T. Charles Clancy

Secure smartcardbased fingerprint authentication

In this paper, the fundamental insecurities hampering a scalable, wide-spread deployment of biometric authentication are examined, and a cryptosystem capable of using fingerprint data as its key is presented. For our application, we focus on situations where a private key stored on a smartcard is used for authentication in a networked environment, and we assume an attacker can launch o -line attacks against a stolen card.Juels and Sudans <i>fuzzy vault</i> is used as a starting point for building and analyzing a secure authentication scheme using fingerprints and smartcards called a <i>figerprint vault</i>. Fingerprint minutiae coordinates <i>m_i</i> are encoded as elements in a nite eld <i>F</i> and the secret key is encoded in a polynomial <i>f(x)</i> over <i>F</i>[<i>x</i>]. The polynomial is evaluated at the minutiae locations, and the pairs (<i>m_i, f(m_i)</i>) are stored along with random (<i>c_i, d_i</i>) cha points such that <i>d_i ≠ f(c_i)</i>. Given a matching fingerprint, a valid user can seperate out enough true points from the cha points to reconstruct <i>f(x)</i>, and hence the original secret key.The parameters of the vault are selected such that the attackers vault unlocking complexity is maximized, subject to zero unlocking complexity with a matching fingerprint and a reasonable amount of error. For a feature location measurement variance of 9 pixels, the optimal vault is 2⁶⁹ times more difficult to unlock for an attacker compared to a user posessing a matching fingerprint, along with approximately a 30% chance of unlocking failure.

A multi-winner cognitive spectrum auction framework with collusion-resistant mechanisms

Dynamic spectrum access, enabled by cognitive radio technologies, has become a promising approach to improve efficiency in spectrum utilization, and the spectrum auction is one approach in which unlicensed wireless users lease some unused bands from spectrum license holders. However, spectrum auctions are different from traditional auctions studied by economists, because spectrum resources are interference-limited rather than quantity-limited, and it is possible to award one band to multiple secondary users with negligible mutual interference. Due to its special feature, the multi-winner auction is a new concept posing new challenges in the existing auction mechanisms such as the Vickery-Clarke-Groves (VCG) mechanism. Although widely employed in other auctions, the VCG mechanism does have serious drawbacks when applied to the multi-winner auction, such as unsatisfactory revenue and vulnerability to collusive attacks. Therefore, in this paper, we propose a multi-winner spectrum auction framework, and develop suitable mechanisms for this kind of auction. In specific, the mechanism awards the bands in such a way that the spectrum efficiency is maximized, and determines prices based on the Nash bargaining solution to improve revenue and prevent collusion. We further analyze that secondary users do not have incentives to manipulate information about mutual interference which is essential to the auction. Finally, simulation results are presented to evaluate our proposed auction mechanisms.

Physical Layer Authentication Watermarks through Synthetic Channel Emulation

We present an authentication device allowing for the validation of wireless transmissions by means of a watermark signal applied at the physical layer, and demonstrate how the method may be applied to digital broadcast television signals. The novel watermarking approach presented conveys the authentication signal through explicit emulation of innocuous channel responses, further preventing Primary User Emulation attacks in Dynamic Spectrum Access theaters. The undesirable effects of the watermark signal design are removed by the receiver by traditional channel equalization practices, resulting in nearly zero impact to the bit error rate (BER) of the primary signal received. The proposed mechanism may be implemented without modification to existing Digital Television (DTV) transmission equipment using a retrofitting approach, and does not require the modification of existing receivers or protocols. A key benefit of the proposed method is that the authentication signal may be received at a BER much lower than the primary-signal, all within original transmission power and bandwidth constraints. We discuss physical layer details of the new watermarking method, and demonstrate how proven cryptographic authentication measures may be applied to the problem.

Dynamic spectrum access using the interference temperature model

To combat spectral overcrowding, the FCC investigated new ways to manage RF resources. The idea was to let people use licensed frequencies, provided they can guarantee interference perceived by the primary license holders will be minimal. With advances in software and cognitive radio, practical ways of doing this are on the horizon. In 2003, the FCC released a memorandum seeking comment on the interference temperature model for controlling spectrum use. Analyzing the viability of this model and developing a medium access protocol around it are the main goals of this article. A model consisting of interference sources, primary licensed users, and secondary unlicensed users is modeled stochastically. If impact on licensed users is defined by a fractional decrease in coverage area, and this is held constant, the capacity achieved by secondary users is directly proportional to the number of unlicensed nodes, and is independent of the interference and primary users’ transmissions. Using the basic ideas developed in the system analysis, interference temperature multiple access, a physical and data-link layer implementing the interference temperature model, was formulated, analyzed, and simulated. A system implementing this model will measure the current interference temperature before each transmission. It can then determine what bandwidth and power it should use to achieve a desired capacity without violating an interference ceiling called the interference temperature limit. Ultimately, the resulting performance from the interference temperature model is low, compared to the amount of interference it can cause to primary users. Partly due to this research, in May 2007, the FCC rescinded its notice of proposed rule-making implementing the interference temperature model.

