WO2015097312A1 - A harmonic based encryption and decryption system for waveform signals - Google Patents

Abstract

A method for securing a waveform signal for transmission by converting the signal into the frequency domain, applying an encryption function to the converted signal,and then by applying an inverse conversion to generate the final encrypted signal. The encryption function is a Vernon cipher, i.e. corresponding to a one-time pad. The process is reversed for decryption. Noise suppression, synchronization, and hardware parallelization techniques are presented.

Description

A HARMONIC BASED ENCRYPTION AND DECRYPTION SYSTEM FOR

WAVEFORM SIGNALS

Field of the invention:

This invention relates to the field of communications. More specifically, the invention provides a method for encrypting waveforms (or any potentially any unbounded sequence of values), thereby enabling a high-level of security when applied to communication channels transmitted over physical media. Description of the Related Art:

Secure communications is a necessity. However, nowadays, encryption is usually only applied to the upper layers of the communication protocol stack. By doing so, network information is exposed to eavesdroppers and malicious attackers as the lower layers travel across public channels. Some of this exposed information includes the channel's data rate, channel type, protocol type, frame header and routing information. Some physical signal ciphers try to protect this data, however they encrypt on the data-level (per bit) leaving some channel information exposed, and they expand the original signal's bandwidth (a negative quality for some radio channel applications).

SUMMARY

The present invention seeks to provide an efficient and secure physical-layer signal-cipher, capable of encrypting any potentially unbounded sequence of values. In particular, the invention can be used to encrypt communication signals as waveform signals (representing an analog signal) regardless of the channel content (frames, bits, analog modulations like FM or AM, and even binary modulations such as QAM, FSK and so on). The invention may be used to preserve the original signal's bandwidth after encryption, and to provide absolute protection to the underlying channels that span some frequency band.

According to a first aspect of the present invention, there is provided a method for encrypting a waveform signal according to claim 1. By first tranforming a signal into frequency domain and then by perfoming modulo-based encryption, the method is capable of providing security to any communication over any media.

The raw signal itself is encrypted, which therefore exposes no information about the included channel(s).

Preferably, the predetermined encryption function uses a pseudorandom sequence generated from at least one seed as its encryption key. In particular, such a predetermined encryption function may use a cryptographically secure pseudorandom sequence to ensure secure transmission. The function may be such that the encryption and decryption can be started mid-transmission.

In embodiments, the waveform signal in the time domain may be in a predetermined frequency band; and the method may include applying a predetermined symmetric modulo- based encryption function to a predetermined selection of the elements of the vector of values, where the said predetermined selection of the elements of the vector of values are the elements of the vector of values corresponding to the predetermined frequency band.

In this way, the bandwidth of the original waveform signal is preserved.

If the modulo-based encryption were to be performed on samples in the temporal plane, energy would be added to all frequencies of the spectrum.

Further, using the invention it is possible to encrypt only selected frequency bands, not the whole spectrum, if required.

Moreover, by carrying out the modulo-based encryption in the frequency domain it is possible to use parallel processing techniques to encrypt different frequency bands in parallel using parallel processors.

If the invention were to be performed across a channel that has even a small amount of noise (essentially all channels in the reality have some random noise) and without any of this invention's noise mitigation techniques, then the decrypted signal will be severely degraded.

Therefore, preferably some noise mitigation technique is applied. To apply noise cancellation on the encryption / transmission side, in the case where the maximum expected magnitude of the plurality of vector values for the different frequencies is φ, the step of applying a predetermined encryption function carries out a predetermined encryption function modulo φ', on the vector values after uplifting by a value ψ , where φ'≥ φ + 2ψ , for providing protection for the effects of random noise in the modulo domain.

Note that it is preferred that ψ is non-zero, although some benefit is obtained simply where φ' > φ .

The method has particular application to the physical layer of a data transmission system.

In a second aspect, there is provided a method of decrypting a waveform signal according to claim 6.

Preferably, the method includes noise cancellation on the decryption side. In particular, the method may include a statistical floor technique for correcting received values that have been shifted by noise.

In a particular example, at the upper end of the expected range of values, in the case that maximum magnitude of the plurality of values for different frequencies is φ, the method may include, where a received value is greater than φ, reducing the received value to φ— ε, where ε is a positive value.

At the lower end of the expected range of values, 0, after the decryption function subtracts a key value from the received value, if the result of the subtraction is less than zero by some predetemined amount, the result of the subtraction may be corrected to zero.

In a third aspect, there is provided a waveform signal encryption apparatus according to claim 14.

In a fourth aspect, there is provided a waveform signal decryption apparatus according to claim 16.

