Architectural Approaches to Network and Service Access Authentication Marcin Dabrowski Piotr Pacyna

Feature Articles: Communications & Information Security

Contents

Feature Articles: Communications & Information Security

4 Architectural Approaches to Network and Service Access Authentication Marcin Dabrowski Piotr Pacyna

17 Analysis of Security Vulnerabilities and Countermeasures of Ethernet Passive Optical Network (EPON) Di Jin, Stamatios V. Kartalopoulos, Pramode K. Verma

30 Analysis on the Resilience of Key Pre-distribution in Sensor Networks Shen Yulong Ma Jianfeng Pei Qingqi

38 Hierarchical Spectrum Sharing Networks Jie Chen, Chuan Han, Chulin Liao, and Shaoqian Li

48 Security Measures Against CBRN Threats: Case Study Olympic Games P. Stavroulakis, Professor

54 Customized Biometric Architecture for Access Control in Stadiums based on Federated Identities Christos K. Dimitriadis, Peter Stavroulakis, D. Polemi

63 Simulation of Propagation Loss Models and Antenna Designs for Naval Troposcatter and Tropo spheric Duct Communications Nikos J. Farsaris, Prof. Peter P. Stavroulakis

69 Chaos-based Applications in Secure Optical Communications A. Argyris, A.Bogris and D. Syvridis

79 PIM Interference Analysis under Multi-band Multi-signal Input in Duplex Indoor Distribution System Pauling Huang, Wang Baohua , Senior Engineer, China Unicom

China Communications June 2007 3 Feature Articles:FEATURE Communications & Information ARTICLES Security

Architectural Approaches to Network and Service Access Authentication

Marcin Dabrowski1 , Piotr Pacyna1,2 , 1 AGH University of Science and Technology, Poland, [email protected] 2 Universidad Carlos III de Madrid, Spain, [email protected]

ABSTRACT governmental organizations and in public access networks. The success of the radio access networks Authentication is the first step, of central importance, is attributed to their high usability, flexibility, cost- for access control and for security protection in radio efficiency and especially to the unrestricted commu- access networks. A general model for authentication nications capability. Multiple radio access technolo- was adopted from fixed networks and applied to the gies favor competitiveness, accelerate progress in wireless world. However, the differences in the the field and propel the wireless industry. operational environment between the fixed and the Diversity has led to heterogeneity, with the side wireless world, heterogeneity of the radio communi- effect of a burden with inter-working between tech- cations systems, new trends in service provisioning, nologies and systems. Many challenges of inter- emerging business models and performance require- working are characteristic of a particular network ments raise the need to revisit the original require- setup, the technologies in use and the services under ments for authentication systems and to come up deployment. Some of them, however, are common to with schemes that better suit current needs. In this all installations. Specifically, in all the systems the review paper we discuss authentication in single- network infrastructure and the services need to be hop radio access networks by characterizing the protected against misuse. Authentication is the first current as well as the emerging authentication step, of central importance, in network and service schemes. access control and in security protection. This re- Key words: authentication, access control, wire- view paper studies the current and the emerging less networks, next-generation Internet approaches to authentication in single-hop radio access networks. I. INTRODUCTION II. SCOPE OF AUTHENTICATION In recent years, the wireless access networks have received broadband capabilities and have become Authentication allows to proove identity of a available for residential and institutional users. Broad- subject-a user, a system or a device-by verifying band radio access networks have been under deploy- credentials which are presented by the subject. The ment in enterprises, campuses, public institutions, subject is referred to by means of an identifier - some

4 China Communications June 2007 Feature Articles: Communications & Information Security

naming convention, such as true name, a pseudonym New requirements for authentication in the wire- or, in an indirect way, by means of identifier of a less access networks are mainly related to user device owned by the subject, which allows for the so mobility, which is defined as the ability to change called user- or device authentication schemes. The point of attachment in a network. A physical change authentication is performed by a verifier in a uni- of the attachment due to a movement can also imply directional authentication or by both parties when a logical change of location in the network topology involved in the mutual authentication process. The or a change of the network operator, known as intra- subject and the verifier may have come across each domain and inter-domain handoff, respectively. A other before, but they needn’t necessarily have had a default requirement of almost any mobility scenario relationship at any time before. is continuous reachability of a mobile user. The Verification of the credentials submitted in the ability to sustain previously established sessions in process is conducted with support of trusted entities, spite of the movement, preferably with little or no such as e.g. authentication servers, which maintain a impact on session continuity, is another requirement. binding between the credentials and the subject and In the new context defined by mobility, a few are in a position to ascertain at any time validity of essential technology requirements need to be taken the binding. to account with respect to an authentication system: Authentication serves secure bootstrapping of net- 1) In systems which are supporting mobility, the work attachment, as a part of an access control users are ‘always on’ the network and may own process aimed to prevent service theft by unautho- multi-mode capable devices. With such diversity, rized individuals, impersonation of legitimate users the authentication systems need to be particularly also known as the identity theft. robust, scaleable and resilient to attacks. Methods Although a general model for authentication in of various complexity must be supported and the radio access networks was adopted from fixed system must be extensible for the emerging copper-wire access and cable networks, and next authentication methods. applied to the wireless world, some methods have 2) Mobile users prefer to be involved in a few been devised specifically for the wireless networks. business, relationships, preferably only with an These new methods are evolving due to signifi- operator in their home area. Multiple business cant differences of the operational environment relationships are either troublesome for users and between the fixed and the wireless world and due hence disfavoured or, simply unfeasible because to changing threat models when new forms of of random roaming patterns. attacks are discovered. 3) The employed authentication system must not overly depend on the mobility management A. New requirements for the wireless en- scheme or type of re-addressing used to support vironment mobility. 4) In open access systems, where multi-access tech Successful authentication establishes a trust rela- nologies are used, the necessity for frequent tionship between the subject and the verifier (also re-authentication, likely at every handoff, is known as the authenticator). The trust can be uni- or required. Also, small cell sizes, typical of some bi-directional, symmetric or asymmetric depending wireless technologies, imply short visiting times on the type and strength of the employed authentica- and quite frequent intra-domain handoffs. Low tion method. It is represented by unidirectional secu- protocol overhead and low overall latency of the rity association(s) which define a ciphersuite and authentication process is an advantage. cryptographic keying material used for subsequent 5) Delay sensitive application, in particular conver protection of communications on the wireless link. sational services, leave little tolerance margins

China Communications June 2007 5 Feature Articles: Communications & Information Security

for re-authentication during handoff. The new requirements. On the contrary, existence of requirement for voice call continuity favors large install base of authentication systems used so low-latency re-authentication and make-before- far, calls for incremental upgrades to build upon the brake authentication (pre-authentication), so that existing infrastructure and experience. Today, new the latency does not add to handover latency. requirements for authentication are diffusing the New business models are also expected to change well established methods. service provisioning. In particular: In the following sections we present recent ad- 6) Deregulation of the markets allows for market vances in network access authentication. In order to fragmentation. Pre-established security associations make the text comprehensive we begin with a revi- between a customer and the serving network will sion of legacy methods for better presentation of the differences in the new methods. be rare due to continuous roaming of users. 7) Wireless or cellular network service providers with disproportionate geographical coverage will III. AUTHENTICATION IN WIRELINE exist in the future, so that inter-domain handoffs NETWORKS will be more frequent than so far. Authentication should be robust also where roaming agreements Extensible Authentication Protocol [1] was intro- between the providers do not exist. duced in dial-up networks to authenticate a terminal 8) Authentication schemes need to support cooperative before releasing configuration parameters and an IP business models based on delegating some address to a terminal. EAP is an authentication network-related functions and sharing the infra framework independent on the lower-layer protocols. structure by some providers. It employs different authentication methods for dif- 9) In a multi-service environment services are of ferent use cases. The EAP protocol was adopted in fered by the third party providers. In order to broadband access technologies ranging from cable facilitate such schemes a combined network and modems to xDSL. Today, it is also used in broadband service authentication is encouraged where the radio access in WLAN, WiMax, 2G and 3G cellular network infrastructure and the service providers networks. are separate, but federated entities. EAP relies on data-link layer including point-to- 10)Anonymity and pseudonimity for users need to point and shared links so there’s no need to deploy be supported with un-linkability protection be additional protocols. It can also be transported over tween separate authentications. Authentications IP or over higher layer protocols, such as RADIUS. should remain un-linkable by other users in the Although EAP is involved in the authentication system as well as by the visited access network process, it does not specify any particular authentica- providers. Nevertheless, tractability of users’ tion scheme. Its strength is in simple syntax, lock- activity, e.g. for lawful interception, should be step design that allows for simple implementations plausible to comply with local legal regulations. and in extensibility. EAP supports the old and the 11)Strong identity management systems maintained emerging authentication methods without the need by the identity providers, which are capable of to upgrade the protocol itself. There is no need to partial sharing of personally-identifiable upgrade Authenticators, since these can operate in information with third parties, are needed, a pass-through mode essentially by forwarding subject to local law. messages between the subject and the authentica- New capabilities of radio access technologies in- tion server. fluence the way radio access systems are designed, EAP-TLS [2], PEAP [3], TTLS [4] and EAP- built and operated, so the previous methods for FAST [5] are variations of the Transport Layer authentication become partly incapable to satisfy the Security (TLS) protocol [6]. TLS makes use of

6 China Communications June 2007 Feature Articles: Communications & Information Security

public key cryptography and certificates to establish cryptography and the possibility, or actually the a secure communication channel between two entities. necessity to support client-side certificates is another On the contrary, the EAP-SIM and EAP-AKA are one. The ability to protect identity of a subject and its examples of symmetric cryptography among the credentials in the initial phase is important, too. Key authentication methods [7], [8]. derivation and key management strategy is similar, The TLS Handshake establishes a shared secret but somewhat different. Complexity of protocol between the client and the server for subsequent exchange, the resulting signaling overhead and the protection of the communications channel. TLS is induced delay in terms of the round-trip time re- supported with EAP-TLS method which wraps hand- quired to complete the process are different, too. shake messages in EAP Request – EAP Reponse transactions. With the mandatory exchange of both IV. AUTHENTICATION IN WIRELESS client and server certificates EAP-TLS sends client’s NETWORKS identity and certificates through a non-secured channel and enforces the use of client side certificates A. Port-based network access authentica- which is sometimes inconvenient. tion in IEEE 802.1X These drawbacks have been addressed in the two- phase Protected EAP (PEAP) method. In the first In the port-based Network Access Authentication phase a secure tunnel is established with TLS hand- (PBNA), originally specified in the IEEE 802.1X for shake over EAP. Unlike in EAP-TLS the client-side the wired networks, the supplicant and the authenti- certificate is optional here and the client uses tempo- cator exchange messages in order to verify each rary Network Access Identifier (NAI) instead of the other’s identity with help of an Authentication Server, real name. Once the secure TLS tunnel has been and next generate a shared secret for protection of established, other EAP methods can be run over the communications on the access link and to open a port tunnel [3]. The tunnel protects the subsequent meth- on the Authenticator for unrestricted communica- ods so the client can release its identity in a secure tions [9]. way. PEAP allows for TLS session renegotiation, so The use of IEEE 802.1X on the IEEE 802.11 that after the secure channel is in place, the second wireless links is different depending, to some extent, TLS handshake can proceed assuring that certifi- on whether the IEEE 802.1X authentication occurs cates of both involved parties are protected. before, or after the Mobile Node association. For EAP-tunneled TLS (TTLS) has much in com- example, some concepts, such as e.g. controlled/ mon with PEAP. The difference is in the second uncontrolled ports do not apply to IEEE 802.1X pre- phase where TTLS remains compatible with the authentication. The details can be found in [10]. RADIUS protocol. Further considerations in [10] address protected ca- Flexible Authentication via Secure Tunneling pability negotiation, filters activation, authentica- (EAP-FAST) is similar to PEAP in setup of a secure tion of control and management frames and com- channel for use by less strong methods. Protected ments on 802.1X pre-authentication, some of which Access Credential (PAC), a kind of pre-shared secret, have been accounted for during specification of new is used to establish a secure channel via TLS. After- standards, such as, e.g. 802.11r [15]. wards a weak authentication method can proceed. All the above methods fit in the general EAP B. Native methods in IEEE 802.11 protocol exchange and look alike, but differ in many respects. Among the differentiating factors there is In the infrastructure mode of the IEEE 802.11b a support for device authentication, user authentica- Mobile Node (MN) must first associate with an tion or both. The use of symmetric or asymmetric Access Point (AP) in order to be able to communi-

China Communications June 2007 7 Feature Articles: Communications & Information Security

cate with other nodes within the Basic Service Set (BSS). The association involves Open-System Au- thentication (OSA) and Shared-Key Authentication (SKA) modes. The OSA authentication is a simple two-way handshake. The station sends a request with its MAC address as an identity to the authenticating station or to the Access Point which responds with the success message. The Shared-Key Authentication mode comprises of a 4-way handshake to make sure that both the requestor and the authenticating entity (usually an AP) possess the same shared key. The requestor first sends its identity. Next, the authenticating entity responds with a random challenge-text to be encrypted using the secret key by the requestor. The encrypted text is sent back to the authenticating entity for decryption using its own copy of the secret key. If the decrypted text is the same as the one sent earlier, the authenticating entity sends the success Fig The RSNA establishment procedure message to the requestor. Authenticator for use as the PMK to avoid the 802. Both methods are focused on authenticating the 1X exchange: during re-associations a previously station (STA) only. cached PMK can be used immediately to reduce authentication latency of new authentications and to C. Authentication IN IEEE 802.11I reduce the associated computational overhead. In IEEE 802.11i WLAN networks strong authentication is achieved with Robust Security Network (RSN), V. AUTHENTICATION IN IEEE 802.16 better known as WPA2 [14]. The 802.11i process consists of the initial hand- The IEEE 802.16e-2005 standard introduces a MAC shake between the MN and the AP for security Security Sublayer [16] which defines Security Asso- capability discovery, then 802.1X exchange between ciations (SAs), Privacy Key Management (PKMv2) the supplicant, the authenticator and the authentica- protocol, encapsulation protocol and X.509 certifi- tion server for Master Session Key (MSK) and cates for Subscriber Station (SS) and Base Station Pairwise Master Key (PMK) derivation, and finally (BS) mutual authentication. The goal of SS authori- between the Supplicant and the Authenticator again zation is to create the Authorization SA and the (the 4 way-handshake) for proof-of-possession of associated Authorization Key (AK). The SS has X. the MSK and derivation of a Pairwise Transient Key 509 certificates with the manufacturer’s and the (PTK), as shown in Fig. 2. Successful completion of station’s public keys. These are sent to Base Station these three handshake procedures results with mu- (BS) during authorization. BS verifies SS’s certifi- tual authentication between MT and the AP as well cate using manufacturer’s public key, generates the as a joint possession of the PMK/PTK by the suppli- Authorization Key and sends it to the SS encrypted cant and by the authenticator. using SS’s public key. The model assumes trust re- The standard also allows for static configuration of lation with manufacturers who issue certificates for a Pre-Shared Key (PSK) on the Supplicant and the subscriber stations. It further assumes that the SS’s

8 China Communications June 2007 Feature Articles: Communications & Information Security

private key is protected from compromising, i.e. the MSK) can be repeated with the same PMK, hardcoded in the hardware. therefore during re-authentication a check for avail- After a successful authorization the SS and the BS ability of PMK is performed. With the PMK avail- share the AK key which is then used to create traffic able from previous invocations, the four-way hand- Encryption Keys (TEK) as a part of key provisioning. shake is immediately started to test the connectivity Because the AK and the TEK have finite lifetimes, between the MT and the AP, to select the cipher they must be periodically regenerated. For that suite and to generate a new Pairwise Transient purpose, there are two TEKs: the current and the session Key (PTK). secondary one. Currently there’s a work-in-progress Say it short, the RSN has an important built-in towards extending this model to support mobile capability to generate a new PTK each time a re- multihop relay (MMR) in IEEE 802.16j. association is executed. Therefore, transfer of security context from the old- to the new AP during VI. AUTHENTICATION IN GSM AND UMTS handoff, and the associated risk of a domino effect in case the previous key was somehow compromised, is not an issue anymore. The new PTK is created and In GSM, network access is protected with EAP-SIM installed in the MAC layer, so a secure channel is method based on symmetric encryption/decryption available for data transmission. An in-depth security key stored at the same time in the SIM (Subscriber analysis of the IEEE 802.11i 4-way handshake can Identity Module) card and in the Authentication be found in [14]. Center (AuC) or Home Location Registry (HLR) [7]. The key is used for authentication and derivation of B. Fast BSS transition in IEEE 802.11r the encryption key. IMSI identifier of a user or a pseudonym can be used to protect the identity. EAP- The IEEE 802.11r [15] enhances data-link layer SIM exhibits vulnerability in roaming scenarios be- mobility of WLAN stations (STA) with Fast BSS tween cellular and WLAN hot-spots, because the transition services referred to as the fast roaming. protocol lacks mutual authentication allowing for The main objective of Fast BSS transition is to user authentication only. The initial EAP-SIM ex- minimize or eliminate connectivity loss during L2 change (SIM handshake) does not include tunnel handover within BSS for better support of delay- and setup to the AuC. As a result SIM-data is exposed loss sensitive applications, such as voice to eavesdropping in prone environment of a hot- communications. Fast BSS transition enables a sta- spot. The EAP-AKA in UMTS is different by tion (STA) to prepare handoff ahead of re-association. The preparation includes re-authentication and deri- support of mutual authentication of both the user vation of the encryption keys for protection of the and the network. new channel. For that, the Fast BSS introduces a new framework for security key derivation and VII. MOBILITY WITH AUTHENTICATION management. The process consists of three phases. AT THE DATA-LINK LAYER During discovery MT locates and determines the target AP for Fast BSS transition. This phase is out A. Basic Service Set transition in IEEE of scope of 802.11r leaving space for use of legacy 802.11i beacon signal, probe requests/response or for other means, such as, the future IEEE 802.11k or Informa- The four-way handshake in 802.11i is a key manage- tion Services (IS) of the emerging IEEE 802.21 [17]. ment protocol and an important part of the RSNA Authentication: Fast BSS Transition services pro- setup process. The central point of 802.11i is that the vide mechanisms for communications with the tar- 4-way handshake (the mutual proof of possession of get AP prior to re-association. The signalling ex-

China Communications June 2007 9 Feature Articles: Communications & Information Security

change is carried over-the-air or through the existing VIII. RE-AUTHENTICATION AT THE association with the serving AP, i.e. over-the-distri- NETWORK LAYER bution-system. Transition: depending on the handoff algorithm The common mobility management scheme at the the MT chooses the moment to commit transition to network layer for systems based on IP protocol is the the new AP. During the transition current association Fast Handover scheme for Mobile IPv6 [18]. is terminated and the new one is established. In The Fast Handover is used in combination with summary, the Fast BSS transition is a scheme for re- AAA exchange for mutual MT-network authentica- association with reduced handoff latency and a good tion at the IP layer. To this point, numerous proposals security through key re-generation. The procedure is for joint signaling exchange have been made, most of applicable to transitions within the same BSS. It is which aim to reduce the combined latency of Mobile not suitable to inter-BSS transitions which imply L3 IPv6 location update to a mobility agent, and the handovers due to change of the Access Router or latency of the authentication procedure with a AAA change of the router interface. The signaling ex- server, which are both assumed to be located in the changes are shown in Fig. 3. home network. The classical approach to mitigate the latency problem is by simultaneous accomplishment of both procedures as presented in Fig. 4. The complexity of this mobility scheme is in that the L3 handover is often triggered when the signal strength received by the network interface is low and the handover is imminent. This strategy leaves little time to complete both procedures and introduces the necessity to resume and complete the process after the MT gets connected to the new point of attachment (nAP) and to the corresponding new AR (nAR). Fig IEEE Data link handover in IEEE r overthe This requires some grace period for signaling ex- distributionsystem change after a L3 handover.

