Visible to the public Biblio

Filters: Keyword is physical-layer security  [Clear All Filters]
Qian, Lei, Chi, Xuefen, Zhao, Linlin, Chaaban, Anas.  2021.  Secure Visible Light Communications via Intelligent Reflecting Surfaces. ICC 2021 - IEEE International Conference on Communications. :1–6.
Intelligent reflecting surfaces (IRS) can improve the physical layer security (PLS) by providing a controllable wireless environment. In this paper, we propose a novel PLS technique with the help of IRS implemented by an intelligent mirror array for the visible light communication (VLC) system. First, for the IRS aided VLC system containing an access point (AP), a legitimate user and an eavesdropper, the IRS channel gain and a lower bound of the achievable secrecy rate are derived. Further, to enhance the IRS channel gain of the legitimate user while restricting the IRS channel gain of the eavesdropper, we formulate an achievable secrecy rate maximization problem for the proposed IRS-aided PLS technique to find the optimal orientations of mirrors. Since the sensitivity of mirrors’ orientations on the IRS channel gain makes the optimization problem hard to solve, we transform the original problem into a reflected spot position optimization problem and solve it by a particle swarm optimization (PSO) algorithm. Our simulation results show that secrecy performance can be significantly improved by adding an IRS in a VLC system.
Yao, Li, Liu, Youjiang.  2020.  A Novel Optimization Scheme for the Beamforming Method Selection in Artificial-Noise-Aid MU-MISOME Broadcast Secure Communication System. 2020 International Symposium on Computer Engineering and Intelligent Communications (ISCEIC). :175–179.
This article investigates the beamforming method selection in artificial-noise-aid (AN-aid) multiuser multiple-input-single-output (MU-MISO) broadcast wiretap systems in slow fading channel environment. We adopt beamforming pre-coding matrix with artificial noise to achieve secure multiuser communication and optimize system performance, and compare the secure transmission performance of two beamforming methods. To overcome the complexity of this model, a novel optimization scheme expressed using semi-closed-form expressions and Monte Carlo method is employed to derive the relationship between transmission parameters and secure transmission performance. This scheme would help us to analyses performance of different beamforming methods.
Alresheedi, Mohammed T..  2020.  Improving the Confidentiality of VLC Channels: Physical-Layer Security Approaches. 2020 22nd International Conference on Transparent Optical Networks (ICTON). :1–5.
Visible light communication (VLC) is considered as an emerging system for wireless indoor multimedia communications. As any wireless communication system, its channels are open and reachable to both licensed and unlicensed users owing to the broadcast character of visible-light propagation in public areas or multiple-user scenarios. In this work, we consider the physical-layer security approaches for VLC to mitigate this limitation. The physical-layer security approaches can be divided into two categories: keyless security and key-based security approaches. In the last category, recently, the authors introduced physical-layer key-generation approaches for optical orthogonal frequency division multiplexing (OFDM) systems. In these approaches, the cyclic prefix (CP) samples are exploited for key generation. In this paper, we study the effect of the length of key space and order of modulation on the security level, BER performance, and key-disagreement-rate (KDR) of the introduced key-based security approaches. From the results, our approaches are more efficient in higher order of modulation as the KDR decreases with the increase of order of modulation.
Yesilkaya, Anil, Cogalan, Tezcan, Erkucuk, Serhat, Sadi, Yalcin, Panayirci, Erdal, Haas, Harald, Poor, H. Vincent.  2020.  Physical-Layer Security in Visible Light Communications. 2020 2nd 6G Wireless Summit (6G SUMMIT). :1–5.