Embodiments may encrypt the output of the physical layer (the lowest layer) of the protocol stack thereby securing all subsequent layers. In order for this method to be practical in a modern network, the encrypted signal may use the same amount of bandwidth as the original signal and the encryption process will be fast enough to avoid undesirable delays. Furthermore, the method may also address the issues of noise mitigation, key sharing and synchronization. Thus, all aspects relate to a symmetric cipher for potentially unbounded signals; a method which encrypts a waveform signal on the frequency plane, and which may thereby preserve the signal's bandwidth while offering a high degree of secrecy. The general method of encryption of claim 1 and decryption of claim 6 will herein be referred to as "the VPSC" (Vernam Physical Signal Cipher). Furthermore, the operations done directly on the frequency plane by the VPSC gives the added advantage of hardware scalability when dealing with wide-band signals.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a schematic view of how the VPSC can be used to encrypt analog signals: Alice sends s (a segment of some discreetly sampled analog signal in the time domain) securely to Bob while Eve's interception provides her with no information about it.

FIG. 2 is a detailed schematic view showing an embodiment of the layout of the VPSC's components to encrypt an analog waveform.

FIG. 3 is a detailed schematic view showing an embodiment of the layout of the VPSC's components to decrypt an analog waveform.

FIG. 4 demonstrates the benefit of noise mitigation methods for modulo based signal encryption. The original signal (seen in FIG 4.D) is a sine wave at 1 Hz with 256 samples (per s) having maximum magnitude set to φ = 7W. To demonstrate the effects, the encrypted signal (obtained from the original signal) has Gaussian noise added to it before decryption. a. FIG. 4. A shows an encrypted signal's magnitudes, after subtraction of the encryption keys and before the modulo operation. We can see many anomalies below the x-axis incurred due to the channel's Gaussian noise.

b. FIG. 4.B shows the resulting errors from the anomalies in FIG. 4.A after the modulo operation. Here the points below the x-axis are now above the maximum magnitude φ.

c. FIG. 4.C shows the statistical- floor noise mitigation method with i = 1 applied to the same noisy signal used in FIG. 4.A: before subtraction of the keys, all magnitudes above φ =7 (none in this case) are approximated to φ— ε =6.99. Then after the subtraction of the keys, the values between 0 and 0— ψ =— 1 are approximated to zero. (At this point the modulo operation can be applied to recover the approximate magnitudes; an approximation to the original signal).

d. FIG. 4.D shows the original signal (a sine wave) before encryption and before the added Gaussian noise.

e. FIG. 4.E shows the same signal from FIG. 4.D after applying preemptive-rise noise mitigation at the transmitter with a power of ψ = 1W. The signal is then protected from large anomalies provoked by noise with a deviation of up to 1 W.

f. FIG. 4.F is a graphic which shows the statistics of the bit error rate (a BER which lower is better) in relation to the standard deviation of the noise, gathered over the same set of 3000 frames. The plot is of the signal modulated with QPSK, with and without the noise mitigation and encryption techniques proposed. Preemptive-rise is applied with ψ = 2.3 (med.) and ψ = 7.8 (high) and statistical- floor with ψ = 1.

Fig. 5 illustrates the finding of the start of a frame by signal correlations;

Fig. 6 illustrates the encryption of a physical signal over a wire; and

Fig. 7 illustrates an alternative embodiment of the invention.

REFERENCE NUMERALS IN THE DRAWINGS

10 Original waveform signal 11 Discrete Fourier transform module 12 Encryption module 13 Inverse discrete Fourier transform module

14 Public channel 15 Decryption module

20 Entry point of the original waveform 21 Maximum signal magnitude (input) signal

22 Random number generator for 23 Random number generator for angles magnitudes

24 Fast Fourier transform module 25 Cartesian to polar form converter for complex numbers

26 Encryption key computing module for 27 Magnitude encryption function magnitudes module

28 Encryption key computing module for 29 Angle encryption function module angles

30 Polar to Cartesian form converter for 31 Inverse fast Fourier transform

complex numbers

32 Exit point for the encrypted signal

40 Entry point of the encrypted signal 41 Magnitude decryption function

module

42 Angle decryption function module 43 Exit point for the resulting decrypted signal

DETAILED DESCRIPTION

I. CRYPTOGRAPHIC MODEL In this section we will introduce the notations which will be used throughout the application. We will also apply the standard cryptographic model to the waveform message space.

We will assume that we are dealing with discretely sampled and quantized real signals. Let there be Q discrete levels of quantization such that the highest level is Q_u and the lowest is Q_L . Let S c Z" be the collection of all possible signals to be encrypted, where N = 2^k, k E M and s E S has the form

where Q_L≤ v_t < Q_u for every i. In other words, s is a frame of N quantized samples which we want to encrypt.

