WO2009009929A1 - Encryption and decryption methods - Google Patents

Encryption and decryption methods Download PDF

Info

Publication number
WO2009009929A1
WO2009009929A1 PCT/CN2007/002200 CN2007002200W WO2009009929A1 WO 2009009929 A1 WO2009009929 A1 WO 2009009929A1 CN 2007002200 W CN2007002200 W CN 2007002200W WO 2009009929 A1 WO2009009929 A1 WO 2009009929A1
Authority
WO
WIPO (PCT)
Prior art keywords
permutation
data
ift
matrix
encryption
Prior art date
Application number
PCT/CN2007/002200
Other languages
French (fr)
Inventor
Li Zou
Shenghao Yang
Original Assignee
Thomson Licensing
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Thomson Licensing filed Critical Thomson Licensing
Priority to PCT/CN2007/002200 priority Critical patent/WO2009009929A1/en
Publication of WO2009009929A1 publication Critical patent/WO2009009929A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/065Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L27/00Modulated-carrier systems
    • H04L27/26Systems using multi-frequency codes
    • H04L27/2601Multicarrier modulation systems
    • H04L27/2626Arrangements specific to the transmitter only
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L27/00Modulated-carrier systems
    • H04L27/26Systems using multi-frequency codes
    • H04L27/2601Multicarrier modulation systems
    • H04L27/2647Arrangements specific to the receiver only