Optical wireless communications (OWC) and its potential to solve physical layer security (PLS) issues are becoming important research areas in 6G communications systems. In this paper, an overview of PLS in visible light communications (VLC), is presented. Then, two new PLS techniques based on generalized space shift keying (GSSK) modulation with spatial constellation design (SCD) and non-orthogonal multiple access (NOMA) cooperative relaying are introduced. In the first technique, the PLS of the system is enhanced by the appropriate selection of a precoding matrix for randomly activated light emitting diodes (LEDs). With the aid of a legitimate user's (Bob's) channel state information (CSI) at the transmitter (CSIT), the bit error ratio (BER) of Bob is minimized while the BER performance of the potential eavesdroppers (Eves) is significantly degraded. In the second technique, superposition coding with uniform signaling is used at the transmitter and relays. The design of secure beamforming vectors at the relay nodes along with NOMA techniques is used to enhance PLS in a VLC system. Insights gained from the improved security levels of the proposed techniques are used to discuss how PLS can be further improved in future generation communication systems by using VLC.
Khalid, W., Yu, H..  2020.  Residual Energy Analysis with Physical-Layer Security for Energy-Constrained UAV Cognitive Radio Systems. 2020 International Conference on Electronics, Information, and Communication (ICEIC). :1–3.
Unmanned aerial vehicles (UAVs) based cognitive radio (CR) systems improve the sensing performance. However, such systems demand secure communication with lower power consumption. Motivated by these observations, we consider an energy-constraint yet energy harvesting (EH) drone flying periodically in the circular track around primary transmitter in the presence of an eavesdropper with an aim to use the licensed band opportunistically. Considering the trade-off between the residual energy and secondary link performance, we formulate the constrained optimization problem, i.e., maximizing residual energy under the constraint of secondary secrecy outage. Simulation results verify the proposed theoretical analysis.
Zheng, T., Liu, H., Wang, Z., Yang, Q., Wang, H..  2020.  Physical-Layer Security with Finite Blocklength over Slow Fading Channels. 2020 International Conference on Computing, Networking and Communications (ICNC). :314–319.
This paper studies physical-layer security over slow fading channels, considering the impact of finite-blocklength secrecy coding. A comprehensive analysis and optimization framework is established to investigate the secrecy throughput (ST) of a legitimate user pair coexisting with an eavesdropper. Specifically, we devise both adaptive and non-adaptive optimization schemes to maximize the ST, where we derive optimal parameters including the transmission policy, blocklength, and code rates based on the instantaneous and statistical channel state information of the legitimate pair, respectively. Various important insights are provided. In particular, 1) increasing blocklength improves both reliability and secrecy with our transmission policy; 2) ST monotonically increases with blocklength; 3) ST initially increases and then decreases with secrecy rate, and there exists a critical secrecy rate that maximizes the ST. Numerical results are presented to verify theoretical findings.
Wang, L., Guo, D..  2020.  Secure Communication Based on Reliability-Based Hybrid ARQ and LDPC Codes. 2020 Prognostics and Health Management Conference (PHM-Besançon). :304—308.
