Comprehensive ExamComprehensive ExamPh.D. in Electrical EngineeringPh.D. in Electrical Engineering

William L. BahnWilliam L. Bahn

14 May 200714 May 2007

The Theory of Concurrent Codes The Theory of Concurrent Codes with Application to with Application to

Omnidirectional Jam-Resistant Omnidirectional Jam-Resistant Communications without Communications without

Shared SecretsShared Secrets

The future of warfare:The future of warfare:Net-centric, Joint, and Net-centric, Joint, and

CoalitionCoalition

What’s the point of this What’s the point of this work?work?

Concurrent codes address one Concurrent codes address one component of component of secure secure communicationscommunications::

The The availabilityavailability of the of the communications link in situations communications link in situations where where high directionalityhigh directionality and/or and/or shared secretsshared secrets are not feasible. are not feasible.

This problem involves This problem involves several disciplines and several disciplines and

needs more overlap than needs more overlap than usually exists.usually exists.

Can the bad guys jam my message?Spread spectrum

Can the bad guys forge my message?Passwords

Can the bad guys change my message?

Hash functions, message digests,

MACs

Can the bad guys read my message?

Encryption usingsymmetric

cryptography

Secure communications involve Secure communications involve four distinct security goals.four distinct security goals.

Confidentiality Integrity

Authenticity Availability

Security

Each goal is achievable when Each goal is achievable when the good guys share secrets the good guys share secrets

that the bad guys don’t know.that the bad guys don’t know.

Secure communications occur Secure communications occur only when all four goals are only when all four goals are

achieved.achieved.

Narrowband communications Narrowband communications work fine in an nice, friendly, work fine in an nice, friendly,

ideal world.ideal world.

NB

But they are easily jammed by But they are easily jammed by any competing signal of similar any competing signal of similar

power.power.

NB

Spread spectrum provides Spread spectrum provides protection against a competing protection against a competing

signal.signal.

SS

In Frequency Hop Spread In Frequency Hop Spread Spectrum (FH/SS), Sender and Spectrum (FH/SS), Sender and Receiver change frequencies Receiver change frequencies

according to a schedule.according to a schedule.

FH/SS

Time Freq1 142 453 234 125 196 317 42

Time Freq1 142 453 234 125 196 317 42

Jammer doesn’t know schedule, Jammer doesn’t know schedule, so… they jam random so… they jam random

frequencies.frequencies.

FH/SS

Time Freq1 142 453 234 125 196 317 42

Time Freq1 142 453 234 125 196 317 42

Time Freq1 38, 27, 242 19, 26, 453 18, 33, 374 15, 25, 295 13, 28, 446 29, 31, 497 22, 30, 42

Problem: Jammer increases bit error rate (BER)

Solution: Error correcting codes

Frequency sequence exchanged Frequency sequence exchanged using a “secure alternate using a “secure alternate

channel.”channel.”

Time Freq1 142 453 234 125 196 317 42

Time Freq1 142 453 234 125 196 317 42

The symmetric key is any and all information that must be kept from the jammer but that both the sender and the receiver must

have access to.

What if the alternate channel What if the alternate channel isn’t so secure?isn’t so secure?

Time Freq1 142 453 234 125 196 317 42

Time Freq1 142 453 234 125 196 317 42

An informed jammer knows (or somehow obtains) the symmetric key.

They do not know any private keys - information that only the sender knows or that only the receiver knows.

An informed jammer DOES know An informed jammer DOES know schedule, so they jam the right schedule, so they jam the right

frequencies.frequencies.

Time Freq1 142 453 234 125 196 317 42

Time Freq1 142 453 234 125 196 317 42

Time Freq1 142 453 234 125 196 317 42

FH/SS

Problem: An “informed jammer” can reduce processing gain to unity.

Solution: ????

Traditional Spread Spectrum Traditional Spread Spectrum relies on shared secrets staying relies on shared secrets staying

secret.secret.

