Arsenia Chorti

Atsu Kokuvi Angélo Passah, Rodrigo C. de Lamare, Arsenia Chorti

Channel charting enables location-based services (LBSs) without requiring explicit position information by using pseudo-locations from the channel chart. While this property implies inherent privacy advantages, it does not provide formal privacy guarantees. In this work, we address location privacy in channel charting referred to as chart location indistinguishability (CLI), which extends geo-indistinguishability (GI) to channel charting representations. In order to achieve CLI, a standard planar Laplace mechanism is investigated and a geometry-aware Mahalanobis norm planar Laplace (MNPL) mechanism is devised. The proposed MNPL mechanism perturbs the channel chart by injecting noise aligned with the local structure of the chart. In the CLI framework with MNPL, privacy is defined in latent channel chart manifolds using locally adaptive covariance derived from chart neighborhoods, while preserving manifold topology under privacy constraints. In addition, differential privacy is considered as a privacy baseline. The proposed approach is evaluated across multiple channel charting schemes. The performance is assessed using utility metrics such as quality loss (QL) and range query error (RQE), as well as geometry-aware metrics including trustworthiness (TW) and continuity (CT). Numerical results demonstrate that the proposed privacy mechanism provides strong privacy guarantees while preserving the channel chart for LBSs tasks.

Muralikrishnan Srinivasan, Linda Senigagliesi, Hui Chen et al.

We discuss the use of angle of arrival (AoA) as an authentication measure in analog array multiple-input multiple-output (MIMO) systems. A base station equipped with an analog array authenticates users based on the AoA estimated from certified pilot transmissions, while active attackers manipulate their transmitted signals to mount impersonation attacks. We study several attacks of increasing intensity (captured through the availability of side information at the attackers) and assess the performance of AoA-based authentication using one-class classifiers. Our results show that some attack techniques with knowledge of the combiners at the verifier are effective in falsifying the AoA and compromising the security of the considered type of physical layer authentication.

Bac Trinh-Nguyen, Sara Berri, Sin G. Teo et al.

Localization in 5G and 6G networks is essential for important use cases such as intelligent transportation, smart factories, and smart cities. Although deep learning has enabled improving localization accuracy, depending on the deployment scenario and the effort required for dataset collection campaigns on a given infrastructure, the training process for localization models can vary significantly. Furthermore, with respect to feature selection, recent works have demonstrated the robustness of angle-of-arrival (AoA) based localization. In view of these two points, we propose an adaptive framework for AoA-based localization that consists of two alternative learning strategies, each suited either for large or small training datasets. The proposed framework is evaluated on a real, massive multiple input multiple output (mMIMO) orthogonal frequency division multiplexing (OFDM) outdoor channel state information (CSI) dataset. First, we investigate offline learning when large training datasets are available; we propose a hierarchical framework that first distinguishes between line of sight (LoS) and non line of sight (NLoS) regions and then moves to more fine grained localization in the respective region. This approach provides high-performance localization through accumulated batch retraining and an integrated hyperparameter optimization mechanism. Second, when only a small training dataset is available, an online learning framework is proposed, using incremental tree-based and ensemble-based models for handling streaming data and continuously updating mode, as well as an online few-shot learning model for rapidly initializing new classes from a limited labeled support set. These results showcase that highly accurate robust localization can be achieved incrementally during network operation by exploiting online learning, alleviating the need for large dataset collection campaigns.

André N. Barreto, Stefan Köpsell, Arsenia Chorti et al.

Imagine interconnected objects with embedded artificial intelligence (AI), empowered to sense the environment, see it, hear it, touch it, interact with it, and move. As future networks of intelligent objects come to life, tremendous new challenges arise for security, but also new opportunities, allowing to address current, as well as future, pressing needs. In this paper we put forward a roadmap towards the realization of a new security paradigm that we articulate as intelligent context-aware security. The premise of this roadmap is that sensing and advanced AI will enable context awareness, which in turn can drive intelligent security mechanisms, such as adaptation and automation of security controls. This concept not only provides immediate answers to burning open questions, in particular with respect to non-functional requirements, such as energy or latency constraints, heterogeneity of radio frequency (RF) technologies and long life span of deployed devices, but also, more importantly, offers a viable answer to scalability by allowing such constraints to be met even in massive connectivity regimes. Furthermore, the proposed roadmap has to be designed ethically, by explicitly placing privacy concerns at its core. The path towards this vision and some of the challenges along the way are discussed in this contribution.