Let f_s be the sample rate of the system such that f_s≥ 2B, where B is the essential bandwidth of the signals in S (Nyquist rate).

Let the message space M (the collection of all possible plaintext messages) of the cryptosystem be defined as the collection of all discrete Fourier transforms (DFT) of the vectors in S, in polar form, such that M [(m_m, m_a)

It is helpful to view the message m £ M as the polar form of the DFT of N consecutive samples of a real-time signal found in S.

Let φ be a scalar parameter which defines the maximum frequency component magnitude of the cryptosystem, and it is restricted to the inequality φ≥ max(rn_m [i]) Vi, m_m. (3)

We shall define keys of the system to be tuples in the form k = (k_m, k_a), (4) where k_m and k_a are random N length vectors which are used to encrypt magnitudes and angles respectively. Since we are dealing with real signals, k_m and k_a must be structured to conform with the patterns found in the DFT of real signals. Specifically, k_m has the structure k_m = concatenate o, v, refl (ΰ ^2: -^j , (4.1) where v is a— length vector of random values on the range [0, φ] , refl is the mirror rearrangement operation on the values of some vector, and the symbol ":" indicates a range of indexes. Similarly, k_a has the structure k_a = concatenate(a,—refl(a)), (4.2) where a is also a— 2 length vector of random values, but on the range [—π, π) . The keys can be extended to encrypt non-real (imaginary signals) by generating random values for the full length of both vectors (not mirrored). Let the key space K (the collection of all possible keys) of the cryptosystem be defined as the collection of all possible keys k.

The cryptogram space of the system C is equivalent to the collection of all possible real signals found in M. This is necessary to obtain perfect secrecy since it must be possible that any cryptogram c E C can be mapped back to any message fn £ M. Let the inverse-D T (DFT^-1) of the cryptogram c be referred to as s', such that

DFT^~1 [c\ = s'. (5) Let the general encryption function be defined as e^ (m) = c (6.1) and the general decryption function be defined as

(¾ (c) = rn (6.2) where the key k E K is used to encrypt the message fn E M and decrypt the ciphertext c E C. II. THE VERNAM PHYSICAL SIGNAL CIPHER

In this section we will define an embodiment of the invention, named hereafter as the Vernam Physical Signal Cipher (VPSC) by detailing its implementation of the encryption and decryption functions (6.1, 6.2). We will also introduce two methods of noise mitigation.

Let the VPSC encryption function be defined as

_¾(m) = i^e"^m¾ = (⁽ ^ ^{+ 1 m) m0d Φ}) = fH = c (7.1) k I e^e _rk_a (Mm ) 1 ( { mm_aa ++ kk _a J (- C_a J and let the VPSC decryption function be defined as

where mod is the element wise modulo operation, and k is a purely random vector selected from K.

FIG. 1 shows how the VPSC can be used to encrypt analog signals: the scenario is that Alice wants to transmit s (a segment of some analog signal) securely to Bob so that Eve cannot obtain any information about the original signal 10, s as it travels across the public channel 14. First Alice obtains the tuple fn = {m_m, m_a) by converting the DFT of s into polar form at the DFT module 1 1. Next Alice encrypts the frequency components ( n) with (6.2) in the encryption module 12 by performing ¾( n) = c. Next Alice preforms a DFT^'1 at module 13 on the cryptogram c and transmits the result s' over the public medium towards Bob. Once Bob has received s' he can obtain the original s from it by preforming the same steps which Alice preformed, and by using the decryption function (6.2) instead (at module 15).

Encryption and decryption of a real-time analog signal by use of the VPSC can be done in the following way. The live input signal is sampled, quantized and stored in a buffer of size N. Once this buffer is full, the VPSC begins encrypting the buffer as 5. In parallel the input signal is sampled, quantized and stored in a separate buffer. Once the first buffer's contents have been encrypted into c the encrypted samples are place into a transmission buffer which is constantly being transmitted. This process repeats for every N received samples. As long as the encryption of a single buffer takes less time than the amount of time that buffer represents, then the signal is encrypted in real-time (with a small delay). The decryption process is similar to the encryption process but some steps are reversed. When dealing with real world transmission channels, the encryption / decryption processes includes noise mitigation such as proposed in the present invention (subsections II A and II. B).

FIG. 2 shows a possible arrangement of the encryption subsystem in more detail: first, the original signal 20 is converted to the frequency domain in polar form by the FFT module 24 and Certesian-to-polar module 25. Then the magnitudes are encrypted at 27 using the keys arranged in the key computing module 26 and the same happens to the angles.in module 29. The signal is then restored to the time domain by the polar-to-Cartesian module 30 and DFT^'1 module 31 and we obtain the encrypted signal 32. FIG. 3 shows a possible arrangement of the decryption process, after the encrypted signal went through a communication medium. First, the encrypted signal 40 is again converted to the frequency domain in the DFT module 24 and Cartesian-to -polar module 25. The signal is then decrypted the using the same keys that were used to encrypt it, in modules 41 and 42. Finally, the signal is converted back to the time domain by the polar-to-Cartesian module 30 and DFT^{' 1} module 31, and the decrypted signal 43 is obtained.