This paper designs a re-transmission strategy to intensify the security of communication over the additive white Gaussian noise (AWGN) wire-tap channel. In this scheme, irregular low-density parity-check (LDPC) codes work with reliability-based hybrid automatic repeat-request (RB-HARQ). For irregular LDPC codes, the variable nodes have different degrees, which means miscellaneous protection for the nodes. In RB-HARQ protocol, the legitimate receiver calls for re-transmissions including the most unreliable bits at decoder's outputting. The bits' reliability can be evaluated by the average magnitude of a posteriori probability log-likelihood ratios (APP LLRs). Specifically, this scheme utilizes the bit-error rate (BER) to assess the secrecy performance. Besides, the paper gives close analyses of BER through theoretical arguments and simulations. Results of numerical example demonstrate that RB-HARQ protocol with irregular LDPC codes can hugely reinforce the security performance of the communication system.
Tian, Dinghui, Zhang, Wensheng, Sun, Jian, Wang, Cheng-Xiang.  2019.  Physical-Layer Security of Visible Light Communications with Jamming. 2019 IEEE/CIC International Conference on Communications in China (ICCC). :512–517.
Visible light communication (VLC) is a burgeoning field in wireless communications as it considers illumination and communication simultaneously. The broadcast nature of VLC makes it necessary to consider the security of underlying transmissions. A physical-layer security (PLS) scheme by introducing jamming LEDs is considered in this paper. The secrecy rate of an indoor VLC system with multiple LEDs, one legitimate receiver, and multiple eavesdroppers is investigated. Three distributions of input signal are assumed, i.e., truncated generalized normal distribution (TGN), uniform distribution, and exponential distribution. The results show that jamming can improve the secrecy performance efficiently. This paper also demonstrates that when the numbers of LEDs transmitting information-bearing signal and jamming signal are equal, the average secrecy rate can be maximized.
Tan, Yeteng, Pu, Tao, Zheng, Jilin, Zhou, Hua, Su, Guorui, Shi, Haiqin.  2019.  Study on the Effect of System Parameters on Physical-Layer Security of Optical CDMA Systems. 2019 18th International Conference on Optical Communications and Networks (ICOCN). :1—3.
Optical CDMA (OCMDA) technology directly encrypts optical transmission links at the physical layer, which can improve the security of communication system against fibre-optic eavesdropping attacks. System parameters will affect the performances of OCDMA systems, based on the wiretap channel model of OCDMA systems, "secrecy capacity" is employed as an indicator to estimate the effects of system parameters (the type of code words, the length of code words) on the security of the systems. Simulation results demonstrate that system parameters play an important role and choosing the code words with better cross-correlation characteristics can improve the security of OCDMA systems.
Liu, Xiaochen, Gao, Yuanyuan, Zang, Guozhen, Sha, Nan.  2019.  Artificial-Noise-Aided Robust Beamforming for MISOME Wiretap Channels with Security QoS. 2019 IEEE 19th International Conference on Communication Technology (ICCT). :795–799.
This paper studies secure communication from a multi-antenna transmitter to a single-antenna receiver in the presence of multiple multi-antenna eavesdroppers, considering constraints of security quality of service (QoS), i.e., minimum allowable signal-to-interference-and-noise ratio (SINR) at receiver and maximum tolerable SINR at eavesdroppers. The robust joint optimal beamforming (RJOBF) of secret signal and artificial noise (AN) is designed to minimize transmit power while estimation errors of channel state information (CSI) for wiretap channels are taken into consideration. The formulated design problem is shown to be nonconvex and we transfer it into linear matrix inequalities (LMIs) along with semidefinite relaxation (SDR) technique. The simulation results illustrate that our proposed RJOBF is efficient for power saving in security communication.
MirhoseiniNejad, S. Mohamad, Rahmanpour, Ali, Razavizadeh, S. Mohammad.  2018.  Phase Jamming Attack: A Practical Attack on Physical Layer-Based Key Derivation. 2018 15th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC). :1–4.

