CN104168562A - Physical layer authentication method based on multi-carrier transmission - Google Patents

Abstract

The invention discloses a physical layer authentication method based on multi-carrier transmission. According to the method, based on the multi-carrier transmission, channels are regarded as a set of M fading sub-channels, and the reciprocity and randomness of phase responses of the sub-channels are used for performing on identity authentication on both parties of communication. The method includes the implementation steps that Alice transmits an excitation signal to Bob, the phase difference of the multi-carrier channels is measured after Bob receives the excitation signal, then Bob transmits a signal where a shared secrete key is packaged to Alice, and Alice authenticates whether the signal is from Bob or not according to the received signal and the shared secrete key. According to the authentication process of the method, the characteristics of the phase responses of the channels are used, and kinds of spoofing attacks such as the interference attack, the replay attach, impersonation attack are effectively resisted.

Description

A kind of physical layer authentication method based on multi-carrier transmission

Technical field

The present invention relates to a kind of physical layer safety certifying method based on multi-carrier transmission, belong to wireless communication technology field.

Background technology

Along with the develop rapidly of radio communication and the growth based on mobile terminal service, the safety problem of wireless network receives much concern.Because the opening of wireless communication link provides some new approach for disabled user attacks, make communication system have very large potential safety hazard, be easy to be stolen useful information by disabled user.Traditional information security communication is mainly taking cryptography as basic associated encryption technology, because the length of key is limited, and along with the fast development of computer technology, the operational capability of computer rapidly promotes, and can be carried out a large amount of computings and is decrypted by conjecture, test for this encryption method.And from the angle of open system interconnection (OSI) model, information security technology in legacy wireless communication system mainly concentrates on network layer and above each layer, do not make full use of the characteristic of wireless channel physical layer, therefore only ensure that by traditional cryptosecurity mechanism and security protocol the safety of communication system is cannot be gratifying.

Certification is the information security basis of wireless communication system, and it ensures that communicating pair is its identity of claiming, prevents disabled user's access and access.Certification based on physical layer generally adopts cryptosecurity mechanism and security protocol to realize; and there is the risk of Key Exposure in cryptosecurity mechanism; conventionally there is safety defect in security protocol; so do not have physical layer to authenticate this layer of catch net, the fail safe of wireless communication system exists certain hidden danger.And the present invention can solve problem above well.

Summary of the invention

The object of the invention is to provide a kind of physical layer authentication method based on multi-carrier transmission, the method is to utilize reciprocity and the randomness of multiple carrier channel phase response, realize the certification of communicating pair identity, and be in physical layer, the identity of communicating pair to be authenticated mutually, this special domain information can be strengthened the fail safe of communication.

The present invention solves the technical scheme that its technical problem takes: a kind of physical layer authentication method based on multi-carrier transmission, the multi-carrier transmission of the method based in physical layer, utilize the uniqueness of multiple carrier channel phase response, by the poor modulation of sub-carrier phase, communicating pair is carried out to unidirectional or two-way authentication, reach the object ensuring communication safety.

Method flow

Alice of the present invention sends a pumping signal to Bob, receive after pumping signal at Bob, sub-carrier channels phase place is detected, measure the phase difference between subcarrier, then Bob feeds back to mono-of Alice and is packaged with the response signal of shared key, and last Alice carries out safety certification according to the signal and the shared key that receive.Specifically comprise the steps:

Step 1:Alice sends pumping signal to Bob; Alice is in frequency f ₁, f ₂..., f _mplace sends the sine wave of equiphase modulation to Bob as pumping signal, because channel has phase delay, the signal that Bob receives $r_B\left(t\right)=\underset{i=1}{\overset{M}{\mathrm{\Σ}}}\sqrt{\frac{2{\left|h_i\right|}^2{E}_s}{T}}\cos (2\mathrm{\π}{f}_{i}t+{\mathrm{\θ}}_i)$ In include the phase information θ of every sub-channels _i, Bob measures subcarrier f _iand f ₁between phase difference θ _i1.

Step 2:Bob is to Alice feedback response signal; Bob is according to the phase difference θ between the pumping signal and the subcarrier that receive _i1, feed back to mono-of Alice and be packaged with key k _b=[k ₁..., k _m] response signal k _i∈ { 1,1}.The response signal that Alice receives ${\mathrm{\θ}}_e^i=\mathrm{\Δ}{\mathrm{\θ}}_{i1}-\mathrm{\Δ}{\widehat{\mathrm{\θ}}}_{i1}$ In there is equally the phase delay that every sub-channels is corresponding.