Since the VPSC is a physical signal cipher, it must operate according to physical constraints. One of those is φ; the maximum frequency component magnitude of the cryptosystem. This parameter must be at least a large as the largest possible (presumed) frequency magnitude in M as described in (3). Usage of a value for φ which is less than the largest magnitude will result in a loss of information due to the modulo operation. Although the functions (7.1, 7.2) can provide s with a high level of security, the implementation is only good in theory. This is because every communication medium adds some noise to the system in reality; whether it is natural noise or some other signal interference. Therefore, under normal circumstances, some energy always gets added and subtracted from some of the magnitudes in c_m. This incurs an undesirable effect in the decryption process. Depending on the amount of energy, the subtraction and then modulo of the cryptogram in (7.2) can send the values in m_m that were close to 0 or φ to the opposite extreme.

For example, let's say that m_m[n] is the nth magnitude from the original signal s, and let say that fn_m [n] = φ — ε, where ε is some relatively small number. Suppose that the encryption key to be used on the magnitude rn_m[n] happens to be k_m[n] = a, where 0 < a < φ. After encrypting fn_m with (7.1), we get c_m[n] = (jn_m [n] + fc_m[n])mod0 = (φ — ε + α)πιοάφ. (8.1)

Now c_m is converted into s' by (5) and transmitted over some communications medium. Let's assume that by doing so the magnitude c_m[n] (of s') receives some additional energy y from noise in the channel, where γ > ε . The result is that Bob now receives a the noisy cryptogram, c_m [n]^* = (_φ - ε + α)τηοάφ + γ (8.2) and Bob cannot analytically determine γ since the original message magnitude m_m [n]— φ— ε is unknown to him.

When Bob tries to decrypt (8.2) using (7.2), in the case where γ— ε < φ the following will occur:

^k_m[n] ^rn [ⁿ] * ⁼ ( c_m[n ^{* ~} ¾ _mW) mod φ = ((ø— ε + )τ^ηοάφ + γ— )^ηιοάφ

(8.3) If a < γ then (8.3) is evaluated to

(φ— ε + a + γ— α)ηιοάφ = (φ— ε + γ)ηιοάφ = γ— ε, since γ > ε. (8.4) If a≥ γ then (8.3) evaluated to (a— ε + γ— α)τηοάφ = (γ— ε)τηοάφ = γ— ε (8.5)

In both cases (8.4, 8.5), Bob will interpret s's nth magnitude to be a near zero value as opposed to the correct near maximum value (φ). Similarly, the same can be shown for near zero values being interpreted as maximum values after decryption as well.

These unavoidable errors add a tremendous amount of noise to the decrypted signal. Therefore, since a small amount of noise energy γ can cause a large signal to noise ratio (SNR), it is impractical to implement the VPSC by simply using the encryption and decryption functions (7.1, 7.2) without any noise mitigation.

FIG. 4. A illustrates this graphically: while there are no points above the maximum magnitude φ because of the safe distance between φ and the actual amplitude of the original modulated sine wave, there are many points below the x-axis after subtracting the encryption keys from the encrypted signal's magnitudes. These anomalies result from additive Gaussian noise energy that naturally occurs in real-life channels. This noise added to the signal prior to substracting the keys bring many of the points from 0 to negative values before the modulo operation occurs. After applying the modulo operation, in FIG. 4.B, these anomalies "jump up" to just below φ and completely change the interpretation of the original signal after decryption. Therefore, we propose two methods of noise mitigation for the VPSC described below; preemptive-rise and statistical-floor.

A. Preemptive-rise (PR)

The preemptive-rise technique is implemented both in the encrypter and decrypter. The idea is to make a buffer zone above and below the original signal's range of magnitudes so that the addition of random noise energy will not cause any magnitude to fall out of bounds during the subtraction step of (7.2). Let xp be the width of each zone in watts where ψ≡ u^■ σ₀ , (9) such that u £ l and σ₀ is the standard deviation of the channel's noise energy.

In order to implement preemptive-rise, the encrypter and decrypter must use a larger φ than previously required due to the larger range of the magnitudes in system. This larger version φ' can be defined as φ' = φ + 2xp, (10) where φ is determined from (3). Furthermore, the range which the magnitude keys can take in (4.1) must be changed to [0, φ'] .

