Non-Orthogonal Waveforms in Secure Communications
aa r X i v : . [ ee ss . SP ] A p r Non-Orthogonal Waveforms in SecureCommunications
Tongyang Xu
Department of Electronic and Electrical Engineering, University College London, London, UKEmail: [email protected]
Abstract —This work investigates the possibility of usingnon-orthogonal multi-carrier waveforms to defend againsteavesdropping attacks. The sophisticated detection required fornon-orthogonal signals provides a natural defence mechanismin secure communications. However, brute-force tactics such asmaximum likelihood detection would break the defence by at-tempting all possible solutions. Thus, a waveform scaling strat-egy is proposed to scale up the number of non-orthogonallypacked sub-carriers, which complicates signal detections andprevents eavesdropping. In addition, a waveform tuning strat-egy is proposed to intentionally tune waveform parametersto enhance feature similarity. Therefore, eavesdroppers wouldbe confused to misidentify signals resulting in subsequentdetection failures.
Index Terms —Security, encryption, waveform, non-orthogonal, physical layer, eavesdropping, deep learning,interception, defence, sphere decoding.
I. I
NTRODUCTION
The open nature of wireless environment makes radiocommunications vulnerable [1] to eavesdropping data in-terception [2]. Defence strategies [3], such as millimetrewave, beamforming, artificial noise, security coding anddirectional modulation are proposed to mitigate the eaves-dropping. Existing defence solutions are more likely de-pendent on surrounding channel environment and thereforeare not robust in time-variant multipath fading channelswhen channel state information (CSI) is imperfectly known[4]. Traditional theoretical research prefers assuming per-fect CSI or some other ideal assumptions, which makestheoretically achieved discoveries unrealistic in practicalfield experiment tests. Secure multiple user access is hardlyimplementable when legitimate users and eavesdroppers areclose in space [2], which is limited by imperfect beam-forming leakages. In addition, the typical non-orthogonalmultiple access (NOMA) based solution [5] has risks ofinformation leakages since one user is allowed to decodesignals from other users. Traditional ways to extend securecommunication coverage would rely on error correctioncoding [6] while its power and throughput efficiency islimited. Artificial noise enabled security is treated as anefficient defence solution [7]. However, extra power wouldbe wasted to generate noise and security reliability iscompromised. Data encryption [8], widely used at linkor transport layers, is also applicable to enhance physicallayer security. However, its applications are limited andunrealistic in low-cost consumer-level products. Moreover,encrypted data could be captured by eavesdroppers andprocessed offline using brute-force tactics. Therefore, ad-vanced defence countermeasures are needed to replace or complement traditional channel dependent physical layersecurity solutions.With the development of artificial intelligence, machinelearning/deep learning based adversarial attacks [9], [10]become more destructive than typical eavesdropping at-tacks. As defined in [10], adversarial attacks are dividedinto white-box attack and black-box attack. The white-boxattack indicates that the adversary has perfect knowledgeof the signal formats while the black-box attack assumesno knowledge about the signal formats. Practically, thesignal format knowledge is not known by an adversary.Therefore, learning signal features will be the first stepin the black-box attack. Work in [11] explains three maintypes of attack termed inference attack, evasion attack andcausative attack. A defence strategy is proposed in [9] wherea legitimate user can use fake labels to fool an adversaryattacker. In this case, the attacker cannot intelligently train areliable signal classifier at the inference attack stage. This isequivalent to a causative attack from a legitimate user to theattacker by falsifying the attacker’s training data. However,the throughput would be reduced because of the fake labelstransmission. Therefore, maintaining a balanced throughputand security quality is a challenge to be solved.A non-orthogonal waveform spectrally efficient frequencydivision multiplexing (SEFDM), unlikely to be identifiedby eavesdroppers, is crafted