Fig Authentication and access control in L Fast Handover with AAA: proactive (left) and reactive (right)

10 China Communications June 2007 Feature Articles: Communications & Information Security

IX. ROAMING WITH MEDIA-INDE- input in order to establish Pair-wise Transient Keys PENDENT PRE-AUTHENTICATION (PTKs) and Group Transient Keys (GTKs) [20]. The PTK will be used for communications protection at The recent proposal for media-independent pre-au- the data-link layer. thentication (MPA) is a mobile-assisted handover optimization scheme suitable for mobility manage- X. APPLICATION KEYING ment protocols operating at the network or higher layers [19]. Given the vast number of services, the MN usually MPA aims at low-latency mobility of a Mobile has to go through multiple level authentications and Node achieved by means of pre-authentication. A authorizations, traditionally based on EAP. In terms concept similar to IEEE 802.11i is deployed here at of overhead and latency this is not optimal. Some the network layer, with supplementary mechanisms proposals have been recently considered in the IETF for advance acquisition of IP address from the target [28], which assume one EAP authentication to be network and for an in-advance handover to that sufficient. Based on the resulting keying material, network while the Mobile Node is still attached to the multiple separate master session keys for services current one. So, with MPA, a Mobile Node is able to can be generated. The notion of Application Master securely obtain configuration parameters from the Session Key (AMSK) or Usage Specific Root Key target network and to exchange IP datagrams still (USRK), a service-specific keying material, is intro- before it commits a handover. duced which can be generated from the Extended A security association is set up ahead of handoff Master Session Key (EMSK). EMSK is normally with the new AR by means of pre-authentication: a derived by an EAP method [29], but not used within proactive tunnel between the Mobile Node and the the EAP keying framework. nAR for host pre-configuration and for data traffic is When the initial EAP authentication is completed, established (secure proactive handover). MPA should AMSKs are created and delivered to the service be capable of supporting inter-domain handovers nodes and to the Mobile Node, so that no separate both between the federated and non-federated do- EAP authentications per service are required. mains [19]. The approach of Hoakey has recently considered The target network and the Mobile Node jointly proactive and reactive model for AMSKs distribution. derive a Pairwise Master Key (PMK), using the In the proactive one the EAP server distributes MPA Security Association established during pre- AMSKs to service nodes, based on the assumptions authentication [20]. From the PMK, distinct Tran- that the server knows the services to use and the sient Session Keys (TSKs) are derived for each AP involved nodes. In the reactive model, a service node queries the server for its AMSK upon service request in the target network. Other keys, e.g. for from the accessing node. The proposal introduces a bootstrapping the data-link layer can be derived, too. Key Holder, an entity responsible for caching of The target network may install the keys derived keying material. from the PMK and used them for secure associa- One particular application of USRK is to derive a tions in points of attachment. The keys may be root for key hierarchy in handover management. It TSKs or some intermediary keys from which TSKs could help to avoid a complete re-authentication are derived. during the handover in wireless access networks and After the Mobile Node chooses the target network improve scalability of the authentication system. and switches to the new point of attachment of its The root for handover key hierarchy is a special choice, it executes a secure association protocol such USRK named Reauthentication Root Key (rRK). as IEEE 802.11i 4-way handshake using the PMK as Next, the hierarchy is built based on the rRK with:

China Communications June 2007 11 Feature Articles: Communications & Information Security

R0-Keys used to derive R1-Keys and delivered to XII. ROAMING WITH APPLICATION Access Nodes. Finally, the R1-keys are used by a LAYER AUTHENTICATION Secure Association Protocol (SAP) to create Tran- sient Session Keys (TSKs) for data protection be- Transporting users’ credentials from one service pro- tween the Mobile Nodes and the Access Nodes [29]. vider to another is an important issue pertaining to The architecture is depicted in Fig. 5. security at the application layer. One solution to that problem, known as a Single Sign-On (SSO), is addressed by Security Assertion Markup Language (SAML) [21]. When the user roams, SAML assures that security credentials roam with him. SAML defines three types of assertions, or statements, which cover various types of credentials. Authentication Assertions are issued by a party which has successfully authenticated a user (a principal). Attribute Assertions describe attributes of a user, while Authorization Assertions provide Fig Handover key hierarchy for mobility information about permissions user have in a cer- management work in progress tain security domain. When the MN roams, instead of running full EAP SAML also introduces SAML Protocols such as re-authentication each time, it computes appropriate Assertion Query and Request Protocol, Authentica- R1-Key appropriate for the Access Node it moves to. tion Request Protocol and Artifact Protocol. SAML Protocols describe how assertions are requested, but XI. PRE-AUTHENTICATION IN do not provide a transport for SAML. Instead, they HOAKEYP introduce Bindings between SAML Protocols and the lower level communication protocols for trans- In the IETF, two possible scenarios for pre-authen- port of SAML messages. A general-level component tication are studied in the Hoakey working group: of SAML is a profile, which describes how Assertions, direct and indirect pre-authentication. In the first Protocols and Bindings are collected for a particular scenario, a Mobile Node pre-authenticates with a use case, such as e.g. a Web Browser SSO Profile. In a Web Browser SSO/Artifact Profile a user target authenticator directly. The so called serving roams based on a URL containing an artifact which authenticator is unaware of this process. Because the is a reference to SSO assertion. The artifact allows target authenticator and the Mobile Node may possi- the new provider to retrieve security assertions for a bly be in different subnets, in the direct pre-authen- roaming user from another provider. In Web Browser tication MN-TA signaling will likely run in network SSO/POST Profile the assertions are transferred by layer using PANA transport [30]. In the second means of a HTML form which contains a complete scenario, MN pre-authenticates with the target au- assertion, and not by a reference. When a user roams, thenticator with the assistance of the serving the serving provider pushes a form with HTTP POST authenticator. In this case signaling between the mechanism to the target provider. Mobile Node and the serving authenticator may go over In spite of some doubts that federated identity may the data- or over the network layer; the serving authen- be inefficient e.g. between systems with essentially ticator to target authenticator signaling will probably different policies, many interesting solutions have run at the network layer. This work is in progress. been presented, e.g. [22].

12 China Communications June 2007 Feature Articles: Communications & Information Security

XIII. GENERIC AUTHENTICATION XIV. AUTHENTICATION METHODS IN 3GPP IN RESEARCH

The Generic Authentication Architecture (GAA) is an Many of the methods which are currently under authentication and key agreement scheme in 3G sys- standardization for mobility-enabled Internet origi- tems [31]. The process runs between the user (by nate from previous research activities. The collec- means of a handset) and the service provider in the tion of the papers on the topic is hudge and falls Internet with assistance of the cellular network beyond the scope of this paper. Here we just want to infrastructure. The solution has been proposed to characterize a few representative, in particular those reduce the burden of managing separate credentials by which employ some use patterns now reflected some- a user of a cellular phone for different services and to how in the schemes. reduce the burden of distributing credentials by the service providers. The GAA provides keying mate- A. Proactive Key distribution rial for a client who is willing to use a service and to Pro-active key distribution was proposed to reduce service providers who rely on a shared secret key authentication latency by maintaining information authentication. GAA can also sign certificates for about neighboring APs by means of neighbour graph applications which require asymmetric authentication. and advance distribution of keying material to all In that sense GAA is an mutual authentication service APs in the graph for future use by EAP-TLS, just in between the client and the operators, maintained by case a MT performs a handover there. The method the cellular network operator, which allows the client avoids sharing key material amongst multiple APs, and the service provider to re-use the Authentication at the cost of substantial load of AS in generation and and Key Agreement (AKA) of a 3G system. distribution. The service is comprised of two phases: bootstrapping authentication procedure (the common B. Predictive authentication part) and the bootstrapping usage procedure. The Predictive Authentication is a family of schemes to common part is whereby the client and the operator accelerate authentication within a Frequent Handoff execute mutual authentication and agree on the shared Region (FHR) determined from past user movement session keys. These can next be retrieved by the patterns [33]. In this scenario the Authentication service provider during bootstrapping usage phase, Server responds to an authentication request coming for direct use between the client and the service from a MT by sending multiple authentication re- provider. Alternatively, the key can be used by the sponses to all APs in the FHR. client to authenticate his request for certificate to the Predicitve authentication can also be achieved operator which is retrieved from the PKI infrastructure. by means of security context transfer over a pre- Next, the certificates and the corresponding key pairs established IPSec tunnel between APs, members are used to authenticate to the client to the service of the neighbor graph. This method was specified provider. in IAPP protocol (IEEE 802.11f) and accelerated The actual process is implemented in two modes: with proactive caching. Now it is considered GBA_ME and GB_U which differ in the security unsafe, since not only context, but also a risk can levels [31]. be transferred. The above methods are similar in The advantages of using GAA are clear, provided concept and applicability they can work in a that the service provider and the user jointly trust the single administrative domain. Inter-domain operator. There also exist extensions in 3GPP for the handoffs are out of scope, or difficult to maintain combined use of GAA with Single Sign On service. in a secure way in predictive authentication.

China Communications June 2007 13 Feature Articles: Communications & Information Security

C. Inter-domain authentication handover problem, but, without going into details, a new disassociation frame would have to be Some solutions to fast authentication problem have added to IEEE 802.11 standard. Furthermore, in- been presented in [27]. They exploit the set of direct ter-domain handover scenario needs prior trust and implicit trust relationships that exist between relationship between domains by means of some particular elements of Wireless LAN. The first business agreement. approach is extending IAPP for inter-domain mobility, by setting up pre-existing secure links between APs from separate domains therefore en- XV. SUMMARY abling IAPP context transfer between different domains. The important aspect here is that a roam- Authentication of entities is fundamental in the net- ing agreement between the domains must exist. working environment. The authentication process, Other approach for optimizing inter-domain au- and its manifold subtle issues, have been elaborated thentication is Inter-domain Proactive Key by multiple groups and standardization bodies for Distribution. Here, the idea is to compute and different network technologies and systems. Most of deliver PMKs to possible handover candidates in the approaches to authentication in the context of an inter-domain environment. Three main aspects infrastructure-based networks, have been rooted in have to be taken into account. First, MN location the EAP model. Over time, they have been improved has to be tracked in the home AS. Second, the when cavities and new types of threats were handover candidates have to be determined, there- discovered. fore some kind of inter-domain neighbour graph Recent shift to the wireless Internet, forces us to has to be created, and, the computed keys have to be revisit many assumptions about the authentication distributed to handover candidates in some way. process. The interest in strong authentication methods is growing as well as acceptance for complex D. Roaming key based handovers schemes, but with little tolerance for the associated Roaming key based handover is a new approach overhead and latency. introduced in [26], [27]. It consists of three main With the current uncertainty about the business components: the Roaming Key (RK), the Context models, networks and services in next-generation Information (CI), a set of security parameters, and networks there is a need for a flexible, technology- the Security Information (SI). The RK was a new key independent authentication framework accommo- whose purpose is to provide mutual authentication dating requirements typical of wireless systems, and when handover happens. It can also be used as an showing good performance under complex mobility encryption key in inter-domain handover until new schemes with single sign-on capability, not only by PTK and PMK are derived. means of SAML, but also, for example, in other well When the station (STA) associates with an Access established systems such as Kerberos. Point (AP), CI is distributed in the neighbor graph. If, at some point in time, STA handovers, the serving XVI. ACKNOWLEDGMENTS AP sends the SI to the STA and to the target AP. Now both STA and the target AP possess RK by means of The work described in this paper has been done in which they can communicate until receiving new IST FP6 Integrated Project DAIDALOS II (IST- PTK and/or PMK. 2006-026943). The authors wish to thank the anony- This approach can address the inter-domain mous reviewers for their feedback on the paper.

14 China Communications June 2007 Feature Articles: Communications & Information Security

XVII. SELECTED REFERENCES Issues in Privacy and Key Management Proto- cols of IEEE 802.16”, [1] B. Aboba, L. Blunk, J. Vollbrecht, J. Carlson, H. [14] C. He and J.C. Mitchell, “Security Analysis Levkowetz, “Extensible Authentication Protocol and Improvements for IEEE 802.11i, Network (EAP)”, RFC3748, IETF, 2004. and Distributed System Security Symposium [2] B. Aboba, D. Simon, “PPP EAP TLS Authen- (NDSS '05)”, San Diego, February, 2005. tication Protocol”, RFC2716, IETF, Oct. 1999. [15] “Wireless Medium Access Control (MAC) [3] A. Palekar, D. Simon, J. Salowey, H. Zhou, G. Zorn, and physical layer (PHY) specifications: Amend- S. Josefsson, "Protected EAP Protocol (PEAP)", IETF ment 2: Fast BSS Transition”, IEEE P802.11r/D4. draft, work in Progress, October 2004. 0, Nov. 2006. [4] P. Funk, S. Blake-Wilson, “EAP Tunneled [16] “IEEE 802.16e-2005 IEEE Standard for lo- TLS Authentication Protocol”, draft-ietf-pppext- cal and metropolitan area networks Part 16: Air eap-ttls-05.txt, work-in-progress, IETF, 2004. Interface for Fixed and Mobile Broadband Wire- [5] N. Cam-Winget, D.McGrew, J.Salowey, H. less Access Systems Ammendement for Physical Zhou, “The Flexible Authentication via Secure and Medium Access Control Layers for Combined Tunneling Extensible Authentication Protocol Fixed and Mobile Operation in Licensed Band”. Method (EAP-FAST)”, draft-cam-winget-eap-fast- [17] "Draft IEEE Standard for Local and Met- 05.txt, IETF, work-in-progress, IETF, Oct. 2006. ropolitan Area Networks: Media Independent [6] T.Dierks, E. Rescorla, “The Transport Layer Handover Services, IEEE P802.21-D00-04", A Security (TLS) Protocol Version 1.1”, RFC4346, contribution to IEEE 802.21 WG, January 2006. IETF, April 2006. [18] P. Pacyna, “Advances in mobility manage- [7] H. Haverinen, J. Salovey, “Extensible Authen- ment for the NG Internet”, China Communications, tication Protocol Method for Global System for Mo- June 2006, vol. 3, no. 3, pp. 76-90. bile Communications (GSM)Subscriber Identity [19] V. Fajardo, Y. Ohba, K. Taniuchi, H. Modules (EAP-SIM)”, RFC4186, IETF, Jan. 2006. Schulzrinne, “A Framework of Media-Indepen- [8] J. Arkko, H. Haverinen, “Extensible Authen- dent Pre-Authentication (MPA)”, IETF draft, tication Protocol Method for 3rd Generation Au- draft-ohba-mobopts-mpa-framework-03, work-in- thentication and Key Agreement (EAP-AKA)”, progress, October 2006. RFC4187, IETF, Jan. 2006. [20] B Aboba, D Simon, J. Arkko, P. Eronen, H. [9] M. Mesic, M. Golub, “An Overview of Port- Levkowetz,“Extensible Authentication Protocol Based Network Access Control”, Proceedings of (EAP) Key Management Framework”, Work in the Information Systems Security, MIPRO 2006, Progress, draft-ietf-eap-keying-14.txt, IETF, June 2006. May 22 - 26, 2006, Opatija, Croatia, pp. 193-198. [21] S.Cantor et al., “Assertions and Protocols [10] B. Aboba, “IEEE 802.1X Pre-authentication”, for the OASIS Security Assertion Markup IEEE 802.11-02/389r1, IEEE, 2002. Languange (SAML) V2.0”, OASIS SSTC, 2005. [11] "IEEE Wireless LAN Edition A compila- [22] Y. Matsunaga, A. S. Merino, M. Shah, T. tion based on IEEE Std 802.11-1999(R2003)", Suzuki, R. H. Katz, “Secure Authentication System Institute of Electrical and Electronics Engineers Sep- for Public WLAN Roaming”, Mobile Networks and tember 2003. Applications, Volume 10 , Issue 3, June 2005. [12] “Part 11: Medium Access Control (MAC) [23] A. Mishra, M. Shin, N.L. Petroni, T.C. and Physical Layer (PHY) specifications, Clancy, W. Arbaugh, “Pro-active key distribution Ammendment 6: Medium Access Control (MAC) using Neighbour Graphs”, IEEE Wireless Com- Security Enhancements”, IEEE Standard, 2004. munications Magazine, February 2004. [13] S. Xu, M. Matthews, C-T Huang, “Security [24] “IEEE Trial-Use Recommended Practise for

China Communications June 2007 15 Feature Articles: Communications & Information Security

Multi-Vendor Access Point Interoperability via an BIOGRAPHIES Inter-Access Point Protocol Across Distribution System Supporting IEEE802.11 Operation”, IEEE Marcin Dabrowski re- Std. 802.11F-2003, IEEE, 2003. ceived M.Sc. degree in elec- [25] M.S. Bargh, R.J. Hulsebosch, E.H. Eertink, tronics and telecommunica- A. Prasad, H. Wang, P. Schoo, “Fast Authentica- tions in 2005 and, next, M.Sc. tion Methods for Handovers between IEEE 802. in computer science in 2007 11 Wireless LANs”, Proceedings of the 2nd ACM both from the AGH Univer- international workshop on Wireless mobile applica- sity of Technology in Krakow, tions and services on WLAN hotspots, Philadelphia, Poland where he is now a Ph.D. student and delivers PA, USA, pp.51-60, 2004. "Secure Communications Systems" course. His re- [26] A. R. Prasad, H.Wang, “Roaming Key based search activities focus on digital identity manage- Fast Handover in WLANs”, Wireless Communica- ment and security. tions and Networking Conference, 2005, Volume 3. Marcin Dabrowski takes part in IST Integrated [27] A. R. Prasad, A. Zugenmaier, P. Schoo, “Next Project Daidalos II. He works as a Project Manager Generation Communications and Secure Seam- in Telco OSS at Comarch. less Handover”, Workshop of the 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks, 2005. Piotr Pacyna received M. [28] M. Nakhjiri et al, AAA based Keying for Sc. degree in computer sci- Wireless Handover: Problem Statement”, IETF ences and a Ph.D. degree in draft, work-in-progress, June 2006. telecommunications in 2005 [29] K. Chowdhury, J. Bournelle , M. Nakhjiri, from the AGH University of “Problem Statement for the AMSK”, draft- Technology in Krakow, Po- chowdhury-hoakey-amsk-ps-00, work in progress, land where he is lecturing IETF, 2006. courses on "Next Generation IP networks", "Dis- [30] D. Forsberg, Y. Ohba, B. Patil, H. Tschofenig, tributed Network Environments" and "Secure Com- A. Yegin,“Protocol for Carrying Authentication munications Systems". His research activities focus for Network Access (PANA)”, draft-ietf-pana-pana- on next-generation 12, work-in-progress, IETF, August 2006. wireless communications systems, mobility and [31] 3GPP GAA 33.919, “3G Security; Generic security. Piotr Pacyna spent sabbatical leave in Authentication Architecture (GAA); System de- CNET France Telecom in Paris, France and in scription”, http://www.3gpp.org/ftp/Specs/html- University of Carlos III in Madrid, Spain. info/33919.htm Piotr Pacyna has been active in ACTS and IST [32] T. Olkkonen, “Generic Authentication Ar- chitecture”, Security and Privacy in Pervasive research projects founded by the European Computing, Seminar on Network Security, Espoo 2006. Comission: Broadband Trial Integration (1997- [33] S. Pack and Y. Choi, “Fast Inter-AP Handoff 2000), Moby Dick (2001-2003) and in IST Inte- using Predictive-Authentication Scheme in a Pub- grated Project Daidalos (2003-2006). In Daidalos II lic Wireless LAN,” in Proc. of Networks 2002 (Joint (2006-) he has been a member of the architecture ICN 2002 and ICWLHN 2002), Aug. 2002. design team.

