Fatemeh Ganji

Dynamic Resource Provisioning for Energy Efficiency in Wireless Access Networks: A Survey and an Outlook

Traditionally, energy efficiency aspects have been included in the wireless access network design space only in the context of power control aimed at interference mitigation and for the increase of the terminal battery lifetime. Energy consumption of network components has also, for a long time, not been considered an issue, neither in equipment design nor in network planning and management. However, in recent years, with the user demand increasing at nearly exponential pace and margins rapidly shrinking, concerns about energy efficiency have been raised, with the objective of reducing network operational costs (not to mention the environmental issues). Installing more energy-efficient hardware does not seem to fully solve the problem, since wireless access networks are almost invariably (over)provisioned with respect to the peak user demand. This means that efficient resource management schemes, which are capable of controlling how much of the network infrastructure is actually needed and which parts can be temporarily powered off to save energy, can be extremely effective and provide quite large cost reductions. Considering that most of the energy in wireless access networks is consumed in the radio part, dynamic provisioning of wireless access network resources is crucial to achieving energy-efficient operation. The consensus on this approach in the research community has been wide in the last few years, and a large number of solutions have been proposed. In this paper, we survey the most important proposals, considering the two most common wireless access technologies, namely, cellular and WLAN. The main features of the proposed solutions are analyzed and compared, with an outlook on their applicability in typical network scenarios that also include cooperation between both access technologies. Moreover, we provide an overview of the practical implementation aspects that must be addressed to achieve truly energy-efficient wireless access networks, including current standardization work, and trends in the development of energy-efficient hardware.

Why Attackers Win: On the Learnability of XOR Arbiter PUFs

Aiming to find an ultimate solution to the problem of secure storage and hardware authentication, Physically Unclonable Functions (PUFs) appear to be promising primitives. While arbiter PUFs utilized in cryptographic protocols are becoming one of the most popular PUF instances, their vulnerabilities to Machine Learning (ML) attacks have been observed earlier. These attacks, as cost-effective approaches, can clone the challenge-response behavior of an arbiter PUF by collecting a subset of challenge-response pairs (CRPs). As a countermeasure against this type of attacks, PUF manufacturers shifted their focus to non-linear architectures, such as XOR arbiter PUFs with a large number of arbiter PUF chains. However, the natural question arises whether an XOR arbiter PUF with an arbitrarily large number of parallel arbiter chains can be considered secure. On the other hand, even if a mature ML approach with a significantly high accuracy is adopted, the eventual delivery of a model for an XOR arbiter PUF should be ensured. To address these issues, this paper presents a respective PAC learning framework. Regarding our framework, we are able to establish a theoretical limit on the number of arbiter chains, where an XOR arbiter PUF can be learned in polynomial time, with given levels of accuracy and confidence. In addition, we state how an XOR arbiter PUF with noisy responses can be provably PAC learned. Finally, on the basis of learning theory concepts, we conclude that no secure XOR arbiter PUF relying on current IC technologies can be manufactured.

Assessment of the power saving potential in dense enterprise WLANs

Due to the requirements to provision a proper Quality of Service level in enterprise WLANs supporting both voice and data services the typical densities in the deployment of access points (APs) may exceed 4000 APs per square kilometer. While such density is necessary under heavy traffic conditions, it is obviously superfluous during the time of lower load- and dramatically excessive at night periods, with only marginal traffic intensity. We present a novel, aggressive approach for adjusting the AP density to the actual traffic conditions. In the limiting case of a very low traffic, we postulate keeping operational only a skeleton deployment, sufficient just to recognize that there is a station attempting an association. In this case additional APs can be powered up, in order to assure the requested connectivity, locally in this area. Using data from commercially available APs we estimate the potential of power saving in such an operation mode and relate it to the best approaches proposed so far.

Laser Fault Attack on Physically Unclonable Functions

Physically Unclonable Functions (PUFs) are introduced to remedy the shortcomings of traditional methods of secure key storage and random key generation on Integrated Circuits (ICs). Due to their effective and low-cost implementations, intrinsic PUFs are popular PUF instances employed to improve the security of different applications on reconfigurable hardware. In this work we introduce a novel laser fault injection attack on intrinsic PUFs by manipulating the configuration of logic cells in a programable logic device. We present two fault attack scenarios, where not only the effectiveness of modeling attacks can be dramatically increased, but also the entropy of the targeted PUF responses are drastically decreased. In both cases, we conduct detailed theoretical analyses by considering XOR arbiter PUFs and RO PUFs as the examples of PUF-based authenticators and PUF-based random key generators, respectively. Finally we present our experimental results based on conducting laser fault injection on real PUFs, implemented on a common complex programmable logic device manufactured in 180 nm technology.

Lattice Basis Reduction Attack against Physically Unclonable Functions

Due to successful modeling attacks against arbiter PUFs (Physically Unclonable Functions), the trend towards consideration of XOR arbiter PUFs has emerged. Nevertheless, it has already been demonstrated that even this new non-linear structure, with a restricted number of parallel arbiter chains, is still vulnerable to more advanced modeling attacks and side channel analyses. However, so far the security of XOR arbiter PUFs with a large number of parallel arbiter chains has not been appropriately assessed. Furthermore, as another countermeasure against modeling and physical attacks, the concept of controlled PUFs, i.e., with a limited access to challenges and responses, has also been developed. Towards a better understanding of the security of XOR arbiter PUFs, the present paper simultaneously addresses all above mentioned countermeasures by introducing a novel attack, which is a combination of a lattice basis reduction attack and a photonic side channel analysis. We present how our new attack can be successfully launched against XOR arbiter PUFs with an arbitrarily large number of parallel arbiter chains. Most interestingly, our attack does not require any access to challenges or responses. Finally, by conducting an exhaustive discussion on our experimental results, the practical feasibility of our attack scenario is proved as well.

