UCLA Electrical Engineering Department Techniques for Transmission Security via Fast Hopping in the Time-Frequency Grid PI’s: Eli Yablanovich Rick Wesel Ingrid Verbauwhede Ming Wu Bahram Jalali UCLA Electrical Engineering Department
What Kinds of Security Are Possible? Security by Obscurity This is no security at all. Obscurity is fleeting. Security by computational difficulty Standardized systems like DES and AES rely on this. Must consider attacks where plain-text is known. The one-time pad that nobody else knows Perfect as long as the pad remains secret.
Physical Layer Security Most sophisticated security techniques add security at the source only. Our technique adds security at the physical layer. Given that many messages in the network will already be encrypted, why should we do that?
Why Have Physical Layer Security? Increase the difficulty of attack, even with plaintext available. (The ciphertext of an individual stream is now difficult to receive.) Enhances security. Significantly enhances archival security.
1 2 3 4 The User-Message Grid User Symbol Time Diagonal Dappled Bricked Checked Symbol Time
Time-Wavelength Grid (WDM)
Periodic Wavelength Hopping Each user appears on exactly one wavelength each symbol time. Users cycle through wavelengths in a predictable fashion. 1 2 3 4 Wavelength 1 1 2 3 4 Wavelength 2 1 2 3 4 Wavelength 3 1 2 3 4 Wavelength 4 Time
Random Wavelength Hopping Each user appears on exactly one wavelength each symbol time. Users select wavelengths in an unpredictable fashion. 1 2 3 4 Wavelength 1 1 2 3 4 Wavelength 2 1 2 3 4 Wavelength 3 1 2 3 4 Wavelength 4 Time
4 1 2 1 2 2 3 1 1 4 3 2 4 3 3 4 Random Grid Hopping Time Wavelength 1 A user appears on zero, one, or more wavelength each symbol. Users select positions in grid in an unpredictable fashion. 1 2 1 4 Wavelength 1 2 2 3 1 Wavelength 2 1 4 3 2 Wavelength 3 4 3 3 4 Wavelength 4 Time
Advantage of Random Hopping on the Grid Even if an eavesdropper can tell which elements of the grid are being used by a transmitter, the eavesdropper still does know how to permute the bits to understand the data.
Grid-to-Grid (G2G) Mapping 1616 Switch 1 2 4 3 1 2 3 4
Grid-to-Grid Mapping is a Switch 1616 Switch 1 2 4 3 1 2 3 4 There are 16! possible configurations of this switch. The switch configuration may be specified by log2(16!)=44.25 bits.
A Pipelined Switch There are 16! possible configurations (44.25 bits). Code bit = 0 Code bit = 1 There are 16! possible configurations (44.25 bits). There are 56 bits used to specify the configuration. Several bit patterns specify the same configuration.
Security of Grid-to-Grid Mapping This mapping needs to be cryptographically secure. Pseudo-random sequences (Maximal-length sequences) are not secure. A time-fixed mapping is not secure. We’ll ultimately use DES/AES encryption technology to produce G2G mappings from “cryptographically-secure” random sequences. Our first demo will use a linear feedback shift register for simplicity.
4 1 2 3 1 2 3 4 The Big Picture Advanced Encryption Standard 56 bits (9 Gbits/sec) Advanced Encryption Standard Random bit generator (initially just a linear feedback shift register)
Fast-enough AES implementation Design # 1 # 2 # 3 # 4 # 5 Clock per Sample 1 4 5 Pipe stages per round 4 stages 3 stages Total pipe stages 4 10 stages 3 10 stages Latency 4 10 cycles 4 3 10 cycles 5 3 10 cycles (4 10) + 4 cycles FPGA Throughput (200MHz) 25.6 Gbit/s 6.4 Gbit/s ASIC Critical path 1.5 ns 650 MHz 1 ns 1 GHz Estimated Area Less than 500 Kgates Less than 900 Kgates Less than 150 Kgates Less than 300 Kgates Less than 250 Kgates ASIC Throughput (128*650) 83.2 Gbit/s (128*1) 128 Gbit/s (128*650/4) 20.8 Gbit/s (128*1/5) 25.6 Gbit/s (128*1/4) 32 Gbit/s
Ping-Ponging Switches 155MHz 2.5Gbps 2.5Gbps 1:16 16X16 Switch 16:1 User 1 Modulator l1 1:16 16X16 Switch 16:1 User 2 Modulator l2 16X16 Switch 4:1 1:16 16:1 User 3 Modulator l3 16X16 Switch 1:16 16:1 User 4 Modulator l4 Pat. Gen Serializer 1:16 16:1 de-Serializer
Summary The random mapping changes with every grid through a high-rate random sequence of bits (common to transmitter and receiver). The two main non-optical implementation issues are a fast switch (accomplished through pipelining and ping-ponging) a fast AES implementation.