16 China Communications June 2007 Feature Articles: Communications & Information Security

Analysis of Security Vulnerabilities and Countermeasures of Ethernet Passive Optical Network (EPON)

Di Jin, Stamatios V. Kartalopoulos, Pramode K. Verma School of Electrical and Computer Engineering Telecommunications Systems Program University of Oklahoma - Tulsa Tulsa, OK 74135, USA Email: [email protected], [email protected], [email protected]

ABSTRACT of numerous new services over the Internet. Among these new services, triple play (voice, data and video) Ethernet-based Passive Optical Network (EPON) is nowadays becomes the basic requirement for people considered a very promising solution for the first who have access to the Internet from their home. mile problem of the next generation networks. Due However, due to the bandwidth bottleneck problem to its particular characteristic of shared media of the access network, there was not a good solution structure, EPON suffers many security vulnerabilities. to provide such service in a cost-effective and effi- Communication security must be guaranteed when cient manner. Fiber-to-the-home (FTTH) solution EPON is applied in practice. This paper gives a has been accepted as the ultimate solution for the general introduction to the EPON system, analyzes bandwidth bottleneck problem of the access network, the potential threats and attacks pertaining to the nevertheless so far this solution has not been suffi- EPON system, and presents effective countermea- ciently cost-effective to be applied. Alternatively, as sures against these threats and attacks with emphasis a very promising solution to the first mile problem of on the authentication protocols and key distribution. FTTH, EPON has been considered as a very good Key words: EPON, security vulnerabilities, candidate which can provide Gbps, 10Gbps and even attacks, countermeasures, authentication protocols, 100Gbps bandwidth recently with cost-effective key distribution feature. And actually EPON has been approved as the 802.3ah standard for the “Ethernet in the first mile” by IEEE Standards Board in July 2004 [1]. I. INTRODUCTION As EPON is moving into deployment, security issues come to the front with unprecedented atten- The world has never stopped requiring more and tions of people, and more and more research papers more bandwidth from networks due to the expansion regarding those issues are being published [2-11].

China Communications June 2007 17 Feature Articles: Communications & Information Security

Unlike Local Area Network (LAN) in an enterprise countermeasures to those vulnerabilities and ana- building or a university campus, EPON components lyzes the advantages of those countermeasures; and are not bounded within a closed area with the physi- section V concludes the whole paper. cal control of the operator, namely, EPON is an open and shared media network with irrelative users, II. EPON SYSTEM STRUCTURE which enhances the security vulnerabilities and the OVERVIEW probability of being attacked. However, as an extremely important property associated with the ser- Basically EPON is a tree topology optical network vice agreement, the security of data transmission is composed of Optical Line Terminal (OLT), Optical crucial in protecting the privacy of the customers and Network Units (ONUs), Optical Distribution Net- the confidentiality of their communications [12]. In work (ODN) and optical fibers. EPON combines fact, the customers of EPON, who can easily access Ethernet with Passive Optical Network (PON), pro- the network components, could be the most likely viding low overhead and high transmission efficiency, attackers. They can eavesdrop to steal sensitive reducing the amount of optical fibers, transceivers, information; intercept and alter data to take advan- and switches of the access network, and eliminating tage of it; impersonate others to send out malicious the usage of active components on the path, which information; fool the network to get free services; greatly reduces the cost of equipments, and Operation, and even break down the whole network. Hence, the Maintenance and Administration (OMA) security issues are extremely important to EPON expenditure. As a result of the above mentioned future success. features, EPON becomes a very cost-effective broad- This paper will analyze the security vulnerabilities band access network [13]. The schematic diagram of of EPON system and then present some effective EPON system structure and data transmission is countermeasures to those vulnerabilities. The orga- depicted in Figure 1. nization of this paper is as follows: Section I is the In EPON system, OLT is usually located in the background introduction; section II gives the overall Central Office (CO); ODN (usually an optical split- introduction to the EPON system; in section III, we ter/coupler) is placed near the neighborhood or the will analyze the security vulnerabilities of the EPON office building; and ONU is often mounted at the system in detail; section IV presents the effective premise of the home, in the home, or in the office.

Fig The Schematic Diagram of EPON System Structure and Data Transmission

18 China Communications June 2007 Feature Articles: Communications & Information Security

Usually one ONU can serve several end users at the the packet is placed in the preamble field of the same time, interconnected by cables. packet; following the preamble is the header of the In the downstream direction data transmission, packet, describing the start-of-packet delimiter, the EPON is a point-to-multipoint broadcasting optical destination and the source address, and the length of network. Ethernet packets transmitted by OLT pass the packet; the payload contains the data to be through a 1:N (typically N is a number between 4 and transmitted; and the Frame Check Sequence (FCS) is 64) passive optical splitter and reach all the ONUs, attached at the end of the packet to check for the and each ONU picks up the packets destined to itself damage of the packets. All the data including user and then passes those packets to its end users. Each data, management and control information are deliv- ONU is supposed to only pick up the packets belong- ered in normal Ethernet packets. ing to itself and ignore all the other packets, although each ONU can actually receive all the packets transmitted by OLT. Since EPON is a shared media network, and broadcasting is the mechanism used to transmit data in the downstream direction, it is vulnerable to many types of security attacks, which could be very serious to the EPON system. Fig The Format of Ethernet Packet In the upstream direction, EPON is a multipoint-to-point broadband optical network. The III. POTENTIAL THREATS AND packets transmitted by the end users first arrive at ATTACKS IN EPON SYSTEM their ONU, and then ONU aggregates all the packets of its end users and transmits these packets to OLT EPON’s security vulnerabilities reside in its open- through the optical coupler at a specific time slot ness of the structure and its serving noncooperative assigned by OLT. In the upstream direction, all the users. ODN and ONU are often placed outside of the packets have the same destination, i.e. OLT, so the office or house, hence malicious attackers can easily upstream direction data transmission is relatively approach those components physically and launch secure compared to the downstream direction in the some attacks. Even if the components are placed sense that all the packets transmitted by one ONU inside of the office or house, there might still be some can only reach OLT rather than other ONUs. How- attackers from the inside to attack the EPON system. ever it is still not secure enough to transmit data in the In addition, the point-to-multipoint broadcasting clear in the upstream direction. By some means, for characteristic and its structural feature actually example, tapping the cables or fibers on the path, make it even easier for the attackers to carry out attacking ONU, ODN or OLT, and making use of the successful attacks. reflection of the upstream direction data transmission to the downstream direction, the upstream di- A. Eavesdropping rection data transmission security can still be compromised. Eavesdropping is a type of passive attack, which EPON is an Ethernet-protocol-based passive opti- only “listens to” or “copies” the message without cal network, which uses the standard Ethernet pack- altering it. In EPON system, eavesdropping is very ets to transmit data in the downstream and upstream easy to be realized in the downstream direction, direction. The format of Ethernet packets is depicted while relatively difficult in the upstream direction. in Figure 2. As showed in Figure 2, the Logic Link Due to the broadcasting characteristic of EPON in Identifier (LLID) which indicates the destination of the downstream direction, each ONU can actually

China Communications June 2007 19 Feature Articles: Communications & Information Security

receive all the packets from OLT, regardless of the toring mechanism of the system and the system destinations of those packets. And the system just operator. Another way to intercept data mentioned in simply assumes that each ONU will ignore all the reference [14] is to make use of the special structure other packets without trying to pick up them after of the splitter/coupler (ODN). A special device can picking up the labeled packets matching its LLID. be used to connect the unused ports in the splitter/ However when some bad actors are involved in coupler to intercept all the upstream direction data some ONU, that ONU could be instigated to pick up transmission. other packets which do not belong to it. In doing so, that ONU can eavesdrop the data transmitted from C. Impersonation OLT to other ONUs. Impersonation is a type of attack in which the mali- Eavesdropping in the upstream direction is rela- cious users pretend to be another user to receive tively difficult but still possible. Although all the sensitive information or send vicious data by forging packets transmitted by ONUs have the only destina- its identifier (LLID) to the victim identifier. In the tion - OLT, and no ONU will receive any packets network, ONUs and end users each have a unique from other ONUs, the eavesdropping can still be identifier which is used to identify themselves within achieved by the following several means: Eaves- that network. With forged identifier, malicious ONUs dropping the end terminal equipment, for example, and end users could pick up the packets which match the computer that the end user is using; tapping the the forged LLID but actually not belonging to them. cables or fibers on the path from the end user’s Through this operation, malicious attackers can computer to OLT; attacking the components on the impersonate others to function as if they were the path, for example, ONU and OLT, by looking into one who is being impersonated. The malicious their buffers or memories; and taking advantage of attackers can do more than that. They can transmit the reflection of the upstream direction data trans- counterfeit and harmful information to give troubles mission to the downstream direction and so on. So to those victims and even disturb the normal run- we can conclude that it is not secure to transmit data ning of the whole network. in the clear in the upstream direction, and data must be encrypted in both directions to guarantee the D. Denial of Service (DoS) confidentiality of the data transmission. Denial of service is a type of familiar attack over the B. Interception Internet, which usually brings on some serious aftermaths. EPON system is also vulnerable to this Different from eavesdropping, interception is an- type of attack [15]. In the upstream direction, ONUs other type of attack - active attack, which captures share the upstream bandwidth with each other, OLT the message, alters it, and then sends the altered allocates bandwidths to ONUs dynamically accord- message to others. In EPON system, OLT, ODN and ing to their requests and the available system capacity. ONUs are interconnected by single mode fibers, and Denial of service attacks could be achieved if a ONUs and end users are interconnected by cables. malicious user gets the access to the network and As long as fibers and cables are used for keeps asking for a high bandwidth and sending a interconnection, there is always a possible way to large amount of garbage traffic, then the normal intercept data by tapping those transmission media. running of the network would be affected, and net- However tapping the transmission media is very work performance would be reduced. And in some different. Sophisticated equipments and operations worse cases, when a lot of attackers launch the would be needed, and the attackers must also be attacks at the same time cooperatively, no other users smart enough to avoid being detected by the moni- would be able to get any bandwidth and no services

20 China Communications June 2007 Feature Articles: Communications & Information Security

could be provided to the customers. If the network [16]. With effective countermeasures, the security performance reduces to a severe situation, then the attacks of EPON system could be frustrated, and the whole network could malfunction, which would communication security could be guaranteed. cause tremendous loss for both the customers and the service providers. This is the basic idea of the so- A. Encryption called Distributed Denial of Service attack (DDoS) Encryption is an effective countermeasure to thwart over the Internet. eavesdropping and interception. Even though the attacker could eavesdrop or intercept the data trans- E. Theft of Service mitted by others, the data would remain unintelli- Theft of service is a type of attack in which the gible without the possession of the decryption key. It malicious attacker asks for services under the name should be stressed here that although the upstream of the victim, so that the attacker could get those direction data transmission is relatively secure com- services for free. This attack could happen when a pared to the downstream direction, it is still not malicious user impersonates his neighbor in the secure enough to transmit data in the clear. If the network and transmits and receives packets which data transmission in the upstream direction is in the are not billed to his account but to his neighbor clear, then attackers will get plenty of opportunities account. This attack could be realized by inserting to carry out many kinds of attacks successfully. So the victim’s LLID into the packets actually trans- in order to guarantee the communication security, mitted by the attacker and intercepting the packets the data encryption of EPON system must be with the victim’s LLID. In doing so, when OLT bidirectional. receives these packets from the upstream direction, Traditionally, there are two major categories of the victim will be billed instead of the attacker. Theft cryptography: Symmetric key cryptography and of service attack makes use of impersonation and asymmetric key cryptography. Asymmetric key cryp- interception attacks, since in the attacking process of tography such as RSA can be used not only for theft of service, impersonation and interception tech- encryption, but also for authentication and key distri- niques will be used. But those attacks have different bution to some extent. However, due to the charac- purposes. The main purpose of theft of service teristic of asymmetric key cryptography that it will attack is just to get free services and stay away from take much more computational effort for the asym- making any other trouble, however impersonation metric key cryptography to be performed than the and interception attacks aim at getting sensitive symmetric key cryptography, asymmetric key cryp- information from others and sending harmful infor- tography is more often used for authentication and mation to others. key distribution rather than for data encryption, especially in the case when encryption speed is a sensitive parameter of the system requirements. And IV. COUNTERMEASURES TO THE on the other hand, due to the less effort-consuming VULNERABILITIES IN EPON SYSTEM characteristic of symmetric key cryptography, it is mainly used for data encryption. For EPON system, In order to counter those potential threats and attacks which acts as the access network, is supposed to be discussed above, some effective countermeasures very cost-effective and efficient, so less effort-con- must be introduced to the vulnerable EPON system. suming and less complicated encryption technology Basically, encryption of the data and authentication should be adopted to meet the low-cost requirement of the communicating parties are two effective meth- of the broadband access network. As a result, sym- ods commonly used to provide data confidentiality, metric key cryptography should be applied to data data integrity, user privacy and user authentication encryption, and asymmetric key cryptography should

China Communications June 2007 21 Feature Articles: Communications & Information Security

be adopted for authentication and key distribution in communication between OLT and ONU, and OLT EPON system. and ONU will be communicating to the one that is Recently, with the dramatic increase of computa- supposed to be. The User/ONU authentication is tional power that people can achieve, traditional used to guarantee that the user who gets the access to cryptographic technologies (such as symmetric and the network is the authorized one, and the ONU is the asymmetric key cryptography) which are based on creditable one without being mimicked by others. computational difficulty seem not as secure as before. The authorized user not only means that he has paid Fortunately, more advanced cryptographic technology such as quantum cryptography is emerging. for the service, but also means that he must be the one Quantum cryptography can provide unconditional whom he claims himself to be. Usually, ONU/OLT security to data transmission based on the unbreak- authentication takes place first, and after the trusts able principles of quantum mechanics, which as- between ONU and OLT have been set up, User/ONU sures people that in the future we can still communi- authentication will start. In the following, we are cate securely. We will talk about those traditional going to present two new authentication protocols and advanced encryption technologies in detail and for OLT, ONU and end users, offering much better present some new encryption mechanisms in a sub- security performance. Before introducing the new sequent paper, while focus on authentication proto- authentication protocols, it is necessary to explain cols and key distribution in this paper. the notation defined in the protocols, which is showed B. Authentication in Table I.

Authentication is used to identify the credit- TableI THE DEFINITION OF THE NOTATION IN THE able users who have paid for the services in AUTHENTICATION PROTOCOLS the network and to verify the legitimacy of the communicating parties. Authentication can also provide data confidentiality and user privacy in the sense that unauthorized communicating parties will not have the chance to read the data because they can not pass the authentication procedure. It is a good countermeasure to frustrate impersonation, denial of service and theft of service attacks. Together with the encryption technology, basically EPON can keep away from those known attacks listed above, and the security of data transmission can be guaranteed. In EPON system, the authentication process mainly consists of two parts, ONU/OLT authentication and User/ONU authentication. The purpose of ONU/OLT authentication is to set up trusts between ONUs and OLT, so that neither attackers can pretend to be ONUs, nor attackers can masquerade OLT. There will not be a third party appearing in the

22 China Communications June 2007 Feature Articles: Communications & Information Security

1) ONU/OLT Authentication: The ONU/OLT to enhance the security, due to the shortness of the authentication protocol is showed as follows in user password and its vulnerability of being broken. Figure 3. We will talk about the expanded password in detail in the following subsection “Analysis of Authentication Protocols”. Af- ter receiving this message, OLT looks into its predefined table in its memory, for the expanded password. Since one OLT may serve 4 to 64 ONUs, on average it will take OLT 2 to 32 times to find the right expanded password to decrypt the message, which is quite Fig ONU/OLT Authentication Protocol acceptable for the infrequently Initially, OLT sends ONU a “GATE” message for used authentication procedure. After decrypting the

“Auto-Discovery”, upon receiving this message, message, OLT can verify if the “ONUaddress ” matches

ONU sends OLT a responsive message “E(EPONU , the expanded password by checking the table in its

[ONUaddress , N1 , T1 || H(M)])” to request for memory, which also provides a certain degree of registration. In this message, N1 and T1 are nonce authentication in the meantime. Then OLT assigns and timestamp, respectively, which are used to pre- ONU a LLID and tells ONU its LLID by sending vent from replay attacks; H(M) is the hashed value the encrypted message “E(EPONU , [IDONU , IDOLT , of the message, which can detect if the message has ONUaddress , N1 , T1 , N2 , T2 || H(M)])”. As a response, been changed by others and provide a certain de- ONU sends OLT another encrypted message gree of authentication by the fingerprint function “E(EPONU , [IDONU , IDOLT , N2 , T2 || H(M)])” of the hashed value to the message; the message is indicating that it has received OLT’s message. Till not transmitted in the clear, but encrypted by the now, the ONU registration process finishes. expanded password of ONU “EPONU ”, since the up- ONU/OLT authentication process begins with a stream direction data transmission is not secure in “GATE” message sent from OLT to ONU, followed EPON system; and the expanded password is used by another message sent from ONU to OLT:

China Communications June 2007 23 Feature Articles: Communications & Information Security

“E(EPONU , [IDONU , IDOLT , E(PRONU , [PUONU ]), N3 send each other a handshaking message to make

, T3 || H(M)])”. In this message, ONU’s certificate acknowledgement by encrypting the “GATE” and

“E(PRONU , [PUONU ])” is included. Only ONU could “REPORT” message using the newly established ses-

have made that certificate, because only ONU has sion key “SKONU-OLT ”. Till now, the whole ONU/OLT its private key; and since OLT has ONU’s public authentication process finishes, and from now on key, it can decrypt and verify ONU’s certificate. The ONU and OLT can communicate securely with the

same thing happens to the next message “E(PUONU , newly established session key.