Muralikrishnan Srinivasan, Sotiris Skaperas, Arsenia Chorti

This paper presents a systematic approach to use channel state information for authentication and secret key distillation for physical layer security (PLS). We use popular machine learning (ML) methods and signal processing-based approaches to disentangle the large scale fading and be used as a source of uniqueness, from the small scale fading, to be treated as a source of shared entropy secret key generation (SKG). The ML-based approaches are completely unsupervised and hence avoid exhaustive measurement campaigns. We also propose using the Hilbert Schmidt independence criterion (HSIC); our simulation results demonstrate that the extracted stochastic part of the channel state information (CSI) vectors are statistically independent.

Gustavo A. Nunez Segura, Arsenia Chorti, Cintia Borges Margi

Software-defined networking (SDN) was devised to simplify network management and automate infrastructure sharing in wired networks. These benefits motivated the application of SDN in wireless sensor networks to leverage solutions for complex applications. However, some of the core SDN traits turn the networks prone to denial of service attacks (DoS). There are proposals in the literature to detect DoS in wireless SDN networks, however, not without shortcomings: there is little focus on resource constraints, high detection rates have been reported only for small networks, and the detection is disengaged from the identification of the type of the attack or the attacker. Our work targets these shortcomings by introducing a lightweight, online change point detector to monitor performance metrics that are impacted when the network is under attack. A key novelty is that the proposed detector is able to operate in either centralized or distributed mode. The centralized detector has very high detection rates and can further distinguish the type of the attack (from a list of known attacks). On the other hand, the distributed detector provides information that allows to identify the nodes launching the attack. Our proposal is tested over IEEE 802.15.4 networks. The results show detection rates exceeding $96\%$ in networks of 36 and 100 nodes and identification of the type of the attack with a probability exceeding $0.89$ when using the centralized approach. Additionally, for some types of attack it was possible to pinpoint the attackers with an identification probability over $0.93$ when using distributed detectors.

Arsenia Chorti, Andre Noll Barreto, Stefan Kopsell et al.

Sixth generation systems are expected to face new security challenges, while opening up new frontiers towards context awareness in the wireless edge. The workhorse behind this projected technological leap will be a whole new set of sensing capabilities predicted for 6G devices, in addition to the ability to achieve high precision localization. The combination of these enhanced traits can give rise to a new breed of context-aware security protocols, following the quality of security (QoSec) paradigm. In this framework, physical layer security solutions emerge as competitive candidates for low complexity, low-delay and low-footprint, adaptive, flexible and context aware security schemes, leveraging the physical layer of the communications in genuinely cross-layer protocols, for the first time.

Arsenia Chorti

While the security literature predominantly focuses on the core network, the enhancement of the security of the beyond fifth generation (B5G) access network becomes of critical importance. Despite the strengthening of 5G security protocols with respect to LTE, there are still open issues that have not yet been fully addressed. In parallel as we move gradually away from the standard client-server networking paradigm and enter a new era of truly E2E quality of service (QoS), service level agreements (SLAs) in the near future will be expected to include guarantees about the quality of security (QoSec) as well. Incorporating context awareness in QoSec is projected to allow handle more efficiently aspects related to identifying the risk or threat level and the required security level. Finally, as novel sensing and intelligence capabilities are envisioned in 6G, security solutions from the palette of physical layer security can emerge, particularly for massive machine type communications involving large scale low-end IoT devices.

Miroslav Mitev, Mahdi Shekiba-Herfeh, Arsenia Chorti et al.

Lightweight and low latency security schemes at the physical layer that have recently attracted a lot of attention include: (i) physical unclonable functions (PUFs), (ii) localization based authentication, and, (iii) secret key generation (SKG) from wireless fading coefficients. In this paper, we focus on short blocklengths and propose a fast, privacy preserving, multi-factor authentication protocol that uniquely combines PUFs, proximity estimation and SKG. We focus on delay constrained applications and demonstrate the performance of the SKG scheme in the short blocklength by providing a numerical comparison of three families of channel codes, including half rate low density parity check codes (LDPC), Bose Chaudhuri Hocquenghem (BCH), and, Polar Slepian Wolf codes for n=512, 1024. The SKG keys are incorporated in a zero-round-trip-time resumption protocol for fast re-authentication. All schemes of the proposed mutual authentication protocol are shown to be secure through formal proofs using Burrows, Abadi and Needham (BAN) and Mao and Boyd (MB) logic as well as the Tamarin-prover.

Miroslav Mitev, Arsenia Chorti, E. Veronica Belmega et al.

