Abstract
Channel-based physical-layer authentication, which is capable of detecting spoofing attacks in dual-hop wireless networks with low cost and low complexity, attracted a great deal of attention from researchers. In this paper, we explore the likelihood ratio test (LRT) with cascade channel frequency response, which is optimal according to the Neyman–Pearson theorem. Since it is difficult to derive the theoretical threshold and the probability of detection for LRT, majority voting (MV) algorithm is employed as a trade-off between performance and practicality. We make decisions according to the temporal variations of channel frequency response in independent subcarriers separately, the results of which are used to achieve a hypothesis testing. Then, we analyze the theoretical false alarm rate (FAR) and miss detection rate (MDR) by quantifying the upper bound of their sum. Moreover, we develop the optimal power allocation strategy between the transmitter and the relay by minimizing the derived upper bound with the optimal decision threshold according to the relay-to-receiver channel gain. The proposed power allocation strategy takes advantage of the difference of noise power between the relay and the receiver to jointly adjust the transmit power, so as to improve the authentication performance on condition of fixed total power. Simulation results demonstrate that the proposed power allocation strategy outperforms the equal power allocation in terms of FAR and MDR.
1. Introduction
Wireless communication is more vulnerable to eavesdropping and spoofing attacks due to its broadcast nature. Conventionally, the security of wireless networks is addressed by cryptographic protocols above the physical layer that primarily depend on the computation complexity [1]. With the rapid development of advanced computers, wireless networks urgently demand more comprehensive protections that need to be lightweight, flexible, and compatible besides maintaining security [2], especially in the upcoming 6G. Ref. [3] mentioned the trend of using UAV to build cellular networks, and the security of physical layer must be considered.
At present, physical-layer authentication can be divided into three types according to the unique characteristics of extracted signals as follows: (1) authentication based on channel characteristics [4]; (2) authentication based on signal watermarking [5]; (3) authentication based on radio frequency fingerprint [6]. Among them, physical-layer authentication based on channel characteristics is widely studied because of its low computational complexity and broad signal format requirements.
Physical-layer authentication exploits the physical characteristics of channels, devices, and signals to meet the requirements of flexibility and compatibility [4]. The principle of channel-based physical-layer authentication is that the channel response decorrelates rapidly from one transmit–receive path to another if the paths are separated by the order of a wavelength [7]. Specifically, Xiao et al. [8,9] proposed authentication schemes and practical test statistics by analyzing the time and frequency domain of channels. Liu and Wang in [10] proposed an enhanced scheme that integrates multipath delay characteristics into the channel impulse response (CIR)-based physical-layer authentication. With the development of artificial intelligence technology, it was also applied in various fields of communication, including physical-layer authentication. In [11], machine learning was used for physical-layer authentication, and in [12], deep learning was used to optimize UAV trajectory.
In large-scale wireless communication scenarios represented by the Internet of Things and 6G mobile communication network, terminal devices are widely distributed and resource allocation is limited. Power distribution is becoming an issue to be considered. The D2D communication proposed in [13] requires optimal power distribution. End-to-end communication usually requires relays for assistance, and there are only a few research works at present. Zhang et al. in [14] jointly utilized the location-specific features of both amplitude and delay interval of cascaded channels in authentication, while the multipath was assumed to be identical regarding variation in simplifying the consideration; the effects of noise at the relay were not analyzed. We explore the authentication scheme with cascaded channel frequency response based on research on independent subcarriers in the frequency domain, and then we derive theoretical expression of false alarm rate (FAR) and miss detection rate (MDR). Based on the above, we further derive and analyze the way of optimal power distribution.
The remainder of this paper is organized as follows. Section 2 describes the system model. Section 3 describes an authentication scheme with cascaded channel frequency response and a simplified scheme based on majority voting. Section 4 derives the theoretical expressions of FAR and MDR and provides decision threshold under different criteria. Section 5 explores the optimal power allocation by deriving the upper bound for the sum of FAR and MDR. Simulation results and analysis are shown in Section 6. Section 7 concludes the paper.
For the sake of comparison, above schemes are shown in Table 1.