for enhancing physical layersecurity. The research of the non-orthogonal waveform istraced back to 2003 [12]. Unlike the multicarrier orthogonalfrequency division multiplexing (OFDM) signal, SEFDMpacks sub-carriers closer by violating the orthogonalityleading to either bandwidth saving or data rate increaseadvantages. Better than the non-built-in security OFDM, thenon-orthogonally packed sub-carriers in SEFDM bring intercarrier interference (ICI), which complicates signal detec-tions but in turn contributes to secure communications sincecomputationally complex signal detectors would increasethe cost of eavesdroppers to detect signals. Previous work in[13] studied the possibility of a similar strategy in physicallayer security. The main idea is to overlap two orthogonalOFDM signals. In this case, interference is introducedbetween two overlapped OFDM signals and eavesdropperscannot intercept signals without advanced signal detectors.This might be true when computational complexity is theprimary concern. However, with the advancement in hard-ware, brute-force but optimal performance achievable de-tectors become realistic in consumer-level hardware. Thus,the traditional waveform encryption in [13] is easily brokendown and a solution, which can efficiently combat withime-variant multipath fading, multiple user access, deeplearning adversarial attack, brute-force offline interceptionand beamforming leakage for low-cost hardware working ina wide communication range, is in urgent need.This work will investigate two waveform dependent de-fence methods. Firstly, a waveform scaling strategy aim-ing to increase the number of non-orthogonally packedsub-carriers, can significantly increase the computationalcomplexity of signal detections but in turn prevent eaves-dropping and enhance information confidentiality. Secondly,a waveform tuning strategy, related to a waveform band-width compression factor adjustment, is proposed to confuseeavesdroppers by misidentifying signals. Deep learning hasseen great success in various applications and is believed tobe a potential approach to assist eavesdropping. Therefore, adeep learning based eavesdropping attack model is trained toevaluate the robustness of the proposed defence waveforms.Results indicate that by intentionally tuning waveform pa-rameters (i.e. bandwidth compression factor), signal featurescannot be correctly identified by eavesdroppers, which re-sults in subsequent eavesdropping detection failures.II. D
EFENCE S TRATEGY
A. Defence Waveform
The proposed defence waveform has self-created ICI,which is the essential mechanism of preventing eavesdrop-pers to accurately identify or detect signals. The principleof the waveform is expressed as X k = 1 √ N N − X n =0 s n exp (cid:18) j πnkαN (cid:19) , (1)where s n indicates the n th single-carrier symbol withinone SEFDM symbol, N is the number of sub-carriers, k denotes time sample index and α = ∆ f · T is the bandwidthcompression factor where T is the time period of oneSEFDM symbol and ∆ f ≤ /T is the sub-carrier spacing.The power of one SEFDM symbol is computed in thefollowing | X k | = 1 N N − X n =0 N − X m =0 s n s ∗ m exp (cid:18) j π ( n − m ) kαN (cid:19) = 1 N N − X n =0 | s n | +1 N N − X n =0 N − X m = n,m =0 s n s ∗ m exp (cid:18) j π ( n − m ) kαN (cid:19) . (2)The self-created ICI within the SEFDM waveform com-plicates signal detections and therefore increases the costof eavesdropping. To separate the constructive signal fromits self-created destructive interference, variables m and n are introduced in (2). The signal part is defined when m = n while the interference part is the term when m = n .It should be noted that the value of α determines theinterference term, which is zero when α = 1 (i.e. OFDM)while non-zero when α = 1 (i.e. SEFDM). An illustrationof the non-orthogonal sub-carrier overlapping interferenceis shown in Fig. 1, where it clearly shows the ICI at eachsub-carrier location in SEFDM signals. N o r m a li z ed M agn i t ude -5 -4 -3 -2 -1 0 1 2 3 4 5 Normalized Frequency N o r m a li z ed M agn i t ude Locations ofadjacentsubcarriersLocations ofadjacentsubcarriersLocations ofadjacentsubcarriers Locations ofadjacentsubcarriersinter-carrierinterference (b)(a)
Fig. 1. Illustration of self-created inter carrier interference withinSEFDM signals. (a) OFDM sub-carrier packing. (b) SEFDM sub-carrier packing.