Step 3: certification; In the process of certification, whether Alice wants authentication the other side's identity legal, and the present invention finds the threshold tau for adjudicating under two kinds of hypothesis verification conditions, and assumed condition is as follows:

H ₁:k _t＝k

H ₀:k _t≠k

Make η=k ^ty, ζ=| η |, k is the shared key of Alice and Bob, k _tfor the key obtaining from Bob, whether be validated user by the size judgement the other side who compares ζ and threshold tau.

Step 4: the selection of threshold tau and criteria of certification; Under the hypothesis verification condition of step 3, first according to envelope ζ=| η | distribution function and false alarm probability α definite threshold τ, then according to the relatively magnitude relationship of envelope ζ and threshold tau of its probability density function, if ζ >=τ is validated user.

The present invention, in the time of signal to noise ratio 5dB, has good authentication performance.

The present invention is based on multi-carrier transmission, regards channel as one group of M parallel decline subchannel, utilizes reciprocity and the randomness of sub-channel phase response, and communicating pair is carried out to two-way authentication.

Channel phase characteristic of the present invention is very sensitive to the distance between receiving terminal and transmitting terminal, has randomness, and disabled user can not effectively estimate channel phase.

The present invention is from two kinds of hypothesis verification conditions, communicates the other side's authentication, and this physical layer certification is equivalent to the Trapped problems of PN code; Two kinds of situations are:

H ₁:k _t＝k

H ₀:k _t≠k

Wherein, in the time that Alice carries out authentication to Bob, k _trefer to the key obtaining from Bob side;

Described method is applied to single, double to certification between Alice and Bob;

The unilateral authentication process of Alice to Bob: Alice sends a pumping signal to Bob, receive after pumping signal at Bob, sub-carrier channels phase place is detected, measure the phase difference between subcarrier, then Bob feeds back to mono-of Alice and is packaged with the response signal of shared key, and last Alice carries out safety certification according to shared key.

The all explanation of symbols of the present invention comprise:

F _i: i sub-carrier frequencies;

θ _i: the phase response of i sub-channels;

the phase place of i bit mapping of key;

Δ θ _i1: subcarrier f _iand f ₁between phase difference;

S _a(t): the pumping signal that Alice sends;

S _b(t): the response signal that Bob sends;

R _a(t): the signal that Alice receives;

R _b(t): the signal that Bob receives;

H ₀: the disabled user under the verification condition of supposing;

H ₁: the validated user under the verification condition of supposing;

ζ: the envelope of signal;

ζ | H ₀: at H ₀signal envelope under condition;

ζ | H ₁: at H ₁signal envelope under condition;

Beneficial effect:

1, the present invention can make full use of physical characteristic and the resource (that is: phase place) of channel, and has strengthened the fail safe of communication system.

2, the present invention can effectively resist the attacks such as the interference attack, replay attack and the camouflage that are prone in wireless communication system.

Brief description of the drawings

Fig. 1 is the schematic diagram of physical layer authentication method of the present invention.

Fig. 2 is method flow diagram of the present invention.

Fig. 3 is ζ | H ₁and ζ | H ₀probability density function curve in the time of SNR=5dB.

Fig. 4 is ζ | H ₁and ζ | H ₀probability density function curve in the time of SNR=20dB.

Embodiment

Below in conjunction with Figure of description, the invention is described in further detail.

As shown in Figure 2, the present invention is based on multi-carrier transmission, channel is regarded as to one group of M parallel decline subchannel, utilize reciprocity and the randomness of sub-channel phase response to carry out the certification in physical layer.Implementation step of the present invention comprises: Alice sends pumping signal to Bob, receive after pumping signal at Bob, send a signal that is packaged with shared key to Alice, the signal that Alice will receive according to it and shared key verify whether this signal comes from Bob.Its concrete steps are as follows:

Step 1:Alice sends pumping signal to Bob

Alice is in frequency f ₁, f ₂..., f _mplace sends the sine wave of equiphase modulation to Bob the signal that under noise-free case, Bob receives is $r_B\left(t\right)=\underset{i=1}{\overset{M}{\mathrm{\Σ}}}\sqrt{\frac{2{\left|h_i\right|}^2{E}_s}{T}}\cos (2\mathrm{\π}{f}_{i}t+{\mathrm{\θ}}_i),$ θ _iit is the channel phase response at M carrier wave place.Bob measures subcarrier f _iand f ₁between phase difference θ _i1, i=2 ...., M.