2. System Model
As shown in Figure 1, we consider a ubiquitous dual-hop wireless network model with four entities that are represented by Alice (A), Eve (E), Relay (R), and Bob (B). Due to long distance, Alice and Bob can not communicate directly, and node R is required to relay signals. Alice and Eve are in different places, so their signals reach the relay through different buildings, indicating that the two sides pass through different multipath channels in the first hop. Whether the signal is sent by Alice or Eve, Relay amplifies and forwards signals to Bob. Supposing that the last frame Bob received is from Alice, if the new frame Bob receives is from Alice, its channel characteristics will have a strong correlation with the previous frame. Otherwise, if it is from Eve, the channel from Eve to the Relay and the channel from Alice to the Relay are independent, and the channel characteristics will be different from the previous frame so that Bob can use this feature to identify the sender.
Figure 1.
System model: Alice communicates with Bob with aid of amplify and forward (AF) relay; Eve is a would-be intruder impersonating Alice.
Assuming that there are abundant reflectors in the propagation environment, each segment of the cascade channel can be considered as a time-varying multipath channel. Alice sends signal with Power , and Relay receives and forwards it to Bob with amplification factor . Transmission power of Eve is , which is supposed to imitate Alice. Thus, the signal Bob receives can be presented as:
where ∗ is signal convolution, and is the channel impulse response of multipath of the first hop. and are additive white Gaussian noises (AWGN) at R and B, the powers of which are denoted by and , respectively. Relay retransmits the received signal to Bob at power , and the multiplied amplification factor is:
The work in [14] obtains multiple independent detection statistics by assuming multipath channels have the same average gain and different delay to improve detection probability. Considering the actual situation, multipath channels usually have different gain levels, and this paper uses the broadband multicarrier transmission mode to obtain multiple channel fading coefficients in the frequency domain to expand the application scenarios. The signal Bob receives in frequency domain can be presented as:
where and are the channel frequency responses of X-R and R-B on the kth subcarrier at time t.
To describe the temporal variation of channel frequency response in each hop between two adjacent time instants, we employ the auto-regressive model of order 1 in [10], which can be expressed as:
where and are complex Gaussian variables that are independent of and respectively, as denoted by ∼ and ∼. and are correlation coefficients between samples spaced by T in the first and second hop, given by:
where is the zero order Bessel function of the first kind, and are the maximum Doppler frequency of two channels, respectively, and T is the time duration of an orthogonal frequency division multiplexing (OFDM) symbol.
Bob receives signal and uses pilot information to estimate frequency response of cascade channel. Without loss of generality, with the least square method, results can be expressed as:
where and are the estimation error caused by AWGN and can be modeled as complex Gaussian variables with zero mean, and the variance is denoted by and [9]. In Formula (6), the first term is the effective term, and the last two terms are equivalent noise terms. follows complex Gaussian distribution. No matter whether the current message is from A or E, the second hop it passes through is R-B, and B can extract the channel frequency response of R-B by exploiting channel estimation technique in [14,15].
3. Authentication Scheme Based on Channel Characteristics
3.1. Scheme Based on Likelihood Ratio
Supposing that the actual sender of the current signal is X, channel frequency response changes such that what Bob obtains from the kth carrier can be expressed as:
If the signal is from Alice, and are correlated. According to Formulas (4) and (7), in case and are provided, can be presented as the sum of independent Gaussian variables, which follow complex Gaussian with zero mean, and variance can be presented as:
If the signal is from Eve, similarly, the variance of can be presented as:
Alice has a correlation at the adjacent time, so is smaller than .
We define as a vector consisting of temporal channel variation from N independent subcarriers, which is denoted by:
Each element of follows Gaussian with zero mean, and its variance is shown in Formulas (8) and (9). Each element is statistically independent, so joint probability density function of can be presented as:
where are null hypothesis and alternative hypothesis respectively. Then, likelihood ratio functions can be expressed as:
Each summation item in Formula (12) represents change in different subcarriers. Likelihood ratio function in each carrier can be presented as:
where is different from each subcarrier, which is related to fading and subcarrier number of two hops. In conclusion, Formula (13) is sum of squares of independent Gaussian variables that have different variance. It is hard to obtain optimal detection threshold .