Definitions

  • the present invention relates to the multicarrier modulation of data and to the transmission and reception of such data.
  • the invention relates, for example, to orthogonal frequency division multiplexing (OFDM) systems and to the encryption and decryption of data under such OFDM systems.
  • OFDM orthogonal frequency division multiplexing
  • Signals from wireless data transmission in general as well as signals from wired communication may be intercepted relatively easily by appropriate receivers, necessitating encryption techniques in order to provide for some level of confidentiality.
  • wireless systems are based on OFDM technologies, for example wireless LAN, 802.16, or DVB-T, and in such technologies it is known to apply digital encryption to the transmitted bits at the link layer or at higher protocol layers of the communication protocol stack.
  • Performing encryption on higher protocol layers generally makes the encryption application-specific or service-specific.
  • Other services running on top of unencrypted lower protocol layers remain unprotected or must implement their own encryption. Further, some data bits, e.g. for synchronization, addressing, and other control functions may remain unencrypted.
  • FDMA frequency division multiple access
  • WEP Wired Equivalent Privacy standard
  • WEP Wired Equivalent Privacy standard
  • I an Initialization Vector
  • CRC- 32 checksum a checksum that is part of the encrypted payload of the packet.
  • CRC-32 is linear.
  • flipping bit n in the message will result in a deterministic set of bits in the CRC that must be flipped to produce a correct checksum on the modified message. Because flipping bits carries through after an RC4 decryption, this allows an attacker to flip arbitrary bits in an encrypted message and correctly adjust the checksum so that the resulting message appears valid. Thus, WEP security is inherently weak. The use of WEP also requires a relatively large bandwidth.
  • the transmitter 100 of the OFDM system includes an encoder 105, interleaver 110, IFFT engine 115, insert guard interval (GI) module 120 and transmission circuitry 122.
  • the receiver 102 includes reception circuitry 124, synchronization module 125, remove GI module 130, FFT engine 135, channel estimator 140, de-interleaver 145, and decoder 150.
  • an input signal is encoded at the encoder 105.
  • the output of the encoder 105 is interleaved at the interleaver 110 to avoid burst errors.
  • the resulting interleaved signal is mapped onto the sub-carriers using an N IFFT engine 115, which transforms the signal representation to the time domain.
  • a guard interval is inserted at the insert guard interval component 120 to reduce the inter-symbol interference (ISI), and the signal is transmitted.
  • ISI inter-symbol interference
  • the received signal is detected and synchronized by the synchronization module 125.
  • the remove GI module 130 then removes the GI.
  • the output signal is recovered from the sub-carriers using the N point FFT engine 135.
  • the channel estimator module 140 estimates the channel frequency response and corrects the signal.
  • the corrected signal is de-interleaved by the de-interleaver 145.
  • the resulting de- interleaved signal is decoded by the decoder 150.
  • the structure of the IFFT engine 115 and the FFT engine 135 of the known OFDM system of Figure 1, are shown schematically in Figure 2.
  • the IFFT engine 115 includes a permutation module 200, an IFFT core module 202 and a further permutation module 204.
  • the FFT engine 135 includes a permutation module 206, an FFT core module 208 and a further permutation module 210.
  • Each of the permutation modules 200 204 206 210 operates to apply a respective permutation matrix to signals that are input to them.
  • the permutation matrices of the permutation modules 200 204 206 210 are P 1 , , P oun , P m2 , and -P out2 respectively.
  • the IFFT engine 115 and the FFT engine 135 operate to apply the processes IFFT(N) and FFT(N) respectively to signals that are input to them, where :-
  • Fi represents the process carried out by the IFFT core of the IFFT engine 135 and F 2 represents the FFT process carried out by the FFT core of the FFT engine 115.
  • the FFT core and IFFT core carries out the algorithm or part of the algorithm, and the input permutation matrices ( P 1n , or P m2 ) reorder the input data to put the data in the correct position based on the requirements of the IFFT core or FFT core processing.
  • the IFFT and FFT algorithms can be performed in accordance with the techniques described in European Patent Publication No. EP 1 750 206 in the name of Thomson Licensing, for instance.
  • the OFDM system of Figures 1 and 2 does not provide any encryption at the physical, or other lower, layers and is susceptible to unauthorized access to transmitted data.
  • an encryption module 300 is included before the interleaver 110 (and a corresponding decryption module 302 is included after the de-interleaver 145).
  • An example of such a variant is illustrated in Figure 3.
  • the variant shown in Figure 3 provides some level of encryption but requires separate, dedicated encryption and decryption software/hardware, and the encrypted data produced by the variant may be susceptible to unauthorized interception and decryption.
  • a further OFDM system in which an encryption step is included is described in US 2005/0055546.
  • a separate encryption step is included in which a single complex-valued key stream is used to encrypt data on a symbol-by-symbol basis, before the encrypted data is passed to an IFFT stage for mapping onto a set of modulated sub-carriers.
  • the system of US 2005/0055546 requires separate, dedicated encryption and decryption hardware, the encryption is provided only by one complex valued key stream and the encrypted data is susceptible to unauthorized interception and decryption.
  • the invention provides an encryption method comprising a permutation step in which an encrypting permutation operation is applied to input data according to an encryption key, and feeding the permuted data to an Inverse Fourier Transform (IFT) component for performance of an IFT or part of an IFT associated with a multi-carrier modulation.
  • IFT Inverse Fourier Transform
  • the Inverse Fourier Transform is an Inverse Fast Fourier Transform (IFFT).
  • IFFT Inverse Fast Fourier Transform
  • the IFT is another type of Inverse Fourier Transform.
  • a Fourier Transform applied to data changes the representation of the data from temporal space to frequency space.
  • an Inverse Fourier Transform applied to data changes the representation of the data from frequency space to temporal space.
  • the multicarrier modulation may comprise transmittal of a stream of symbols, and the encryption method may provide that information is spread from one symbol to several neighbouring symbols in the symbol stream.
  • the IFT component (preferably an IFFT component) may be a separate piece of hardware such as an integrated circuit, or a separate processor, or may form part of a piece of hardware such as an integrated circuit, and/or a dedicated or general purpose processor.
  • the IFT component (preferably an IFFT component) may comprise a software module implemented on a processor.
  • the input data is physical layer data.
  • a particularly secure encryption may be provided.
  • Various data bits associated with operation of a physical layer protocol for instance data bits used in synchronization, addressing or other control functions, may thus be encrypted making unauthorised interception and unauthorised decryption of the data more difficult.
  • Such data bits are not encrypted in known encryption schemes implemented at higher layers.
  • the input data may be lowest layer data of a stacked communication protocol.
  • the input data may comprise a block stream and the permutation step may comprise reordering blocks in the block stream.
  • the multicarrier modulation may comprise orthogonal frequency divisional multiplexing (OFDM).
  • the multicarrier modulation may be performed as part of the implementation of a TDS-OFDM system, a wireless LAN system, an ADSL system and/or a DTV system, such as a DVB-T system.
  • the permutation step may be carried out by a permutation module forming part of an IFT engine (preferably an IFFT engine).
  • an IFT engine preferably an IFFT engine.
  • the encrypting permutation operation may be carried out by hardware and/or software that is anyway required for the multicarrier modulation, and encryption may be provided without the need to provide additional hardware and/or software components.
  • the IFT component may be an IFT core (preferably an IFFT core) of the or an IFT engine (preferably an IFFT engine).
  • the IFT core is preferably configured to perform an IFT algorithm or part of an IFT algorithm.
  • the IFT algorithm may be an IFFT algorithm and may comprise a Cooley-Tukey algorithm, a Good-Thomas prime factor algorithm, or a Winograd algorithm.
  • the algorithm is a radix-2 Cooley- Tukey algorithm.
  • the encrypting permutation operation may be selected by providing a mapping of each of a plurality of possible permutation operations to a respective index value, mapping the key to an integer, and selecting the permutation operation by matching the integer to one of the index values.
  • the key may comprise a string of characters, for instance ASCII characters.
  • the mapping of the key to an integer may comprise converting each character to a numerical value and processing the numerical values to obtain the integer.
  • the mapping of the key to the integer may comprise converting each character to its corresponding ASCII number and concatenating the numbers to form an integer.
  • the permutation step may further comprise applying a preparatory permutation operation to the input data to provide a preparatory reordering of the data to adapt the data to the IFT (preferably an IFFT) or part of an IFT (preferably part of an IFFT) to be performed by the IFT component (preferably an IFFT component).
  • the preparatory reordering of the data may form part of the or an IFT algorithm (preferably an IFFT algorithm) or may be such as to prepare the data for performance of the or an IFT algorithm (preferably an IFFT algorithm).
  • the permutation step may further comprise an interleaving operation for alleviating the effect of possible burst errors.
  • the method may comprise carrying out two or more of the encrypting permutation operation, the preparatory permutation operation and the interleaving operation in succession.
  • the preparatory permutation operation may be represented by a preparatory permutation matrix and/or the encrypting permutation operation may be represented by an encrypting permutation matrix and/or the interleaving operation may be represented by an interleaving matrix, and the permutation step may comprise applying at least two of the preparatory permutation matrix, the encrypting permutation matrix and the interleaving matrix to the input data in succession.
  • the method may further comprise carrying out two or more of the encrypting permutation operation, the preparatory permutation operation and the interleaving operation simultaneously.