Key derivation from the physical layer features of the communication channels is a promising approach which can help the key management and security enhancement in communication networks. In this paper, we consider a key generation technique that quantizes the received signal phase to obtain the secret keys. We then study the effect of a jamming attack on this system. The jammer is an active attacker that tries to make a disturbance in the key derivation procedure and changes the phase of the received signal by transmitting an adversary signal. We evaluate the effect of jamming on the security performance of the system and show the ways to improve this performance. Our numerical results show that more phase quantization regions limit the probability of successful attacks.

Son, W., Jung, B. C., Kim, C., Kim, J. M..  2018.  Pseudo-Random Beamforming with Beam Selection for Improving Physical-Layer Security. 2018 Tenth International Conference on Ubiquitous and Future Networks (ICUFN). :382–384.
In this paper, we propose a novel pseudo-random beamforming technique with beam selection for improving physical-layer security (PLS) in a downlink cellular network where consists of a base station (BS) with Ntantennas, NMSlegitimate mobile stations (MSs), and NEeavesdroppers. In the proposed technique, the BS generates multiple candidates of beamforming matrix each of which consists of orthogonal beamforming vectors in a pseudo-random manner. Each legitimate MS opportunistically feeds back the received signal-to-interference-and-noise ratio (SINR) value for all beamforming vectors to the BS. The BS transmits data to the legitimate MSs with the optimal beamforming matrix among multiple beam forming matrices that maximizes the secrecy sum-rate. Simulation results show that the proposed technique outperforms the conventional random beamforming technique in terms of the achievable secrecy sum-rate.
Sharifian, Setareh, Safavi-Naini, Reihaneh, Lin, Fuchun.  2018.  Post-quantum Security Using Channel Noise. Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. :2288–2290.

Post-quantum secure communication has attracted much interest in recent years. Known computationally secure post-quantum key agreement protocols are resource intensive for small devices. These devices may need to securely send frequent short messages, for example to report the measurement of a sensor. Secure communication using physical assumptions provides information-theoretic security (and so quantum-safe) with small computational over-head. Security and efficiency analysis of these systems however is asymptotic. In this poster we consider two secure message communication systems, and derive and compare their security and efficiency for finite length messages. Our results show that these systems indeed provide an attractive alternative for post-quantum security.

Yazicigil, R. T., Nadeau, P., Richman, D., Juvekar, C., Vaidya, K., Chandrakasan, A. P..  2018.  Ultra-Fast Bit-Level Frequency-Hopping Transmitter for Securing Low-Power Wireless Devices. 2018 IEEE Radio Frequency Integrated Circuits Symposium (RFIC). :176-179.

Current BLE transmitters are susceptible to selective jamming due to long dwell times in a channel. To mitigate these attacks, we propose physical-layer security through an ultra-fast bit-level frequency-hopping (FH) scheme by exploiting the frequency agility of bulk acoustic wave resonators (BAW). Here we demonstrate the first integrated bit-level FH transmitter (TX) that hops at 1$μ$s period and uses data-driven random dynamic channel selection to enable secure wireless communications with additional data encryption. This system consists of a time-interleaved BAW-based TX implemented in 65nm CMOS technology with 80MHz coverage in the 2.4GHz ISM band and a measured power consumption of 10.9mW from 1.1V supply.