Strong Machine Learning Attack Against PUFs with No Mathematical Model

Although numerous attacks revealed the vulnerability of different PUF families to non-invasive Machine Learning ML attacks, the question is still open whether all PUFs might be learnable. Until now, virtually all ML attacks rely on the assumption that a mathematical model of the PUF functionality is known a priori. However, this is not always the case, and attention should be paid to this important aspect of ML attacks. This paper aims to address this issue by providing a provable framework for ML attacks against a PUF family, whose underlying mathematical model is unknown. We prove that this PUF family is inherently vulnerable to our novel PAC Probably Approximately Correct learning framework. We apply our ML algorithm on the Bistable Ring PUF BR-PUF family, which is one of the most interesting and prime examples of a PUF with an unknown mathematical model. We practically evaluate our ML algorithm through extensive experiments on BR-PUFs implemented on Field-Programmable Gate Arrays FPGA. In line with our theoretical findings, our experimental results strongly confirm the effectiveness and applicability of our attack. This is also interesting since our complex proof heavily relies on the spectral properties of Boolean functions, which are known to hold only asymptotically. Along with this proof, we further provide the theorem that all PUFs must have some challenge bit positions, which have larger influences on the responses than other challenge bits.

PAC learning of arbiter PUFs

The general concept of physically unclonable functions (PUFs) has been nowadays widely accepted and adopted to meet the requirements of secure identification and key generation/storage for cryptographic ciphers. However, shattered by different attacks, e.g., modeling attacks, it has been proved that the promised security features of arbiter PUFs, including unclonability and unpredictability, are not supported unconditionally. However, so far the success of existing modeling attacks relies on pure trial and error estimates. This means that neither the probability of obtaining a useful model (confidence), nor the sufficient number of CRPs, nor the probability of correct prediction (accuracy) is guaranteed. To address these issues, this work presents a probably approximately correct (PAC) learning algorithm. Based on a crucial discretization process, we are able to define a Deterministic finite automaton (of polynomial size), which exactly accepts the regular language corresponding to the challenges mapped by the given PUF to one responses.

Let Me Prove It to You: RO PUFs Are Provably Learnable

The last decade has witnessed a major change in the methods of Integrated Circuit (IC) fingerprinting and random key generation.The invention of Physically Unclonable functions (PUFs) was a milestone in the development of these methods. Ring-oscillator (RO) PUFs are one of the popular intrinsic PUF instances in authentication and random number generation applications. Similar to other types of PUFs, unpredictability and unclonability are the key requirements for the security of RO-PUFs. However, these requirements cannot be perfectly met for RO-PUFs, as demonstrated by studies investigating different attacks against RO-PUFs. In addition to semi-invasive attacks, modeling attacks have been proposed that aim to predict the response to an arbitrarily chosen challenge. To this end, the adversary collects only a small number of challenge response pairs (CRPs), and then attempts to constitute a model of the challenge-response behavior of the PUF. Nevertheless, it is not ensured that a model will be delivered after learning the seen CRPs, whose number is solely estimated instead of being properly proved. Aiming to address these issues, this paper presents a Probably Approximately Correct (PAC) learning framework enabling the learning of an RO-PUF for arbitrary levels of accuracy and confidence. Indeed, we prove that a polynomial-size Decision List (DL) can represent an RO-PUF. Thus, an arbitrarily chosen RO-PUF can be PAC learned by collecting only a polynomial number of CRPs. The “hidden” polynomial size of the respective representation of an RO-PUF therefore accounts for the success of the previously proposed (heuristic) attacks. However, our proposed bound is provably better, when comparing the number of CRPs required for our attack with already existing bounds calculated by applying heuristic techniques. Finally, by conducting experiments we complement the proof provided in our PAC learning framework.

The TREND experimental activities on “green” communication networks

Aimed at answering important questions about the energy demand of current telecom infrastructure and the design of sustainable and energy-efficient future networks, the research of a number of European partners is brought together in the TREND project. In this paper we present the achievements of the Work Package coordinating the experimental activities of the project - WP4. Although not presenting a completely finished portrait yet, the results shown help building a better global view on the “big picture” in the field of energy-efficient networking.

Low complexity MMSE based channel estimation algorithm in frequency domain for fixed broadband wireless access system

In this paper, we have studied the effects of channel estimation in uncoded WiMAX system using IEEE802.16d standard. Two different channel estimation approaches in frequency domain namely LS and MMSE have come under investigation. Results showed that the MMSE method performs significantly better than the LS estimator, however, computational complexity associated with the MMSE estimation method is relatively high if compared to the conventional LS method. So we have proposed a new simplified MMSE channel estimator which is based on the rank-reduction of the correlation matrix in the frequency domain. The proposed method achieves almost the same performance as the full-rank MMSE method, while significantly reducing the computational complexity.