  • the permutation step may comprise performing a combined permutation operation that combines two or more of the encrypting permutation operation, the preparatory permutation operation and the interleaving operation.
  • the combined permutation operation may be represented by a combined matrix, and the permutation step may comprise applying the combined matrix to the input data.
  • the preparatory permutation operation may be represented by a preparatory permutation matrix
  • the encrypting permutation operation may be represented by an encrypting permutation matrix
  • the interleaving operation may be represented by an interleaving matrix
  • the combined matrix may be representative of a multiplication of two or more of the preparatory permutation matrix, the encrypting permutation matrix and the interleaving matrix.
  • a decryption method comprising receiving output data from a Fourier Transform (FT) component resulting from performance of an FT or part of an FT associated with a multicarrier demodulation, and carrying out a permutation step in which a decrypting permutation operation is applied to the output data according to a decryption key.
  • FT Fourier Transform
  • the Fourier Transform is a Fast Fourier Transform (FFT).
  • FFT Fast Fourier Transform
  • the FT is another type of Fourier Transform.
  • the FT component (preferably an FFT component) may be a separate piece of hardware such as an integrated circuit, or a separate processor, or may form part of a piece of hardware such as an integrated circuit, and/or a dedicated or general purpose processor.
  • the FT component may comprise a software module implemented on a processor.
  • the input data may be physical layer data.
  • the input data may comprise a block stream and the permutation step may comprise reordering blocks in the block stream.
  • the permutation step may be carried out by a permutation module forming part of an FT engine (preferably an FFT engine).
  • the FT component may be an FT core (preferably an FFT core) of the or an FT engine (preferably an FFT engine).
  • the FT core is preferably configured to perform an FT algorithm or part of an FT algorithm.
  • the FT algorithm may be an FFT algorithm and may comprise a Cooley- Tukey algorithm, a Good-Thomas prime factor algorithm, or a Winograd algorithm.
  • the algorithm is a radix-2 Cooley-Tukey algorithm.
  • the decrypting permutation operation may be selected by providing a mapping of each of a plurality of possible permutation operations to a respective index value, mapping the key to an integer, and selecting the permutation operation by matching the integer to one of the index values.
  • the method may further comprise applying a further permutation operation to the output data, the further permutation operation being the inverse of a preparatory permutation operation applied to data before input to the FT component (preferably an FFT component) to provide a preparatory reordering of the data to adapt the data to the FT (preferably an FFT) or the part of the FT performed by the FT component.
  • a further permutation operation being the inverse of a preparatory permutation operation applied to data before input to the FT component (preferably an FFT component) to provide a preparatory reordering of the data to adapt the data to the FT (preferably an FFT) or the part of the FT performed by the FT component.
  • the further permutation operation may form part of an FT algorithm.
  • the algorithm may be an FFT algorithm and may comprise a Cooley-Tukey algorithm, a Good- Thomas prime factor algorithm, or a Winograd algorithm.
  • the algorithm is a radix-2 Cooley-Tukey algorithm.
  • the permutation step may further comprise a de-interleaving operation, the de- interleaving operation being the inverse of an interleaving operation for alleviating the effect of possible burst errors.
  • the method may comprise performing at least two of the decrypting permutation operation, the further permutation operation and the de-interleaving operation in succession.
  • the decrypting permutation operation may be represented by a decrypting permutation matrix and/or the further permutation operation may be represented by a further permutation matrix and/or the de-interleaving operation may be represented by a de- interleaving matrix, and the permutation step may comprise applying at least two of the recovery permutation matrix, the decrypting matrix and the de-interleaving matrix to the output data in succession.
  • the method may further comprise performing at least two of the decrypting permutation operation, the further permutation operation and the de-interleaving operation simultaneously.
  • the permutation step may comprise performing a combined permutation operation that combines two or more of the decrypting permutation operation, the further permutation operation and the de-interleaving operation.
  • the combined permutation operation may be represented by a combined matrix, and the permutation step may comprise applying the combined matrix to the output data.
  • the decrypting permutation operation may be represented by a decrypting permutation matrix
  • the further permutation operation may be represented by a further permutation matrix
  • the de-interleaving operation may be represented by a de-interleaving matrix
  • the combined matrix may be representative of a multiplication of two or more of the decrypting permutation matrix, the further permutation matrix and the interleaving matrix.
  • encryption apparatus comprising a permutation module configured to apply an encrypting permutation operation to input data according to an encryption key, and an Inverse Fourier Transform device (preferably an Inverse Fast Fourier Transform device) configured to perform on the permuted data an Inverse Fourier Transform (preferably an Inverse Fast Fourier Transform) or part of an Inverse Fourier Transform (preferably part of an Inverse Fast Fourier Transform) associated with a multi-carrier modulation.
  • an Inverse Fourier Transform device preferably an Inverse Fast Fourier Transform device
  • the permutation module may be a separate piece of hardware such as an integrated circuit, or a separate processor, or may form part of a piece of hardware such as an integrated circuit, and/or a dedicated or general purpose processor.
  • the permutation module may comprise a software module implemented on a processor.
  • decryption apparatus comprising a Fourier Transform device (preferably a Fast Fourier Transform device) configured to perform a Fourier Transform (preferably a Fast Fourier Transform) or part of a Fourier Transform (preferably part of a Fast Fourier Transform) associated with a multicarrier demodulation and a permutation module configured to receive output data from the Fourier Transform device and to perform a permutation step in which a decrypting permutation operation is applied to the output data according to a decryption key.
  • a Fourier Transform device preferably a Fast Fourier Transform device
  • a Fourier Transform preferably a Fast Fourier Transform
  • part of a Fourier Transform preferably part of a Fast Fourier Transform
  • a communication method comprising encrypting data using a method according to any of Claims 1 to 10, transmitting the encrypted data using a multicarrier modulation scheme, receiving the encrypted data, and decrypting the encrypted data using a method according to any of Claims 11 to 20.
  • a communication system comprising a transmitter including the encryption apparatus and a receiver including the decryption apparatus, wherein the encryption apparatus is configured to encrypt data, the transmitter is configured to transmit the encrypted data using a multicarrier modulation scheme, the receiver is configured to receive the encrypted data and the decryption apparatus is configured to decrypt the encrypted data.
  • FIG. 1 is a schematic illustration of a known OFDM system, and is described above;
  • - Figure 2 is a schematic illustration of the structure of the IFFT engine and the FFT engine included in the known system of Figure 1 , and is described above;
  • - Figure 3 is a schematic illustration of a known variant of the OFDM system of Figure 1, and is described above;
  • - Figure 4 is a schematic illustration of a multi-carrier modulation system according to a preferred embodiment
  • - Figure 5 is a schematic illustration of the structure of the encrypting IFFT engine and the decrypting FFT engine included in the system of Figure 4;
  • Figure 6 is a flow diagram showing in overview the steps carried out by the system of Figure 4, in operation;
  • Figure 7 is a schematic illustration of the structure of an encrypting IFFT engine and a decrypting FFT engine included in a variant of the embodiment of Figure 4; and
  • FIG. 8 is a schematic illustration of the structure of an encrypting IFFT engine and a decrypting FFT engine included in a further variant of the embodiment of Figure 4.
  • Figure 4 shows a multi-carrier modulation system according to a preferred embodiment, which includes a transmitter 400 and a receiver 402.
  • the transmitter 400 of the system includes an encoder 404, an encrypting IFFT engine 406, an insert GI module 408, and transmission circuitry 410.
  • the receiver 402 of the system includes reception circuitry 412, a detection and synchronization module 414, a remove GI module 416, a decrypting FFT engine 418, a channel estimator 420 and a decoder 422.
  • an input signal is encoded at the encoder 404 and passed to the encrypted IFFT engine 406.
  • the encrypting IFFT engine interleaves and encrypts the signal and maps the signal onto sub-carriers using an N-technique.
  • the resulting physical layer signal is passed to the insert GI module 408 and a guard interval is inserted, and the signal is then passed to the transmission circuitry 410 for transmission to the receiver 402.
  • the signal transmitted by the transmission circuitry 410 is received by the reception circuitry 412.
  • the received signal is passed to the detection and synchronization module 414 for detection and synchronization.
  • the guard interval is then removed by the GI module 416 and the resulting, physical layer, signal is passed to the decrypting FFT engine 418.
  • the decrypting FFT engine 418 operates to recover the underlying signal from the sub-carriers using an N-point technique and de-interleaves and decrypts the underlying signal.
  • the resulting signal is passed to the channel estimator 420, which estimates the channel frequency response and corrects the signal.
  • the corrected signal is passed to the decoder 422 and is decoded.
  • the transmitter 400 of the embodiment of Figure 4 does not include a separate interleaver 110. Instead, the encrypting IFFT engine 406 itself is operable to interleave the signal.
  • the transmitter 400 also does not include a separate encryption module 300, such as included in the known system of Figure 3. Instead, the encrypting IFFT engine 406 itself is operable to perform an encryption operation.