3.2. Scheme Based on Majority Voting
To simplify analysis, we make decisions on N independent subcarriers respectively. The temporal variation of channel frequency response on the same subcarrier between two adjacent time instants is compared with that of a threshold . If it is larger than the threshold, the voting result is recorded as one, which suggests that the current message is more likely from the illegitimate transmitter E. On the contrary, if the temporal variation is smaller than the threshold, the result outputs zero. This process can be mathematically expressed as:
where is the decision threshold. We perform the same operation shown in expression Formula (14) over N independent subcarriers, and then sum up N results with equal gain, which are denoted by
Based on the above voting results in Formula (15), we establish a binary hypothesis testing to differentiate the illegal transmitter E from A. More specifically, we make the authentication decision by comparing the sum Formula (15) with a non-negative integer, which can be formulated as:
where Z is the overall decision threshold.
4. Performance Analysis Based on False Alarm Rate and Miss Detection Rate
Considering that FAR and MDR are two fundamental metrics of authentication performance, in this section we analyze FAR and MDR based on [14], and then derive the theoretic decision threshold.
4.1. False Alarm Rate
Supposing that the signal is from Alice, Formulas (7) and (8) entail that frequency response change follows complex Gaussian with zero mean and variance . Based on probability statistics, follows exponential distribution with parameter , and its probability density function can be expressed as:
where , shown in Formula (8), is a time-variance function. Based on majority voting, each independent is multiplied by , and then compared with threshold . So at time t, the probability that decision in the kth subcarrier outputs one is:
Then, the probability that the voting outputs one under null hypothesis is the expectation of Formula (18) about and , which is given by:
where is expectation of and . We use , denoting the probability that the voting outputs zero under null hypothesis, which is the complement of . Moreover, since noises are white and the transmit power is equally allocated on each subcarrier, the probability is identical for all independent subcarriers, and so is . The probability of Z out of N outputting one is:
So, the theoretical expression of FAR can be expressed as [14]:
4.2. Miss Detection Rate
Derivation of the MDR is similar with FAR. We derive probability of each subcarrier and obtain theoretical expression of MDR after majority voting.
Similar with , follows exponential distribution with parameter , and its probability density function can be expressed as:
We can obtain the probability that the kth voting outputs one (Eve) at time t by integrating the probability density function, which is shown as:
Similarly, we can obtain the probability that the voting outputs one under alternative hypothesis, which is given by:
Then, we can derive the theoretical expression based on majority voting [14], which is expressed as:
4.3. Decision Threshold
In this section, we analyze two threshold criteria. One is constant FAR threshold based on Neyman-Perarson criterion, whose FAR is obtained by Formula (21), which can be applied to scenarios with strict requirement on FAR. The other one is a threshold based on minimum error probability criterion. We define V as the sum of FAR and MDR:
Based on Formulas (21) and (25), and are the sum of two binomial distributions with different probabilities, so the Formula (26) is hard to analyze directly. To simplify analysis, we approximate the minimum sum of error rate after majority voting as minimum sum of error rate on single subcarrier. The function can be rewritten as:
Formula (27) can be regarded as a special case when and in Formula (26). The channel characteristics of each subcarrier are independent and the distribution characteristics are consistent; thus, changing threshold to let Formula (27) be the smallest can also make Formula (26) smallest. Based on Formula (21) and Formula (24), the derivative of Formula (27) with respect to can be rewritten as:
Then, we can obtain poles of the Formula (28):
The pole in Formula (28) is clearly an extremely small point.
5. Optimal Power Distribution Scheme Based on Authentication Performance
In dual-hop networks, relay nodes and receivers are often different in both equipment performance and surrounding environment. This section describes how to adjust the power ratio between the sender and trunk nodes to optimize the authentication performance of the system.