Phase difference θ _i1method of estimation be: multiple carrier channel is seen as to one group of M parallel fading channel, and the discrete form that receives signal is: r _i=h _ix _i+ w _i, i=2 ...., M, $h_i=\left|h_i\right|e^{j{\mathrm{\θ}}_i}.$ Pass through $\mathrm{\Δ}{\widehat{\mathrm{\θ}}}_{i1}={\tan }^{-1}\left(\frac{\mathrm{Imag}\left(u_i\right)}{\mathrm{Real}\left(u_i\right)}\right)$ Calculate phase difference θ _i1estimated value, wherein Imag (.) is plural imaginary part, Real (.) is real,

Step 2:Bob is to Alice feedback response signal

Bob is according to the signal r receiving _b(t) the phase difference θ and between subcarrier _i1, feed back to mono-of Alice and be packaged with key k _b=[k ₁..., k _m] response signal: k _i∈ { 1,1}.The response signal that Alice receives is: ${\mathrm{\θ}}_e^i=\mathrm{\Δ}{\mathrm{\θ}}_{i1}-\mathrm{\Δ}{\widehat{\mathrm{\θ}}}_{i1}.$ By step 1, multiple carrier channel is seen as to one group of M parallel fading channel, what Alice received has the dispersion vector form of noise cancellation signal to be $y={[y_1,...,y_M]}^T=\sqrt{E_s}{e}^{j{\mathrm{\θ}}_1}\·{[{\mathrm{\ρ}}_1{k}_1,.....,{\mathrm{\ρ}}_M{k}_M]}^T+w,$ Wherein ${\mathrm{\ρ}}_i=\left|h_i\right|e^{j{\mathrm{\θ}}_e^i},$ var{w _i}＝N ₀。

Step 3: certification

Alice authenticates according to the signal y in step 2 and shared key k, and verification process relates to threshold tau, and the present invention finds the threshold tau for adjudicating under two kinds of hypothesis verification conditions, and assumed condition is as follows:

H ₁:k _t＝k

H ₀:k _t≠k

Make η=k ^ty, ζ=| η |, k is the shared key of Alice and Bob, k _tfor the key obtaining from Bob, authenticate by the size that compares ζ and threshold tau.

Step 4: the selection of threshold tau and criteria of certification

Under the hypothesis verification condition of step 3, first according to envelope ζ=| η | distribution function i=0,1 and false alarm probability α definite threshold τ, the selection of threshold tau will satisfy condition then according to its probability density function $f_{\mathrm{\ζ}}\left(x\right|H_i)=\frac{x}{{\mathrm{\σ}}_{H_i}^2}\exp (-\frac{x^2+{\left|\stackrel{\‾}{{\mathrm{\η}}_i}\right|}^2}{2{\mathrm{\σ}}_{H_i}^2})I_0\left(\frac{x\left|\stackrel{\‾}{{\mathrm{\η}}_i}\right|}{{\mathrm{\σ}}_{H_i}^2}\right),$ X >=0, i=0,1 compares the magnitude relationship of envelope ζ and threshold tau, if ζ >=τ is validated user.Wherein be respectively η | H _iaverage and the variance of (i=0,1), I ₀() is improved zeroth order Bessel function of the first kind, Q ₁it is Marcum ' s Q function.

Fig. 1 is the schematic diagram that the present invention is based on " Challenge-response " physical layer authentication method of multi-carrier transmission, is the verification process of communication party Alice to Bob shown in figure, and first Alice sends pumping signal to Bob, the equiphase modulated sinusoid sending but in order to stop assailant to channel detection, Alice can use binary system random sequence D _a=[d ₁, d ₂..., d _m] ^t, d _i∈ 1 ,+1} at carrier frequency place modulated sinusoid as pumping signal, bob receives after pumping signal, detects phase information, then sends response signal to Alice, k _i∈ { 1,1}.The signal y that Alice receives according to it and shared key k go to judge Bob be whether validated user (if $s_A\left(t\right)=\underset{i=1}{\overset{M}{\mathrm{\Σ}}}\sqrt{\frac{2E_s}{T}}{d}_i\cos \left(2\mathrm{\π}{f}_{i}t\right),$ ? $y=\sqrt{E_s}{e}^{j{\mathrm{\θ}}_1}\·{[{\mathrm{\ρ}}_1{k}_1{d}_1,.....,{\mathrm{\ρ}}_M{k}_M{d}_M]}^T+w).$