The implementation of preemptive-rise is equivalent to modifying the magnitude encryption function in (7.1 ) to e^_m(m_m) = (fn_m + k _m + ψ)τηοάφ', (11.1) and magnitude decryption function in (9.2) to d_km(c_m) = (c_m - k _m)mod(l>' - ip, (11.2)

Although preemptive-rise can completely eliminate the noise distortions, its cryptogram (11.1) requires a greater transmission power than the original cryptogram (7.1) due to the change (10).

This is observable in the transition from FIG. 4.D to FIG. 4.E, where preemptive-rise noise mitigation is applied. On the one hand, this prevents large modulo errors provoked by noise in the ranges [0, ø] and [φ, φ + ψ], but on the other hand the transmission power has to increase from φ ίο φ + 2ψ.

B. Statistical-floor (SF)

Unlike the preemptive-rise technique, statistical- floor is implemented in the decrypter alone. The idea is to try and correct those values which have been shifted over the boundaries by noise energy. The method first acts under the assumption that before the subtraction step in (7.2), any magnitudes which fall in the range [φ,∞) were shifted up by noise because any magnitude larger than φ is impossible knowing that the transmitter did not send such a singal. After the subtraction step in (7.2), the method assumes that magnitudes in the range [— φ, 0) were shifted down by noise from 0. Therefore, these values are corrected accordingly before the modulo-operation occurs. Below is pseudo-code for the statistical-floor magnitude decrypter modified from (7.2), where ε is a very small number. decrypt(m_m, k _m) 1 for i <- 1 to N

2 if m_m[i]≥ φ

3 m_m [i] <_^ <p - £

4 % [i] «- c_m ['] - * m W 5 if -ψ≤ m_m[i] < 0

6 0

A graphical illustration of the preemptive-rise operation is shown in FIG. 4.C, where all the points below the x-axis in FIG. 4.A are approximated to 0. Therefore, the modulo operation that follows has no errors resulting from these anomalies and FIG. 4.C is indeed the decrypted signal's spectrum.

Although statistical-floor does not require more power to transmit a cryptogram (like preemptive-rise), it incorrectly floors normal values that happen to be in the ranges (that should be left alone). Since this error is unavoidable when using this technique, it is impossible for statistical-floor to completely eliminate the noise distortions without adding some of its own.

A statistical comparison of these noise mitigation techniques is shown in FIG. 4.F, which shows the bit error rate (BER, lower is better) in relation to the standard deviation of the noise. As we can see, the two suggested noise mitigation techniques are very effective in noisy channels, bringing the BER to the same low levels as in the cases when no encryption is applied, provided sufficient noise mitigation settings.

It should be noted that a combination of both preemptive-rise and statistical- floor techniques is possible. Such a combination could almost eliminate distortions while using less transmission power than preemptive-rise.

III. SIGNAL SYNCHRONIZATION In this section, we will propose a direct analytical method of synchronizing a VPSC decrypter to an encrypter at an arbitrary point in its key sequence.

A simple symmetric cryptographic system synchronizes in the following way. From the start of the transmission at time t₀, a deterministic key- stream is continuously generated at the encrypter in order to encrypt the signal. The decrypter generates the same key-stream and uses it to decrypt the received signal at time t₀ -I- p, where p is the propagation delay.

In many real world applications, communication channels such as wireless channels broadcast signals continuously. In such instances it is not practical to require the desired decrypter to be ready to accept a transmission from the start t₀. For example, in some communication networks, it is desirable to allow authentic decrypters to be introduced into the network at an arbitrary point in time t₉ where t_fl > to- (18)

These added decrypters, having no prior knowledge, cannot synchronize their key-stream under practical time constraints. Therefore we offer a direct method of synchronization between a VPSC encrypter and decrypter to solve this issue.

First of all, in order to generate a key-stream from an arbitrary point in the PRNG cycle, under practical time constraints, the generation of the targeted n-th key must be instantaneous. For this reason, the usage of feedback ciphers as the system's PRNG is not practical since the generation of the n-th term requires generating all previous n— 1 terms as well. In section we will assume the VPSC has been implemented with a direct access cryptographically secure pseudo-random number generation (CSPRNG) such the advanced encryption standard (AES) AES-PRNG that uses a counter to generate the keys.

In this system, both the encrypter and decrypter have the same secret configuration used to initialize their cryptographic systems. Let D be the collection of all possible initial configurations for a system such that

D = {(sc, st, g) \ sc. st. g E N} (19) where sc is the CSPRNG's initial counter (seed counter), st is the start time of the encryption relative to the encrypter's world-clock t_tx, and g is the key generation rate (values per time- unit).