Wireless secret key generation (W-SKG) from shared randomness (e.g., from the wireless channel fading realizations), is a well established scheme that can be used for session key agreement. W-SKG approaches can be of particular interest in delay constrained wireless networks and notably in the context of ultra reliable low latency communications (URLLC) in beyond fifth generation (B5G) systems. However, W-SKG schemes are known to be malleable over the so called "advantage distillation" phase, during which observations of the shared randomness are obtained at the legitimate parties. As an example, an active attacker can act as a man-in-the-middle (MiM) by injecting pilot signals and/or can mount denial of service attacks (DoS) in the form of jamming. This paper investigates the impact of injection and reactive jamming attacks in W-SKG. First, it is demonstrated that injection attacks can be reduced to - potentially less harmful - jamming attacks by pilot randomization; a novel system design with randomized QPSK pilots is presented. Subsequently, the optimal jamming strategy is identified in a block fading additive white Gaussian noise (BF-AWGN) channel in the presence of a reactive jammer, using a game theoretic formulation. It is shown that the impact of a reactive jammer is far more severe than that of a simple proactive jammer

Gustavo A. Nunez Segura, Sotiris Skaperas, Arsenia Chorti et al.

Software-defined networking (SDN) is a promising technology to overcome many challenges in wireless sensor networks (WSN), particularly with respect to flexibility and reuse. Conversely, the centralization and the planes' separation turn SDNs vulnerable to new security threats in the general context of distributed denial of service (DDoS) attacks. State-of-the-art approaches to identify DDoS do not always take into consideration restrictions in typical WSNs e.g., computational complexity and power constraints, while further performance improvement is always a target. The objective of this work is to propose a lightweight but very efficient DDoS attack detection approach using change point analysis. Our approach has a high detection rate and linear complexity, so that it is suitable for WSNs. We demonstrate the performance of our detector in software-defined WSNs of 36 and 100 nodes with varying attack intensity (the number of attackers ranges from 5% to 20% of nodes). We use change point detectors to monitor anomalies in two metrics: the data packets delivery rate and the control packets overhead. Our results show that with increasing intensity of attack, our approach can achieve a detection rate close to100% and that the type of attack can also be inferred.

Miroslav Mitev, Arsenia Chorti, Martin Reed et al.

With the emergence of 5G low latency applications, such as haptics and V2X, low complexity and low latency security mechanisms are sought. Promising lightweight mechanisms include physical unclonable functions (PUF) and secret key generation (SKG) at the physical layer, as considered in this paper. In this framework we propose i) a novel authenticated encryption using SKG; ii) a combined PUF / SKG authentication to reduce computational overhead; iii) a 0-RTT resumption authentication protocol; iv) pipelining of the SKG and the encrypted data transfer. With respect to the latter, we investigate a parallel SKG approach for multi-carrier systems, where a subset of the subcarriers are used for SKG and the rest for data transmission. The optimal resource allocation is identified under security, power and delay constraints, by formulating the subcarrier allocation as a subset-sum $0-1$ knapsack optimization problem. A heuristic approach of linear complexity is proposed and shown to incur negligible loss with respect to the optimal dynamic programming solution. All of the proposed mechanisms, have the potential to pave the way for a new breed of latency aware security protocols.

Gada Rezgui, E. Veronica Belmega, Arsenia Chorti

The use of energy harvesting as a counter-jamming measure is investigated on the premise that part of the harmful interference can be harvested to increase the transmit power. We formulate the strategic interaction between a pair of legitimate nodes and a malicious jammer as a zero-sum game. Our analysis demonstrates that the legitimate nodes are able to neutralize the jammer. However, this policy is not necessarily a Nash equilibrium and hence is sub-optimal. Instead, harvesting the jamming interference can lead to relative gains of up to 95%, on average, in terms of Shannon capacity, when the jamming interference is high.

Arsenia Chorti, Mehdi M. Molu, David Karpuk et al.

We investigate the possibility of developing physical layer network coding (PNC) schemes with embedded strong secrecy based on standard QAM modulators. The proposed scheme employs a triple binning approach at the QAM front-end of the wireless PNC encoders. A constructive example of a strong secrecy encoder is presented when a BPSK and an 8-PAM modulator are employed at the wireless transmitters and generalized to arbitrary M-QAM modulators, assuming channel inversion is attainable at the first cycle of the transmission. Our preliminary investigations demonstrate the potential of using such techniques to increase the throughput while in parallel not compromise the confidentiality of the exchanged data.

Arsenia Chorti, Katerina Papadaki, H. Vincent Poor

The optimal power allocation that maximizes the secrecy capacity of block fading Gaussian (BF-Gaussian) networks with causal channel state information (CSI), M-block delay tolerance and a frame based power constraint is examined. In particular, we formulate the secrecy capacity maximization as a dynamic program. We propose suitable linear approximations of the secrecy capacity density in the low SNR, the high SNR and the intermediate SNR regimes, according to the overall available power budget. Our findings indicate that when the available power resources are very low (low SNR case) the optimal strategy is a threshold policy. On the other hand when the available power budget is infinite (high SNR case) a constant power policy maximizes the frame secrecy capacity. Finally, when the power budget is finite (medium SNR case), an approximate tractable power allocation policy is derived.