Channel Estimation and Adaptive M-QAM in Cognitive Radio Links

Cognitive radios have the ability to sense their RF environment and adapt their transmission parameters to perform optimally in any situation. Part of this involves selecting the best modulation type for a particular channel. In this paper we consider a variable-rate, variable-power, adaptive, m-ary quadrature amplitude modulation (M-QAM) scheme in a single-user communication scenario. The channel between the transmitter and receiver is assumed to be a Rayleigh block-fading channel. Each block is divided into training and data phases. During the training phase, the receiver estimates the channel and feeds the estimate back to the transmitter. During the data phase, the transmitter sends its message by adapting the size of the M- QAM constellation. We first find a closed-form expression that relates the bit error rate (BER) to the constellation size of the M-QAM, and therefore to the data rate of our system. Then, for a given target BER, we maximize the data rate over the training parameters, which are the training signal, the training duration, and the training power. When these optimum parameters are used in a MATLAB implementation, we find that the target BER is matched to within an order of magnitude, and the resulting data rate is close to the theoretical limit.

Authenticating MIMO Transmissions Using Channel-Like Fingerprinting

A framework for introducing an extrinsic fingerprint signal to space-time coded transmissions at the physical-layer is presented, whereby the fingerprint signal conveys a low capacity digital communication suitable for authenticating the transmission and further facilitating secure communications. A novel approach is discussed where the fingerprint signal mimics distortions similar to time-varying channel effects. Specifically, the fingerprint signal is only visible to aware receivers considering previous channel state information (CSI) and is otherwise invisible to a receiver equalizing according to current CSI. An augmented signal is created consisting of the original transmission, or primary message, and the fingerprint message. An example fingerprint signal and detection rule are presented based on a phase-shift keying approach. Simulation results including bit error rate (BER) are presented for both the primary and fingerprint signals using the 2x2 Alamouti code, and authentication signal BERs lower than the primary signal are demonstrated.

Security threats to signal classifiers using self-organizing maps

Spectrum sensing is required for many cognitive radio applications, including spectral awareness, interoperability, and dynamic spectrum access. Previous work has demonstrated the ill effects of primary user emulation attacks, and pointed out specific vulnerabilities in spectrum sensing that uses featurebased classifiers. This paper looks specifically at the use of unsupervised learning in signal classifiers, and attacks against self-organizing maps. By temporarily manipulating their signals, attackers can cause other secondary users to permanently misclassify them as primary users, giving them complete access to the spectrum. In the paper we develop the theory behind manipulating the decision regions in a neural network using self-organizing maps. We then demonstrate through simulation the ability for an attacker to formulate the necessary input signals to execute the attack. Lastly we provide recommendations to mitigate the efficacy of this type of attack.

Case Study: Security Analysis of a Dynamic Spectrum Access Radio System

Dynamic Spectrum Access technology is now well beyond the developmental stages that it was several years ago. Several prototype devices have been created and have been successfully demonstrated at various venues. Recently the FCC has approved the decision for moving ahead with allowing white space devices to operate in the same frequency bands as TV transmitters. Through rigourous testing the FCC has validated the fundamental concept of these DSA radios showing that they can avoid primary users and cause a minimal amount of interference in trusted wireless environments. However, wireless environments can not always be trusted to contain naturally occuring features. Malicious users may introduce false environments such as increased noise levels or emulated primary user signals, in order to fool the DSA device. These uncontrolled environments must be explored in order to develop and embed proper security protocols within these next-generation devices to prevent future security issues. Even in the case of IEEE 802.11, the commercial world found that the security threats were severely overlooked, causing developers to play catch up while many systems were, and still are, left vulnerable. In this paper, we provide a security analysis on a well established DSA radio developed by Shared Spectrum Company under the DARPA xG program. Our analysis demonstrates the unique security vulnerabilities associated with DSA protocols and expose the extremely low barrier required for a malicious user to exploit them if not security measures are in place. We identify several of these unique vulnerabilities and suggest methods for mitigating them.

MIMO Radar Waveform Design for Spectrum Sharing with Cellular Systems: A MATLAB Based Approach

This book discusses spectrum sharing between cellular systems and radars. The book addresses a novel way to design radar waveforms that can enable spectrum sharing between radars and communication systems, without causing interference to communication systems, and at the same time achieving radar objectives of target detection, estimation, and tracking. The book includes a MATLAB-based approach, which provides reader with a way to learn, experiment, compare, and build on top of existing algorithms.

Making the case for EAP channel bindings

In current networks that use EAP and AAA for authenticated admission control, such as WiFi, WiMAX, and various 3G internetworking protocols, a malicious base station can advertise false information to prospective users in an effort to manipulate network access in some way. This paper identifies and discusses the resulting threats (e.g. the lying NAS problem in enterprise networks and the newly identified lying provider problem in roaming environments) and shows how these threats can be exploited for a number of attacks, including traffic herding, denial of service, cryptographic downgrade attacks, and forced roaming. Finally, the paper presents how an EAP channel binding protocol can thwart the identified attacks by allowing a client to inform the EAP server about the unauthenticated information it received during the network selection process. The back-end server can then ensure the consistency of the advertised information with its configured policy. As a result, EAP channel bindings enable an end-to-end validation of network properties, which is otherwise infeasible in existing AAA infrastructures. Standardization activities currently exist within the IETF to implement this technique.