5.1. Optimized Module
In this section, we can optimize the transmit power allocation between and , improving the authentication performance. More specifically, the optimization problem is to minimize the sum of FAR and MDR on condition of fixed total transmit power, which can be mathematically expressed as:
To simplify the analysis, the objective function is replaced by , which represents the sum of FAR and MDR when making a decision on a single carrier. The more correct the decision on each subcarrier is, the less that errors will occur in the final combined decision; therefore, the optimization problem is updated to:
The optimal threshold provided in Formula (29) is a time-varying value, and the value for each subcarrier is different, which makes use of the last and present channel estimation of the second hop R-B. Substituting Formula (29) into Formula (31), the objective function can be rewritten as:
Ignoring the constant term at the end of Formula (32), the expectation in Formula (32) is a double integration of Gaussian variables and , and the item to be integrated is also complicated. We denote the item in the expectation operator as:
The expression in Formula (33) can be simplified by taking the logarithm, and a minus sign is added since , which yields:
After above simplification, the concerned optimization problem can be rewritten as:
5.2. Upper Bound of the Objective Function
In Formula (35), the double integral of Gaussian variables still exists, which prevents us from finally solving the problem. When solving optimization problems, we usually use the upper bound to replace the objective function that needs to be minimized if the original one is difficult to solve. Here, we provide the proposition is the upper bound of the objective function.
Proof.
We define as the difference between and to simplify the function, which can be rewritten as:
, and are in coherent time. Thus, the first derivative of with respect to can be represented as:
Based on Formula (9), the first derivative of with respect to can be expressed as:
As goes up, goes up, while goes down. Thus, the correlation between the two is less than zero, which can be rewritten as:
In Rayleigh channel, correlation coefficient of and with zero mean and one variance is in Formula (5). Thus, can be written as:
Similarly, can be written as:
Thus, the upper bound of objective function can be represented as:
5.3. Approximate Optimal Solution
In (44), parameters of upper bound contain power of the sender , power of the relay , noise power of the relay , noise power of the receiver , correlation coefficient in first hop , and correlation coefficient in second hop , where and are adjustable variables. Usually, and remain unchanged for a period of time; thus, and in Formula (44) have little influence on power distribution. As a result, we ignore , and constant item in (44), so the optimization problem can be written as:
We define as the ratio of transmission power and total power, and T as objective function in (45). Thus, T can be written as:
We take the derivative of T with respect to and let it equal to 0:
Combining three cases of and , we can write the power allocation as:
6. Simulation Results
In this section, for the purpose of validating the theoretical results of Section 4 and Section 5, we use MATLAB to simulate the theoretical results.
We define the signal-noise ratio (SNR) of the dual-hop wireless networks in the concerned scenario as the total power transmitted to the noise power, given by:
As shown in Table 2, carrier frequency, subcarrier interval and channel parameters used in the table are typical LTE system parameters [16]. In addition, the number of subcarriers corresponds to the minimum bandwidth of 1.25 MHz in LTE. In fact, with the increase in bandwidth, the number of independent subcarriers that can be obtained in the frequency domain increases, which will be more favorable to the algorithm in this paper. The false alarm probability of identity authentication is selected as a typical value of 5%.
Without loss of generality, the coherent bandwidth can be calculated by the parameters in the Table 2. Moreover, independent subcarriers can be selected, and the total transmit power is assumed to be 1.
To explore the difference in authentication performance between likelihood ratio test (LRT) and majority voting algorithm (MV), we compare them in terms of the probability of detection while keeping FAR constant as 0.05. The threshold involved in MV is theoretically derived, while the decision threshold in LRT is found by exhaustive method to keep FAR constant. We also attempt to find the threshold while ignoring the influence of cascade channel, as well as the threshold based on single-carrier threshold multiplied by the number of independent subcarriers. The simulation results are shown in Figure 2 (the vertical axis represents the detection probability, and the horizontal axis the signal-to-noise ratio).
As shown in Figure 2, MV is better than two experimental LRTs, while exhaustive is better than MV. Because the temporal channel variation on different subcarriers can be summed up in LRT, which has a smooth effect. While the decision on each subcarrier can be regard as one-bit quantization, and some precision is lost. The gap between exhaustive LRT, experimental-1 LRT, experimental-2 LRT, and MV reduces in the high SNR region, where the detection probability is more than 95%, meeting the requirements of general systems.
To validate the theoretical expression for FAR and MDR, derived in Formulas (21) and (25), we compare them with simulation results. In MV algorithm, we can adjust the decision threshold to realize constant FAR as needed, and the probability of detection with different FAR is shown in Figure 3 (the vertical axis represents the detection probability and the horizontal axis the signal-to-noise ratio).
Figure 3.
Theoretical expression for false alarm rate (FAR) and miss detection rate (MDR) validation.