In order to properly synchronize, the decrypter must use the exact world-time which the encrypter is using (t_tx) and the current CSPRNG-counter which the stream is now being encrypted with. The decrypter must also take into account the propagation delay p. In reality, the decrypter' s world-clock t_rx will not be precisely synchronized with t_tx . This time error ε can be described as ε = \t_rx - t_tx | . (20)

Decryption of an encrypted stream at the wrong moment in time will result in random noise. Therefore, knowledge of only the system's configuration d £ D would not be enough to properly sync without determining ε and p.

Our proposed solution to this problem is to have the decrypter seek out t_tx by attempting to decrypt the received encrypted signal and observing the autocorrelation of the resulting values. For our purposes, we shall assume that the systems produce the next VPSC key- frame k by simply taking the next 2N values produced by the CSPRNG stream, and create k_m and k_a by using N of those values each.

The decrypter goes through the following process in order to synchronize. First it must save several frames worth of samples of the encrypted signal into the array b. He must also save current time into the parameter rt (reception time) once he has received half of those samples. Next, he must calculate the assumed current CSPRNG-counter (cc) of the encrypter by using the common configuration d. This can be acquired by cc■— [(rt— st) * g] mod P, (21) where P is the CSPRNG-counter's period.

Since we are only interested in the counters which start 2N length key-frames k, the decrypter must round cc to the nearest counter which would actually begin a key- frame. This initial counter (Ic) can be calculated by

Ic = cc - cc mod (2N). (22) At this point, the decrypter assumedly has the CSPR G-counter to the start of the nearest frame (7c) from the middle of the saved encrypted signal in b.

Let the notation c_£ refer to the next N consecutive encrypted samples from the index i in the array b c_t = b[i: N + i - 1]. (23)

Let the notation d_tj refer to the decryption of c_£ using the key k generated from the next 2N samples from the y^'th counter such that di - d[_lc+2N*j] {Ci) (24)

In order to detect when a frame has been decrypted correctly, we will use an autocorrelation metric designed to detect the form of white noise. Let o _£j- be the autocorrelation metric such that

where ? (/c) is the discreet autocorrelation function. It can be observed that when d_£j is in the form of white noise, the scalar oi_t ^■ will yield a small value since d_£i s autocorrelation will be similar to that of the Dirac delta function. Furthermore, as d_£ becomes less similar to white noise, o _£j- will yield an increasingly larger value. Thus, this metric functions as a white noise comparison metric.

By using the metric oc_£■ it is possible to seek out the actual t_tx from b by shifting the N- length "window" with the index i, and by decrypting using a single key- frame (some k). The peak value would indicate correct shift (i.e. the time error ε + p). However, due to various distortions and additive noise which have affected the received encrypted signal b, it is necessary to average the metrics over several different key- frames.

Below is the pseudo-code for detecting the peak value and calculating t_tx from the result is presented followed by a detailed explanation:

FindTtx(b, cc, N, Fnum, Snum ) mod (2N)

1. midBuf

2. for each i

3. sum[i] <- 0

4. curKF <- 0

Fnum

5. z

Snum

6. Snum half

7. /or _/ < z to z

8. /or t <- midBuf— Snum_half to midBuf + Snum_half

9. sum[i + Snum_half] <- s m[i + 5num_ftai ] +o _i+curi(i,_iWJ

10. curKF <- curKF + 1

11. peakSample <- indexMax(sum) fSnum_half — peakSample

12. timeError

V 5

13. t t_rr + timeError

14. return t.

The function FindTtx's parameter Fnum is the number of key-frames to average (all sequential order). Snum is the number of samples the window should shift over for each pass. Lines 1-6 are the initialization of variables and parameters. In lines 7-10 the plots of the metrics for each key- frame are added together. This is done in a way such that each peak will be superimposed onto one another. In line 11 the function indexMax returns the index containing the largest value of the vector sum. Lines 12-13 calculate the encrypter's actual world-clock time t_tx where the variable t_rx is statically accessible and constantly tracking the world-time. Effectively, the determined value timeError is equivalently the ε + p we sought out to find. Once the decrypter sets its world clock (t_rx) to be synchronized with t_tx (presently calculated), he can immediately start decrypting the signal samples which he is currently receiving by preforming (21) with t_rx instead of rt.

It is important to note that this method of synchronization is only practical if the decrypter's initial t_rx has a time error ε less than some reasonable amount.

This method was used in the prototype hardware arrangement discussed below. FIG. 5 illustrates the calculated metric for an average of eight arrays (i.e. after the peaks are superposed on one another) as a function of relative sample number, i.e. for a delay between 0 and 500 samples. A peak at the shift indicating the start of a frame is clearly seen. Accordingly, the of synchronisation has been shown to work in a real physical system.