The generation of SEFDM signals is simply performedvia IFFT. To remove the parameter α in (1), a new parameter M = N/α is defined. By padding M − N zeros at the end ofeach input vector (i.e. a vector consists of N single-carriersymbols), a new vector of input symbols is obtained as s ′ i = (cid:26) s i ≤ i < N N ≤ i < M , (3)where the value of N/α has to be an integer and simulta-neously a power of two,
N/α ∈ ( N > ) , which allows theIDFT to be implemented by the computationally efficientradix-2 IFFT. The SEFDM signal in a new format is definedas X ′ k = 1 √ M M − X n =0 s ′ n exp (cid:18) j πnkM (cid:19) , (4)where n, k = [0 , , ..., M − . The output is cut with only N samples reserved and the rest M − N samples are discarded.Due to the discard of the last M − N samples, ICI istherefore introduced and is treated as a new enhancementsolution for physical layer security. B. Waveform Scaling Defence
This section will firstly evaluate the defence methodologyproposed in [13], which expects significant performancedegradation without using a complex signal detector. Aneavesdropper therefore would not extract confidential in-formation from the non-orthogonal signals. The detectionof traditional OFDM signals depends on the matched filter(MF), which is essentially an FFT operation at the receiver.The complexity of FFT is acceptable in widely used com-munication systems, which requires ( N/ log N ) multi-plications and N log N ) additions. For the proposed non-orthogonal signal, the detection relies on the brute-forcemaximum likelihood (ML) detector, which has exponen-tially increased computational complexity.In practice, a performance maintained but simpler spheredecoding (SD) detector is used instead of ML due to thereduced signal processing complexity by searching for apartial number of solutions. In this case, SD is faster thanML. However, the complexity of SD is random since theearch for an optimal solution is related to noise power.Therefore, to get a fair and convincing comparison, theupper bound complexity is considered leading to the searchfor all possible solutions, which is the case when noisepower dominates. In this case, the complexity is fixed andis only related to the number of sub-carriers. This sectioncomputes complexity in real-valued operations and onlyconsiders the complexity for one OFDM/SEFDM symbol.The computations of multiplication and addition operationsare mathematically defined as C SD = ( N X n =1 n [2 n + 1] | {z } multiplication ) + ( N X n =1 n [2 n − | {z } addition ) . (5)With the breakthrough of low-cost hardware, a complexbut powerful detector is no longer a barrier for eavesdrop-pers to intercept small size signals such as a signal with N =12 sub-carriers, which is the size of one resource blockin 5G-NR [14]. Therefore, a straightforward solution toprevent the interception is to make the signal detectionharder by scaling up the size of the non-orthogonal signal.The complexity of SD is random but it is proportionalto the number of sub-carriers. A higher number of sub-carriers can enhance signal encryption by complicatingsignal detections. Numerical comparisons are presented inFig. 2 where only multiplication is considered since itscomplexity is more concerned in practical systems. Forthe purpose of illustrations, the number of operations inFig. 2 is expressed by a logarithmic scale. Therefore, itis clearly shown that the FFT operation maintains at alow complexity level while the SD complexity increasesexponentially. A signal with N =256 sub-carriers has anupper bound complexity of as shown in Fig. 2. Sucha large number of mathematical operations would take asignificant processing time for the SD detector, which isunrealistic in consumer-level hardware. Thus, the waveformscaling will increase the cost of eavesdroppers to interceptthe signals and therefore ensures information confidentiality.
16 32 64 128 256
Number of Sub-carriers (N) N u m be r o f O pe r a t i on s ( Loga r i t h m i c ) Upper-bound: SDFFT
16 3210 Fig. 2. The upper bound number (logarithmic) of multiplicationoperations versus the number of sub-carriers for SEFDM detector(i.e. SD) and OFDM detector (i.e. FFT).