[IDONU , IDOLT , E(PROLT , [PUOLT ]), N3 , T3 , N4 , T4 || 2) User/ONU Authentication: The User/ONU H(M)])”: Only ONU could open it, and only OLT authentication protocol is depicted as follows in

could have made that certificate “E(PROLT , [PUOLT ])”, Figure 4. so that OLT’s legitimacy could be verified. So far First, the user transmits a “Start” message to ONU, the ONU/OLT authentication process ends. and upon receiving this message, ONU sends back After ONU and OLT authenticate each other, the a “Request ID” message to the user to request its session key exchange process starts. ONU sends OLT ID, which is the username of the user. Then the user

a message “E(PUOLT , [IDONU , IDOLT , SKONU -OLT , responses to ONU by sending a message “E(EPUser ,

NPONU , N5 , T5 || H(M)])” encrypted by OLT’s pub- [IDUser , N1 , T1 || H(M)])” encrypted by its expanded lic key, informing OLT the newly assigned session password. Already having the username and ex-

key “SKONU-OLT ” and ONU’s newly updated user panded password of the user in its memory, ONU

password “NPONU ”. And OLT responses with a mes- checks the table to search for a match, namely, ONU

sage “E(SKONU-OL T, [IDONU , IDOLT , N5 , T5 , N6 , T6 || H tries all the expanded passwords of its end users one (M)])” encrypted by the newly assigned session key by one to see if the message could be decrypted by a containing the LLIDs, nonces, and timestamps of certain expanded password. If ONU successes in the previous message. And later on, OLT and ONU doing so, then ONU checks if the username con-

Fig User/ONU Authentication Protocol

24 China Communications June 2007 Feature Articles: Communications & Information Security

tained in the message matches the expanded (M)])” containing the same nonce, timestamp, and password, if they match each other, then the user is IDs of the previous message. From now on, the user authenticated in some degree. Since one ONU only and ONU can communicate securely using symmet- serves several end users, it is quite easy for ONU to ric key cryptography with the newly established ses- find the right expanded password. After this, ONU sion key, and the whole User/ONU authentication sends a message “E(EPUse r, [IDONU , IDUser , N1 , T1 , process ends.

N2 , T2 || H(M)])” to the user, and the user decrypts this message using its expanded password and gets C. Key Distribution ONU’s LLID. Then the user sends ONU another Key distribution is an extremely important topic in message “E(EP , [ID , ID , N , T || H(M)])” User ONU User 2 2 communications security. Usually the security per- as an acknowledgement. So far the user registration formance of a system relies on the security of key process finishes. distribution to a very high degree. Basically there Following the user registration process, User/ONU are three major methods to transfer keys among com- authentication process takes place making use of the municating parties. The first method is primordial, asymmetric key cryptography and certificates. The secure but inefficient, which is to transfer keys by user sends ONU a message “E(EP , [ID , ID , User ONU User human being, the courier. The courier can physically E(PR , [PU ]), N , T || H(M)])” encrypted by User User 3 3 travel from one party to another and deliver the keys. the expanded password containing the user’s cer- Another method is to use the arbiter to assign keys tificate “E(PR , [PU ])”. Only the user could User User to the communicating parties. The prerequisite of have made that certificate because he is the only one this method is that the arbiter should be trusted by who has the private key. ONU could verify the the communicating parties, and the arbiter should user’s legitimacy by decrypting that message us- have a secure way to transfer the keys to the coming the user’s expanded password and decrypting municating parties. The third method is to establish the certificate by the user’s public key. Then ONU the keys by the communicating parties themselves sends its own certificate to the user by the message through an “automated” way. Here through an “au- “E(PU , [ID , ID , E(PR , [PU ]), N , User ONU User ONU ONU 3 tomated” way means either through the previously T , N , T || H(M)])”, which is encrypted by the 3 4 4 used session key, or public key distribution, or other user’s public key, so that only the user could open advanced methods. The third method is the focus of that message. After decrypting the message, the user current research. can verify ONU’s legitimacy by validating ONU’s In this paper, we use the combination of the above certificate. At this point, ONU and the user finish mentioned methods. Initially, the manufacturer authenticating each other. The next step is to set up a session key between (“arbiter”) preassigns each OLT, ONU and end user the user and ONU and update the user’s password. a password, sealed in an envelope. The password is associated with the unique identification of product First, the user sends a message “E(PUONU , [IDONU , of OLT, ONU and end user, which will later be used IDUser , SKUser-ONU , NPUser , N5 , T5 || H(M)])” to ONU containing the newly assigned session key as the composition of their LLID, MAC address and user name. The password is delivered by the instal- “SKUser-ONU ” and the newly updated user password lation worker (“courier”) in a sealed envelope, and “NPUser ”. Then ONU decrypts the message, gets the newly assigned session key, and responds with a if the envelope is broken, then a new password will be assigned in another sealed envelope. OLT knows message “E(SKUser-ONU , [IDONU , IDUser , N5 , T5 , N6 , T6 || H(M)])” encrypted by the newly established ses- all the passwords of the ONUs it serves from its sion key. And as an acknowledgement, the user sends memory, since all the passwords and IDs are a message “E(SKUser-ONU , [IDONU , IDUser , N6 , T6 || H prestored in its memory. And ONU also knows all

China Communications June 2007 25 Feature Articles: Communications & Information Security

the passwords of the end users it serves from its remember, however trivial for attackers to break. An memory, since all the passwords and IDs are also algorithm that is used to expand the length of the prestored in its memory. When OLT and ONU re- password is involved here, and any currently com- ceive a message encrypted by a certain password, it monly used algorithm will work. The idea of using looks into the memory and tries to find an appli- expanded password other than the expanding algo- cable password to decrypt the message, and later rithm itself is the main point we are considering here. checks if the ID in the decrypted message matches With the expanded password, we can encrypt the the ID in the memory which is associated with that data transmitted both in the downstream direction password. If they match each other, then the authen- and in the upstream direction. This is a big advantage tication of the message sender could be verified, because this solves the problem that during the initial because only that sender has the password and could data transmission we used to have to transmit data in have put the right ID in the encrypted message. And the clear. In addition, the usage of expanded pass- OLT’s and ONU’s authentication could also be word not only avoids the initial data transmission in verified, because only OLT and ONU could know the clear due to the lack of the initial encryption key, the password and decrypt the message. After the reg- but also provides an enhanced security and authenti- istration process and authentication process finish, cation level to the data and the communicating parties. As we know, during the initial data the two communicating parties will establish a ses- transmission, a lot of sensitive information such as sion key for future communications. In session key the user name, LLID, MAC address, and other OMA exchange process, the public key (“automated”) is information will be involved, and any revealment of used to encrypt the message containing the new ses- those information will significantly help the attack- sion key, and after decrypting that message, the other ers to carry out successful attacks. For example, with communicating party will get the new session key revealed MAC address, the attackers could launch and later on establish a secure communication be- traffic analysis attack; with revealed LLID and user tween the two parties using symmetric key name, the attackers could carry on eavesdropping, cryptography. The session key should be changed interception, impersonation, and other attacks we frequently to enhance the security performance of mentioned above. Hence, solving the problem of the communication. After the first successful estab- initial data transmission in the clear is the very lishment of the session key, it is very easy to update critical step of establishing a high security perfor- it simply by sending a message containing the newly mance system. updated session key encrypted by the old session 2) The usage of hash function, nonce and timestamp: key. With frequently changed session keys, the com- We use hash function, nonce and timestamp through- munication security can be guaranteed. out the authentication process. The advantage of using the hashed value of the message and attaching D. Analysis of Authentication Protocols it to the message is that the communicating parties 1) The usage of expanded password: As we men- can easily detect any alteration of the message content, tioned before, predefined and prestored passwords which makes the message resistant to interception are used initially to set up the registration and authen- attacks. The hashed value of a message works as the tication process. To be more accurately, those pass- fingerprint of the message. Suppose the attacker words are not exactly the original ones but the successfully changes the content of the message, expanded ones. The reason why we use the expanded then he must change the hashed value of that mes- passwords other than the original ones is mainly sage accordingly to avoid being detected, however because longer passwords will provide higher secu- he will find that there is no way to correctly change rity level. Shorter passwords are easy for people to the hashed value because he is not aware of the

26 China Communications June 2007 Feature Articles: Communications & Information Security

algorithm of the hash function that is used by the and establishing the session key, the later updating of sender of that message. Alternatively, the attacker the session key is achieved by using symmetric key may choose to keep the hashed value unchanged and cryptography, which is much less effort-consuming try to find another message which happens to have and much faster than asymmetric key cryptography. the same hashed value, however, unfortunately, the And for data encryption in EPON system, symmetric attacker will find it impossible to accomplish due to key cryptography is more suitable than asymmetric the one-way function characteristic of the hash key cryptography because symmetric key cryptogra- function, namely, given the message, it is easy to get phy can provide higher data encryption speed, so we the hashed value if one knows the algorithm of the choose symmetric key cryptography instead of asym- hash function; however, given the hashed value, it is metric key cryptography, although asymmetric key practically infeasible to recover the message even if cryptography can provide data confidentiality and one knows the algorithm of the hash function. The authentication for the communicating parties at the usage of hash function greatly improves the security same time, on which point asymmetric key cryptog- level of the message. raphy can surpass symmetric key cryptography. Nonces and timestamps are used to thwart replay attacks. Sometimes the attackers may save a previ- V. CONCLUSION ous message and reuse it in a later time to fool others. Fox example, one bank requests the other bank to This paper gave us a general introduction to the transfer one million dollars in a certain time, and EPON system, analyzed the security vulnerabilities later the first bank sends the same request and asks of the EPON system and pointed out potential threats for another transfer of one million dollars. The and attacks in detail, and summarized appropriate second bank has not way to tell if the second request countermeasures. It has also presented some novel is a new request or an old one which has already been authentication protocols with enhanced security transacted, since there is no identifier in the message performance. We hope this paper could benefit the indicating the series number of the message and the future research on the EPON security topic, and time when the message was sent. The nonces and provide some inspiration to those people who are timestamps can work as the labels of the message and working in this field. can be used to distinguish different messages in sending time and series number, so that replay attacks will hardly succeed in this case. REFERENCES 3) The usage of certificates, symmetric and asymmetric key cryptography: The certificate is the piv- [1] Yu Meng, Tao Jiang and Dingzhong Xiao, otal component used in the authentication protocols “Analysis and solutions for security issue in Ethernet to set up authentication between the two communi- PON,” in Proceedings of SPIE, Feb 2005, vol. 5626, cating parties. It can be made by encrypting the pp. 391-399. public key with the private key of the communicat- [2] Stamatios V. Kartalopoulos, “Security and ing party. The certificate is a creditable symbol to bandwidth elasticity aspects of the CWDM/TDM- verify the identity of a communicating party, be- PON network,” WSEAS Transactions on cause only that communicating party could have Communications, vol. 5, no. 8, pp. 1461-1468, 2006. known the private key and made the certificate. [3] Xu Wei-liang and Fan hong, “Research on en- Due to the effort-consuming characteristic of asym- cryption mechanism of Ethernet passive optical metric key cryptography, it is only used in initial network,” Journal of China Universities of Posts and authentication process and session key exchange Telecommunications, vol. 13, no. 2, pp. 95-98, 2006. process. After successfully authenticating each other [4] P. R. M. Inacio, M. Hajduczenia and M. M.

China Communications June 2007 27 Feature Articles: Communications & Information Security

Freire et al., “Preamble encryption mechanism for nerability Assessment and Security of Scalable and enhanced privacy in Ethernet passive optical Bandwidth Elastic Next Generation PONs,” to be networks,” in Proceedings of On the Move to Mean- presented at the 11th WSEAS International Confer- ingful Internet Systems 2006 (Lecture Notes in Com- ence on Communications, Agios Nikolaos, Crete puter Science Vol. 4277), Montpellier, France, 29 Island, Greece, 26-28 July 2007. October - 3 November 2006, pp. 404-414. [12] Stephen Thomas and David Wagner, “Inse- [5] Y. Horiuchi and N. Edagawa, “ONU authenti- curity in ATM-based passive optical networks,” in cation technique using loopback modulation within Proceedings of IEEE International Conference on a PON disturbance environment,” in Proceedings of Communications, May 2002, vol. 5, pp. 2803-2805. Optical Fiber Communication Conference & Expo- [13] Glen Kermer and Gerry Pesavento, “Ethernet sition and the National Fiber Optic Engineers Conference, Anaheim, California, USA, 6-11 March passive optical network (EPON): Building a next- 2005, vol. 5, pp. 3-5. generation optical access network,” IEEE Commu- [6] J. Koulouris and A. Koulouris, “Securing con- nications Magazine, vol. 40, no. 2, pp. 66-73, 2002. fidentiality in PON and HFC networks,” in Proceed- [14] Glen Kramer, Ethernet passive optical ings of EUROPTO Symposium on Broadband Eu- network, New York: McGraw-Hill, 2005. ropean Networks (SPIE Vol. 3408), Zurich, [15] Sun-Sik Roh and Su-Hyun Kim, “Security Switzerland, May 1998, pp. 148-158. model and authentication protocol in EPON-based [7] Jee-Sook Eun and Yool Kwon, “The Design optical access network,” in Proceedings of 5th IEEE of Key Security in Ethernet PON,” in Proceedings International Conference on Transparent Optical of the 8th International Conference on Advanced Networks, 2003, vol. 1, pp. 99-102. Communication Technology, Phoenix Park, [16] William Stallings, Cryptography and Network Gangwon-Do, Republic of Korea, 20-22 February Security - Principles and Practices (Fourth Edition), 2006, vol. 2, pp. 1026-1030. New Jersey: Pearson Prentice Hall, 2006. [8] Sun-Sik Roh, Su-Hyun Kim and Gwang-Hyun Kim, “Design of authentication and key exchange protocol in Ethernet passive optical networks,” in BIOGRAPHY Proceedings of International Conference on Com- putational Science and its Applications, May 2004, Di Jin received his B.S. vol. 3043, pp. 1035-1043. degree and M.S. degree from [9] Andres Sierra, Alan Harris, Stamatios V. Dalian University of Kartalopoulos and James Sluss, Jr., “Security En- Technology, Dalian, China, in 2001 and 2005, respec- hancements in Novel Passive Optical Networks,” to tively, both in Electrical be presented at IEEE ICC 2007 Computer and Com- Engineering. He is currently munications Network Security Symposium, a Ph.D. student and a gradu- Glasgow, Scotland, 24-28 June 2007. ate research assistant in the School of Electrical and [10] Ziping Hu, Stamatios V. Kartalopoulos and Computer Engineering at the University of Pramode K. Verma, “RC4-based Security in Oklahoma. His research interests include informa- Ethernet Passive Optical Networks,” in Proceed- tion/network security, cryptography, optical network ings of IEEE GLOBECOM 2006, San Francisco, communications, and intelligent control. He is a USA, 27 November - 1 December 2006, on CD- graduate student member of IEEE, and a member ROM, NIS03-3. of IEEE Communications and Information Security [11] Stamatios V. Kartalopoulos and Di Jin, “Vul- Technical Committee.

28 China Communications June 2007 Feature Articles: Communications & Information Security

Stamatios V. Kartalo- gies Directions Committee, and he has served as poulos Ph.D., is the Williams editor-in-chief of IEEE Press, chair of ComSoc Professor in Telecommunica- Emerging Technologies and of SPCE Technical tions Networking at the Uni- Committees, area-editor of IEEE Communications versity of Oklahoma. His re- Magazine/Optical Communications, member of search emphasis is on opti- IEEE PSPB, and VP of IEEE Computational Intel- cal communication networks ligence Society. He is a member of SPIE and a mem- (FSO, long haul and FTTH), ber of the Editorial Board of China Communications. optical technology including optical metamaterials, and optical communications security and counter- Pramode K. Verma Ph.D., measures including quantum cryptography and is the Professor of School of quantum key distribution. Prior to this, he was with Electrical and Computer En- Bell Laboratories where he defined, led and man- gineering and the Director of aged research and development teams in the areas Telecommunications Systems of DWDM networks, SONET/SDH and ATM, Cross- at the University of connects, Switching, Transmission and Access Oklahoma. Dr. Verma has systems. He has received the President’s Award and more than twenty years of many awards of excellence. leadership experience in the He holds nineteen patents in communications telecommunications industry. In his last position with networks, he has published more than hundred re- Lucent Technologies as Managing Director - Busi- search papers, and seven reference textbooks: “Op- ness Development, Global Service Providers Busi- tical Bit Error Rate”, “Next Generation SONET/ ness and Business Communications System, his re- SDH”, “DWDM: Networks, Systems and Compo- sponsibilities included creating strategic alliances nents”, “Introduction to DWDM Technology”, and partnerships with leading organizations, and “Fault Detectability in DWDM”, “Understand- managing the associated P&L. He also held profes- ing SONET/SDH and ATM”, “Understanding sional and management positions with Lucent Tech- Neural Networks and Fuzzy logic”, two additional nologies - Bell Laboratories for fifteen years. books in DWDM have been published in Chinese, Dr. Verma obtained his doctorate in Electrical and he has contributed chapters to other books. Engineering from Concordia University in Montreal, He is an IEEE and has been a Bell Labs Distin- Canada in 1970 and an MBA from the Wharton guished Lecturer, and he has lectured at interna- School of Business at the University of Pennsylva- tional universities, at NASA and conferences. He has nia in 1984. He is the author/coauthor of over 75 been keynote speaker and plenary speaker at major publications and several books in international conferences, has moderated executive telecommunications, computer communications and forums, has been a panelist of interdisciplinary related fields. panels, and has organized symposia, workshops and He is a past president of the International Coun- sessions at major international communications cil for Computer Communication, a Washington D. conferences. Dr. Kartalopoulos is an IEEE Fellow, C.-based global organization; a senior member of chair and founder of the IEEE Com-Soc Communi- the Institute of Electrical and Electronics Engineers cations & Information Security Technical (IEEE); and registered as a Professional Engineer, Committee, member at large of IEEE New Technolo- Province of Ontario, Canada.