Public

Information

Private

Secrets

Shared

Secrets

Private

Secrets

The management of symmetric The management of symmetric keys is not scaleable and keys is not scaleable and cannot meet the requirements cannot meet the requirements of the GIG.of the GIG. Very small unit level (10 people)Very small unit level (10 people)

– Key Pairs: 45Key Pairs: 45 Medium unit level (1,000 people)Medium unit level (1,000 people)

– Key Pairs: ~500,000Key Pairs: ~500,000 Small theater-scale: (100,000 Small theater-scale: (100,000

people)people)– Pair Keys: 5 billionPair Keys: 5 billion

Coalition-scale: (1,000,000 people)Coalition-scale: (1,000,000 people)– Pair Keys: 500 billionPair Keys: 500 billion

An “informed jammer” can An “informed jammer” can exploit all of the shared exploit all of the shared

secrets.secrets.

Public

Information

Private

Secrets

Shared

Secrets

Private

Secrets

But how can we communicate But how can we communicate securely without shared securely without shared

secrets?secrets?First, how do we do it with shared First, how do we do it with shared

secrets?secrets?

A single key both encrypts and decrypts a A single key both encrypts and decrypts a message. message. Both sender and receiver must possess it.Both sender and receiver must possess it.Attacker must NOT possess it. Attacker must NOT possess it. An attacker can compromise the distribution An attacker can compromise the distribution process.process.

Symmetric Cryptography

Attack at dawn! Attack at dawn!

U&3ro0+wn@”}EJnSENDER RECEIVER

K K

Asymmetric Cryptography Asymmetric Cryptography simply uses two keys!simply uses two keys!

Anything encrypted with one key can only be Anything encrypted with one key can only be decrypted with the other key: P = T(T(P,A),B); P = decrypted with the other key: P = T(T(P,A),B); P = T(T(P,B),A)T(T(P,B),A)Receiver generates Receiver generates AA and and B.B.

Key A is distributed – to everyone (Public Key A is distributed – to everyone (Public Key).Key).

Key B is kept secret – from everyone (Private Key B is kept secret – from everyone (Private Key).Key).

Asymmetric Cryptography

Attack at dawn! Attack at dawn!

kO$7*jfMsi@4ifnnYSENDER RECEIVER

A B

Three of the four security Three of the four security goals can be achieved using goals can be achieved using

PKI.PKI.

GoalGoal OperationOperation SenderSender ReceiverReceiver OperatioOperationn

ConfidentialityConfidentiality EncryptEncrypt C = T(P,AC = T(P,ARR)) P = T(C,BP = T(C,BRR)) DecryptDecrypt

IntegrityIntegrity

AuthenticationAuthenticationSignSign C = T(P,BC = T(P,BSS)) P = T(C,AP = T(C,ASS)) UnsignUnsign

BothBothSignSign

EncryptEncrypt

CC00 = T(P,B = T(P,BSS))

C = C = T(CT(C00,A,ARR))

CC00 = = T(C,BT(C,BRR))

P = P = T(CT(C00,A,ASS))

DecryptDecrypt

UnsignUnsign

NOTE: This is a highly simplified description of how PKI works in the real world.

Can the bad guys jam my message?

Highly directional links or spread

spectrum

Omnidirectional SS links jammed as

easily as NB

Can the bad guys forge my message?PasswordsDigital Signatures

Can the bad guys change my message?

Hash functions, message digests,

MACsDigital Signatures

Can the bad guys read my message?

Encryption usingsymmetric

cryptography

Encryption usingasymmetric

cryptography

Confidentiality Integrity

Authenticity Availability

Security

Each goal is achievable when Each goal is achievable when the good guys share secrets the good guys share secrets

that the bad guys don’t know.that the bad guys don’t know.

If a shared secret is not available, If a shared secret is not available, a hole emerges for omnidirectional a hole emerges for omnidirectional

links.links.

What’s the point of this What’s the point of this work?work?

Concurrent codes address one Concurrent codes address one component of component of secure secure communicationscommunications::

The The availabilityavailability of the of the communications link in situations communications link in situations where where high directionalityhigh directionality and/or and/or shared secretsshared secrets are not feasible. are not feasible.

Error detecting and correcting codes are Error detecting and correcting codes are great for dealing with random noise – great for dealing with random noise – concurrent codes are designed to deal concurrent codes are designed to deal with malicious non-random noise.with malicious non-random noise.