16 32 64 128 256
Number of Sub-carriers (N) N u m be r o f O pe r a t i on s ( L i nea r) Upper-bound: MultiSDFFT Fig. 3. The upper bound number (linear) of multiplication opera-tions versus the number of sub-carriers for SEFDM detector (i.e.MultiSD) and OFDM detector (i.e. FFT).
16 32 64 128 256
Number of Sub-carriers (N) N u m be r o f O pe r a t i on s ( Loga r i t h m i c ) Upper-bound: SDUpper-bound: MultiSDFFT Fig. 4. The upper bound number (logarithmic) of multiplicationoperations versus the number of sub-carriers for SEFDM detectors(i.e. SD and MultiSD) and OFDM detector (i.e. FFT).
Waveform scaling is an efficient encryption method toprevent eavesdropping but it also prevents communicationsbetween legitimate users. To deal with the detection of sucha large size signal, a specially crafted MultiSD detectorwas proposed in [15], which can recover large size non-orthogonal signals with linear computational complexity asshown in Fig. 3. The newly designed detector still hashigher computational complexity than FFT. However, itsmultiple-SD architecture enables parallel processing, whichis applicable in consumer-level hardware. Its complexity ismathematically expressed as C M − SD = NN B ( N B X n =1 n [2 n + 1] | {z } multiplication ) + NN B ( N B X n =1 n [2 n − | {z } addition ) . (6)In Fig. 4, it clearly shows that the complexity of MultiSDis significantly reduced relative to the traditional SD detectorconsidering the same signal scale. This discovery howeverndangers the waveform scaling defence since eavesdrop-pers can intercept signals using the MultiSD detector aswell. Therefore, a more clever and robust defence methodis needed to cope with the eavesdropping signal detection. C. Waveform Tuning Defence
In practice, an eavesdropper has to learn a signal clas-sifier, which can identify different signal formats beforeany intentional attacks. Existing defence actions for suchartificial intelligence (AI) dependent eavesdropping wouldfalsify data or labels to prevent accurate classifier training.Without accurate signal identifications, eavesdroppers can-not effectively carry out subsequent attacks. However, thesetraditional defence mechanisms rely on additional transmis-sions of fake data and labels, which reduces data throughputbetween legitimate users. An efficient approach to addressthe potential detection attack is to design a waveform tuningdefence method, which can mislead eavesdroppers into mis-classifying the format of signals. The wrong classification ofsignal formats would result in subsequent detection errors.This solution is to prevent the potential interception fromeavesdroppers when the MultiSD detector is known.
20 40 60 80 100 120
Sample Index A m p li t ude OFDMSEFDM (0.95)SEFDM (0.9)SEFDM (0.85)SEFDM (0.8)SEFDM (0.75)SEFDM (0.7)
20 40 60 80 100 12000.20.40.60.81 A m p li t ude OFDMSEFDM (0.9)SEFDM (0.8)SEFDM (0.7) (a)(b)
Fig. 5. Signal feature diversity and similarity visualization bymodulating the same QPSK data. (a) Type-I signals. (b) Type-IIsignals. Values in the bracket indicate the bandwidth compressionfactor α . The principle of waveform tuning defence is shown inFig. 5. It is clearly seen that by tuning the bandwidthcompression factors, signal waveforms would have trade-offbetween diversity and similarity. Type-I shows apparent sig-nal diversity since adjacent signals have evident differenceswhile Type-II shows increased signal similarity becauseadjacent signals have close features. We would expect thatthe second type of signals are more difficult to separate fromeach other than the first type of signals. The same QPSKdata is modulated on all the waveforms in Fig. 5 merelyfor signal feature diversity and similarity visualization. Forrealistic training and testing in the following sections, wewould use random QPSK data for each signal waveform.This work assumes that an eavesdropper would automati-cally learn the features of signals. Therefore, manual featureextractions are not taken into account in this work. III. E
AVESDROPPING M ODEL
It is assumed that an eavesdropper can train an AI signalclassifier, which will be used for automatic signal formatidentification. There is no standardized training methodol-ogy for signal classification. Therefore, we apply the deeplearning convolutional neural network (CNN) model for theeavesdropping signal classifier. The CNN architecture [16]is illustrated in Fig. 6 where seven neural network (NN)layers are designed for signal feature extraction. The firstsix NN layers have the same structure while the last NNlayer employs Average Pool instead of Max Pool. For signalclassification, the CNN model uses a full connection and aSoftMax activation function.