Zhou, Y., Shi, J., Zhang, J., Chi, N..  2018.  Spectral Scrambling for High-security PAM-8 Underwater Visible Light Communication System. 2018 Asia Communications and Photonics Conference (ACP). :1–3.
We propose a spectral scrambling scheme to enhance physical layer security for an underwater VLC system which also simplifies the real-value signal generation procedure. A 1.08-Gb/s PAM-8 encrypted data over 1.2m transmission is experimentally demonstrated.
Lin, J., Li, Q., Yang, J..  2017.  Frequency diverse array beamforming for physical-layer security with directionally-aligned legitimate user and eavesdropper. 2017 25th European Signal Processing Conference (EUSIPCO). :2166–2170.
The conventional physical-layer (PHY) security approaches, e.g., transmit beamforming and artificial noise (AN)-based design, may fail when the channels of legitimate user (LU) and eavesdropper (Eve) are close correlated. Due to the highly directional transmission feature of millimeter-wave (mmWave), this may occur in mmWave transmissions as the transmitter, Eve and LU are aligned in the same direction exactly. To handle the PHY security problem with directionally-aligned LU and Eve, we propose a novel frequency diverse array (FDA) beamforming approach to differentiating the LU and Eve. By intentionally introducing some frequency offsets across the antennas, the FDA beamforming generates an angle-range dependent beampattern. As a consequence, it can degrade the Eve's reception and thus achieve PHY security. In this paper, we maximize the secrecy rate by jointly optimizing the frequency offsets and the beamformer. This secrecy rate maximization (SRM) problem is hard to solve due to the tightly coupled variables. Nevertheless, we show that it can be reformulated into a form depending only on the frequency offsets. Building upon this reformulation, we identify some cases where the SRM problem can be optimally solved in closed form. Numerical results demonstrate the efficacy of FDA beamforming in achieving PHY security, even for aligned LU and Eve.
Wang, Fei, Zhang, Xi.  2017.  Secure resource allocation for polarization-enabled green cooperative cognitive radio networks with untrusted secondary users. 2017 51st Annual Conference on Information Sciences and Systems (CISS). :1–6.
We address secure resource allocation for an OFDMA cooperative cognitive radio network (CRN) with energy harvesting (EH) capability. In the network, one primary user (PU) cooperates with several untrusted secondary users (SUs) with one SU transmitter and several SU receivers, where the SU transmitter and all SU receivers may overhear the PU transmitter's information while all SU receivers may eavesdrop on each other's signals. We consider the scenario when SUs are wireless devices with small physical sizes; therefore to improve system performance we suppose that SUs are equipped with co-located orthogonally dual-polarized antennas (ODPAs). With ODPAs, on one hand, the SU transmitter can first harvest energy from radio frequency (RF) signals emitted by the PU transmitter, and then utilize the harvested energy to simultaneously serve the PU and all SU receivers. On the other hand, by exploiting polarization-based signal processing techniques, both the PU's and SUs' physical-layer security can be enhanced. In particular, to ensure the PU's communication security, the PU receiver also sends jamming signals to degrade the reception performance of SUs, and meanwhile the jamming signals can also become new sources of energy powering the SU transmitter. For the considered scenario, we investigate the joint allocation of subcarriers, powers, and power splitting ratios to maximize the total secrecy rate of all SUs while ensuring the PU's minimum secrecy rate requirement. Finally, we evaluate the performance of our resource allocation scheme through numerical analyses.
Genkin, Daniel, Pachmanov, Lev, Pipman, Itamar, Tromer, Eran, Yarom, Yuval.  2016.  ECDSA Key Extraction from Mobile Devices via Nonintrusive Physical Side Channels. Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. :1626–1638.

We show that elliptic-curve cryptography implementations on mobile devices are vulnerable to electromagnetic and power side-channel attacks. We demonstrate full extraction of ECDSA secret signing keys from OpenSSL and CoreBitcoin running on iOS devices, and partial key leakage from OpenSSL running on Android and from iOS's CommonCrypto. These non-intrusive attacks use a simple magnetic probe placed in proximity to the device, or a power probe on the phone's USB cable. They use a bandwidth of merely a few hundred kHz, and can be performed cheaply using an audio card and an improvised magnetic probe.

Frey, Sylvain, Rashid, Awais, Zanutto, Alberto, Busby, Jerry, Follis, Karolina.  2016.  On the Role of Latent Design Conditions in Cyber-physical Systems Security. Proceedings of the 2Nd International Workshop on Software Engineering for Smart Cyber-Physical Systems. :43–46.

As cyber-physical systems (CPS) become prevalent in everyday life, it is critical to understand the factors that may impact the security of such systems. In this paper, we present insights from an initial study of historical security incidents to analyse such factors for a particular class of CPS: industrial control systems (ICS). Our study challenges the usual tendency to blame human fallibility or resort to simple explanations for what are often complex issues that lead to a security incident. We highlight that (i) perception errors are key in such incidents (ii) latent design conditions – e.g., improper specifications of a system's borders and capabilities – play a fundamental role in shaping perceptions, leading to security issues. Such design-time considerations are particularly critical for ICS, the life-cycle of which is usually measured in decades. Based on this analysis, we discuss how key characteristics of future smart CPS in such industrial settings can pose further challenges with regards to tackling latent design flaws.

Mahfouzi, Rouhollah, Aminifar, Amir, Eles, Petru, Peng, Zebo, Villani, Mattias.  2016.  Intrusion-Damage Assessment and Mitigation in Cyber-Physical Systems for Control Applications. Proceedings of the 24th International Conference on Real-Time Networks and Systems. :141–150.