China Communications June 2007 29 Feature Articles: Communications & Information Security

Analysis on the Resilience of Key Pre-distribution in Sensor Networks

Shen Yulong1, 2) Ma Jianfeng1,2) Pei Qingqi 2) 1.School of Computer Science & Technology Xidian University, 2.Key Laboratory of Computer Networks & Information Security, Ministry of Education, Shaanxi 710071

ABSTRACT growing evolvement of the practical process of sensor networks, especially in the military Resilience against node capture is one of the main application, the security of sensor networks has indicators of the key pre-distribution security in become an outstanding problem which is facing a sensor networks. On providing the attack model and great challenge [2]. In fact, the lack of effective the definition of the resilience against node capture security systems has become the main obstacle of of sensor networks, the resilience of basic random sensor network development. key pre-distribution, Q-composite random key pre- The technologies available guarantee the sensor distribution and their reinforced schemes are ana- network security from the aspects of confidentiality, lyzed and compared in depth. Research results show integrity, non-repudiation, authentication, that the size of key pool, the numbers of the keys authorization, and intrusion detection. Sensor nodes are captured by the attackers with ease for they are stored in nodes and the value of Q determine the usually deployed in the enemy areas. As a matter of resilience of random key pre-distribution. The fact, the resilience against node capture is one of the tradeoff between the resilience, security connectiv- important security features in sensor networks. This ity and costs in sensor networks is presented. These paper researches the resilience of key pre-distribu- researches lay a foundation on the design of the tion scheme, balances the resilience, security con- secure protocol and the algorithm in the specific nectivity and costs, and designs the security protocol application environment of sensor networks. and algorithm in the sensor networks. Key Words: sensor networks, resilience, analysis, Sensors are inexpensive, low-power devices which key pre-distribution have limited communication, energy, storage, and calculation resources. The conventional key distri- I.INTRODUCTION bution scheme can not meet the needs of sensor networks, for example, the public key cryptosystem Sensor networks have found wide applications in the can not be applied due to its complicated calculation. military and civilian fields, and have become a hot The random key pre-distribution becomes the main area in information researches [1]. Along with the scheme of sensor network key distribution. Cur-

30 China Communications June 2007 Feature Articles: Communications & Information Security

rently the study on the random key pre-distribution to divide key-chains into several clusters [5]. Similar focuses on increasing sensor network security con- mechanism is proposed by Pair-wise key establish- nectivity and reducing costs. However, in the case ment protocol which uses threshold secret sharing that several nodes are captured by the attackers, the for key reinforcement [6]. Pietro et al proposed Co- random key pre-distribution is seriously threatened. operative pair-wise key establishment protocol [7]. Increasing the resilience against node capture is one Key pre-distribution by using deployment knowl- of the main aspects in sensor network random key edge scheme uses location information [8]. distribution security. This paper analyzes and compares in depth the resilience of the basic random key 2.2 Threat models pre-distribution, Q-composite random key pre-dis- All the security systems and algorithms of sensor tribution and its reinforcement. The study shows the networks are public, only keys and security materials tradeoff between the resilience, security connectiv- are confidential. Sensor networks are usually de- ity and costs in sensor networks. It is hoped to choose ployed in the unattended and public areas, and they and design a key pre-distribution scheme with greater do not have the tamper-proof function, so physical resilience for a specific application environment and attacks occur easily. The attackers can capture sev- increase the availability, the scalability and the sur- eral sensor nodes, and extract the keys and the vivability of sensor networks. security materials stored in the captured nodes. It is impossible for the attackers to capture multiple nodes II. SENSOR NETWORK KEY at the same time. The attackers can make use of PRE-DISTRIBUTION, THREAT multiple captured nodes to analyze collaboratively MODELS AND RESILIENCE and attack sensor networks.

2.3 Resilience against node capture 2.1 Sensor network key pre-distribution Resilience against node capture refers to the prob- Key distribution is the foundation of the ability that the attackers can encrypt the messages confidentiality, integrity, non-repudiation, transmitted between the uncompromised nodes us- authentication, and authorization of sensor networks. ing the keys and security materials stored in the However, the random key pre-distribution becomes captured nodes. The lower the resilience, the more the main way of sensor network key distribution for difficulty the attackers make use of the security it is difficult to predict the deployment location of materials stored in the captured nodes to attack the sensor nodes. Original solution is provided by Basic other parts of networks. The more nodes the attack- probabilistic key pre-distribution scheme which re- ers capture, the more security materials were exposed, lies on probabilistic key sharing among the nodes of the greater the resilience, and the more dangerous the a random graph [3]. There are several key reinforce- networks. ment proposals to strengthen the security of the established link keys, and improve the resilience. Objective is to securely generate a unique link- or III. RESILIENCE ANALYSIS ON path-key by using the established keys, so that the RANDOM KEY PRE-DISTRIBUTION key is not compromised when one or more sensor SCHEME nodes are captured. One approach is to increase the numbers of key overlap required in shared-key dis- 3.1 Basic random key pre-distribution covery phase. Q-composite random key pre-distri- scheme bution scheme requires q common keys to establish a link key [4]. Cluster key grouping scheme proposes Eschenauer et al proposed the basic random key pre-

China Communications June 2007 31 Feature Articles: Communications & Information Security

distribution of sensor networks [3]. This mode con- The probability that a link is compromised, when sists of three phases, namely key pre-distribution, a sensor node is captured, is k/ |S| which is very high shared-key discovery, and path-key establishment. for small key-pools and long key-chains, and pro- First, a large key pool S is generated, and each node duces low resilience. The probability that a given chooses k keys from the key pool to constitute the key has not been compromised, when x sensor key-chain before the node is deployed. The adjacent nodes are captured, is (1- k/ |S|) x . Therefore the nodes with shared-keys can establish security links probability that a link between normal sensor nodes by means of the shared-keys. In the random key pre- is compromised is 1- (1- k/ |S|) x . The resilience distribution scheme, the probability of key share against node capture of basic random key pre- among two sensor nodes becomes distribution is RES = 1- (1- k/ |S|) x . The resilience of basic random key pre-distribu- . Since |S | is very large, we tion is shown in Fig. 2. Under the same conditions, the larger the size of the key pool, the smaller its use Stirling’s approximation for resilience value; the fewer the keys stored in the , to simplify the expression of captured nodes, the fewer the keys exposed and the smaller the resilience value. But, the larger the size P, and obtain: . Its secu- of the key pool, the fewer the keys stored, and the rity connectivity is shown in Fig. 1: lower the connectivity. The network resilience, the security connectivity and the storage costs of nodes should be taken into full consideration and kept balance when designing the protocol and the algorithm for a particular sensor network application environment. Suppose that in the sensor network application environment, the critical value of the probability the Fig Connectivity between the adjacent nodes in network links allowed to be compromised is C, so basic random predistribution scheme

Fig The resilience comparison of basic random key predistribution The size of the key pool |S| is and respectively and the numbers of keys stored by nodes k is and respectively and the number of nodes captured is []

32 China Communications June 2007 Feature Articles: Communications & Information Security

, or . Fig 3 shows the maximum captured nodes allowed by basic random key pre-distribution scheme in the , hence the probability limits of the corresponding critical value. The smaller the value k/|S|, the more the nodes allowed to be captured, but the lower the network of any two nodes sharing sufficient keys to form a connectivity. secure connection is . We study that the Q-composite random key pre- distribution scheme strengthens the network’s resilience against the node capture. Let the numbers of captured nodes be x. Since each node contains k keys, the probability that a given key has not been compromised is (1- k/ |S|) x . The expected fraction of x Fig Captured numbers of nodes allowed by the ba total keys compromised is thus 1- (1- k/ |S|) . For any sic random key predistribution communication link between two nodes, if its link key was the hash of i shared-keys, then the 3.2 Q-composite key pre-distribution probability of that the link being compromised is (1- (1- k/ |S|) x )i. The probability of setting up mode a secure link is . Hence, the probabil- Chan et al presented Q-composite key pre-distribution to strengthen the security of the established link ity that any secure link setup in the key-setup keys, and improve resilience [3]. Objective is to phase between two uncompromised nodes is com- securely generate a unique link- or path-key by using promised when x nodes have been captured established keys, so that the key is not compromised is . when one or more sensor nodes are captured. One The resilience value of Q-composite random key approach is to increase the numbers of key overlap pre-distribution is shown in Fig. 4. The resilience in required in shared-key discovery phase. Q-compos- this mode is better than the one in the basic random ite random key pre-distribution scheme requires q key pre-distribution mode. However, several shared- shared-keys to establish a link key. If there exist q keys are required to establish secure connections; as shared-keys k1 , k2 , ...kq , between the adjacent nodes a result, its security connectivity is lower than that in A and B, q Q , link key kA,B is set as hash of all the random key pre-distribution scheme. Under the ... common keys kA,B= Hash(k1||k2|| ||kq).In random same conditions, the larger the size of the key pool, key pre-distribution, the probability that any two the smaller its resilience value; the fewer the keys nodes have exactly i keys in common is stored, the fewer the numbers of keys exposed and

China Communications June 2007 33 Feature Articles: Communications & Information Security

Fig Resilience of Qcomposite random key predistribution mode The size of the key pool |S| is and respectively and the number of keys stored by nodes k is and respectively the number of common keys Q is and and the number of nodes captured is [ ]

the smaller the resilience value after nodes being key pre-distribution in the limits of the correspond- captured; the larger the value of Q, the more shared- ing critical value. The greater the value Q, the more keys are required to establish connections, the smaller the resilience value. But the larger key pools, the fewer keys stored by nodes and the greater Q will decrease the network security connectivity. Suppose that in the sensor network application environment, the critical value of the probability the network links allowed to be compromised is C,

hence . Fig. 5 shows the Fig Captured numbers of nodes allowed by Qcom maximum captured nodes allowed by Q-composite posite random key predistribution

34 China Communications June 2007 Feature Articles: Communications & Information Security

the nodes allowed to be captured, but the lower the message. Similar mechanism is proposed by Pair- network connectivity. wise key establishment protocol [6] which uses

threshold secret sharing for key reinforcement. SA 3.3 other key pre-distribution schemes generates a secret key , j-1 random shares ski , There are several key reinforcement proposals to and . SA sends the shares strengthen security of the established link keys, through j disjoint secure paths. S can recover reduce costs and improve resilience based on the B upon receiving all shares. In Cooperative basic random key pre-distribution. Key pre-distribution by using deployment knowl- pair-wise key establishment protocol [7], SA first chooses a set C ={c , c , ... c }of coopera- edge scheme [8] uses local information. The deploy- 1 1 m tive nodes. A co-operative node provides a hash ment knowledge is available a priori. The connectiv- HMAC(K , ID ) . Reinforced key is then ity of sensor networks is improved. Cluster key c,B A where K and grouping scheme [5] proposes to divide the key- A,B chains into several clusters to decrease energy con- Kc,B are the established link keys. Node SA shares set C with node S ; therefore, S can generate the same sumption in the shared-key discovery phase. An- B B key. This approach requires nodes S and S to send other solution is given by Pair-wise key establish- A B ment protocol [6] which requires every sensor node and receive c more messages. Moreover, coopera- to have a unique ID which is used as a seed to a PRF. tive nodes have to send and receive two extra Key IDs for the keys in the key-chain of node SA are messages. In addition to increased communication cost, each cooperative node has to execute HMAC generated by PRF(IDA ). Thus, broadcast messages function twice for S and S . The key reinforcement carry only one key ID. Also, storage, which is required A B to buffer received broadcast message before solutions in general increase processing and com- processing, decreases substantially. But, a sensor node munication complexity, but provide good resil- has to execute PRF(ID) for each broadcast message ience in the sense that a compromised key-chain received from a neighbor. These methods only reduce does not directly affect security of any links in the the communication and calculation in the shared-key WSN. But, it may be possible for an adversary to discovery phase, and they do not increase the resil- recover initial link keys. An adversary can then ience against node capture. The resilience is the same recover reinforced link keys from the recorded as that in the basic random key pre-distribution. multi-path reinforcement messages when the link At the cost of increasing communications, stor- keys are compromised. age and calculation expenses, several reinforced These reinforced key modes make the link keys key modes are proposed to improve the resilience between nodes independent of each other through of sensor network key pre-distribution. In Multi- corresponding calculation and collaboration, that is, capturing several nodes has no influence on other path key reinforcement scheme [4], node SA gener- links. Consequently, the best resilience follows. ates j random key updates rki and sends them through However, in the application, increasing network j disjoint secure paths. SB can generate reinforced communications and calculation expenses are not link key upon receiving permitted. It is necessary to design the sensor net- all key updates. This approach requires nodes SA and work key distribution protocol and algorithm ac-

SB to send and receive j more messages each of which cording to the specified application environments carries a key update. Moreover, each node on the and take the resilience, security connectivity, and j disjoint path has to send and receive an extra expenses into full consideration to arrive the best

China Communications June 2007 35 Feature Articles: Communications & Information Security

security and performance balance. reducing the numbers of keys stored by the nodes, and increasing the amount Q of shared-keys, but all 3.4 Comparison of the resilience in the key these decrease the network security connectivity. pre-distribution schemes Using the key reinforced mode to increase the key pre-distribution resilience means increasing the net- The random key pre-distribution scheme is the main work communications and the calculation expenses. way in the senor network key distribution. The The analysis and evaluation on the sensor network resilience against node capture is the important as- resilience against node capture is a new direction in pect to consider when designing sensor network the study on the sensor network security techniques. security protocol and algorithm. The sensor network In the future we will design the security protocol and key distribution schemes now and their reinforced algorithm for the specified sensor network applica- modes are shown in Table. 1: tion environment, to increase the network Table Comparison of the resilience in the key predistribu Table Comparison of the resilience in the key predistribu reliability, scalability and survivability. tion schemes Key pre-distribution schemes Resilience REFERENCES Basic probabilistic[3] 1- (1- k/ |S|) x

Q-composite random[4] [1]. Akyildiz IF, Su W, Sankarasubramaniam Y, Cayirci E. A survey on sensor networks. using deployment knowledge [8] 1- (1- k/ |S|) x Cluster key grouping [5] IEEE Communications Magazine, 2002,40(8): 102-114 Pair-wise key establishment [6] [2]. SEYIT A. C?AMTEPE and BULENT Multi-path key reinforcement [4] 0 Pair-wise with threshold [6] YENER. Key Distribution Mechanisms for Cooperative pair-wise [7] Wireless Sensor Networks: a Survey[R] Tech- nical Report TR-05-07 (March 23, 2005). [3]. Eschenauer, D. Gligor. A key-manage- IV. CONCLUSION AND FUTURE WORK ment scheme for distributed sensor networks. Pro- ceedings of the 9th ACM conference on Computer Since sensor networks are usually deployed in the and communications security, 2002,:41-47, unattended open areas, the nodes are captured with Washington, DC, USA. ease by the attackers. The resilience against node [4]. Chan, H., Perrig, A., and Song, D. Random capture is one of the main indicators in measuring sensor network key pre-distribution security. The key predistribution schemes for sensor networks. In mode of sensor network attacks against node capture IEEE Symposium on Research in Security and is presented, and its resilience is defined. Through Privacy.2003:197-213 Berkeley, California the analysis on and the comparison between the basic [5]. Hwang, J. and Kim, Y.. Revisiting random key key pre-distribution scheme, Q-composite key pre- pre-distribution for sensor networks. In ACM Work- distribution scheme and random key pre-distribution shop on Security of Ad Hoc and Sensor Networks reinforced scheme, the tradeoff between sensor net- (SASN 04), 2004:43-52. Washington DC, USA work resilience, the security connectivity and the [6]. Zhu, S., Xu, S., Setia, S., and Jajodia, S.. costs is proposed. In the key pre-distribution, in- Establishing pairwise keys for secure communica- creasing the resilience means enlarging the key pools, tion in ad hoc networks: a probabilistic approach. In

36 China Communications June 2007 Feature Articles: Communications & Information Security

11th IEEE International Conference on Network ing from Xidian University Protocols (ICNP’03). 2003:326-335 Atlanta, (Xi’an) in 1988 and 1995 Georgia, USA. respectively. Since 1995 he [7]. Pietro, R., Mancini, L., and Mei, A.. Random has been with Xidian Univer- key-assignment secure for wireless sensor networks. sity as a lecturer, associate In 1st ACM workshop on Security of Ad Hoc and professor and professor. Prof. Ma is a member of the execu- Sensor Networks.2003:62-71. Fairfax, Virginia. tive council of the Chinese [8]. W.Du, J. Deng,et al. A Key Management Cryptology Society and a member of the Ministry of Scheme for Wireless Sensor Networks Using De- Education Expert Committee for Discipline Devel- ployment Knowledge. IEEE INFOCOM’04, 2004: opment (China). His research interests include in- 7-11, Hongkong. formation security, coding theory and cryptography.

BIOGRAPHY Pei Qingqi received the BS degree from the School of Shen Yulong received the Electronic Engineering, BS degree from the School of Xidian University in 1998 and the MS degree from the Science & Technology, Xidian School of Science & Tech- University in 2002 and the nology in 2004. He is cur- MS degree in 2005. He is currently a PhD candidate in the rently a PhD candidate in the School of Communications School of Communications Engineering in Xidian University. His research in- Engineering in Xidian terests include computer security wireless sensor University. His research in- networks and security. terests include cryptography, wireless sensor networks and security. *Foundation Items: Supported by Educational In- novation Fund for Graduates of Xidian University Ma Jianfeng received his B. S. degree in math- Program No.05006;Natural Science Basic Re- ematics from Shaaxi Normal University (Xi’an) in search Plan in Shaanxi Province of ChinaProgram 1985, and obtained his M. E. and Ph. D. degrees in No.2005F28; Xi’an Key Technologies R&D computer software and communications engineer- Program(GG06017).

China Communications June 2007 37 Feature Articles: Communications & Information Security

Hierarchical Spectrum Sharing Networks

Jie Chen, Chuan Han, Chulin Liao, and Shaoqian Li University of Electronic Sci. & Tech. of China

ABSTRACT which allows opportunistic access to the licensed spectrum or the unlicensed spectrum temporarily A spectrum heterogeneity analysis in the cognitive available for commercial purposes. This technology radio network is conducted in this paper. is known as cognitive radio that enables networks to Subsequently, a spectrum-heterogeneity-based hier- use or share spectrum dynamically. Spectrum bands archical spectrum sharing (HSS) network for cogni- on which secondary users can share with primary tive radio is proposed. The corresponding method of users are defined as available bands [2]. Primary users classifying available spectrums and communication refer to licensed users; whereas secondary users are based on the proposed architecture is also presented. defined as users that opportunistically access the Based on the above network architecture, we pro- licensed or unlicensed spectrum. pose a reference protocol architecture. Research on Cognitive capability and reconfigurability are the these protocol function blocks, such as spectrum two main characteristics of the cognitive radio tech- sensing, spectrum manager, and so on, is conducted. nology [3]. The cognitive capability is defined as the Numerical results show that HSS can provide a capability of real time interaction with its considerable extension to available spectrums so environment. It includes three main steps: spectrum that the spectral utility may be further improved. sensing, spectrum analysis, and spectrum decision. Key words: cognitive radio, hierarchical spec- Spectrum sensing refers to monitoring the available trum sharing network, communication mechanism, spectrum bands, capturing their information, and protocol architecture then detecting spectrum holes which are referred to as temporally “unused” spectrum (note that the un- I. INTRODUCTION used spectrum means spectrum used by secondary users without harmful interference to primary users). Studies by the Federal Communications Commis- Spectrum analysis refers to estimating the character- sion (FCC) show that the allocated spectrum is istics of the spectrum holes that are detected through underutilized [1]. Temporal and geographical varia- spectrum sensing. Spectrum decision refers to deter- tions in the assigned spectrum utilization range from mining the appropriate spectrum band according to 15% to 85%. The spectrum usage inefficiency and spectrum characteristics and user requirements. continuously increasing demand for electromagnetic Reconfigurability is the capability of adjusting com- resources suggests secondary usage of spectrum, munication parameters for the transmission on the

38 China Communications June 2007 Feature Articles: Communications & Information Security

fly without any modifications to the hardware signatures of primary users, and use or share the components. spectrum opportunistically. However, dynamic use Since the basic concept of cognitive radio is to of the spectrum brings about two challenges. One is opportunistically use available spectrum bands, dy- avoidance of interference to primary users or other namic use of the spectrum brings about some prob- secondary users; the other is how to deal with spec- lems such as interference and spectrum heterogene- trum heterogeneity. ity problems. Spectrum heterogeneity refers to spec- While coexistence between the primary user and trum bands availability varying with both location the secondary user (or CRU) and self-coexistence and time. The interference avoidance and spectrum among secondary users is a critical issue for imple- heterogeneity characteristic are essential in imple- menting the cognitive radio network, interference is menting cognitive radio networks. an important factor to be considered. To measure and Due to particularity in interference and spectrum manage the interference, FCC proposed the interfer- heterogeneity problems for cognitive radio, its archi- ence temperature (IT) model in which secondary tecture is different from other architectures in terms users (or CRUs) are permitted to share the licensed of the networking paradigms and architectures. spectrum if the interference does not exceed the Moreover, because of the spectrum availability fluc- interference temperature limit [4]. The interference tuation in both location and time, the spectrum temperature limit is defined as an upper bound or efficiency will not be effectively improved, if the cap on the potential RF energy that could be cognitive radio network is deployed as the conven- introduced into a certain spectrum band. In most tional network architecture. Based on the above currently available literature, the interference tem- consideration, we proposed a novel hierarchical perature is approximately denoted by the signal- spectrum sharing (HSS) network for the cognitive to-noise ratio (SNR) for simplicity. CRUs can radio network. make a secondary use of the spectrum by trans- The remaining part of the paper is organized as mitting in a shared spectrum provided that the follows. A thorough survey of existing cognitive noise or interference caused by the transmission radio architectures and problems are presented in is below an acceptable threshold of SNR. Section II. In Section III, a hierarchical spectrum Furthermore, the maximum distance at which sharing network architecture and the method of data can be received without errors is dictated by the acceptable signal-to-noise ratio (SNR) at a classifying available spectrum are proposed. Com- particular location. Herein, signal power is at- munication based on this network is described in tributed to the primary users and everything else Section IV. The reference protocol architecture and is characterized by the noise. our research on its protocol function blocks are As introduced in Section I, the spectrum hetero- discussed in Section V. Numerical results are used to geneity problem refers to spectrum availability evaluate the performance of HSS in Section VI. variations for different secondary users due to Finally, we conclude the article in Section VII. location and time differences. More specifically, mobility and traffic variations of primary users II. MOTIVATION also result in available spectrum fluctuation with both location and time at secondary users (or Cognitive radio network allows secondary users (or CRUs). In addition, interference constraints and CRUs) to make use of licensed spectrum to avoid reward obtained on each spectrum band could be harmful interference to primary users or unlicensed different due to non-uniformly partitioned spec- spectrum. In cognitive radio networks, secondary trum bands, differences in power constraints and users (or CRUs) can automatically detect spectrum associated technologies.