So how is it done?So how is it done?BBC Algorithm 101BBC Algorithm 101

Encode by placing “indelible Encode by placing “indelible marks” at locations dictated by marks” at locations dictated by progressively longer prefixes of progressively longer prefixes of the message.the message.

Decode by looking for “indelible Decode by looking for “indelible marks” at locations dictated by marks” at locations dictated by progressively longer prefixes of progressively longer prefixes of the message.the message.

An “indelible mark” is a An “indelible mark” is a transmission that is very transmission that is very difficult for an attacker to difficult for an attacker to

suppress.suppress. UWBUWB

– Short of noise at a specific time.Short of noise at a specific time. FHFH

– Noise at a specific carrier frequency.Noise at a specific carrier frequency. DSDS

– Random data at a given code/offset.Random data at a given code/offset.

The mark is not data modulated – it is data placed.

No data is present in the mark – the presence of the mark is the data.

The attacker can distort the mark – as long as we can still detect it.

The attacker can add additional marks – we can deal with that.

Checksum bits appended to Checksum bits appended to message eliminate terminal message eliminate terminal

hallucinations.hallucinations.

Appended 0-bits act as checksum bits.Appended 0-bits act as checksum bits. Terminal hallucinations survive each Terminal hallucinations survive each

checksum bit at a rate equal to the checksum bit at a rate equal to the packet mark density.packet mark density.

Overall rate for k checksum bits:Overall rate for k checksum bits:

k = 19 => 1ppb at 33% density.k = 19 => 1ppb at 33% density.

Impulse-based UWB Impulse-based UWB Implementation.Implementation.

Simple receiver leaves Simple receiver leaves little for attacker to little for attacker to

attack.attack.

BBC: Sequential BBC: Sequential decoding performs depth decoding performs depth

first search in linear first search in linear time.time.

Exponential Receiver Blow-up Exponential Receiver Blow-up does not occur below 50% mark does not occur below 50% mark

density.density.

Steady-state hallucination level:Steady-state hallucination level:

Receiver effort doubled at 33% Receiver effort doubled at 33% density.density.

Receiver effort 10x at 47% density.Receiver effort 10x at 47% density. If attacker can afford to broadcast If attacker can afford to broadcast

33%, they can likely afford to 33%, they can likely afford to broadcast 100%.broadcast 100%.

Actual and predicted Actual and predicted receiver workload in very receiver workload in very

close agreement.close agreement.

Audio BBC recordings of 1 Audio BBC recordings of 1 through 4 concurrent through 4 concurrent

messages.messages.

1

2

3

4

Actual workload at 99% packet Actual workload at 99% packet density oscillates in close density oscillates in close agreement with predicted agreement with predicted

bounds.bounds.

Concurrent codes have Concurrent codes have potential applications potential applications beyond hostile jam-beyond hostile jam-

resistance.resistance. RFIDRFID

– Jamming an issue for item-level tagging.Jamming an issue for item-level tagging. MAC-less networksMAC-less networks

– Wired or wireless.Wired or wireless.– No collision detection/avoidance – just No collision detection/avoidance – just

transmit!transmit!– To prevent self-jamming, devices monitor To prevent self-jamming, devices monitor

mark density and adjust data rate accordingly.mark density and adjust data rate accordingly. Information RetrievalInformation Retrieval

– Can perform more powerful searches than Can perform more powerful searches than present techniques.present techniques.

Concurrent codes are NOT Concurrent codes are NOT Nirvana!Nirvana!

The system can still be jammed.The system can still be jammed.– As can all the others.As can all the others.

There is a penalty to be paid.There is a penalty to be paid.– As there is with the others.As there is with the others.

The goal is to not to be more jam-resistant The goal is to not to be more jam-resistant than uncompromised spread spectrum.than uncompromised spread spectrum.– It isn’t.It isn’t.

The goal is to retain a comparable level of The goal is to retain a comparable level of jam-resistance without a shared secret.jam-resistance without a shared secret.– It retains roughly half of the data rate. It retains roughly half of the data rate.

Demo ProgramsDemo Programs

JAVA Image DemoJAVA Image Demo BBC Image DemoBBC Image Demo JAVA Audio DemoJAVA Audio Demo BBC Audio DemoBBC Audio Demo