With cyber-physical systems opening to the outside world, security can no longer be considered a secondary issue. One of the key aspects in security of cyber-phyiscal systems is to deal with intrusions. In this paper, we highlight the several unique properties of control applications in cyber-physical systems. Using these unique properties, we propose a systematic intrusion-damage assessment and mitigation mechanism for the class of observable and controllable attacks. On the one hand, in cyber-physical systems, the plants follow certain laws of physics and this can be utilized to address the intrusion-damage assessment problem. That is, the states of the controlled plant should follow those expected according to the physics of the system and any major discrepancy is potentially an indication of intrusion. Here, we use a machine learning algorithm to capture the normal behavior of the system according to its dynamics. On the other hand, the control performance strongly depends on the amount of allocated resources and this can be used to address the intrusion-damage mitigation problem. That is, the intrusion-damage mitigation is based on the idea of allocating more resources to the control application under attack. This is done using a feedback-based approach including a convex optimization.

Moore, Samuel, Yampolskiy, Mark, Gatlin, Jacob, McDonald, Jeffrey T., Andel, Todd R..  2016.  Buffer Overflow Attack's Power Consumption Signatures. Proceedings of the 6th Workshop on Software Security, Protection, and Reverse Engineering. :6:1–6:7.

Embedded Systems (ES) are an integral part of Cyber-Physical Systems (CPS), the Internet of Things (IoT), and consumer devices like smartphones. ES often have limited resources, and - if used in CPS and IoT - have to satisfy real time requirements. Therefore, ES rarely employ the security measures established for computer systems and networks. Due to the growth of both CPS and IoT it is important to identify ongoing attacks on ES without interfering with realtime constraints. Furthermore, security solutions that can be retrofit to legacy systems are desirable, especially when ES are used in Industrial Control Systems (ICS) that often maintain the same hardware for decades. To tackle this problem, several researchers have proposed using side-channels (i.e., physical emanations accompanying cyber processes) to detect such attacks. While prior work focuses on the anomaly detection approach, this might not always be sufficient, especially in complex ES whose behavior depends on the input data. In this paper, we determine whether one of the most common attacks - a buffer overflow attack - generates distinct side-channel signatures if executed on a vulnerable ES. We only consider the power consumption side-channel. We collect and analyze power traces from normal program operation and four cases of buffer overflow attack categories: (i) crash program execution, (ii) injection of executable code, (iii) return to existing function, and (iv) Return Oriented Programming (ROP) with gadgets. Our analysis shows that for some of these cases a power signature-based detection of a buffer overflow attack is possible.

Chhetri, Sujit Rokka, Canedo, Arquimedes, Faruque, Mohammad Abdullah Al.  2016.  KCAD: Kinetic Cyber-attack Detection Method for Cyber-physical Additive Manufacturing Systems. Proceedings of the 35th International Conference on Computer-Aided Design. :74:1–74:8.

Additive Manufacturing (AM) uses Cyber-Physical Systems (CPS) (e.g., 3D Printers) that are vulnerable to kinetic cyber-attacks. Kinetic cyber-attacks cause physical damage to the system from the cyber domain. In AM, kinetic cyber-attacks are realized by introducing flaws in the design of the 3D objects. These flaws may eventually compromise the structural integrity of the printed objects. In CPS, researchers have designed various attack detection method to detect the attacks on the integrity of the system. However, in AM, attack detection method is in its infancy. Moreover, analog emissions (such as acoustics, electromagnetic emissions, etc.) from the side-channels of AM have not been fully considered as a parameter for attack detection. To aid the security research in AM, this paper presents a novel attack detection method that is able to detect zero-day kinetic cyber-attacks on AM by identifying anomalous analog emissions which arise as an outcome of the attack. This is achieved by statistically estimating functions that map the relation between the analog emissions and the corresponding cyber domain data (such as G-code) to model the behavior of the system. Our method has been tested to detect potential zero-day kinetic cyber-attacks in fused deposition modeling based AM. These attacks can physically manifest to change various parameters of the 3D object, such as speed, dimension, and movement axis. Accuracy, defined as the capability of our method to detect the range of variations introduced to these parameters as a result of kinetic cyber-attacks, is 77.45%.