China Communications June 2007 39 Feature Articles: Communications & Information Security

III. HIERARCHICAL SPECTRUM HSS network consists of many cells, and each cell is SHARING NETWORK composed of one CRBS and many CRUs, as shown in Fig.1. Note that the scenario of opportunistic Because of cognitive radio spectrum heterogeneity, usage of spectrum is also described in Fig.1. The the available spectrum for one CRU may be unavail- components of HSS network are as follows: able to another CRU, and different transmission Cognitive radio users: CRUs with hierarchical power may bring out diversity for available spectrum. spectrum sharing capabilities are allowed to use the Generally speaking, the coverage radius of CRBS is licensed or unlicensed spectrum only in an opportu- larger than the distance between a CRU and its nistic manner. neighbor, therefore the communication between Cognitive radio base stations: CRBSs are fixed CRBS and CRU may require higher transmission infrastructure components with hierarchical spec- power than the communication between CRU and its trum sharing capabilities. CRBSs provide single hop neighbor. Consequently, quite a number of bands connection to CRUs. A CRU can access other cells which are not suitable for high power transmission or networks through this connection. between CRBS and CRU may be available for CRUs There are two communication modesthe point to transmit signals to their neighbors, especially in a to multi-point mode and the ad hoc mode in the HSS CR wide area network, such as IEEE 802.22 system. network. CRUs can either communicate with each Moreover, available bands for the low-power shar- other in a multi-hop manner or access the base ing are more plentiful than those for high-power station. Different communication modes adopt dif- sharing, because cognitive radios with low-power ferent available spectrum bands. Available spectrum sharing introduce lower interference to primary sys- bands in this network are classified into two tems through the transmission power restriction. A categories: TYPE I and TYPE II. TYPE I is generally network which enables direct communication be- with high power sharing and used for direct commu- tween CRUs with low-power sharing would im- nication between CRUs and CRBS, while TYPE II is prove spectral utilization by exploiting the spec- generally with low power sharing and used for direct trum heterogeneity. communication among CRUs. In other words, different types of available spectrum can be used in The HSS network architecture different scenarios in HSS networks. The method of classifying available spectrums is described in the Based on the above consideration, in order to extend next subsection. available spectrum bands and gain a better spectral utilization, we propose a hierarchical spectrum sharing (HSS) network, in which different spectrum bands are used for different scenarios. HSS network can be deployed both as an infrastructure network and an ad hoc network. It seems this architecture is similar to the xG in Section II, but there are differences between HSS and xG. The main difference is the distributed behavior under centralized control and the notion of hierarchical spectrum sharing. The distributed behavior under centralized control is described in a latter paper, while hierarchical spectrum sharing will be introduced in the following subsection. The Fig Hierarchical spectrum sharing network

40 China Communications June 2007 Feature Articles: Communications & Information Security

Method for classifying available spec- spectrum band is higher than the required minimum trum bands SNR, it indicates availability of this spectrum band for link 1. But for link 2, where node 1 also acts as In the CR network, whether a spectrum band is receiver, if SNR of node 1 on this spectrum band is available for CRUs depends on the allowable trans- lower than the required minimum SNR, this spec- mission power, channel conditions, environmental trum band is unavailable for link 2. So do link 3 and noise and PHY techniques such as modulation and link 4. That is to say, the availability of a spectrum coding. Therefore, the method of classifying avail- band for a node depends on the node itself as well as able spectrum bands is essential in implementation its communication counterparts. Or the spectrum of the HSS network. In our scheme, the criterion of availability is attributed to a certain link. identifying available spectrum is the SNR value, which is restricted by the interference temperature and interference temperature limit. Spectrum band availability is determined according to the interference temperature model, path loss and noise environment. Characteristics of different spectrum bands are derived through cognitive capability, and usable spectrum bands can be obtained consequently in the classification phase which is based on spectrum heterogeneity at different users. The method for classifying available spectrum bands in the HSS Fig The method of classifying available spectrum network consists of three main steps: Firstly, the maximum allowable received power of Through the above spectrum analysis process, we a node (note that the node can be a CRU or a CRBS) can acquire a set of available spectrum for a certain on a certain spectrum band is obtained based on the node. If the counterpart with which the node can interference temperature model. communicate directly is a CRBS, this available Secondly, the actual transmission power at each spectrum band is classified as TYPE I. If the commu- transmitter is computed using the received power nication counterpart is a CRU, this available spec- obtained in the previous step. trum band is classified as TYPE II. Available spec- Thirdly, the SNR at the node is acquired according trum bands of the node may be TYPE I, TPYE II, or to the actual transmission power obtained in the both. So the node can choose a type of available second step. Then the node can judge whether a spectrum bands according to its communication certain spectrum band is available for transmission counterparts. In other words, different types of avail- between this node and its surrounding nodes by able spectrum can be used in different scenarios. comparing the SNR with the minimum SNR for Consequently, available spectrum bands are extended reliable transmission. If the former is higher than the to a certain extent. latter, the two nodes can communicate directly on this spectrum band, i.e., this spectrum band is available for the specific link. IV. COMMUNICATION MECHANISM Let us use an example to explicitly illustrate the BASED ON HSS NETWORK process. Suppose that node 2, node 3, node 4 and node 5 are distributed around node 1, as shown in A general communication mechanism is not appli- Fig. 2. For link 1, node 2 is the transmitter while node cable to HSS networks. Therefore, in this section, we 1 is the receiver. If SNR of node 1 on a certain propose a selection rule for the communication

China Communications June 2007 41 Feature Articles: Communications & Information Security

scheme according to the traffic services property. In a hierarchical spectrum sharing network cell, multiple CRUs are managed by a single CRBS which operates as the main controller and access point to the core network. In a certain cell, CRUs are capable of communicating with both CRBSs and other CRUs directly using TYPE I bands and TYPE II bands, respectively. Four different kinds of communication scheme are applicable to HSS due to different traffic services. Traffic services are simply classified into real-time services with strict delay requirements and non-real-time services. The details are listed as Fig Communication based on HSS follows: Scheme 1: If the destination node (DN) belongs BS in a multi-hop way, as showed in Fig.3 (d). to the neighbor set of the source nodes (SN), it chooses direct communication that is not necessarily V. REFERENCE PROTOCOL transferred by CRBSs no matter the service is real- ARCHITECTURE time or non-real time. The direct communication between two CRUs reuses TYPE II spectrums in a In general, the major goals of defining suitable single-hop way, as showed in Fig.3 (a). reference architecture for cognitive radio are to guar- Scheme 2: If a DN does not belong to the antee both flexibility and efficiency. Based on the neighbor set of the SN but in the same cell as the SN, HSS network, we proposed the reference architec- and the communication between them is not very ture model depicted in Figure 4. urgent, they communicate in a multi-hop way without CRBS participation and other CRUs in the same cell can be used as relay nodes. The multi-hop communication among CRUs reuses TYPE II spectrums, as showed in Fig.3 (b). Scheme 3: There are two cases in this scheme. One case is that the DN is not in the same cell as the SN, such as the traffic that Fig Reference Protocol architecture connect to the core network; the other case is As shown in the figure, new functionalities are that the DN is in the same cell as the SN but not in the required in the proposed HSS network. In neighbor set, and the traffic is urgent. CRUs commu- summary, the main functions for HSS network nicate with CR-BS directly by reusing TYPE I are listed as follows: spectrums, as showed in Fig.3 (c). Scheme 4: In this case, all the CRUs in the cell Spectrum sensing can be regarded as relay nodes for transferring data on the TYPE II spectrum. The SN constantly searches An important requirement of the proposed HSS a route until the end node of the route path is able to network is to sense the available spectrum. The directly connect CR-BS with the TYPE I spectrum. spectrum sensing function enables the HSS network This scheme works when the DN is not in the same to adapt to its environment by detecting available cell as the SN. The SAP communicates with the CR- spectrum. The most efficient way to detect available

42 China Communications June 2007 Feature Articles: Communications & Information Security

spectrum is to detect the primary users that are resource as determined by the spectrum sensing and receiving data within the communication range of channel estimation. Orthogonal Frequency Division CRU. Generally, the spectrum sensing techniques Multiplex (OFDM) has been the main trend of PHY can be classified as transmitter detection, coopera- transmission techniques for data transmission due to tive detection, and interference-based detection [3]. its advantages, such as mature techniques, multi- Based on research on the existence spectrum sensing carrier characteristics and high spectrum efficiency. techniques, we propose a new distributed sensing While it is a promising transmission technique for data scheme by considering the reliability of local spec- transmission, we proposed OFDM-based transform trum sensing. We quantify the channel condition domain communication system (TDCS) as a promis- between the primary user and CRU with a parameter ing signaling transmission scheme in the HSS network. called “credibility”, and the information gathered at In our work, we rebuilt the signal model of TDCS, CRBS is made up of two parts: decision of each CRU proposed the OFDM-based TDCS, interleaved and its associated credibility. To effectively com- OFDM-based TDCS, and soft demodulation algo- bine these results from different CRUs, we apply rithms of OFDM-based TDCS signal [7] [8] [9]. Both the Dempster-Shafer’s (D-S) theory of evidence to make analytical and numerical results show that OFDM- a final decision at the CRBS [5]. Simulation results based TDCS has low implementation complexity show that significant improvement in detection prob- and can operate well in low SNR regions (-20dB in ability as well as reduction in false alarm rate is the IEEE 802.22 Profile C channel). More achieved by our proposal. specifically, the interleaved OFDM-based TDCS with hard demodulation serves as a candidate for Spectrum manager applications with stringent requirements on implementation complexity and loose requirements on For the proposed HSS network, the main functions emission power, while OFDM-based TDCS with of spectrum manager refer to allocating available soft-demodulation serves as a candidate for applica- spectrum resource to CRUs and managing utiliza- tions with stringent requirements on emission power tion of spectra. In other words, spectrum manager and loose requirements on implementation classifies the available spectrum based on the results complexity. Together with other inherent of spectrum sensing, and then allocates the different characteristics, such as compatibility with common types of spectra to different CRUs based on four OFDM schemes, low interception probability communication schemes. Two key goals of spec- properties, low data rate and longer coverage than trum allocation algorithms in HSS network are spec- UWB, OFDM-based TDCS is a promising signaling trum utilization and fairness. Specific combinations transmission scheme in cognitive radio. of these two goals form different utility functions, which tradeoff spectrum utilization and fairness. A Channel estimation parallel allocation algorithm is proposed, which is a modification of CSGC (Color Sensitive Graph The objective of channel estimation is to acquire the Coloring) algorithm [6]. Under the constraint of maxi- knowledge on the channel impulse response (CIR) in mizing system utilization, the parallel algorithm ob- order to accurately detect the received signals. The tains the same allocation matrix as CSGC, while most popular method to realize channel estimation is reducing the allocation period, so that it can be adapted based on pilot transmission, which involves periodic to the agile sense requirement of cognitive radio. transmission of a pilot (training sequence) known to the receiver. Firstly, the receiver obtains the channel Data transmission state information at the pilots, and then recovers the channel state information at all symbols using the HSS network is required to optimally use spectrum coherent characteristics of the radio channel. Pilot

China Communications June 2007 43 Feature Articles: Communications & Information Security

assisted channel estimation applied to OFDM-based during this process the CRU needs to ensure that its TDCS, semi-blind channel estimation including communication will not cause harmful interference kalman filter, particle filter and mixture kalman to primary users. The CBS flexibly manages CRU, filter, kalman filter channel estimation applied to obtains a reliable spectrum occupancy map of its space time block coding (STBC) system are cells and, if necessary, changes its operating discussed. We also present how to predict channel parameters. CRU also has many available ways to capacity according to channel coefficients and how report measured information to the CBS. to detect interference in the slow fading channel Further, we proposed one initial link establish- scenario. Several channel estimation methods based ment algorithm based on OFDM-based TDCS [12]. on noise reduction are proposed for OFDM-based This scheme can be used to implement protocols in TDCS, which performs well when the signal to noise both centralized and decentralized manners and can ratio (SNR) is very low. In time domain, time mov- potentially solve the common control channel prob- ing average, time forgetting average and the combi- lem in any ad-hoc network. Our idea is based on the nation of time average and time forgetting are pro- difference of spectrum masks at the transmitter posed to eliminate the impact of noise by using the and receiver. This type of discrepancy necessi- slow variation characteristic of slow fading channel. tates the exchange of sensing results. To fulfill the In IDFT transform domain, low-pass filter based exchange procedure, a transmission technique method is applied [10]. which is of low emission power, a long transmission distance, and robust BER performance in low Access SNR regions is desired. OFDM-based TDCS is just the perfect candidate. The access function aims to break the spectrum access barrier and enable networks and CRUs to Packet scheduling opportunistically access spectrum. In HSS network, an appropriate spectrum etiquette, which is a set of In order to let the resource allocation in cognitive rules regulating access to spectrum and its usage, is radio systems be of the adaptive capability to varying proposed to avoid interference and collision. The radio resources, we propose an adaptive packet sched- spectrum sharing scenario is currently characterized uling algorithm, which serves different traffic queues by a complete lack of mutual awareness of users with based on the QoS levels of each traffic queue and the potentially competing needs. And with the increase variation of available spectrums [13]. Generally, de- in complex service requirements, the problem can- manding strict QoS guarantees, the real-time traffics not be solved adequately by the previous spectrum have more impacts on the system performance than etiquette. Based on the above motivation, a coopera- non-real-time ones. Hence, the proposed algorithm tive spectrum etiquette for HSS network is proposed fits for the real-time traffics when there are not enough [11]. The basic concept of cooperative spectrum eti- resources to maintain the QoS level of real-time quette is that users of the spectrum intended to share traffics. Simulation results show that, compared with the related information depending on certain traditional packet scheduling algorithms, the pro- conditions. In our network model, a user can cooper- posed algorithm provides not only better QoS guaran- ate with other users, thus the behavior of cooperation ties for heterogeneous cognitive radio traffics, but also is equivalent to select less aggressive MAC param- higher system access capacity and spectrum efficiency. eters and is to benefit a user in case of cooperating users. Before a CRU can be serviced by a CBS, it Power control needs to enter the network and negotiate its capabilities with the CBS; this may include many tasks Since the CRU needs to ensure that its communica- between the CRU and the CBS. More importantly, tion will not cause harmful interference with primary

44 China Communications June 2007 Feature Articles: Communications & Information Security

users, power control should be developed.

Routing

As mentioned in section III, HSS network can be deployed both as an infrastructure network and an ad hoc network. That is to say, in HSS network with multi-hop communication requirements, novel routing algorithms should be developed. So far, our research concentrates on spectrum Fig Location and coverage a CR cell and licensed manager, access, spectrum sensing, packet system scheduling, and channel estimation. Other issues will be researched in next phase.

VI. NUMERICAL RESULTS

In this section, we present some numerical results to compare the performance of HSS with that of other techniques, which can extend available spectrums, such as Directional Antennas (DA) with beamforming and Power Control (PC). Consider the following network deployment. In a HSS cell, 48 CRUs are uniformly distributed. The location and coverage of a HSS cell and licensed sys- Fig Working time of licensed system tems which are licensed from channel CH1 to CH6 is shown in Fig. 5. Occupa- tion time distribution of the six channels is shown in Fig. 6, where high level values mean the specific channel is occupied by the licensed system at the specific time slot. Four scenarios are simulated: the original scheme, DA, a combination of DA and PC, and HSS. The number of available spectrum bands in the above scenarios is shown in Fig.7. If a channel band is available for N users, then it will be calculated N times, which is reasonable because N users may share the band with multiple access technologies, such as TDMA and CDMA. As shown in Fig. 6, HSS can provide a Fig The number of available bands with different approaches considerable extension to available spec-

China Communications June 2007 45 Feature Articles: Communications & Information Security

trums so that the spectral utility may be further improved. future work, we will address more issues, such as More specifically, compared with original network, spectrum handoff and routing. there are more bands available for users if Directional Antennas technique is adopted, while Power Control REFERENCES contributes little. HSS is the best scheme in extending available spectrums within the discussed schemes. [1] FCC Spectrum Policy Task Force, “Report of the spectrum efficiency group,” Nov., 2002. VII. CONCLUSION [2] J. Mitola, “Cognitive radio: An integrated agent architecture for software defined radio,” Doctor of CR technology is considered as a solution to the Technology, Royal Inst. Technology. (KTH), spectrum underutilization problem. In this paper, we Stockholm, Sweden, 2000. present the hierarchical spectrum sharing network, [3] I. F. Akyildiz et al., “NeXt Generation/Dy- which can be deployed both as an infrastructure namic Spectrum Access/Cognitive Radio Wireless network and an ad hoc network. Four kinds of Networks: A Survey,” http://www.elsevier.com/lo- communication scheme can be realized. By adding cate/comnet. the ad-hoc mode to a CR cell, CR users are capable [4] Federal Communications Commission, “Es- of sharing the licensed spectrum on a low power tablishment of interference temperature metric to level so that the spectrum efficiency can be further quantify and manage interference and to expand improved. Every node in a certain cell detects its available unlicensed operation in certain fixed mo- interference temperature and estimates the channel bile and satellite frequency bands,” ET Docket 03- state information (CSI) of every channel. Then it 289, Notice of Inquiry and Proposed Rulemaking, searches the best communication path and adopts four 2003. kinds of communication scheme introduced in this [5] Q.H. Peng, K. Zeng, J. Wang, and S.Q. Li, novel network. Simulation results in Section VI indi- “Credibility Combination for Distributed Spectrum cate that HSS can extend the available bands Sensing in Cognitive Radio,” The 17th Annual IEEE considerably. Based on the HSS architecture, a refer- International Symposium on Personal, Indoor and ence protocol architecture is proposed and subsequent Mobile Radio Communications (PIMRC’06), research on function protocol blocks, such as spec- Helsinki, Finland, 11-14 September 2006. trum sensing, spectrum manager and so on, is presented. [6] C.L. Liao, J. Chen, Y.X. Tang, and S.Q. Li, Although the available spectrum bands in the HSS “Parallel Algorithm of Spectrum Allocation in Cog- network can be extended considerably and spectrum nitive Radio,” Journal of electronics &information efficiency can be subsequently improved, dynamic technology, to be published. usage of the spectrum in the HSS network brings [7] C. Han, J. Wang, S.P. Gong and S.Q. Li, “Detec- about problems which need in-depth investigation. tion and Performance of the OFDM-based Transform For instance, the CRU needs to change its operating Domain Communication System,” The 4th International frequency when current channel conditions become Conference on Communications, Circuits and Systems worse or new primary users appear. The criteria of (ICCCAS 2006), Guilin, China, June 25-28, 2006. ensuring such changes to work smoothly and timely [8] C. Han, J. Wang, S.P. Gong, and S.Q. Li, “Per- to minimize the CRU performance degradation have formance of the OFDM-based Transform Domain not been thoroughly explored. Furthermore, in a Communication System in Cognitive Radio HSS network with multi-hop communication Contexts,” The 1st International Conference on Cog- requirements, unique characteristics of the spectrum nitive Radio Oriented Wireless Networks and Com- necessitate new routing algorithms. The work in this munications (CROWNCOM 2006), Mykonos Island, article represents a first step for HSS networks. In Greece, June 8-10, 2006.

