k = P N i =1 p ( j ) i,k N , (7) whereas the updated mean and covariance values are calcu- lated as µ ( j +1) k = P N i =1 p ( j ) i,k x i P N i =1 p ( j ) i,k (8) and Σ ( j +1) k = P N i =1 p ( j ) i,k ( x i − µ ( j ) k )( x i − µ ( j ) k ) T P N i =1 p ( j ) i,k (9) for the j -th iteration of the EM algorithm respectiv ely . B. Physical Layer Authentication based on Clustering T o make a decision on receiv ed data packets from any transmitter , we need to determine ho w likely it is that a ne w set of data belongs to one of the gaussian mixture components. In our case we hav e K = 2 mixture components, one for Bob and one for Eve each. If the channel estimate fits to the cluster modeling Bob, then Alice will assume that Bob is the true transmitter . She further can use this new information to update the gaussian mixture model, which improves the accuracy of it. Due to temporal variations, if e.g. one or more users ha ve some degree of mobility , it is ev en necessary to continuously update the model online after a certain time to catch up with these variations. If the likelihood of belonging to Bobs cluster of a new set of data is below a certain threshold, then Alice assumes that it was introduced by Eve. In order to build an initial model and help Alice to identify who is belonging to which cluster, Bob needs to send some training messages to Alice. Alice will then use the cluster component with the most data sets from this training phase as the cluster belonging to Bob. T o now attack our system, we assume that a message is either send to Alice by Bob or Eve by a gi ven probability respecti vely . The probability of Eve transmitting (masqueraded as Bob) is also kno wn as the attack intensity ( AI ). For each message, we decide about the originator based on the current model. After N recei ved messages, the model is updated based on these N ne w data sets and the current GMM properties ( π , µ , Σ ) m ( m denotes the index of the blocks of data sets) yielding the ne w model ( π , µ , Σ ) m +1 . By doing this, the historical data that was used to build the model initially does not need to be stored. As a result of this, we get two performance parameters, the detection probability P D and the false alarm rate P F A . P D = p i,B (( π B , µ B , Σ B ) m | H m,i due to Ev e) < th (10) denotes the probability of detecting Eve as the transmitter of the i -th message of the m -th set of messages under the condition that it was truly sent by Eve and P F A = p i,B (( π B , µ B , Σ B ) m | H m,i due to Bob) < th (11) the probability of detecting Eve as transmitter of that message under the condition that it was truly sent by Bob. V . R E S U L T S In this section we describe our setup for the experimental ev aluation and show the final results of our work. Fig. 2: Environment with different Alice and Bob/Eve posi- tions A. Experimental setup T o ev aluate our concepts, we use USRP N210 SDR plat- forms from Ettus Research with SBX daughterboards. W e use GNURadio OFDM transmitter and receiv er blocks to process data packets and perform channel estimation on each receiv ed data packet. A setup with an FFT size of 64 is considered and 48 activ e subcarriers. The cyclic prefix length is 16 samples at a baseband sample rate of 3 . 125 MSps, whereas the carrier frequency is 2 . 45 GHz. For each receiv ed data packet, the initial channel taps are calculated based on the known Schmidl and Cox preamble [13] which is also used to calculate the frequency of fset at the receiv er (actually this preamble consists of two OFDM symbols). In each message, this preamble is followed by 37 data symbols yielding a time resolution of 998.4 µ s for the channel estimations. As a first step, we consider a static setup where all participants do not mov e during transmitting and receiving. The en vironment is a mixed office/lab area with a lot of objects and metal walls. Due to this we assume at least some amount of multipath propagation existing and with this frequency selective channels. W e record data for se veral dif ferent locations of Bob and Eve respecti vely , yielding multiple dif ferent constellations of Alice/Bob and Alice/Eve pairs as shown in Fig. 2. B. P erformance of GMM based Clustering In order to ev aluate the performance of the GMM based clustering, the detection probability P D as well as the false alarm rate P F A are considered and plotted in form of a R OC curve, where each data point is a pair of P D and P F A values at a certain threshold. W e considered a block size of N = 1000 data sets in order to update our GMM and use one block for training the model and 99 data blocks in order to test it. The attack intensity is kept at 50% . Fig. 3a shows the performance of our GMM based method compared to the simpler method of mean square error (MSE) based detection considered in [14] for the case, that all 48 active carriers are used for the detection. It can be seen that the GMM method outperforms 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 FAR 0.5 0.55 0.6 0.65 0.7 0.75 0.8 0.85 0.9 0.95 1 DR GMM Method MSE Method (a) ROC curves in linear scale 10 -4 10 -3 10 -2 10 -1 10 0 FAR 0.9988 0.999 0.9992 0.9994 0.9996 0.9998 1 DR GMM Method, log scale (b) ROC curve in logarithmic scale Fig. 3: R OC curves for the GMM and MSE method the MSE based method. While the detection rate of the MSE method is 81 . 03% at a false alarm rate of 5 . 83% , the detection rate of the GMM based method is 99 . 97% (if cases of ill- conditioned covariance matrices are avoided) at the same false alarm rate. Even at a false alarm rate of 0 . 1% , the GMM method has a detection rate of 99 . 93% . Fig. 4 shows the influence of the accuracy of the channel estimation in form of different amounts of equally spaced estimated points in frequency domain, ranging from M = 48 (each active data carrier considered) to M = 3 (every 16 - th activ e data carrier considered). In Fig. 4a, the respectiv e R OC curves are shown in linear scale and Fig. 4b shows them in logarithmic scale. In case of M = 3 , the detection rate is 97 . 97% at a false alarm rate of 1% , while in case of the channel estimation with 48 estimated bins, the detection rate is at 99 . 98% at the same false alarm rate. For other values of M , the detection rate is at 99 . 77% , 99 . 93% and 99 . 96% for M = 6 , M = 12 and M = 24 respectiv ely . C. Discussion of Results The experimental ev aluation of our method shows, that the performance of our GMM based clustering method increases as the feature space, which is in our case the number of estimated subcarrier per message M , also increases. If a false alarm rate of 1% is considered, the performance gain in case of M = 48 is 2 . 05% compared to M = 3 . Additionally , we proved that the GMM method performs better than the MSE detection method. Here, in case of a false alarm rate of 5 . 83% , the performance gain of the GMM over MSE method is 23 . 37% . 0 0.01 0.02 0.03 0.04 0.05 0.06 0.07 0.08 0.09 0.1 FAR 0.9 0.91 0.92 0.93 0.94 0.95 0.96 0.97 0.98 0.99 1 DR GMM Method, M=48 GMM Method, M=24 GMM Method, M=12 GMM Method, M=6 GMM Method, M=3 (a) ROC curves in linear scale 10 -4 10 -3 10 -2 10 -1 10 0 FAR 0.98 0.982 0.984 0.986 0.988 0.99 0.992 0.994 0.996 0.998 1 DR GMM Method, M=48 GMM Method, M=24 GMM Method, M=12 GMM Method, M=6 GMM Method, M=3 (b) ROC curves in logarithmic scale Fig. 4: R OC curves for different values of M V I . C O N C L U S I O N A N D F U T U R E W O R K Our proposed method of taking characteristics of the phys- ical layer into account in order to identify and authenticate transmitters of MC-MTC messages seems to be a promising technique in order to achieve that goal in a very efficient way . The combination of both, MC-MTC and clustering of channel estimates is essential considering system ef ficiency , as both rely on frequent transmission of data packets. W e can reuse channel estimations and make decisions on the authenticity of receiv ed data packets with little effort. Though the maximum achiev ed detection rate is high at 99 . 