Fig. 6. CNN classifier neural network layer architecture.
Table I: Signal and channel/hardware specifications
Parameter Specification
Sampling frequency (kHz) 200IFFT sample length 2048Oversampling factor 8No. of data sub-carriers 256Bandwidth compression factor α Unlike the single-band signal generation in [16], thiswork applies the multi-band signal architecture [15], whichcan confuse eavesdropping signal identification while makelegitimate user signal detection possible. The signal for eachclass (i.e. each α ) is generated according to Table I. Sinceover-the-air signals would experience a variety of wirelessenvironments, therefore the signal dataset can be enlargedsimilar to [16] via data augmentation passing through thetime-variant channel models in Table I. Training is operatedoffline in a computer equipped with an Intel(R) Xeon(R)Silver 4114 CPU (2 processors). Two eavesdropping classi-fiers, CNN-1 and CNN-2, are trained using the Type-I andType-II data respectively, which are both distorted by thechannel/hardware impairments at a fixed Es/N0=20 dB. Aumber of 2000 frames (i.e. OFDM/SEFDM symbols) persignal class are generated after the channel/hardware dataaugmentation. Therefore, there are overall 8000 trainingframes for the CNN-1. The amount would increase to 14000training frames for the CNN-2.IV. D EFENCE I MPACT
The original waveform encryption proposal [13] is firstlyevaluated in Fig. 7(a), in which it assumes that the optimalbut complex SD detector is technically challenging foreavesdroppers. Therefore, only simple detectors such asMF is applicable. It is clearly seen that the non-orthogonalsignal, modulated by 12 sub-carriers, is perfectly recov-ered by legitimate users using the SD detector while itis undetectable by an eavesdropper using MF. However,the risk of knowing and applying SD detection for eaves-dropping still exists since the rapid advances of hardwaremaking SD detection possible in consumer-level hardware.A straightforward solution is to make detection harder byenlarging the signal size. The performance in Fig. 7(b)shows the waveform scaling defence impact on a signalof N =256 sub-carriers. The detection of such a signalusing SD is impossible since the computational complexityincreases exponentially to the upper bound complexity of . Therefore, it can efficiently prevent eavesdropping.However, it will prevent communications between legitimateusers since SD for such a large size signal is not possiblefor them either. -4 -3 -2 -1 BE R N=12, =0.8, MFN=12, =0.8, SDQPSK
Eb/N0 (dB) -4 -3 -2 -1 BE R N=256, =0.8, MFQPSK
Eavesdropper(Detector-YES) Eavesdropper(Detector-NO) (a)(b)
Legitimate User(Detector-YES) Eavesdropper(Detector-not exist)Legitimate User(Detector-not exist)
Fig. 7. Defence impact of waveform scaling.