  • the receiver 402 does not include a separate de-interleaver 145, such as that included in the known systems of Figures 1 and 3, or a separate decryption module 302, such as that included in the known system of Figure 3.
  • the decrypting FFT engine 418 is operable to perform a de-interleaving operation and a decryption operation itself.
  • the IFFT engine 406 includes a permutation module 500, an IFFT core 502 and a further permutation module 504.
  • the FFT engine 408 includes a permutation module 508, an FFT core 510 and a further permutation module 512.
  • the IFFT core and the FFT core carry out IFFT and FFT algorithms, such as those mentioned in connection with the known system of Figure 1.
  • the permutation operation performed by multiplication by the permutation matrix P 'êt, / and the resulting implementation of the interleaving, encryption, and preparatory permutation functions can be represented as follows.
  • the interleaving function (at the transmitter) and de-interleaving function (at the receiver) are represented by the interleaving permutation matrix P ⁇ nter and the de- interleaving permutation matrix Point e r respectively.
  • the encryption function is expressed as a permutation matrix, or permutation operator, P E -
  • the preparatory permutation function is represented by the row permutation matrix P 1n .
  • the key stream sequence g is mapped to the permutation matrix PE by mapping the key string to an integer, and then mapping the resulting integer to one of a set of possible permutation matrices, in order to select one of the possible permutation matrices.
  • the selected permutation matrix is then taken to be the encrypting permutation matrix P E -
  • the key stream sequence g is an ASCII string K.
  • N is the size of the
  • P is taken to be the set of all possible permutation of N elements.
  • the size of P is N!.
  • the following process establishes a one-one mapping between an integer and a permutation in P.
  • a one-to-one mapping between an integer set and the permutation set P is established.
  • the permutation matrix PE is then selected by mapping the selected integer (33 in the simplified example above) to the corresponding permutation according to the one-to-one mapping between the integer set and the permutation set P.
  • interleaving permutation matrix P inter acts to reorder blocks of the input data in such a way as to reduce burst errors during transmission.
  • the permutation matrix P M representing that function is a row permutation matrix that is the same as the permutation matrix applied in the known system of Figure 1.
  • Application of the permutation matrix P M puts the data in the correct position based on the requirements of the IFFT core processing.
  • the permutation matrix P 1n varies depending on the IFFT algorithm applied by the IFFT core.
  • the preparatory permutation matrix P ml maps the jth element of the input data to the ith element to provide a permutation of the data.
  • the mapping of the input data by the preparatory permutation matrix is set in dependence upon the algorithm implemented by the IFFT engine. In variants of the embodiment the algorithm used varies and thus the mapping by the preparatory permutation matrix is different to that given in equation 5. In one variant, application of the preparatory permutation matrix provides a bit reversal operation.
  • the matrix is obtained by matrix multiplying the permutation matrix P E , the interleaving permutation matrix P mUr and the preparatory permutation matrix P ml , as shown in equation 6 :-
  • N is 3780, and thus the key stream has a length of 3780 bits and the FFT/IFFT is a 3780-point FFT/IFFT.
  • the encrypting permutation matrix P £ is expressed as a 27 by 140 matrix andP /nl is expressed as 27 by 140 matrix.
  • the interleaving matrix P m er is expressed as a 140 by 27 matrix.
  • the result of the matrix multiplication is the new permutation matrix P ', relieve / , which is a 27 by 140 matrix.
  • the permutation matrix P ', perennial/ is applied to the input signals by the permutation module 500, in order to permute the input block sequence.
  • the encrypted block sequence is then passed to the FFT core 502 and then to the further permutation module 504.
  • the further permutation module 504 permutes the sequence by matrix multiplying by the output permutation matrix P 0M i-
  • the output permutation matrix P out i- is the same as that used in the known system of Figure 1.
  • the permutation applied by the output permutation matrix P out i- is complementary to that represented by the preparatory permutation matrix P ⁇ n i., and is represented in equation 7:
  • j mod( j-modG,189*5)+4*j-4*modG,189)+20*j-20*modG,27)+20*7*j,
  • the signal output by the further permutation module is transmitted by the transmission circuitry 410, and received by the receiver 402.
  • a confidential data transmission path to the receiver 402 is established using known techniques, and a known key management procedure is used to provide the receiver with the secret key for use in decryption.
  • the block sequence of the received signal is multiplied by the input permutation matrix output P ⁇ n2 at the permutation module 508.
  • the input permutation matrix P ⁇ n 2 is the same as that used in the known system of Figure 1, and application of P m2 performs the same permutation process as application of P ou ti, as represented by equation 7 .
  • the resulting signal is passed to the FFT core 510 and then the further permutation module 512.
  • P out2 of the known system of Figure 1 is replaced by P ' out 2 and provides the de-interleaving, decrypting and permutation functions.
  • the permutation matrix P ' ou a to be applied is obtained by matrix multiplying the decryption matrix PD E , the de-interleaving permutation matrix P d emter and the permutation matrix P ou t2, as shown in equation 8:-
  • P D E is a 140 by 27 matrix
  • P d e m ter is a 27 by 140 matrix
  • P ou a is a 140 by 27 matrix
  • P' ou t2 is a 140 by 27 matrix.
  • the permutation matrix P out2 is such that application of P ou a would carry out the same permutation process as application ofP m i, as represented by equation 5 .
  • FIG. 6 illustrates in overview the steps carried out by a system such as that of Figure 4.
  • a step 600 of encoding the input signal is followed by a step 602 of applying the input permutation matrix P' ⁇ n i to the encoded signal in accordance with an encryption key, in order to perform encryption, preparatory permutation and interleaving functions.
  • IFFT processes are then carried out in the next step 604.
  • the output permutation matrix Poutl is then applied to the resulting signal in the next step 606, and a guard interval is inserted in step 608.
  • the resulting signal is then transmitted from the transmitter 400 to the receiver 402 in a transmission step 610.
  • the transmitted signal is received at a receiver in reception step 612, and the received data is detected and synchronised in step 614.
  • the guard interval is removed in step 616 and the input permutation matrix P( n2 is applied to the signal in step 618.
  • FFT processes are then applied in step 620, and the output permutation matrix P' out2 is applied to the resulting signal in accordance with a decryption key in step 622 to perform decryption, de-interleaving and further permutation processes.
  • the channel frequency response is estimated, the signal is corrected and the corrected signal is decoded in the following step 624.
  • a transmission method comprises steps 600, 602, 604, 606, 608 and 610 that take place at a transmitter and a reception method comprises steps 612, 614, 616, 618, 620, 622 and 624 that take place at a receiver.
  • the transmission step 610 is performed by a transmitter and the reception step 612 is performed by a receiver, and each of the other steps is performed either by the transmitter or receiver or by one or more other components, implemented in hardware and/or software outside the transmitter and receiver.
  • the processes carried out by the decrypting FFT engine are the inverse of the processes carried out by the encrypting IFFT engine.
  • the system of a preferred embodiment provides secure transmission without affecting system performance.
  • the system provides encryption in which information is spread from one symbol to several neigbouring symbols.
  • the system provides strong security, with the possibility of decryption being — (where N is the IFFT size). So, for example,
  • the permutation module 500 of the transmitter 400 multiplies together the permutation matrices PE, Pin t er and P 1n/ in order to obtain the combined permutation matrix P ', chorus; and then applies the combined permutation matrix to an input signal.
  • the permutation module 500 applies each of the permutation matrices P E , P m t er and P ⁇ n i to an input signal in succession, rather than first multiplying the permutation matrices to obtain the combined permutation matrix P ', tract / .
  • the further permutation module 512 at the receiver 402 applies each of the permutation matrices P ou t2, P d emter and PQ E to an input signal in succession, rather than multiplying the permutation matrices to obtain the combined matrix P' Ou ⁇ and then applying the combined matrix P ' ou a to the input signal.
  • An example of such a variant is illustrated schematically in Figure 7.
  • the IFFT engine 406 includes a separate permutation matrix calculation module 506, which is operable to multiply together the permutation matrices PE, Pmt e r and P m i, to obtain the combined permutation matrix P ', comfort/ and to supply the combined permutation matrix P ', consult / to the permutation module 500.
  • the FFT engine 408 includes a separate permutation matrix calculation module 514, which is operable to multiply together the permutation matrices P' out2 , P dem t er and P D E to obtain the combined permutation matrix P' ou t2 and to supply the combined permutation matrix P ' out2 to the further permutation module 512.
  • An example of such a further variant is illustrated schematically in Figure 8.
  • the invention is not limited to a method of encryption or a method of decryption but extends, in further independent aspects, to respective apparatus suitable for putting each of the methods as described or illustrated or claimed herein into effect.
  • Each method feature described or illustrated or claimed herein may be implemented as a corresponding apparatus feature and vice versa.
  • the invention also extends to a method of transmission in which data is encrypted according to a method of encryption as described or illustrated or claimed herein and the encrypted data is transmitted using a known transmission technique.
  • the invention also extends to a method of reception in which encrypted data is received using a known reception technique and the received encrypted data is then decrypted according to a method of decryption as described or illustrated or claimed herein.
  • the invention also extends to any combination of methods of encryption, transmission, reception or decryption as described or illustrated or claimed herein, and to apparatus suitable for putting such combination of methods into effect.