Wadhawan, Yatin, Neuman, Clifford.  2016.  Defending Cyber-Physical Attacks on Oil Pipeline Systems: A Game-Theoretic Approach. Proceedings of the 1st International Workshop on AI for Privacy and Security. :7:1–7:8.

The security of critical infrastructures such as oil and gas cyber-physical systems is a significant concern in today's world where malicious activities are frequent like never before. On one side we have cyber criminals who compromise cyber infrastructure to control physical processes; we also have physical criminals who attack the physical infrastructure motivated to destroy the target or to steal oil from pipelines. Unfortunately, due to limited resources and physical dispersion, it is impossible for the system administrator to protect each target all the time. In this research paper, we tackle the problem of cyber and physical attacks on oil pipeline infrastructure by proposing a Stackelberg Security Game of three players: system administrator as a leader, cyber and physical attackers as followers. The novelty of this paper is that we have formulated a real world problem of oil stealing using a game theoretic approach. The game has two different types of targets attacked by two distinct types of adversaries with different motives and who can coordinate to maximize their rewards. The solution to this game assists the system administrator of the oil pipeline cyber-physical system to allocate the cyber security controls for the cyber targets and to assign patrol teams to the pipeline regions efficiently. This paper provides a theoretical framework for formulating and solving the above problem.

Moser, Daniel, Leu, Patrick, Lenders, Vincent, Ranganathan, Aanjhan, Ricciato, Fabio, Capkun, Srdjan.  2016.  Investigation of Multi-device Location Spoofing Attacks on Air Traffic Control and Possible Countermeasures. Proceedings of the 22Nd Annual International Conference on Mobile Computing and Networking. :375–386.

Multilateration techniques have been proposed to verify the integrity of unprotected location claims in wireless localization systems. A common assumption is that the adversary is equipped with only a single device from which it transmits location spoofing signals. In this paper, we consider a more advanced model where the attacker is equipped with multiple devices and performs a geographically distributed coordinated attack on the multilateration system. The feasibility of a distributed multi-device attack is demonstrated experimentally with a self-developed attack implementation based on multiple COTS software-defined radio (SDR) devices. We launch an attack against the OpenSky Network, an air traffic surveillance system that implements a time-difference-of-arrival (TDoA) multi-lateration method for aircraft localization based on ADS-B signals. Our experiments show that the timing errors for distributed spoofed signals are indistinguishable from the multilateration errors of legitimate aircraft signals, indicating that the threat of multi-device spoofing attacks is real in this and other similar systems. In the second part of this work, we investigate physical-layer features that could be used to detect multi-device attacks. We show that the frequency offset and transient phase noise of the attacker's radio devices can be exploited to discriminate between a received signal that has been transmitted by a single (legitimate) transponder or by multiple (malicious) spoofing sources. Based on that, we devise a multi-device spoofing detection system that achieves zero false positives and a false negative rate below 1%.

Classen, Jiska, Steinmetzer, Daniel, Hollick, Matthias.  2016.  Opportunities and Pitfalls in Securing Visible Light Communication on the Physical Layer. Proceedings of the 3rd Workshop on Visible Light Communication Systems. :19–24.

Securing visible light communication (VLC) systems on the physical layer promises to prevent against a variety of attacks. Recent work shows that the adaption of existing legacy radio wave physical layer security (PLS) mechanisms is possible with minor changes. Yet, many adaptations open new vulnerabilities due to distinct propagation characteristics of visible light. A common understanding of threats arising from various attacker capabilities is missing. We specify a new attacker model for visible light physical layer attacks and evaluate the applicability of existing PLS approaches. Our results show that many attacks are not considered in current solutions.