The proposed waveform tuning can simultaneously dealwith eavesdropping encryption and legitimate user signalrecovery. Its performance is shown in Fig. 8. The targetsignal waveform is defined by α =0.8 while eavesdrop-pers have no knowledge of signal formats in advance. Itclearly shows that the use of incorrect signal detectors (e.g. α =0.9, 0.85, 0.75, 0.7) results in great BER performancedegradation. It should be noted that the error floors existfor eavesdroppers with or without knowing the MultiSD Eb/N0 (dB) -5 -4 -3 -2 -1 BE R N=256, =0.8, MF, Use-0.9N=256, =0.8, MF, Use-0.85N=256, =0.8, MF, Use-0.75N=256, =0.8, MF, Use-0.7N=256, =0.8, MultiSD, Use-0.9N=256, =0.8, MultiSD, Use-0.85N=256, =0.8, MultiSD, Use-0.75N=256, =0.8, MultiSD, Use-0.7N=256, =0.8, MultiSD, Use-0.8QPSK -1 -1 BE R Eavesdropper(Detector-NO) Eavesdropper(Detector-YES)Legitimate User(Detector-YES)
Fig. 8. Defence impact of waveform tuning. detector. Only the target legitimate user who knows exactsignal formats is able to apply the correct detector (i.e. α =0.8) to recover the signal. Thus, the waveform tuningmethod fundamentally prevents unauthorized interceptioneven the MultiSD detector is leaked to eavesdroppers. T r ue C l a ss (a) CNN-1 Predicted Class T r ue C l a ss (b) CNN-2 Fig. 9. Confusion matrix visualization for (a) Type-I and (b) Type-II signals at Es/N0=20 dB.
A realistic waveform tuning impact is shown in Fig. 9where confusion matrices, in a similar representation to thatof [17], are illustrated for signal classification accuracy.In each sub-figure, classes indicate the bandwidth com- deal-OFDM Type-I-MF Type-I-MultiSD Type-II-MF Type-II-MultiSD00.10.20.30.4 E a v e s d r opp i ng BE R Fig. 10. Defence impact on eavesdropping BER performance forthe target waveform α =0.8 at Es/N0=20 dB. pression factors α , vertical labels indicate true transmittedsignal classes and horizontal labels indicate predicted sig-nal classes. Perfect signal classification would show onlydiagonal elements in each confusion matrix. Therefore,it is visually concluded that Type-I signals yield higherclassification accuracy than Type-II signals. The Type-Isignal, with less feature similarity, is nearly 100% accuracyidentified by the CNN-1 classifier. By tuning the waveformparameter α to enhance feature similarity, only 56.3% ofType-II signals are classified into correct signal class.The misclassification of signal formats, as revealed inFig. 9, would result in significant eavesdropping BERperformance degradation as shown in Fig. 10. The BER iszero for traditional OFDM and the MultiSD detected Type-Isignal. The Type-I signal has minor BER degradation whenMF is used. However, the performance of Type-II signalgreatly deteriorates whether or not the MultiSD is known.This effectively proves the robustness of the non-orthogonalwaveform and its tailored waveform defence strategies insecure communications.V. C ONCLUSION
This paper investigates the capability of using non-orthogonal waveforms to defend against eavesdropping.Existing proposals on non-orthogonal waveforms rely onthe assumption that an eavesdropper cannot intercept signalswithout complex detectors. However, with the advancementof hardware, the complexity of brute-force signal detectionis no longer a barrier. Therefore, a waveform scaling defencestrategy is proposed to intentionally further complicate sig-nal detections by scaling up the signal size. The processingcomplexity increases exponentially and would go up to alevel of . The interception for such signals is impossibleto eavesdroppers. However, it also prevents communica-tions between legitimate users since data recovery is alsochallenging for them. A performance-complexity optimizeddetector is crafted to deal with large scale non-orthogonalsignal detections. However, this endangers secure communi-cations since eavesdroppers can get