Abstract

An encryption method comprises a multi-carrier modulation, and includes carrying out a permutation step in which an encrypting permutation operation is applied to input data according to an encryption key, and feeding the permuted data to an Inverse Fourier Transform (IFT) component (502) for performance of an IFT or part of an IFT associated with the multi-carrier modulation.

Description

Encryption and decryption methods
1. FIELD QF THE INVENTION
The present invention relates to the multicarrier modulation of data and to the transmission and reception of such data. The invention relates, for example, to orthogonal frequency division multiplexing (OFDM) systems and to the encryption and decryption of data under such OFDM systems.
2. BACKGROUND OF THE INVENTION
Signals from wireless data transmission in general as well as signals from wired communication may be intercepted relatively easily by appropriate receivers, necessitating encryption techniques in order to provide for some level of confidentiality.
Many wireless systems are based on OFDM technologies, for example wireless LAN, 802.16, or DVB-T, and in such technologies it is known to apply digital encryption to the transmitted bits at the link layer or at higher protocol layers of the communication protocol stack. Performing encryption on higher protocol layers generally makes the encryption application-specific or service-specific. Other services running on top of unencrypted lower protocol layers remain unprotected or must implement their own encryption. Further, some data bits, e.g. for synchronization, addressing, and other control functions may remain unencrypted.
Security implementation at the physical layer exploits the fact that modulation is done at this layer. In a frequency division multiple access (FDMA) system, for example, the source may invert the frequency spectrum before transmission. This frequency inversion is a level of deterrence providing security, but is still susceptible to unauthorized access.
Similar techniques can be used in WLAN system architectures. Usually, the physical layer security that can be deployed in a wireless network is the Wired Equivalent Privacy standard (WEP). WEP allows for 40-bit or 128-bit keys to be entered in both the access point and the clients to encrypt the traffic between a PC and the access point. To avoid encrypting two cipher texts with the same key stream, an Initialization Vector (IV) is used to augment the shared secret key and produce a different RC4 key for each packet. The integrity check field is implemented as a (cyclic redundancy check) CRC- 32 checksum, which is part of the encrypted payload of the packet. However CRC-32 is linear. That means flipping bit n in the message will result in a deterministic set of bits in the CRC that must be flipped to produce a correct checksum on the modified message. Because flipping bits carries through after an RC4 decryption, this allows an attacker to flip arbitrary bits in an encrypted message and correctly adjust the checksum so that the resulting message appears valid. Thus, WEP security is inherently weak. The use of WEP also requires a relatively large bandwidth.
An example of a known OFDM system is now considered in more detail, and is shown in Figure 1. The transmitter 100 of the OFDM system includes an encoder 105, interleaver 110, IFFT engine 115, insert guard interval (GI) module 120 and transmission circuitry 122. The receiver 102 includes reception circuitry 124, synchronization module 125, remove GI module 130, FFT engine 135, channel estimator 140, de-interleaver 145, and decoder 150.
In operation, an input signal is encoded at the encoder 105. Then the output of the encoder 105 is interleaved at the interleaver 110 to avoid burst errors. The resulting interleaved signal is mapped onto the sub-carriers using an N IFFT engine 115, which transforms the signal representation to the time domain. Finally, a guard interval is inserted at the insert guard interval component 120 to reduce the inter-symbol interference (ISI), and the signal is transmitted.
At the receiver, the received signal is detected and synchronized by the synchronization module 125. The remove GI module 130 then removes the GI. The output signal is recovered from the sub-carriers using the N point FFT engine 135. The channel estimator module 140 estimates the channel frequency response and corrects the signal. The corrected signal is de-interleaved by the de-interleaver 145. The resulting de- interleaved signal is decoded by the decoder 150. The structure of the IFFT engine 115 and the FFT engine 135 of the known OFDM system of Figure 1, are shown schematically in Figure 2.
The IFFT engine 115 includes a permutation module 200, an IFFT core module 202 and a further permutation module 204. The FFT engine 135 includes a permutation module 206, an FFT core module 208 and a further permutation module 210.
Each of the permutation modules 200 204 206 210 operates to apply a respective permutation matrix to signals that are input to them. The permutation matrices of the permutation modules 200 204 206 210 are P1, , Poun , Pm2 , and -Pout2 respectively.
The IFFT engine 115 and the FFT engine 135 operate to apply the processes IFFT(N) and FFT(N) respectively to signals that are input to them, where :-
(1) IFFT(N) = P mIF,PoutI
(2) FFT(N) =Pm2F2Pout2
Fi represents the process carried out by the IFFT core of the IFFT engine 135 and F2 represents the FFT process carried out by the FFT core of the FFT engine 115.
When any of the permutation matrices P1n, , Pom , P and P01112 multiply a vector the result is a reordered version of the vector. In operation an input signal to the permutation modules, for instance a block stream, is treated as a vector input (for instance X1, i = 0 ... N).
Various different algorithms may be used to separate Fast Fourier Transforms into the forms shown in equations (1) and (2), such as radix-2 Cooley-Tukey FFT algorithm,
Good-Thomas PFA for relatively prime numbers and fundamental factorization for prime numbers. The FFT core and IFFT core carries out the algorithm or part of the algorithm, and the input permutation matrices ( P1n, or Pm2 ) reorder the input data to put the data in the correct position based on the requirements of the IFFT core or FFT core processing.
The IFFT and FFT algorithms can be performed in accordance with the techniques described in European Patent Publication No. EP 1 750 206 in the name of Thomson Licensing, for instance.
The OFDM system of Figures 1 and 2 does not provide any encryption at the physical, or other lower, layers and is susceptible to unauthorized access to transmitted data.
In a known variant of the OFDM system of Figure 1, an encryption module 300 is included before the interleaver 110 (and a corresponding decryption module 302 is included after the de-interleaver 145). An example of such a variant is illustrated in Figure 3. The variant shown in Figure 3 provides some level of encryption but requires separate, dedicated encryption and decryption software/hardware, and the encrypted data produced by the variant may be susceptible to unauthorized interception and decryption.
A further OFDM system in which an encryption step is included is described in US 2005/0055546. In that variant, a separate encryption step is included in which a single complex-valued key stream is used to encrypt data on a symbol-by-symbol basis, before the encrypted data is passed to an IFFT stage for mapping onto a set of modulated sub-carriers. However, the system of US 2005/0055546 requires separate, dedicated encryption and decryption hardware, the encryption is provided only by one complex valued key stream and the encrypted data is susceptible to unauthorized interception and decryption.
3. SUMMARY OF THE INVENTION
In a first, independent aspect the invention provides an encryption method comprising a permutation step in which an encrypting permutation operation is applied to input data according to an encryption key, and feeding the permuted data to an Inverse Fourier Transform (IFT) component for performance of an IFT or part of an IFT associated with a multi-carrier modulation.
Preferably the Inverse Fourier Transform (IFT) is an Inverse Fast Fourier Transform (IFFT). Alternatively the IFT is another type of Inverse Fourier Transform. A Fourier Transform applied to data changes the representation of the data from temporal space to frequency space. Conversely, an Inverse Fourier Transform applied to data changes the representation of the data from frequency space to temporal space.
By performing an encrypting permutation operation before the performance of an IFT or part of an IFT associated with a multi-carrier modulation, a particularly efficient and secure encryption method may be provided. The multicarrier modulation may comprise transmittal of a stream of symbols, and the encryption method may provide that information is spread from one symbol to several neighbouring symbols in the symbol stream.
The IFT component (preferably an IFFT component) may be a separate piece of hardware such as an integrated circuit, or a separate processor, or may form part of a piece of hardware such as an integrated circuit, and/or a dedicated or general purpose processor. The IFT component (preferably an IFFT component) may comprise a software module implemented on a processor.
Preferably, the input data is physical layer data. By encrypting data at the physical layer a particularly secure encryption may be provided. Various data bits associated with operation of a physical layer protocol, for instance data bits used in synchronization, addressing or other control functions, may thus be encrypted making unauthorised interception and unauthorised decryption of the data more difficult. Such data bits are not encrypted in known encryption schemes implemented at higher layers. The input data may be lowest layer data of a stacked communication protocol.
The input data may comprise a block stream and the permutation step may comprise reordering blocks in the block stream. The multicarrier modulation may comprise orthogonal frequency divisional multiplexing (OFDM). The multicarrier modulation may be performed as part of the implementation of a TDS-OFDM system, a wireless LAN system, an ADSL system and/or a DTV system, such as a DVB-T system.
The permutation step may be carried out by a permutation module forming part of an IFT engine (preferably an IFFT engine). Thus the encrypting permutation operation may be carried out by hardware and/or software that is anyway required for the multicarrier modulation, and encryption may be provided without the need to provide additional hardware and/or software components.
The IFT component may be an IFT core (preferably an IFFT core) of the or an IFT engine (preferably an IFFT engine). The IFT core is preferably configured to perform an IFT algorithm or part of an IFT algorithm. The IFT algorithm may be an IFFT algorithm and may comprise a Cooley-Tukey algorithm, a Good-Thomas prime factor algorithm, or a Winograd algorithm. Preferably the algorithm is a radix-2 Cooley- Tukey algorithm.
The encrypting permutation operation may be selected by providing a mapping of each of a plurality of possible permutation operations to a respective index value, mapping the key to an integer, and selecting the permutation operation by matching the integer to one of the index values.
The key may comprise a string of characters, for instance ASCII characters. The mapping of the key to an integer may comprise converting each character to a numerical value and processing the numerical values to obtain the integer. In particular, the mapping of the key to the integer may comprise converting each character to its corresponding ASCII number and concatenating the numbers to form an integer.
The permutation step may further comprise applying a preparatory permutation operation to the input data to provide a preparatory reordering of the data to adapt the data to the IFT (preferably an IFFT) or part of an IFT (preferably part of an IFFT) to be performed by the IFT component (preferably an IFFT component). The preparatory reordering of the data may form part of the or an IFT algorithm (preferably an IFFT algorithm) or may be such as to prepare the data for performance of the or an IFT algorithm (preferably an IFFT algorithm).
The permutation step may further comprise an interleaving operation for alleviating the effect of possible burst errors.
The method may comprise carrying out two or more of the encrypting permutation operation, the preparatory permutation operation and the interleaving operation in succession.
The preparatory permutation operation may be represented by a preparatory permutation matrix and/or the encrypting permutation operation may be represented by an encrypting permutation matrix and/or the interleaving operation may be represented by an interleaving matrix, and the permutation step may comprise applying at least two of the preparatory permutation matrix, the encrypting permutation matrix and the interleaving matrix to the input data in succession.
The method may further comprise carrying out two or more of the encrypting permutation operation, the preparatory permutation operation and the interleaving operation simultaneously.