IV SIMULATION

A simulation was developed in MATLAB Simulink™ to test the concept in different scenarios. In this case, the original input signal was a 4 watt 16-QAM (quadrature amplitude modulation) signal generated by a Bernouilli random number generator. The frame size was 256 samples and the sample rate was 1/256 samples per second (for simplicity). The maximum frequency magnitude φ was set to 900.

The simulation carried out a discrete Fourier transform, encryption, and then an inverse discrete Fourier transform to generate the simulated encrypted signal. This was then sent over an additive white Gaussian noise channel. On the receiving end, the process was reversed to decrypt the signal and the bit error rate calculated. The results have previously been presented as FIG 4.F.

The simulation results clearly show the benefit of noise mitigation. Moreover, the results show that with noise correction a reliable channel can be achieved even under noisy conditions. This is especially true for the pre-emptive rise techniques discussed above which effectively increase the signal. Note that for high levels of noise, the method can improve the results to be better than unencrypted transmission, presumably because of the noise correction introduced.

The inventors also compared the autocorrelation of the generated signal and the result was extremely similar to white noise. In other words, the signal appears very similar indeed to white noise when processed without a decryption key. Note that in this case the signal processed is an analog signal that is converted by ADCs. However, the invention may also operate on a digital sequence of values, for example voltage values or current values, that represent such an analog signal.

V PROTOTYPE A prototype physical embodiment was constructed using two Arduino Due development boards, each with a 32 bit ARM core microcontroller clocked at 84Mhz with 512KB of flash memory, digital to analog converters (DACs) and analog to digital converters (ADCs). One board was designated as the encrypter and one as the decrypter. A simple wire was used to connect the boards. The software was programme in C++ using open-source libaries for the FFT and the pseudo random number generator.

FIG.6 illustrates the input signal at the top, the encrypted signal in the middle and the decrypted signal at the bottom. In this example, the input signal was a simple sine wave of amplitude IV and frequency 4Hz. The wave was sampled at 1kHz with a frame size N of 256.

It will be seen that the output result successfully decrypted the signal.

Note that the specific frequency and sampling rates can be varied as required.

VI ALTERNATIVE EMBODIMENT In a second embodiment, illustrated in Figure 7, the VPSC can be applied to baseband signals as well as broadband channels by selectively encrypting the desired frequency band after the FFT transformation. The complexity of the VPSC scales with the number of target frequencies to encrypt. Therefore, should the targeted signal fall in a very high frequency band, it is not necessary to process the entire spectrum, but rather only the targeted band. Should the targeted signal's bandwidth be very wide, then either a faster processor may be used, or the sample rate may be reduced (impairing the signal quality). Alternatively, the encryption / decryption process on very wide frequency bands can be parallelized over multiple VPSC encryper / decrypter modules.

As illustrated in FIG.7, this can be achieved by; 1. Performing the FFT on the input signal as usual

2. Partitioning the selected frequency band into sub-bands (i.e. sub-problems)

3. Performing encryption (7.1) on each of these sub-bands by individual VPSC

apparatuses (each having their own processor).

4. Joining the sub-bands back into the original frequency band.

5. Performing an inverse FFT and transmitting the signal as usual

6. The receiver performs the decryption process over parallel VPSC apparatuses in a similar manner to steps 1 -5.

By providing encryption of the sub-bands by different processors, the processing may be carried out in parallel. Of course, if a sufficiently fast processor is available, the method may also be carried out on a single processor and it is not always necessary to split the processing between different processors.

VII VARIATIONS It will be appreciated by those skilled in the art that the embodiments discussed above can be varied as required.

In the embodiments described above, the signal in the time domain is an analog signal that is converted using an ADC into a digitial signal as the input signal to the conversion from the time domain to the frequency domain. However, the initial signal for encoding can also be a digital signal in the time domain, i.e. a signal representing an analog signal, i.e. including a sequence of voltage (or current) values representing an analog signal.

The size of the frames and the sampling rate can be varied as required, and the size of the maximum magnitude of a signal parameter can be varied as well; all dependent on the given of signal. A number of methods of generating a cryptographically secure pseudo-random sequence are known and any suitable method may be used.

Different noise cancellation techniques may be used, alternatively or additionally to the noise cancellation techniques mentioned above. Further, variations in the synchronization method can be introduced. The methods used for sharing keys between the encryption and decryption systems may be varied as will be apparent to those skilled in the art.

Although the embodiments use Fourier transforms to convert the signal into the frequency domain, other transforms having inverses may be used if required. The methods may be implemented in hardware, software, or a combination of the two.

The invention can be used on any data that can be interpreted as a waveform, and not necessarily waveforms that are in transit over a communication media; thereby extending the application of the VPSC to other domains such as computer memory storage.