Fig. 3 and Fig. 4 are respectively ζ | H ₁and ζ | H ₀probability density function curve in the time of SNR=5dB, SNR=20dB.Independently number of sub carrier wave M=128, channel model is M parallel fading channel, the signal to noise ratio of every sub-channels is identical.According to formula:

$f_{\mathrm{\ζ}}\left(x\right|H_i)=\frac{x}{{\mathrm{\σ}}_{H_i}^2}\exp (-\frac{x^2+{\left|\stackrel{\‾}{{\mathrm{\η}}_i}\right|}^2}{2{\mathrm{\σ}}_{H_i}^2})I_0\left(\frac{x\left|\stackrel{\‾}{{\mathrm{\η}}_i}\right|}{{\mathrm{\σ}}_{H_i}^2}\right),$ X>=0, i=0,1 curve drawing is all obeyed Lay, and this distributes, i=0, the 1st, estimated by Monte-Carlo Simulation.In the situation that warning probability is known, according to ζ | H ₀the value of probability density function definite threshold τ.This distribution of theoretical Lay and experience distribute and match, and ζ | H ₁and ζ | H ₀probability density function apart from each other, according to the magnitude relationship of ζ and τ be easy to certification and authentication performance fine.

Claims (5)

1. the physical layer authentication method based on multi-carrier transmission, is characterized in that: described method comprises the steps:

Step 1:Alice sends pumping signal to Bob; Alice is in frequency f ₁, f ₂..., f _mthe sine wave that place sends equiphase modulation to Bob is as pumping signal, and because channel has phase delay, the signal that Bob receives includes the phase information θ of every sub-channels _i, Bob measures subcarrier f _iand f ₁between phase difference θ _i1;

Step 2:Bob is to Alice feedback response signal; Bob is according to the phase difference θ between the pumping signal and the subcarrier that receive _i1, feed back to mono-of Alice and be packaged with key k _b=[k ₁..., k _m] response signal;

Step 3: certification; Under two kinds of hypothesis verification conditions, find the threshold tau for authentication decision, assumed condition is as follows:

H ₁:k _t＝k

H ₀:k _t≠k

Wherein η=k ^ty, ζ=| η |, k is the shared key of Alice and Bob, k _tfor the key obtaining from Bob, whether be validated user by the size judgement the other side who compares ζ and threshold tau;

Step 4: the selection of threshold tau and criteria of certification; Under two kinds of hypothesis verification conditions of above-mentioned steps 3, first according to envelope ζ=| η | distribution function and false alarm probability α definite threshold τ, then according to the relatively magnitude relationship of envelope ζ and threshold tau of its probability density function, if ζ >=τ is validated user.

2. a kind of physical layer authentication method based on multi-carrier transmission according to claim 1, it is characterized in that: described method is the multi-carrier transmission based in physical layer, regard channel as one group of M parallel decline subchannel, utilize reciprocity and the randomness of sub-channel phase response, communicating pair is carried out to two-way authentication.

3. a kind of physical layer authentication method based on multi-carrier transmission according to claim 1, it is characterized in that: the channel phase characteristic of described method is very sensitive to the distance between receiving terminal and transmitting terminal, have randomness, disabled user can not effectively estimate channel phase.

4. a kind of physical layer authentication method based on multi-carrier transmission according to claim 1, is characterized in that: described method is from two kinds of hypothesis verification conditions, communicates the other side's authentication, and this physical layer certification is equivalent to the Trapped problems of PN code; Two kinds of situations are:

H ₁:k _t＝k

H ₀:k _t≠k

Wherein, in the time that Alice carries out authentication to Bob, k _trefer to the key obtaining from Bob side.

5. a kind of physical layer authentication method based on multi-carrier transmission according to claim 4, is characterized in that, described method is applied to single, double to certification between Alice and Bob;

The unilateral authentication process of Alice to Bob: Alice sends a pumping signal to Bob, receive after pumping signal at Bob, sub-carrier channels phase place is detected, measure the phase difference between subcarrier, then Bob feeds back to mono-of Alice and is packaged with the response signal of shared key, and last Alice carries out safety certification according to shared key.