The permutation step may comprise performing a combined permutation operation that combines two or more of the encrypting permutation operation, the preparatory permutation operation and the interleaving operation.
The combined permutation operation may be represented by a combined matrix, and the permutation step may comprise applying the combined matrix to the input data.
The preparatory permutation operation may be represented by a preparatory permutation matrix, the encrypting permutation operation may be represented by an encrypting permutation matrix, and the interleaving operation may be represented by an interleaving matrix, and the combined matrix may be representative of a multiplication of two or more of the preparatory permutation matrix, the encrypting permutation matrix and the interleaving matrix.
In a further independent aspect of the invention, there is provided a decryption method comprising receiving output data from a Fourier Transform (FT) component resulting from performance of an FT or part of an FT associated with a multicarrier demodulation, and carrying out a permutation step in which a decrypting permutation operation is applied to the output data according to a decryption key.
Preferably the Fourier Transform (FT) is a Fast Fourier Transform (FFT). Alternatively the FT is another type of Fourier Transform.
The FT component (preferably an FFT component) may be a separate piece of hardware such as an integrated circuit, or a separate processor, or may form part of a piece of hardware such as an integrated circuit, and/or a dedicated or general purpose processor. The FT component may comprise a software module implemented on a processor.
The input data may be physical layer data. The input data may comprise a block stream and the permutation step may comprise reordering blocks in the block stream.
The permutation step may be carried out by a permutation module forming part of an FT engine (preferably an FFT engine). The FT component may be an FT core (preferably an FFT core) of the or an FT engine (preferably an FFT engine).
The FT core is preferably configured to perform an FT algorithm or part of an FT algorithm. The FT algorithm may be an FFT algorithm and may comprise a Cooley- Tukey algorithm, a Good-Thomas prime factor algorithm, or a Winograd algorithm. Preferably the algorithm is a radix-2 Cooley-Tukey algorithm.
The decrypting permutation operation may be selected by providing a mapping of each of a plurality of possible permutation operations to a respective index value, mapping the key to an integer, and selecting the permutation operation by matching the integer to one of the index values.
The method may further comprise applying a further permutation operation to the output data, the further permutation operation being the inverse of a preparatory permutation operation applied to data before input to the FT component (preferably an FFT component) to provide a preparatory reordering of the data to adapt the data to the FT (preferably an FFT) or the part of the FT performed by the FT component.
The further permutation operation may form part of an FT algorithm. The algorithm may be an FFT algorithm and may comprise a Cooley-Tukey algorithm, a Good- Thomas prime factor algorithm, or a Winograd algorithm. Preferably the algorithm is a radix-2 Cooley-Tukey algorithm.
The permutation step may further comprise a de-interleaving operation, the de- interleaving operation being the inverse of an interleaving operation for alleviating the effect of possible burst errors.
The method may comprise performing at least two of the decrypting permutation operation, the further permutation operation and the de-interleaving operation in succession.
The decrypting permutation operation may be represented by a decrypting permutation matrix and/or the further permutation operation may be represented by a further permutation matrix and/or the de-interleaving operation may be represented by a de- interleaving matrix, and the permutation step may comprise applying at least two of the recovery permutation matrix, the decrypting matrix and the de-interleaving matrix to the output data in succession.
The method may further comprise performing at least two of the decrypting permutation operation, the further permutation operation and the de-interleaving operation simultaneously. The permutation step may comprise performing a combined permutation operation that combines two or more of the decrypting permutation operation, the further permutation operation and the de-interleaving operation.
The combined permutation operation may be represented by a combined matrix, and the permutation step may comprise applying the combined matrix to the output data.
The decrypting permutation operation may be represented by a decrypting permutation matrix, the further permutation operation may be represented by a further permutation matrix, the de-interleaving operation may be represented by a de-interleaving matrix, and the combined matrix may be representative of a multiplication of two or more of the decrypting permutation matrix, the further permutation matrix and the interleaving matrix.
In a further, independent aspect of the invention there is provided encryption apparatus comprising a permutation module configured to apply an encrypting permutation operation to input data according to an encryption key, and an Inverse Fourier Transform device (preferably an Inverse Fast Fourier Transform device) configured to perform on the permuted data an Inverse Fourier Transform (preferably an Inverse Fast Fourier Transform) or part of an Inverse Fourier Transform (preferably part of an Inverse Fast Fourier Transform) associated with a multi-carrier modulation.
The permutation module may be a separate piece of hardware such as an integrated circuit, or a separate processor, or may form part of a piece of hardware such as an integrated circuit, and/or a dedicated or general purpose processor. The permutation module may comprise a software module implemented on a processor.
In another, independent aspect of the invention there is provided decryption apparatus comprising a Fourier Transform device (preferably a Fast Fourier Transform device) configured to perform a Fourier Transform (preferably a Fast Fourier Transform) or part of a Fourier Transform (preferably part of a Fast Fourier Transform) associated with a multicarrier demodulation and a permutation module configured to receive output data from the Fourier Transform device and to perform a permutation step in which a decrypting permutation operation is applied to the output data according to a decryption key.
In yet another independent aspect of the invention there is provided a communication method comprising encrypting data using a method according to any of Claims 1 to 10, transmitting the encrypted data using a multicarrier modulation scheme, receiving the encrypted data, and decrypting the encrypted data using a method according to any of Claims 11 to 20.
In a further independent aspect of the invention there is provided a communication system comprising a transmitter including the encryption apparatus and a receiver including the decryption apparatus, wherein the encryption apparatus is configured to encrypt data, the transmitter is configured to transmit the encrypted data using a multicarrier modulation scheme, the receiver is configured to receive the encrypted data and the decryption apparatus is configured to decrypt the encrypted data.
Any feature in one aspect of the invention may be applied to other aspects of the invention, in any appropriate combination. In particular, apparatus features may be applied to method features and vice versa.
4. BRIEF DESCRIPTION OF THE DRAWINGS
Embodiments of the invention will now be described, by way of example only, with reference to the accompanying drawings in which:
- Figure 1 is a schematic illustration of a known OFDM system, and is described above;
- Figure 2 is a schematic illustration of the structure of the IFFT engine and the FFT engine included in the known system of Figure 1 , and is described above; - Figure 3 is a schematic illustration of a known variant of the OFDM system of Figure 1, and is described above;
- Figure 4 is a schematic illustration of a multi-carrier modulation system according to a preferred embodiment; - Figure 5 is a schematic illustration of the structure of the encrypting IFFT engine and the decrypting FFT engine included in the system of Figure 4;
Figure 6 is a flow diagram showing in overview the steps carried out by the system of Figure 4, in operation; - Figure 7 is a schematic illustration of the structure of an encrypting IFFT engine and a decrypting FFT engine included in a variant of the embodiment of Figure 4; and
- Figure 8 is a schematic illustration of the structure of an encrypting IFFT engine and a decrypting FFT engine included in a further variant of the embodiment of Figure 4.
5. Detailed description of the invention.
Figure 4 shows a multi-carrier modulation system according to a preferred embodiment, which includes a transmitter 400 and a receiver 402. The transmitter 400 of the system includes an encoder 404, an encrypting IFFT engine 406, an insert GI module 408, and transmission circuitry 410. The receiver 402 of the system includes reception circuitry 412, a detection and synchronization module 414, a remove GI module 416, a decrypting FFT engine 418, a channel estimator 420 and a decoder 422.
In operation of the transmitter 400, an input signal is encoded at the encoder 404 and passed to the encrypted IFFT engine 406. The encrypting IFFT engine interleaves and encrypts the signal and maps the signal onto sub-carriers using an N-technique. The resulting physical layer signal is passed to the insert GI module 408 and a guard interval is inserted, and the signal is then passed to the transmission circuitry 410 for transmission to the receiver 402.
At the receiver 402, the signal transmitted by the transmission circuitry 410 is received by the reception circuitry 412. The received signal is passed to the detection and synchronization module 414 for detection and synchronization. The guard interval is then removed by the GI module 416 and the resulting, physical layer, signal is passed to the decrypting FFT engine 418. The decrypting FFT engine 418 operates to recover the underlying signal from the sub-carriers using an N-point technique and de-interleaves and decrypts the underlying signal. The resulting signal is passed to the channel estimator 420, which estimates the channel frequency response and corrects the signal. The corrected signal is passed to the decoder 422 and is decoded.
Comparing the system of the embodiment of Figure 4 to the known systems of Figures 1 and 3, the transmitter 400 of the embodiment of Figure 4 does not include a separate interleaver 110. Instead, the encrypting IFFT engine 406 itself is operable to interleave the signal. The transmitter 400 also does not include a separate encryption module 300, such as included in the known system of Figure 3. Instead, the encrypting IFFT engine 406 itself is operable to perform an encryption operation. Similarly the receiver 402 does not include a separate de-interleaver 145, such as that included in the known systems of Figures 1 and 3, or a separate decryption module 302, such as that included in the known system of Figure 3. Instead, the decrypting FFT engine 418 is operable to perform a de-interleaving operation and a decryption operation itself.
The structure of the encrypting IFFT engine 406 and the decrypting FFT engine 418 are shown in more detail in Figure 5.
The IFFT engine 406 includes a permutation module 500, an IFFT core 502 and a further permutation module 504. The FFT engine 408 includes a permutation module 508, an FFT core 510 and a further permutation module 512.
The IFFT core and the FFT core carry out IFFT and FFT algorithms, such as those mentioned in connection with the known system of Figure 1.
The operation carried out by the encrypting IFFT engine on an input signal is represented by equation 3:
(3) IFFT(N) = P 'MF1P01111
The operation carried out by the decrypting FFT engine on an input signal is represented by equation 4:
(4) FFT(N)=P in2F2P'0Ut2 In contrast to the permutation matrix Pmi of the known IFFT engine of the system of Figure 1, the permutation matrix P 'mι provides each of the interleaving, encrypting and preparatory permutation functions. Similarly the permutation matrix P 'OUQ provides the de-interleaving, decrypting and permutation functions. Nevertheless the hardware (or software) complexity required to apply the permutation matrices P ',„/ and P 'OUQ is the same as the hardware complexity required in the known system to apply the permutation matrices Pιnι and Poua- Both the encryption at the transmitter and the decryption at the receiver is a permutation operation for block streams.
The permutation operation performed by multiplication by the permutation matrix P '„,/ and the resulting implementation of the interleaving, encryption, and preparatory permutation functions can be represented as follows.
The interleaving function (at the transmitter) and de-interleaving function (at the receiver) are represented by the interleaving permutation matrix Pιnter and the de- interleaving permutation matrix Pointer respectively. The encryption function is expressed as a permutation matrix, or permutation operator, PE- The preparatory permutation function is represented by the row permutation matrix P1n.