46 China Communications June 2007 Feature Articles: Communications & Information Security

[9] C. Han, J. Wang, S.P. Gong and S.Q. Li, “Soft his M.S.E.E. at UESTC. His Demodulation of Transform Domain Communica- research is in the general area tion System Signals,” submitted to ICC 2007. of wireless communications, [10] S.P. Gong, J. Wang, C. Han, and S.Q. Li, including estimation and de- “Channel Estimation Applied to Transform Domain tection theory, information Communication System,” to be published. theory, wireless networking, [11] J. Chen, C.L. Liao, and S.Q. Li, “Cooperative cognitive radio PHY issues, and feasibility of cognitive Spectrum Etiquette for Cognitive Radio Network,” radio. ICWMMN, Hangzhou, China, 7-9 Nov., 2006 [12] C. Han, J. Wang, and S.Q. Li, “A Spectrum Chu Linliao received his Exchange Mechanism in Cognitive Radio Contexts,” B.S.E.E. degree from Univer- The 17th Annual IEEE International Symposium on sity of Electronic Science and Personal, Indoor and Mobile Radio Communications Technology of China (PIMRC’06), Helsinki, Finland, 11-14 September 2006. (UESTC), Chengdu, in 2004. [13] J.Y. Li, Z.J. Xu, B.Y. Xu, and S.Q. Li, “Adap- He is pursuing M.S.E.E. and tive Packet Scheduling Algorithm for Cognitive researching at National Key Radio System,” ICCT 2006. Lab of Communication in UESTC. His current research BIOGRAPHIES focuses on broadband wireless access, MAC protocol design and spectrum management in cognitive Jie Chen ([email protected]) has been an radio networks. assistant professor at Chongqing University of Shao Qianli received his B.S.E. degree in communi- Posts and Telecommunica- cation technology from tions (CQUPT), Chonqing, Northwest Institute of Tele- China, since 2004. She re- communication (Xidian ceived her B.S.E.E. degree University) in 1982 and M. and M.S.E.E. in wireless S.E. degree in Communica- communication engineering tion System from University from CQUPT in 1994 and of Electronic Science and 2002, respectively. She is pursuing her Ph.D. de- Technology of China (UESTC) in 1984. Now, he is a gree at University of Electronic Science and Tech- Professor, Ph.D supervisor, and director of Na- nology of China. Her current areas of interest tional Key Lab of Communication in UESTC, and he include wireless communication system architec- is a member of National High Technology R&D ture and protocol, radio resource management and Program (863 Program) Communications Group. cognitive radio networks. His research interests includes wireless information and communication theory, mobile and personal Chuan Han received his B.S.E.E. degree from communication, anti-interference technology in wire- University of Electronic Science and Technology of less communications, spread-spectrum and fre- China (UESTC), Chengdu, in 2004. He is pursuing quency-hopping technology.

China Communications June 2007 47 Feature Articles: Communications & Information Security

Security Measures Against CBRN Threats: Case Study Olympic Games

P. Stavroulakis, Professor, Technical University of Crete Greece [email protected]

ABSTRACT concern. Ntional security agencies analyzed the nature of terrorism and published several reports. The In this paper we present how an serious security latest developments shows that Terrorists prefer the relevant event can be taken care of duing Olympic so called "blind hits" which are extremely well Games. Remote healthcare treatment will be given organized therefore result multiple civilian deaths. to injured persons during nuclear radiological bio- Each attck is giving a clear political and geostrategical logical attacks or in the case of physical disasters. message to certain countries that actively or silently The "Emergency-112" wireless telemedicine plat- participate in coalition forces around the world. The form provides the hardware and software political and public community impact is huge, inrastructures in order to cope with the most extreme unpredicted and frequently creates political instabil- scenarios. A fully autonomous mobile system inter- ity [1]. These reasons make terrorist attacks to occur connects a group of injured persons with the expert frequently during World-class events and Olympic medical institution. The unlimited capabilities of the games. Similar cases experienced in Munich and system allows the Emergency-112 platform to be sed recently in Atlanta in 1996. Risk management strat- for rescue and surveillance operations regardless the egies interpret and analyze previous attacks in ordr to terrain or the weather conditions. A dynamic hybrid develop customized solutions to overtake such events. system monitors the available spectrum and actively The Emergency-112 telemedicine platform can be switches between different telecommunication ac- used for countermeasures against nuclear biological cess gateways. radiological or gas attacks. The proposed architec- Key words: emergency telemedicine, mobile and ture is capable of all operations with in the mbile unit. satellite comms, bandwidth allocation management, Therefore the system can be used for rescue opera- bioterrorism tions during physical catastrophes, that is earth- quakes followed by lethal Tsunami waves. Beyond I. INTRODUCTION telemedicine and rescue operations the Emergency- 112 unit can be used for surveillance and escort The terrorist attack in the World Trade Center in ervices for sea, air or ground based operations. September the 11th (2001) brought forward numer- An intelligent spectrum management technique ous outstanding security issues that require special switches outgoing traffic between fixed and mobile,

48 China Communications June 2007 Feature Articles: Communications & Information Security

broadband or narrowband telecommunication ac- remote interactivity is limited arisen due to the cess gateways with regard to the availability. State of narrowband capabilities that mobile networks the artarchitecture allows emergency issues, which provide. Terretrial infrastructures behave rather in- are encountered in rural and urban environments, to convenient due to increased probability for network be resolved immediately as if they were regular unavailability from network traffic overloading in incidents. The proposed implementation features the event of physical catastrophes. The scale and the vital electrophysiological telemetry in the parallel frequency of the events increased dramatically within transmissin with live video in environmental terrains the lat decade. For example remember the earth- that lack telecommunications infrastructure. quakes in eastern Turkey (1998 and 2002), Greece From 2001 the US Defence Threat Reduction (2001), India and Pakistan (2002, Shrilanka and Agency (DTRA) and the Federal Emergency Man- Indonesia in December 2004 followed by huge agement Agency (FEMA) spent $1.1 billion in Tsunamis. This results in population confusion and bioterrorism prompt expert computerzed systems [2]. telecommunications and lectricity networks break Greece in turn spent nearly 500 million Euros in the down. This was the case in 2001 Athens earthquake C4I Olympic security project. Mobile operation and and in New Year's Eve in the millennium. Although command centers provided computer decision sup- the telecommunication networks were all in tact up port systems (CDSS) in order to actively participate and running civilians created traffic overloading and in the case of biochemical and radilogical terrorism bottlenecks due to the smultaneous telephone calls in games time. The experience in the field of risk and SMS text messages. All mobile operators dropped management and in the security preparedness for the off every telephone call request and they expunged Olympics of 2004 makes the Emergrgency-112 unit every SMS message from the incoming and outgo- a cost effective, customized, reliable and robust ing buffer gateways. telemedicine solution for rescue andsurveillance provision to the public, VIPs and executive members of III. THE EMERGENCY-112 the IOC and IAAF committees. TELEMEDICINE FEATURES

II. VULNERABILITY IN The system is apable of prompt and expert medical TELEMEDICINE SYSTEMS care improving health care services at understaffed rural areas and out of coverage urban spots such as A very important issue that makes telemedicine the metro rail stations. The fields of interest of this systems vulnerable is the operating environment paper are Ambulances, Rural Health Centers (RHC), with regard to the eather conditions. The terrain is a Ships navgating in wide seas, Airplanes in flight and critical factor that limits the system capabilities other remote areas of interest that are common ex- because mountains, lakes, forests, the sea and the amples of possible emergency sites, while critical metro subway create dead areas that transeption is care telemetry and telemedicine home follow-ups not possible therefore there isn't coverage as far as are important issues of telemonitoring. To comply GSM, GPRS, G and the satellite are concerned. with differet growing application fields we created a People who travel by boat or by airplane spend most combined real-time and store and forward facility of the journey with no coverage because when the that consists of a base unit and a telemedicine-mobile ship/airplane departs the signal fades after 10 to 20 unit. This integrated system can be used to: kilometers in the line of sight. Passengers in the Handle emergency cases in ambulances, RHC, metro suffer sgnal fading due the thick concrete wall ships or airplanesby using the telemedicine unit at construction e.g. in the Sarin gas attack in the Tokyo the patient - emergency site and the expert's medi subway system in 1995 [3]. The second reason that cal consulting at the base unit.

China Communications June 2007 49 Feature Articles: Communications & Information Security

Enhance intensive health care provision by giving addresses the present connectivity [4] a portable base unit to the ICU doctor while the The mobile unit is composed of rugged modu- telemedicine unit is incorporated wit the ICU's in- lar components that work under extreme weather house telemetry system. conditions. The E-112 modular construction Enable home telemonitoring, by installing the suppots hot plug in addition to plug and play telemedicine unit at the patient's home while the base capabilities. unit remains at the physician's office or hospital. Provide the hardware and software foundations to 3.1 Emergency-112 mobile access produce full aboratory biochemical analysis in. gateway outdoors and areas of special interest e.g. the subway. The new architecture allows for simultaneous End user terminal operation. The system is composed of the primary unit, which behaves as an access gateway, and group of secondary devices that collect electrophysiological signals, transmit video, produce biochemical and gas analysis. The access gateway connects to a 2 Mbps satellite modem giving real time video streaming in the uplink and the downlink in additio to and biological signals monitoring. Figure 3 shows how the proposed satellite implementation achieves large-scale integration covering wide geographical rural envi- Fig Emergency GUI ronments that aren't covered from the present implementation. The Emergency-112 (E-112) unit allows the transmission of 3-12 lead ECG, SPO2, NIBP, IBP, Temp, still images and live video of the patient. Figure 1 shows a snapsho of the existing graphi- cal user interface (GUI). Data transmission is performed through GSM/GPRS/3G or TETRA mobile networks, through satellite links or POTS, ISDN, xDSL, LAN and WLAN in the local loop. Due to the need of soring and archiving of all data interchanged during the telemedicine sessions, the consulta- tion site is equipped with a multimedia database able to store and manage the data collected by the system. At present the Emergecy-112 work as a terminal device fo the End-user access. Figure 2 Fig Overview of the E functionality

50 China Communications June 2007 Feature Articles: Communications & Information Security

Fig E broadbandmultigateway formulation Fig Broadband access in the local loop

The server which is embedded in the Emergency- Two different user profiles are created, the admin- 112 primary unit generate multiple port connections istrator access gateway user and the user that trans- in order to broadcast parallel videos, vital biological mits data on the fly to the server. Multiple transmis- signals as well as additional information to different sions can have multiple receivers due t the TCP/IP stations based on te classification given by the E-112 stack that takes over the procedure. The E-112 server primary medical crew. The two Megabits per second performs all network related tasks, that is IP filtering, satellite link provides the physical over the air (OTA) store and forward, routing, initiation and termination interface that connects the primary unit to the remote procedures, user access rights and gateway switch administration host. over selection. Figure 4 simulates an underground idoors environment e.g. the metro subway in which groups of 3.2 Incidnt classification and priority allo- patients that are spaced apart but in relatively short cation distances create a WLAN regardless the terrain, the End-user in the secondary unit provides information technology infrastructure or the line of sight. Broad- about the injury in order the ambulance crew to rate band access in the local loop is acieved through the the severity of the emergency. Heavy injured pa- wireless Ethernet backbone where multiple users tients will be classified differently and they will be connect using the 802.11b/g standard. The E-112 given he highest priority for guaranteed data primary unit requires an RJ-45 fast Ethernet plug transmission. Active directories generate End user to be installed in the areas of great concern e.g. profiles so that a full record is maintained during and departure platforms, the escalators and he exit. after the telemedicine treatment. An intelligent tech- This contributes towards the generation of wire- nique allows End users to generate alarms in case the less "hotspots" and "hot areas" that provide broad- ptient's condition gets serious. Different levels of band local access. A scenario like this is not far from reality; assuming a gas attack in the lower alarms update in regular intervals a database that levels of the station; the primary E-112 is pluggd maintains the patient's medical record. Remote phy- directly to the Ethernet switch and the personnel sicians will log on to the primary E-112 server and a that carry the secondary E-112 navigates in "push-pull" service will upload the patients proile areas of high injury concentration. A mobile through a secure multilevel strongly encrypted VPN computer with a "Cepheid bioagent" detector connection [6]. Secondary users are given bandwidth scans the area for large-scale aerosol attacks based on the severity of the injury. An intelligent and reports back to the server [5]. bandwidth allocation routine running in the primary

China Communications June 2007 51 Feature Articles: Communications & Information Security

server, process parallel video transmissionsand al- telecommunication networks are chosen. The level of ters the bit rate respectively. the emergency denotes the network that is best preferred. The best solution is the most cost effctive option in 3.3 Video transmission terms of bandwidth availability and tariff charges. The system uses the primary satellite connection Live streaming can use UDP to compensate delays in in rural environments however in the case of large live video transmission or transmit video over IP/ cities GSM, GPRS, UMTS, and WLAN connections TCP in store and forward for guaranteed delivery. If are going to be used. The server unitperforms all the the primary crew decides that short vdeo clips must necessary software routines in order to supply the be recorded from an injured patient although the system with the appropriate bandwidth. The server emergency is given medium priority the server stores maintains the satellite for the downlink and switch the videos in the hard drive. When the highest between different uplink platforms. In the case of an priority emergency is cleared then stored video trans- emergency in the subway where te satellite is un- mission begins if there is remote requst. available the RJ-45 Ethernet port is enabled and 3.4 Picture quality and Bandwidth allocation connects the server to the LAN. The bandwidth can be as much as the Ethernet hub can give. Video transmission dissipates most of the system bandwidth; therefore bandwidth saving countermea- IV. TECHNOLOGY CONVERGENCE AND sures must be developed. The obvious solution is to CONTRIBUTION prohibit parallel video transmissions. To undertake tis problem the E-112 server degrades, in real-time, the E-112 is a hybrid system capable of compensating video picture quality within predetermined limits so dificulties regardless the geographical location. The that region of interests can be clearly retrieved in remote system converges existing technologies delivering locations. This technique minimizes video bandwidth modular and robust medical services to mobile users consumption allowing for additiona video streaming. in remote locations. The system provides increased 3.5 Access network switchover immunity against physical and human interactions. Te E-112 is a multi operational platform that can be One of the system novelties is the capability to used for medical support, for rescue, surveillance monitor the frequency spectrum for active telecom- and defense applications such as Anthrax smoke munication infrastructures. The system regularly detection and spays monitoring for aerosolised air- scans for active wireless access nodes, if a node is borne bacterial spores [7]. The system in a later spottd then alerts the server administrator. When the stagewill be enhanced with a low power MAC con- signal becomes strong enough to succeed the mini- trol protocol providing wireless medical multisensror mum signal to noise ratio then a second alert is monitoring for wearable products [8]. generated and informs the user that a connection can The E-112 provides the hardware infrastructure to be achieved. The administrator either activates the connect to every available public access network and lineor discards the message however if more than if needed to govenment TETRA networks (Police one networks are available the administrator decides and Fire department). The system works in stand- which of these networks are most suitable to use. alone operation or as integral part of a greater turn- Network selection depends upon the emergency key solution. The modular implementation and the status, if there is a life threatening injury the system technology architecture allow the E-112 unit to op- decids to activate the satellite modem. If the patient's erate in 24/7 basis and/orfor redundancy purposes condition is serious but not critical then terrestrial during life threatening conditions.

52 China Communications June 2007 Feature Articles: Communications & Information Security

REFERENCES Oakland University until 1981 when he joined ATT [1] L. Kun. Kikuchi, M. Ishihara, "Homeland International and subse- Security: The Possible, Probable, and Perils of Infor- quently NYNEX Interna- mation Technology", Engineering in Medicine & tional until 1990. In may Biology magazine, IEEE, Vol 21, pp28-33 2002 1990, he was elected at the [2] L. Kun, D. Bray,"Information Infrastructure Technical University of Crete Tools for Bioterrorism Preparedness", Engineering (TUC) Greece as a full Pro- in Medicine & Biology magazine, IEEE, Vol 21, fessor of Electrical Engineering. He is a member of pp69-85, 2002 the Editorial Board of the International Journal of [3] M. Kikuchi, M. Ishihara, "Biomedical Communications systems , the International Journal Engineering's Contribution to Defending the of Satellite Systems and China Communications and Homelad", Engineering in Medicine & Biology has been a reviewer for many Technical Interna- magazine, IEEE, Vol 23, pp175-186, 2004 tional Journals. His research interests has been [4] E. Kyriacou, S. Pavlopoulos, D. Koutsouris, focused on the application of various heuristic meth- "Multi-purpose HealthCare Telemedicine System with ods on Telecommunications, including Neural mobile communication link support", http://www. Networks, Fuzzy Systems and Genetic Algorithms biomedical-engineering-online.cm/content/2/1/7 and also in the development of new modulation [5] Elizabeth A. Bretz, "9/11 One year later", techniques applicable to Mobile and Wireless Spectrum magazine, IEEE, Vol 39, pp38, 2002 Systems. His current research has been in the appli- [6] A. Georgoulas, A. Bourka, D. Polemi, D. cation of Chaos and Interference Reduction Tech- Koutsouris "RESHEN, a best practice approach for niques in the design of secure communication systems. secure healthcare networks in Europe" Advanced Health OLYMPIC GAMES AND SECURITY NET- Tlematics and Telemedicine (IOS) Textbook, Vol. 96 WORK EXPERIENCE [7] S. Luxminarayan, G. Kun, M. Kikuchi, M. Professor Stavroulakis as a technical Director of Ishihara, "Combating bioterrorism with bioengineering, Engineering in Medicine & Biology NYNEX for Europe was responsible for the Design magazine, IEEE, Vol 21, pp21-27, 2002 of the Telecom and information Network of the [8] I. E. Lamprinos, A. Prentza,E. Sakka, D. Winter Olympics in France in 1986. He has co- Koutsouris "A Low Power Medium Access Control organized an International conference held in Protocol for Wireless Medical Sensor Networks" CHINA in October 2005 which dealt with the Proceedings of the 26th IEEE EMBS conference, application of Wireless Systems in large Telecom San Francisco, USA (2004) systems and was totally responsible for the Work- shop on the Olympics Games Security Networks. He was also responsible for the techno- economic BIOGRAPHIES evaluation of the security network used for the Athens Olympics2004 leading a team of Peter Stavroulakis received his BS and Ph.D. professionals. He is also expected to play a major degrees from New York University in 1969 and 1973 role in the future applications of security networks respectively and his MS degree from California using TETRA on a European basis because of his Institute of Technology in 1970. He joined Bell recognized expertise in this area. His upcoming Laboratories in 1973 and worked until 1979 when he book to be published by Springer tilted: TETRA: A joined Oakland University in Rochester Michigan as GLOBAL SECURITY TOOL is expected to be out an associate Professor of Engineering. He worked at in the spring of 2007.