In Figure 3, the theoretical results are consistent with simulation results under different parameters, which prove the correctness of the formulas Formulas (21) and (25). The authentication based on majority voting algorithm can be a theoretically analyzed performance, which is a major advantage over LRT and also makes it more practical. Under constant false alarm condition, the missed detection probability tends to a minimum value with the increase in SNR by optimizing the threshold.
To validate minimum error probability threshold proposed in Formula (29), we compare sum of FAR and MDR in three simulation scenarios that are optimal: 5% FAR and 3% FAR. As shown in Figure 4, optimal threshold is below the other two curves, which meets its physical meaning. In addition, two curves with different FARs intersect, since at low SNR, the difference between legal and illegal transmitter is small, causing MDR to go down as FAR goes up, and this is the opposite case when SNR is high.
To prove the universality of the threshold Formula (29), comparative analysis was conducted in several different scenarios, which are characterized by the noise power at relay since the total noise power was controlled as one. In Figure 5, authentication performance of theory and exhaustion fits perfectly in three scenarios.
To compare authentication under two power allocation schemes, we perform simulation at different SNRs, and results are shown in Figure 6. As shown in Figure 6, optimal scheme is better than equal allocation, especially at low SNR, since difference between legal and illegal transmitter has more influence than noise at high SNR.
To validate the performance of the theoretically approximate optimal scheme, we compare it with exhaustive optimal scheme in Figure 7, where theoretical approximate optimal scheme is derived in Formula (48) and exhaustive optimal scheme is designed to exhaust power allocation with small granularity. As shown in Figure 7, the gap between the practical minimum sum of FAR and MDR and the sum caused by the proposed power allocation is about 0.002. The small gap implies that Formula (48) is approximately optimal and effective in practice.
7. Conclusions
This paper explored channel-based physical-layer authentication in dual-hop wireless networks. By analyzing the characteristics of cascaded channel, we established the likelihood ratio test (LRT) at first. To simplify, the majority voting algorithm was employed. Based on this simplification, we derived the theoretical expressions for false alarm rate (FAR) and miss detection rate (MDR), and we analyzed the upper bound for their sum. Moreover, we proposed an optimal decision threshold that utilized the channel estimation of the second hop to provide a more accurate decision. With this threshold, the optimal power allocation minimizing the sum of FAR and MDR was derived. In addition, it is expected that the proposed power allocation is useful and provides a novel mode of thought in optimizing dual-hop physical-layer authentication. When in a mobile state, the authentication performance based on channel characteristics declines. Adjusting the number and position of pilots used for authentication can optimize the performance. In addition, the algorithm can be further optimized by channel state prediction and other technologies.
To sum up, in 6G large-scale heterogeneous network, there are a large number of devices with different upper-layer access protocols.The physical-layer authentication technology is transparent to the upper-layer protocols, and thus it has good compatibility and can complement the existing upper-layer traditional security schemes to jointly build a more comprehensive security system.
Author Contributions
All the authors have contributed in various degrees to ensuring the quality of this work: conceptualization, N.F. and J.S.; methodology, X.L. and Y.H.; validation, T.T., N.F. and J.S.; formal analysis, X.L.; writing—original draft preparation, Y.H.; writing—review and editing, Y.H. and T.T.; funding acquisition, X.L. All authors have read and agreed to the published version of the manuscript.
Funding
This research was supported by the National Preresearch Project (Y18-TJZY-11) and the Foundation of Stability Support Plan for National Key Lab (IFN2020104).
Institutional Review Board Statement
Not applicable.
Informed Consent Statement
Not applicable.
Data Availability Statement
Not applicable.
Conflicts of Interest
The authors declare no conflict of interest.