Claims

1. A method for encrypting a waveform signal in the time-domain, by segmenting the signal into sequential frames of sampled values, and for each frame doing the following: for each frame, carrying out a transform of the frame from the time-domain to frequency-domain creating a vector of values; applying a predetermined symmetric modulo-based encryption function to a predetermined selection of the elements of the vector of values; and carrying out an inverse transform from the frequency-domain to the time-domain, thereby generating a segment of encrypted waveform signal.

2. A method according to claim 1 , wherein the predetermined encryption function uses a pseudorandom sequence generated from at least one seed as its encryption key.

3. A method according to claim 1 or 2, wherein the waveform signal in the time domain is in a predetermined frequency band; and the said predetermined selection of the elements of the vector of values are the elements of the vector of values corresponding to the predetermined frequency band.

4. A method according to any preceding claim, wherein the maximum expected value of a plurality of magnitude values for the different frequencies is <p, and wherein the step of applying a predetermined encryption function carries out a predetermined encryption function modulo φ', on the encoded values of the magnitude after uplifting by a value ^~ψ , where φ'≥ φ + 2ψ , for providing protection for the effects of random noise in the modulo domain.

5. A method of transmitting data in the physical layer of a data transmission system using a method according to any preceding claim.

6. A method for decrypting an encrypted time-domain waveform signal by segmenting the encrypted signal into sequential frames of sampled values, and for each frame doing the following: for each frame, carrying out a transform of the frame from the time-domain to frequency-domain creating a vector of values; applying a predetermined symmetric modulo-based decryption function to a predetermined selection of the elements of the vector of values; and carrying out an inverse transform from the frequency-domain to the time-domain, thereby generating a decrypted segment of the original, potentially unbounded, waveform signal.

7. A method according to claim 6, wherein the predetermined decryption function uses a pseudorandom sequence generated from at least one seed as its encryption key.

8. A method according to claim 6 or 7, wherein the waveform signal in the time domain is in a predetermined frequency band; and the said predetermined selection of the elements of the vector of values are the elements of the vector of values corresponding to the predetermined frequency band.

9. A method according to claim 6, 7 or 8, wherein the maximum value of the plurality of magnitude values for different frequencies is φ, wherein the step of applying a predetermined decryption function carries out a predetermined decryption function modulo φ', on the encoded values of magnitude before subtracting a value ψ , where φ'≥ φ + 2ψ , to provide protection for the effects of random noise.

10. A method according to any of claims 8 to 9, wherein the maximum value of the plurality of magnitude values for different frequencies is φ, the method further comprising: where a received value is greater than φ, reducing the received value to φ— ε, where ε is a positive value.

11. A method according to any of claims 6 to 10, wherein the decryption function subtracts a key value from the received value, and where the result of the subtraction fn_m [i] is less than zero in the range given by— φ≤ fn_m [i] < 0 , the result of the subtraction is corrected to zero, where φ is a predetermined value.

12. A method according to any of claims 6 to 11, further comprising synchronizing the decrypter with the encrypter, by receiving a sequence of samples of the encrypted waveform signal; calculating a plurality of keys for a sequence of frames; for each of a plurality of time delays between the sequence of samples and the keys for the sequence of frames, decrypting the signal using the respective time delay and calculating a white noise comparison metric; and identifying the time delay between decrypter and encrypter as the time delay that results in a white noise comparison metric that indicates the maximum dissimilarity to white noise.

13. A method of receiving data in the physical layer of a data transmission system using a method according to any of claims 6 to 12.

14. A physical layer encryption system for encrypting a waveform signal, comprising: a frequency transformer, for carrying out a transform of the waveform signal into a frequency domain to generate a vector of values for different frequencies; an encryption module for applying a symmetric modulo-based encryption function to a predetermined selection of the elements of the vector of values using a random key for each frame to generate a plurality of encrypted values for the predetermined selection of frequencies; and an inverse frequency transformer for carrying out an inverse transform from the frequency domain to generate an encrypted waveform signal.

15. A physical layer encryption system according to claim 14 comprising a plurality of encryption modules for encrypting different respective frequency ranges in parallel.

16. A physical layer decryption system for decrypting an encrypted waveform signal, comprising: a frequency transformer, for carrying out a transform of the encrypted waveform signal into a frequency domain to generate a plurality of values for different frequencies; a decryption module for applying a predetermined symmetric modulo-based decryption function to a predetermined selection of the elements of the vector of values for to generate a plurality of decrypted values for the selected frequencies; and an inverse frequency transformer for carrying out an inverse transform from the frequency domain to generate a decrypted waveform signal.

17. A physical layer decryption system according to claim 16 comprising a plurality of decryption modules for decrypting different respective frequency ranges in parallel.