98% , the method needs still to be improved in order to get more reliable decisions. T o gain robustness due to errors in channel estimations induced by noise, approaches such as in [15] might be suited in order to reduce this effect based on pre-processing of channel estimates. Another issue that needs to be inv estigated is the amount of training data used in order to initialize the model, as well as the assumed attack intensity . Additionally we also want to focus on a mobile setup with little to moderate velocities in order to verify , that the method also works well under these conditions. A C K N O W L E D G M E N T A part of this work has been supported by the Federal Ministry of Education and Research of the Federal Repub- lic of Germany (BMBF) in the framew ork of the project 16KIS0267 HiFlecs. The authors would like to acknowledge the contrib utions of their colleagues, although the authors alone are responsible for the content of the paper which does not necessarily represent the project. R E F E R E N C E S [1] N. C. Y . Osman, Y .-P . E. W ang, N. A. Johansson, N. Brahmi, S. A. Ashraf, and J. Sachs, “ Analysis of ultra-reliable and low-latency 5g communication for a factory automation use case, ” in IEEE International Confer ence on Communication workshop , 2015. [2] E. Jorswieck, S. T omasin, and A. Sezgin, “Broadcasting into the uncer- tainty: Authentication and confidentiality by physical-layer processing, ” Pr oceedings of the IEEE , vol. 103, no. 10, pp. 1702–1724, Oct 2015. [3] R. Guillaume, F . W inzer, A. Czylwik, C. T . Zenger , and C. Paar , “Bringing phy-based ke y generation into the field: An ev aluation for practical scenarios, ” in IEEE V ehicular T ec hnology Conference (VTC F all) , 2015. [4] C. T . Zenger , M.-J. Chur, J.-F . Posielek, C. Paar, and G. Wunder , “ A novel key generating architecture for wireless low-resource devices, ” in International W orkshop on Secure Internet of Things (SIoT) , 2014. [5] A. Ambekar and H. D. Schotten, “Enhancing channel reciprocity for effecti ve key management in wireless ad-hoc networks, ” in IEEE V ehic- ular T echnolo gy Confer ence (VTC Spring) , 2014. [6] L. Xiao, L. Greenstein, N. Mandayam and W . Trappe, “Fingerprints in the ether: Using the physical layer for wireless authentication, ” in IEEE International Conference on Communications (ICC) , 2007. [7] L. Xiao, L. Greenstein, N. Mandayam, and W . T rappe, “Using the physical layer for wireless authentication in time-variant channels, ” IEEE T ransactions on Wir eless Communications , vol. 7, no. 7, pp. 2571–2579, 2008. [8] C. Pei, N. Zhang, X. S. Shen, and J. W . Mark, “Channel-based physi- cal layer authentication, ” in IEEE Global Communications Conference (GLOBECOM) , 2014. [9] J. K. Tugnait and H. Kim, “ A channel-based hypothesis testing approach to enhance user authentication in wireless networks, ” in International Confer ence on COMmunication Systems and NET works (COMSNETS 2010) , 2010. [10] L. Shi, M. Li, S. Y u, and J. Y uan, “Bana: Body area network authen- tication exploiting channel characteristics, ” IEEE Journal on Selected Ar eas in Communications , vol. 31, no. 9, pp. 1803–1816, 2013. [11] A. Refaey , W . Hou, and K. Loukhaoukha, “Multilayer authentication for communication systems based on physical-layer attributes, ” Journal of Computer and Communications , vol. 2, no. 8, pp. 64–75, 2014. [12] N. Gulati, R. Greenstadt, K. R. Dandekar, and J. M. W alsh, “Gmm based semi-supervised learning for channel-based authentication scheme, ” in IEEE V ehicular T echnology Conference (VTC F all) , 2013. [13] T . M. Schmidl and D. C. Cox, “Robust frequency and timing synchro- nization for ofdm, ” IEEE T ransactions on Communications , vol. 45, no. 12, pp. 1613–1621, 1997. [14] A. W einand, A. Ambekar, M. Karrenbauer, and H. D. Schotten, “Pro- viding physical layer security for mission critical machine type com- munication, ” in 2016 IEEE 21st International Conference on Emer ging T echnologies and F actory Automation (ETF A) , Sept 2016. [15] A. Ambekar , M. Hassan, and H. D. Schotten, “Improving channel reciprocity for effecti ve key management systems, ” in International Symposium on Signals, Systems and Electronics (ISSSE), P otsdam, Germany , 2012.