Beginning with consideration of the encryption function, at the transmitter, a key generator (not shown) provides a key stream { gt (i = 0, • • N - Y) } , where g, e [θ, N - 1) .
The permutation module 500 converts the key stream sequence g, to the permutation sequence P1 e [0, iV — 1 j(ϊ = 0, • • • iV — 1) to obtain the encrypting permutation operator or matrix PE representing the encryption operation.
The key stream sequence g, is mapped to the permutation matrix PE by mapping the key string to an integer, and then mapping the resulting integer to one of a set of possible permutation matrices, in order to select one of the possible permutation matrices. The selected permutation matrix is then taken to be the encrypting permutation matrix PE- In one example, the key stream sequence g, is an ASCII string K. N is the size of the
FFT/IFFT. In order to map the key K to an integer each character in K is converted to its corresponding ASCII number and the resulting ASCII numbers are concatenated together to form an integer K'. So, in a simplified example, a key string 'keyl' is converted to 0x6b657931 (where Ox means that the following number is represented in hexadecimal). The output integer is then taken to be equal to K' mod N!. For the key string 'keyl' with N=6, the output integer is equal to 0x6b657931 mod (6!), which is 33.
Turning to the selection of the permutation matrix using the calculated integer, P is taken to be the set of all possible permutation of N elements. The size of P is N!. The following process establishes a one-one mapping between an integer and a permutation in P.
a) Let i=l. Pl=P b) Pick an element E from Pl c) Set the correspondence between i and E d) i=i+l and Pl=Pl-(E) e) repeat steps 2) to 4) until Pl is empty.
Thus, a one-to-one mapping between an integer set and the permutation set P is established. The permutation matrix PE is then selected by mapping the selected integer (33 in the simplified example above) to the corresponding permutation according to the one-to-one mapping between the integer set and the permutation set P.
Turning to the interleaving function (at the transmitter), application of the interleaving permutation matrix Pinter acts to reorder blocks of the input data in such a way as to reduce burst errors during transmission.
Finally, turning to the preparatory permutation function, the permutation matrix PM representing that function is a row permutation matrix that is the same as the permutation matrix applied in the known system of Figure 1. Application of the permutation matrix PM puts the data in the correct position based on the requirements of the IFFT core processing. Thus the permutation matrix P1n, varies depending on the IFFT algorithm applied by the IFFT core.
For input data with index i (i=l to N), the preparatory permutation matrix Pml maps the jth element of the input data to the ith element to provide a permutation of the data. In a preferred embodiment the IFFT/FFT has 3780 points (N=3780), and Pml maps the input data according to equation 5:-
(5) j = 189*(5*mod(i,4)+mod(i,5))+(27*mod(i,7)+mod(i,27))
Application of the preparatory permutation matrix Pmi reorders the data in preparation for the IFFT processes carried out by the IFFT core. The mapping of the input data by the preparatory permutation matrix is set in dependence upon the algorithm implemented by the IFFT engine. In variants of the embodiment the algorithm used varies and thus the mapping by the preparatory permutation matrix is different to that given in equation 5. In one variant, application of the preparatory permutation matrix provides a bit reversal operation.
Returning to calculation of the permutation matrix Pm'λ to be applied by the permutation module 500, the matrix is obtained by matrix multiplying the permutation matrix PE , the interleaving permutation matrix PmUr and the preparatory permutation matrix Pml, as shown in equation 6 :-
(6) PL = PE * Pmter * Pιni
In a preferred embodiment, N is 3780, and thus the key stream has a length of 3780 bits and the FFT/IFFT is a 3780-point FFT/IFFT. The encrypting permutation matrix P£is expressed as a 27 by 140 matrix andP/nl is expressed as 27 by 140 matrix. Thus, in order to carry out the matrix multiplication correctly, the interleaving matrix Pm er is expressed as a 140 by 27 matrix. The result of the matrix multiplication is the new permutation matrix P ',„/, which is a 27 by 140 matrix. The permutation matrix P ',„/ is applied to the input signals by the permutation module 500, in order to permute the input block sequence. Thus, the jth input block sequence Tl1 (J)Q = 0, • • N - 1) is encrypted to new block sequence Tl1 (j)(i = 0, • • • N - 1) .
The encrypted block sequence is then passed to the FFT core 502 and then to the further permutation module 504. The further permutation module 504 permutes the sequence by matrix multiplying by the output permutation matrix P0Mi- The output permutation matrix Pouti- is the same as that used in the known system of Figure 1. The permutation applied by the output permutation matrix Pouti- is complementary to that represented by the preparatory permutation matrix Pιni., and is represented in equation 7:
(7) j =mod( j-modG,189*5)+4*j-4*modG,189)+20*j-20*modG,27)+20*7*j,
3780)
The signal output by the further permutation module is transmitted by the transmission circuitry 410, and received by the receiver 402.
Turning to the processes that take place at the receiver, a confidential data transmission path to the receiver 402 is established using known techniques, and a known key management procedure is used to provide the receiver with the secret key for use in decryption.
The block sequence of the received signal is multiplied by the input permutation matrix output Pιn2 at the permutation module 508. The input permutation matrix Pιn2 is the same as that used in the known system of Figure 1, and application of Pm2 performs the same permutation process as application of Pouti, as represented by equation 7 .
The resulting signal is passed to the FFT core 510 and then the further permutation module 512. In order to output the correct decrypted and de-interleaved information, Pout2 of the known system of Figure 1 is replaced by P 'out2 and provides the de-interleaving, decrypting and permutation functions.
The decryption key stream { g\ (Z = O5- - - JV - 1) }, where g', = inv(g,) e [θ,N - l) , is supplied to the further permutation module 512, which converts the decryption key stream sequence g\ to the permutation sequence p\ e [0, N - l)(/ = 0, • ■ • N - 1) to obtain the decryption matrix PDE- The permutation matrix P 'oua to be applied is obtained by matrix multiplying the decryption matrix PDE, the de-interleaving permutation matrix Pdemter and the permutation matrix Pout2, as shown in equation 8:-
(o\ p> _ p * p * p
In a preferred embodiment, PDE is a 140 by 27 matrix, Pdemter is a 27 by 140 matrix, Poua is a 140 by 27 matrix and P'out2 is a 140 by 27 matrix. The permutation matrix Pout2 is such that application of Poua would carry out the same permutation process as application ofPmi, as represented by equation 5 .
The block sequence is decrypted based upon the matrix P 'out2 in order to decrypt the jth input block sequence Tl1(J)(I ; = 0,---N - I) to new block sequence
Tl1 O)O = O,- N - I) .
The flow chart of Figure 6 illustrates in overview the steps carried out by a system such as that of Figure 4.
At a transmitter, a step 600 of encoding the input signal is followed by a step 602 of applying the input permutation matrix P'ιni to the encoded signal in accordance with an encryption key, in order to perform encryption, preparatory permutation and interleaving functions. IFFT processes are then carried out in the next step 604. The output permutation matrix Poutl is then applied to the resulting signal in the next step 606, and a guard interval is inserted in step 608. The resulting signal is then transmitted from the transmitter 400 to the receiver 402 in a transmission step 610. The transmitted signal is received at a receiver in reception step 612, and the received data is detected and synchronised in step 614. The guard interval is removed in step 616 and the input permutation matrix P(n2 is applied to the signal in step 618. FFT processes are then applied in step 620, and the output permutation matrix P'out2 is applied to the resulting signal in accordance with a decryption key in step 622 to perform decryption, de-interleaving and further permutation processes. The channel frequency response is estimated, the signal is corrected and the corrected signal is decoded in the following step 624.
In the described embodiment, a transmission method comprises steps 600, 602, 604, 606, 608 and 610 that take place at a transmitter and a reception method comprises steps 612, 614, 616, 618, 620, 622 and 624 that take place at a receiver. In variants of the described embodiment, the transmission step 610 is performed by a transmitter and the reception step 612 is performed by a receiver, and each of the other steps is performed either by the transmitter or receiver or by one or more other components, implemented in hardware and/or software outside the transmitter and receiver.
It can be understood from the description above that in a preferred embodiment the processes carried out by the decrypting FFT engine are the inverse of the processes carried out by the encrypting IFFT engine.
For a given P ',„/, there is one and only one permutation P 'out2 that provides a correct output. The total numbers of possible permutations is N! (the size of key space). Thus, the system of a preferred embodiment provides secure transmission without affecting system performance. The system provides encryption in which information is spread from one symbol to several neigbouring symbols. The system provides strong security, with the possibility of decryption being — (where N is the IFFT size). So, for example,
JV! for the OFDM-based wireless LAN 802.1 la/g, the possibility of unauthorised decryption is — « 10~89 . For 2K mode DVB-T transmission, the possibility of 64! unauthorised decryption is inf. Thus, it is almost impossible to circumvent the secure transmission.
In the embodiment described above, the permutation module 500 of the transmitter 400 multiplies together the permutation matrices PE, Pinter and P1n/ in order to obtain the combined permutation matrix P ',„; and then applies the combined permutation matrix to an input signal.
In a variant of the embodiment, the permutation module 500 applies each of the permutation matrices PE, Pmter and Pιni to an input signal in succession, rather than first multiplying the permutation matrices to obtain the combined permutation matrix P ',„/ .
Similarly the further permutation module 512 at the receiver 402 applies each of the permutation matrices Pout2, Pdemter and PQE to an input signal in succession, rather than multiplying the permutation matrices to obtain the combined matrix P'Ouύ and then applying the combined matrix P 'oua to the input signal. An example of such a variant is illustrated schematically in Figure 7.
In a further variant of the embodiment, the IFFT engine 406 includes a separate permutation matrix calculation module 506, which is operable to multiply together the permutation matrices PE, Pmter and Pmi, to obtain the combined permutation matrix P ',„/ and to supply the combined permutation matrix P ',„/ to the permutation module 500. Similarly, the FFT engine 408 includes a separate permutation matrix calculation module 514, which is operable to multiply together the permutation matrices P'out2, Pdemter and P DE to obtain the combined permutation matrix P'out2 and to supply the combined permutation matrix P 'out2 to the further permutation module 512. An example of such a further variant is illustrated schematically in Figure 8.
It will be understood that the present invention has been described above purely by way of example, and modifications of detail can be made within the scope of the invention.
Each feature disclosed in the description, and (where appropriate) the claims and drawings may be provided independently or in any appropriate combination. The invention is not limited to a method of encryption or a method of decryption but extends, in further independent aspects, to respective apparatus suitable for putting each of the methods as described or illustrated or claimed herein into effect. Each method feature described or illustrated or claimed herein may be implemented as a corresponding apparatus feature and vice versa. The invention also extends to a method of transmission in which data is encrypted according to a method of encryption as described or illustrated or claimed herein and the encrypted data is transmitted using a known transmission technique. The invention also extends to a method of reception in which encrypted data is received using a known reception technique and the received encrypted data is then decrypted according to a method of decryption as described or illustrated or claimed herein. The invention also extends to any combination of methods of encryption, transmission, reception or decryption as described or illustrated or claimed herein, and to apparatus suitable for putting such combination of methods into effect.