Abbreviations
The following abbreviations are used in this manuscript:
LRT | Likelihood ratio test |
MV | Majority voting |
FAR | False alarm rate |
MDR | Miss detection rate |
GLRT | Generalized likelihood ratio test |
CIR | Channel impulse response |
AWGN | Additive white Gaussian noises |
OFDM | Orthogonal frequency division multiplexing |
SNR | Signal Noise Ratio |
AF | Amplify and Forward |
UAV | Unmanned Aerial Vehicle |
E/exp | expectation |
* | convolution |
∑ | sum |
zero order Bessel fun | |
permutation and combination |
References
- Kartalopoulos, S.V. A primer on cryptography in communications. IEEE Commun. Mag. 2006, 44, 146–151. [Google Scholar] [CrossRef]
- Andrews, J.G.; Buzzi, S.; Choi, W.; Hanly, S.V.; Lozano, A.; Soong, A.C.; Zhang, J.C. What will 5G be? IEEE J. Sel. Areas Commun. 2014, 32, 1065–1082. [Google Scholar] [CrossRef]
- Li, B.; Fei, Z.; Zhang, Y.; Guizani, M. Secure UAV communication networks over 5G. IEEE Wirel. Commun. 2019, 26, 114–120. [Google Scholar]
- Mukherjee, A.; Fakoorian, S.A.A.; Huang, J.; Swindlehurst, A.L. Principles of physical layer security in multiuser wireless networks: A survey. IEEE Commun. Surv. Tutor. 2014, 16, 1550–1573. [Google Scholar] [CrossRef] [Green Version]
- Xu, Z.; Yuan, W. Watermark BER and Channel Capacity Analysis for QPSK-Based RF Watermarking by Constellation Dithering in AWGN Channel. IEEE Signal Process. Lett. 2017, 24, 1068–1072. [Google Scholar] [CrossRef]
- Lin, Y.; Tu, Y.; Dou, Z. An Improved Neural Network Pruning Technology for Automatic Modulation Classification in Edge Devices. IEEE Trans. Veh. Technol. 2020, 69, 5703–5706. [Google Scholar] [CrossRef]
- Hou, W.; Wang, X.; Chouinard, J.-Y.; Refaey, A. Physical-layer authentication for mobile systems with time-varying carrier frequency offsets. IEEE Trans. Commun. 2014, 62, 1658–1667. [Google Scholar] [CrossRef]
- Xiao, L.; Greenstein, L.J.; Mandayam, N.B.; Trappe, W. Using the physical layer for wireless authentication in time-variant channels. IEEE Trans. Wirel. Commun. 2008, 7, 2571–2579. [Google Scholar] [CrossRef] [Green Version]
- Xiao, L.; Greenstein, L.J.; Mandayam, N.B.; Trappe, W. Channel based spoofing detection in frequency-selective Rayleigh channels. IEEE Trans. Wirel. Commun. 2009, 8, C5948–C5956. [Google Scholar] [CrossRef] [Green Version]
- Liu, J.; Wang, X. Physical-layer authentication enhancement using two-dimensional channel quantization. IEEE Trans. Wirel. Commun. 2016, 15, C4171–C4182. [Google Scholar] [CrossRef]
- Fang, H.; Wang, X.; Hanzo, L. Learning-Aided Physical Layer Authentication as an Intelligent Process. IEEE Trans. Commun. 2019, 67, 2260–2273. [Google Scholar] [CrossRef] [Green Version]
- Fotouhi, A.; Ding, M.; Hassan, M. Deep Q-Learning for Two-Hop Communications of Drone Base Stations. Sensors 2021, 21, 1960. [Google Scholar] [CrossRef]
- Rahman, M.A.; Lee, Y.; Koo, I. Energy-efficient power allocation and relay selection schemes for relay-assisted d2d communications in 5 g wireless networks. Sensors 2018, 18, 2865. [Google Scholar] [CrossRef] [Green Version]
- Zhang, P.; Zhu, J.; Chen, Y.; Jiang, X. End-to-End Physical Layer Authentication for Dual-Hop Wireless Networks. IEEE Trans. Access 2019, 7, 38322–38336. [Google Scholar] [CrossRef]
- Liu, F.J.; Tang, H. Robust physical-layer authentication using inherent properties of channel impulse response. In Proceedings of the 2011 MILCOM 2011 Military Communications Conference, Baltimore, MD, USA, 12 January 2011. [Google Scholar]
- 3GPP (3rd Generation Partnership Project). User Equipment Conformance Specification; Radio Transmission and Reception; Part1 Conformance Testing, 3GPP TS 36.521-1; 3GPP: Sophia Antipolis, France, 2009. [Google Scholar]
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations. |
© 2022 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).