access to the advanceddetector as well. Therefore, a waveform tuning defencestrategy is proposed to cope with the aforementioned issueby intentionally tuning waveform parameters. In this case, signals would be tuned to have high feature similarityand eavesdroppers cannot easily identify them. Confusionmatrices show that the classification accuracy for diversitydominant signals can approach 100% while it reduces to56.3% when similarity dominates. The low classificationaccuracy would cause the failure of subsequent signaldetections. BER performance reveals the robustness of thewaveform tuning strategy, where the misclassification ofsignals results in detection error floors when the advanceddetector is either known or not.R EFERENCES[1] Y. Zou, J. Zhu, X. Wang, and L. Hanzo, “A survey on wirelesssecurity: Technical challenges, recent advances, and future trends,”
Proceedings of the IEEE , vol. 104, no. 9, pp. 1727–1765, Sep. 2016.[2] D. Kapetanovic, G. Zheng, and F. Rusek, “Physical layer security formassive MIMO: An overview on passive eavesdropping and activeattacks,”
IEEE Communications Magazine , vol. 53, no. 6, pp. 21–27,Jun. 2015.[3] Y. Wu, A. Khisti, C. Xiao, G. Caire, K. Wong, and X. Gao,“A survey of physical layer security techniques for 5G wirelessnetworks and challenges ahead,”
IEEE Journal on Selected Areasin Communications , vol. 36, no. 4, pp. 679–695, Apr. 2018.[4] Y. Zou, J. Zhu, L. Yang, Y. Liang, and Y. Yao, “Securing physical-layer communications for cognitive radio networks,”
IEEE Commu-nications Magazine , vol. 53, no. 9, pp. 48–54, Sept. 2015.[5] Z. Ding, Z. Zhao, M. Peng, and H. V. Poor, “On the spectralefficiency and security enhancements of NOMA assisted multicast-unicast streaming,”
IEEE Transactions on Communications , vol. 65,no. 7, pp. 3151–3163, Jul. 2017.[6] A. Thangaraj, S. Dihidar, A. R. Calderbank, S. W. McLaughlin, andJ. Merolla, “Applications of LDPC codes to the wiretap channel,”
IEEE Transactions on Information Theory , vol. 53, no. 8, pp. 2933–2945, Aug. 2007.[7] S. Goel and R. Negi, “Guaranteeing secrecy using artificial noise,”
IEEE Transactions on Wireless Communications , vol. 7, no. 6, pp.2180–2189, Jun. 2008.[8] J. Zhang, A. G. Marshall, R. Woods, and T. Q. Duong, “Design ofan OFDM physical layer encryption scheme,”
IEEE Transactions onVehicular Technology , vol. 66, pp. 2114–2127, 2017.[9] Y. Shi, Y. E. Sagduyu, T. Erpek, K. Davaslioglu, Z. Lu, and J. H.Li, “Adversarial deep learning for cognitive radio security: Jammingattack and defence strategies,” in
IEEE International Conference onCommunications Workshops (ICC Workshops) , May 2018, pp. 1–6.[10] M. Sadeghi and E. G. Larsson, “Physical adversarial attacks againstend-to-end autoencoder communication systems,”
IEEE Communica-tions Letters , vol. 23, no. 5, pp. 847–850, May 2019.[11] Y. E. Sagduyu, Y. Shi, and T. Erpek, “Adversarial deep learning forover-the-air spectrum poisoning attacks,” 2019.[12] M. Rodrigues and I. Darwazeh, “A spectrally efficient frequencydivision multiplexing based communications system,” in
Proc. 8thInt. OFDM Workshop , Hamburg, 2003, pp. 48–49.[13] A. Chorti and I. Kanaras, “Masked M-QAM OFDM: A simpleapproach for enhancing the security of OFDM systems,” in
Personal,Indoor and Mobile Radio Communications, 2009 IEEE 20th Inter-national Symposium on , Sep. 2009, pp. 1682–1686.[14] E. Dahlman, S. Parkvall, and J. Sk¨old,
5G NR: The Next GenerationWireless Access Technology . Academic Press, 2018.[15] T. Xu and I. Darwazeh, “Multi-Sphere decoding of block segmentedSEFDM signals with large number of sub-carriers and high modula-tion order,” in , Nov. 2017, pp. 1–6.[16] T. Xu and I. Darwazeh, “Deep learning for over-the-air non-orthogonal signal classification,” in , May 2020, pp. 1–5.[17] T. J. O’Shea, T. Roy, and T. C. Clancy, “Over-the-air deep learningbased radio signal classification,”