Claims

1. An encryption method comprising a permutation step in which an encrypting permutation operation is applied to input data according to an encryption key, and feeding the permuted data to an Inverse Fourier Transform (IFT) component (502) for performance of an IFT or part of an IFT associated with a multi-carrier modulation.
2. An encryption method according Claim 1, wherein the input data is physical layer data.
3. An encryption method according to Claim 1 or 2, wherein the input data comprises a block stream and the permutation step comprises reordering blocks in the block stream.
4. An encryption method according to any preceding claim, wherein the permutation step is carried out by a permutation module forming part of an IFT engine.
5. An encryption method according to any preceding claim, wherein the IFT component is an IFT core of the or an IFT engine.
6. An encryption method according to any preceding claim, wherein the permutation step further comprises applying a preparatory permutation operation to the input data to provide a preparatory reordering of the data to adapt the data to the IFT or part of an IFT to be performed by the IFT component.
7. An encryption method according to any preceding claim, wherein the permutation step further comprises an interleaving operation for alleviating the effect of possible burst errors.
8. An encryption method according to Claim 6 or 7, comprising carrying out two or more of the encrypting permutation operation, the preparatory permutation operation and the interleaving operation in succession.
9. An encryption method according to Claim 6 or 7, wherein the permutation step comprises performing a combined permutation operation that combines two or more of the encrypting permutation operation, the preparatory permutation operation and the interleaving operation.
10. An encryption method according to Claim 9, wherein the combined permutation operation is represented by a combined matrix, and the permutation step comprises applying the combined matrix to the input data.
11. A decryption method comprising receiving output data from a Fourier Transform (FT) component (510) resulting from performance of an FT or part of an FT associated with a multicarrier demodulation, and carrying out a permutation step in which a decrypting permutation operation is applied to the output data according to a decryption key.
12. A decryption method according to Claim 11, wherein the input data is physical layer data.
13. An decryption method according to Claim 11 or 12, wherein the input data comprises a block stream and the permutation step comprises reordering blocks in the block stream.
14. A decryption method according to any of Claims 11 to 13, wherein the permutation step is carried out by a permutation module forming part of an FT engine.
15. A decryption method according to any of Claims 11 to 14, wherein the FT component is an FT core of the or an FT engine.
16. A decryption method according to any of Claims 11 to 15, wherein the method further comprises applying a further permutation operation to the output data, the further permutation operation being the inverse of a preparatory permutation operation applied to data before input to the FT component to provide a preparatory reordering of the data to adapt the data to the FT or the part of the FT performed by the FT component.
17. A decryption method according to any of Claims 11 to 16, wherein the permutation step further comprises a de-interleaving operation, the de-interleaving operation being the inverse of an interleaving operation for alleviating the effect of possible burst errors.
18. A decryption method according to Claim 16 or 17, further comprising performing at least two of the decrypting permutation operation, the further permutation operation and the de-interleaving operation in succession.
19. A decryption method according to Claim 18, wherein the permutation step comprises performing a combined permutation operation that combines two or more of the decrypting permutation operation, the further permutation operation and the de- interleaving operation.
20. A decryption method according to Claim 19, wherein the combined permutation operation is represented by a combined matrix, and the permutation step comprises applying the combined matrix to the output data.
PCT/CN2007/002200 2007-07-19 2007-07-19 Encryption and decryption methods WO2009009929A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2007/002200 WO2009009929A1 (en) 2007-07-19 2007-07-19 Encryption and decryption methods

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2007/002200 WO2009009929A1 (en) 2007-07-19 2007-07-19 Encryption and decryption methods

Publications (1)

Publication Number Publication Date
WO2009009929A1 true WO2009009929A1 (en) 2009-01-22

Family

ID=40259286

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2007/002200 WO2009009929A1 (en) 2007-07-19 2007-07-19 Encryption and decryption methods

Country Status (1)

Country Link
WO (1) WO2009009929A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021255507A1 (en) * 2020-06-18 2021-12-23 DESC (Dubai Electronic Security Center) Secured and robust wireless communication system for low latency applications
US11399286B2 (en) * 2019-08-20 2022-07-26 Qualcomm Incorporated Scrambling for wireless communications

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1999005798A1 (en) * 1997-07-23 1999-02-04 Koninklijke Philips Electronics N.V. Radio communication system
US20050055546A1 (en) * 2003-09-08 2005-03-10 Abb Research Ltd Data encryption on the physical layer of a data transmission system
US7170849B1 (en) * 2001-03-19 2007-01-30 Cisco Systems Wireless Networking (Australia) Pty Limited Interleaver, deinterleaver, interleaving method, and deinterleaving method for OFDM data
EP1750206A1 (en) * 2005-08-04 2007-02-07 THOMSON Licensing 3780-point Discrete Fourier Transformation processor

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1999005798A1 (en) * 1997-07-23 1999-02-04 Koninklijke Philips Electronics N.V. Radio communication system
US7170849B1 (en) * 2001-03-19 2007-01-30 Cisco Systems Wireless Networking (Australia) Pty Limited Interleaver, deinterleaver, interleaving method, and deinterleaving method for OFDM data
US20050055546A1 (en) * 2003-09-08 2005-03-10 Abb Research Ltd Data encryption on the physical layer of a data transmission system
EP1750206A1 (en) * 2005-08-04 2007-02-07 THOMSON Licensing 3780-point Discrete Fourier Transformation processor

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11399286B2 (en) * 2019-08-20 2022-07-26 Qualcomm Incorporated Scrambling for wireless communications
WO2021255507A1 (en) * 2020-06-18 2021-12-23 DESC (Dubai Electronic Security Center) Secured and robust wireless communication system for low latency applications

Similar Documents

Publication Publication Date Title
Zhang et al. Design of an OFDM physical layer encryption scheme
US8645678B2 (en) Chaotic cryptography for OFDM based communications systems
Ma et al. Secure communication in TDS-OFDM system using constellation rotation and noise insertion
EP1513279B1 (en) Data encryption on the physical layer of a data transmission system
CN101027849B (en) Method and apparatus for encryption of over-the-air communications in a wireless communication system
CN101867552A (en) OFDM (Orthogonal Frequency Division Multiplexing) system signal sending method, receiving method and device
CA2616855A1 (en) Encrypting data in a communication network
BRPI0517364B1 (en) METHOD AND APPARATUS FOR AIR COMMUNICATION ENCRYPTION IN WIRELESS COMMUNICATION SYSTEM
Huo et al. XOR encryption versus phase encryption, an in-depth analysis
CN108833390B (en) Matrix transformation-based packet physical layer encryption method
CN111342957B (en) Method and device for distributing CO-OFDM (CO-orthogonal frequency division multiplexing) key based on Y-00 protocol
Eldokany et al. Efficient transmission of encrypted images with OFDM in the presence of carrier frequency offset
Li et al. Secure transmission in OFDM systems by using time domain scrambling
El-Zoghdy et al. Transmission of chaotic-based encrypted audio through OFDM
Noura et al. A physical encryption scheme for low-power wireless M2M devices: a dynamic key approach
Wadday et al. Study of WiMAX based communication channel effects on the ciphered image using MAES algorithm
US20190273602A1 (en) Chaotic permutation spread spectrum system and method therefo
WO2009009929A1 (en) Encryption and decryption methods
Tran et al. Performance evaluation of 802.11 ah physical layer phase encryption for IoT applications
Mathur A mathematical framework for combining error correction and encryption
Melki et al. Efficient & secure physical layer cipher scheme for VLC systems
Dharavathu et al. Image transmission and hiding through OFDM system with different encrypted schemes
EP3780479B1 (en) Modulated signature added for enhanced authentication and integrity link
Hasan et al. Physical-layer Security Improvement in MIMO OFDM Systems using Multilevel Chaotic Encryption
Sa’adah et al. Performance of OFDM Communication System with RSA Algorithm as Synchronization on SR Security Scheme Using USRP Devices

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07764088

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07764088

Country of ref document: EP

Kind code of ref document: A1