China Communications June 2007 53 Feature Articles: Communications & Information Security

Customized Biometric Architecture for Access Control in Stadiums based on Federated Identities

Christos K. Dimitriadis, Peter Stavroulakis, D. Polemi University of Piraeus, 80 A. Dimitriou, 18534 Piraeus, Greece [email protected]

ABSTRACT weaknesses [1]. Although biomerics have been deployed in pilot systems for protecting access to This paper, resents a system called Athlos2, which athletic events in the past, no integrated solution has implements strong access control for athletic events, been proposed taking into account the related secu- enhancing the safety feeling of event spectators. rity standards and no complete studies ever proven Athlos2 integrates intelligent biometric access con- the benefits of such deployments trol systems and smart cards, under a protocol that This paper, describes a system called Athlos2 that complies ith the specification of the Liberty Alliance implements strong access control for athletic events. project for federated identities. A pilot version of The system integrates intelligent biometric access Athlos2 was deployed and tested in terms of control systems and smart cards, under the specifica- acceptability, information security and performance. tions of the Liberty Alliance project for fedeated Key words: physical access control, security, identities. Since security and user acceptance are biometrics, ahletic events contradictory factors in such applications, the pilot version of Athlos2 was deployed and tested in terms of these two aspects. INTRODUCTION The paper is organized in eight main sections, excluding the introductin and conclusions. The first Security, as a factor that influences the sports fan main section presents the state of the art re- psychology, is of paramount importance for the garding access control and monitoring in ath- success of athletic events. Modern biometric tech- letic events, while the second presents the nologies provide enhanced security levels by intro- underlying technologies of Athlos2. The third ducing a new dimension in th authentication process and fourth main sections present the applicatio called "proof by property". However, the design and scenarios and the system architecture. Sec- deployment of a security architecture incorporating tions five to nine, present the testing environ- biometric technologies hides many pitfalls, which ment and the results of acceptance and secu- when underestimated can lead to major security rity evaluation.

54 China Communications June 2007 Feature Articles: Communications & Information Security

II. SECURITY IN ATHLETIC EVENTS way to profile their sport fans and ccredited persons in an attempt to drive revenue, improve the game During the recent years, the traditional stadium ac- environment and provide the greater security in cess control measures, suc as ticket checking from order to better control the flow of crowds from security officers, have been enhanced by technologi- possible crisis situations around and in the stadiums. cal security measures such as ID cards for season- This was a centralized authenticationsolution, using ticket holders, CCTV camera systems, RFID smart personalised smart cards. Similar systems have been card technologies and biometrics. adopted by the Belgian Football and PSV Eindhoven During the Athens 2004 Olympic Games, almost Stadiums. In the Cricket World Cup (South Africa, 70000 security personnel was overseeing the event, 2003) bar coded tickets were deployed, using a two- with the help of technology. More than 1,100 poles dimensional barcode, which cannot beduplicated or topped with video cameras, speakers and micro- forged [6]. The system handled 825.000 ticket sales. phones created a distributed net of surveillance posts The bar code allowed for scanning and verification aimed at locating disturbances quickly [2]. Barcode through a sophisticated venue access control system, scaners and ID cards allowed athletes and trainers which in turn generated a customer database holding into the Olympic Village. In Sydney 2000 Olympic valuable information on all tickt purchasers. In Games, a security system integrated with intelligent addition, all stadiums were monitored with CCTV, camera functions was deployed, in order to provide (eight cameras per event) and had full digital re- security, surveillance and access control [3]. The cording facilities. sysems consisted of the combination of security, The various systems that were implemented proved CCTV Switcher, Smart Card Access Control and that technology consists of an integral part in the Photo Identification Systems and provided a total athletic events. Sch systems fulfil the requirements solution to monitor and report on all activities. of the organisers, but there are not always effective Furthermore, in the Commonwealth 2002 Games in and efficient in large-scale athletic events, mainly Manchester, a secrity system protected almost 6,000 because there is not a tested integrated system for athletes and officials representing 72 countries and strong authentication. In 2002 World cup in South territories [4]. The system involved the installation of Korea, all tadiums were monitored with CCTV a sophisticated CCTV system that included 79 cam- cameras. A problem occurred causing delays eras in the athletics stadium, which enabled Greater and many fans were unable to enter in time. It Mancheste Police to zoom in on every single person was recognized that such incidents wouldn't in attendance. There were also installed an access have occurred if an effective access control control system with intruder alarms, fire alarms and system was developed [7]. an emergency telephone network in the main stadium. The Millennium Stadium also completed a £2.8 III. UNDERLYING TECHNOOGIES million projct, to supply and install systems for crisis management such as fire detection, security and Biometrics is the core technology of Athlos2. The CCTV and PAVA (Public Address Voice Alarm), as biometric technology has been recognized as a key well as a system for the distribution of radio, technology for improving security and trust in differ- television, data and telephone signals [5]. ent fields of modern society [8]. Biometrics are de- Biometrics and smart cad technology is widely fined as the automatic use of human physiologcal or used during athletic events of known stadiums inside behavioral characteristics to determine or verify an the UK. Manchester City Football Stadium, Crystal identity [9]. The system conducts a measurement of Palace, England Rugby Supporters, Chelsea and the features of the user, encodes the data creating a Bolton Wanderers have come up with a high-tech template and compares it against a physical mea-

China Communications June 2007 55 Feature Articles: Communications & Information Security

surement from the user each time accessing he sys- RFID) smart cards. Apart from its technical tem is attempted. The most widespread biometric advantages, the wireless technology offers also to technology in today's markets is fingerprint recogni- the issuer and the holde of the card some interesting tion [10]. The sensor's size is conveniently small (area new applications [11]. For example, the contactless of a few square centimetres, thickness of a few cards do not need to be imported essentially in a card millimetres), enabling easy incorporation ino any reader, since there are RFID reading systems that fixed or mobile terminal and the weight of the sensor function in a distance of up to one meter. This is a big is negligible. Reusability on a wide scale is possible advantage i access control systems where a door or through the use of different encodings and under- a circular gate should be opened, since the granting goes continuous improvement as standardisation is of access of an individual can be checked without the gradually taking effect. Fingerprint recogition sys- requirement of the card to be removed from the tems fit quite well as an integral part of any fixed or wallet or the pocket and to be inserted into the reader. mobile terminal. For all the above reasons, finger- An etensive range of applications for this technology print technologies have achieved the dominant posi- is the public transportation systems, in which a big tion in the year 2005 in terms of total revenue, number of passengers should be identified in a very achieving approximately 48% of the total iometric short time interval. In addition, the wireless technol- market [10]. The biometric component of the system ogy is suitable in systems that require the deiberate takes into account all relevant aspects including import of the card into a reader, since it is not technological, societal and legal issues. More spe- important how the contactless card will be inserted cifically security, performance, privacy, into the reader. This is in contrast to case of the standardization, scalability, responsibility, magnetic or smart cards with contacts, that function interoprability, usability, acceptability and liability only if they are inserted in a consisten way. This issues, were studied, targeting to the development freedom of the orientation restrictions simplifies the of a biometric component that meets all necessary operation and increases the user acceptance [12]. Apart state-of-the-art specifications. This was accom- from the simplicity of use, this solution is attractive plished by the exploitation of results of research because it considerably decreases the danger of project, such as FP6-001766 (BIOSEC) "Biomet- vandalism (for example, with he placement of chew- rics and Security". ing gum or glue in the slot of the reader). Up to now, The smart cards that use contacts are in line with the wireless cards have been mainly used for the the guidelines determined in the Standard of ISO public transportation systems, acting as electronic 7816 Part 1. The reliability of these smart cards has tickets. These systems currently employ single-use been improved constantly during the previousyears, cards, that are cheap to devlop. Nevertheless, there is because of the increasing experience in the manufac- an increasing demand for the incorporation of addi- turing of such cards. On the other hand, the contacts tional features into the electronic ticket. For this remain one of the more frequent sources of problems reason, the employment multi-use RFID cards with in electromagnetic systems. For example, some prob- incorporated microprocessors will be increased in lems can result from the attrition of conact. Since the the near future. contacts, placed in the surface of card are connected immediately with the inputs of the integrated circuit that is incorporated in the card, there is a danger of IV. APPLICATON SCENARIO damage or even destruction of the integrated circuit from the electromagneticdischarges - load of enough A possible application scenario is the following: thousands of volts is not infrequent. These technical The sports fans are provided with an RFID smart problems are overcome with the contactless (wireless, card including their access rights in a specific sta-

56 China Communications June 2007 Feature Articles: Communications & Information Security

dium zone. These users have to present their official should request identity services, in order to pro identity documents to identify themselvs to a regis- vide authorization or not to a specificsports fan. tration authority. When the sports fan, purchases a Identity Provider (IdP): A Liberty-enabled entity ticket for visiting an athletic event, their access rights that manages identity information on behalf of the are automatically updated for the specific time and users and provides assertions of user authentica space zone that the athletic event takes place. This tion to a number of PAS. IdP hosts a database with step also includes a query n a biometric database to the authorization attributes of the sportsfans, which establish the uniqueness of the user's claim. If the are updated per event. For example, for a specific application for registration is accepted and the user is event at a specific time and at a specific stadium, identified as unique, the system creates a user record certain sports fans should have access. These access with the necessary information, including the unique attributes are held by IdP and provided on demand. identifier.Biometric measurements are conducted The Liberty Alliance specifications [17], describe and a biometric template is created, realizing the that the communication between the entities should biometric enrollment process. The biometric data be secured, proposing the use of certificates for are securely managed by official procedures based encrypting and digitally signing the exchanged mes- on international standards and best practices such as sages for preserving confidentiality and availability. [18] or the upoming standards of the ISO JTC1 SC37 Athlos2 realizes a modular and distibuted on biometrics. An RFID smartcard is personalized architecture, in order to achieve maximum and delivered to the user containing the user's bio- interoperability, scalability and extensibility. The metric template, in symmetrically encrypted form, message sequence chart of Athlos2 is depicted in as well as a key pair (public and private key). figure 1.

V. PROTOCOL DESCRIPTION

Athlos2 is compliant to the federated identity management principles of the Liberty Alliance project [17]. The purpose of using federated identities is Fig Athlos message sequence diagram basically system scalability and extensibility, since a Athos 2 consists of the following steps: central access repository (ticket provider) maybe 1. The uer proceeds to a predetermined stadium needed to serve several stadiums. Security is another gate and interacts with the LGAC, by using his/her reason for using federated identities, since the Lib- smartcard and by providing a biometric sample. The erty Alliance specifications are designed in order to biometric sample is processed by the biometric preserve the confidentiality of the user's identity, system, which is embedded in the LGAC, producing by deploying a secure token and temporay iden- a biometric templae. The biometric template is com- tity exchange mechanism. The following entities pared with the one stored in the user's smartcard. are involved: User (or Principal): The sports fan. 2. If matching is positive, the LGAC sends to the The Local Gate Access Controller (LGAC): A PAS a User Identification Number (UID), as well as system which controls access at a specific gate of the signature (Suid) of that UID, both produced by the stadium. the smartcard - thesignature is produced by using Physical Access Server (PAS): This is a entralized the user's private key stored in the smartcard. Com- server which controls the gates of the stadium and munication between the two entities is realized provides authorization for access. This system acts through a pre-established mutually authenticated as a service provider, in Liberty Alliance terms and SSL/TLS channel.

China Communications June 2007 57 Feature Articles: Communications & Information Security

3. The PAS forwards to IdP, the UID and Suid, the overall biometric operation. through anothr pre-established mutually authenti- Cryptographic Algorith: This algorithm is respon cated SSL/TLS channel created between the PAS sible for the cryptographic functions required and the IdP. for establishing a secure channel between LGAC 4. IdP receives the UID and Suid, retrieves the and PAS. users public key by using UID and validates the Network Interface: Responsible for the communi signature. If the signature validation is successful, cation of LGAC and PAS. the IdP sens the user's attributes to the PAS. The Display: Presents the results of the system attributes describe access rights for a specific event operation. at a specific time and for a specific gate of a specific SmartCard Reader: An interface be tween the stadium. smartcard and LGAC. 5. The PAS receives the attributes and if they As far as the biometric process is concerned, the correspond to its identity at a specific time, t provides software implements the functions depicted in figure 3. authorization to the LGAC for providing access to the user.

VI. LGAC DESCRIPTION

We focus on the biometric process, presenting the entity that hosts it (LGAC). Figure 2 presents the Fig Biometric Process component diagram of LGAC. The biometric process is described below: The raw biometrc data are captured by the sensor: A' in the case of enrolment and A in the case of normal access control. The f function implements feature extraction and encoding. It produces T= f (A), where T is the biometric template and A the raw biometric data. Ths process is also implemented during user's enrolment, producing value T' by applying function f to A'. Value T' is securely stored in the smartcard. T and T' are compared, producing a matching result (m). Fig Biometric System Component Digram D=d(m), where D is a binary value of the decisin taken (proceed or not to step 2 of the protocol), by LGAC comprises of the following parts: processing the matching result through the use of Biometric Sensor: This sensor receives raw bio a decision function d. This function may be config metric data from the user. ured in order to make the system more or less strict. Feature Extractor: The raw biometric data are trans For example, we could configure d to produce formed to one-way biometric templates, by imple apositive result if m>60%. menting a function that extracts and ncodes spe cific details from the raw biometric data. Matching Algorithm: This algorithm matches bio VII. TESTING ENVIRONMENT metric templates and produces a matching result. Application: The application that has control of A pilot version of Athlos2 was implemented in a

58 China Communications June 2007 Feature Articles: Communications & Information Security

stadium hosting athletic events, including basketball metrics and more generally Athlos2. The question- games, athletics and gymnastics. The intelligent naire was answered in three phases: before inform- access control system is composed of LGAC termi- ing the user regarding the operation of Athlos2, after nals with ebedded fingerprint biometric devices, informing the uer and finally after the user was which are located in the entrances of the stadium, as enrolled and tested the system in practice, during an well as RFID smart card readers placed in the zone athletic event. borders of the stadium and at the entrances. The During the first phase, the acceptance of biomet- terminals communicate with a central server (PAS) rics was relatively high amongst the participants. through a locl area network. Another central server The overall mean of the attitude was 3,24 measured hosts the attribute administration system (IdP) in- i a five-point scale (1=negative, 2=quite negative, cluding a database filled with access privileges for 3=neutral, 4=quite positive, 5=positive). Similarly, sports fans. All servers were located in secure offices, the acceptance of Athlos2 in total was high, with an while user enrolment took place after informing the overall mean of 4,01 measured in the same scale as user through the Internet and on-spot, in a secure above. During the second phase, the acceptanc of office by the ticket booth. Since similar systems were biometrics was even higher amongst the participants. described and introduced in the past, the pilot opera- The overall mean of the attitude was 4,14. Similarly, tion focused on the factors that are mostly questioned the acceptance of Athlos2 in total was high, with an and doubted - security and user acceptance. overall mean of 4,68 measured in the same scale as above. The main reason for this increae in user VIII. ACEPTANCE TESTING acceptance, was that the users' privacy concerns, especially regarding the collection and use of biometric data were minimized, after being informed of For testing the acceptance and usability of the Athlos2 the operation of the system and especially regarding pilot system, an extended version of the Davis' the fact that the users carry within ther smartcards Technology Acceptance Model was deployed [13]. their own biometric data in encoded and ecrypted TAM contains two dimensions: usefulness (divided forms, while no storage takes place in any central into accomplishment and efficiency) an ease of use database. During the last phase, the acceptance and (divided into learnability, control and mental effort). usability of biometrics had an overall mean of 4,43, The extension to the TAM was provided by Amberg while the acceptance and usability ofAthlos2 has a et al. [14]. They introduced an Acceptance Model for mean of 4,77 measured in the same scale as above. the Analysis and Design of Innovative Technologies The participants recognized the benefits of the sys- (DART) including dimensions of peceived ease of use, perceived usefulness, perceived network effects tem and reported that it would increase their level of and perceived costs. security while attending an athletic event, without Based on DART, a survey regarding acceptance compromising issues, such as usablity and privacy. and usability of Athlos2 was conducted, focusing on the biometric access control system, taking into IX. INFORMATION SECURITY AND account possible priacy consideration of the users. A PRIVACY ASSESSMENT total of 110 participants, 45% female and 55% male filled the questionnaire, during a 2 month period. Risk analysis was conducted, during the implemen- Their age varied between 18-65 years. Most partici- tation of Athlos2, for evaluating its security level, pants were familiar with the use of automated systems. focusing on the use of biometrics and RFID smart The aims ofthe study were to investigate partici- cards, in relation to the users personal bometric data. pants' acceptance and general attitudes towards bio- For this purpose a specialized methodology and

China Communications June 2007 59 Feature Articles: Communications & Information Security

knowledgebase of vulnerabilities, risk and coun- This vulnerability was addressed, since termeasures for security and privacy was deployed enrolment, administration and system use was [15]. The vulnerabilities addressed by Athlos2 are implemented according to international stan- [18] described below. dards nd best practices . Server based architectures, where the biometric The utilization of the templte in two or more templates are stored centrally inherit the vulner- applications with different security levels (i.e. abilities of such systems. A possible attack can be convenience applications and security applications) realized when the impostor inserts his template in tends to equalize these security levels, by decreas- the system under someone else' name, or attacks ing the higher security level to the lower one - if a the central database in order to breach the confi- template is compromised in oneapplication, it can dentiality or user data. This vulnerability was be used for gaining access to the other. The bio- addressed, since the template was stored in the metric algorithm of Athlos2 is custom, producing protected memory of the smart card. unique biometric templates hence this vulnerabil- Data could be captured from a communication ity was addressed. channel, beween the various components of a Capturing the power consumption of a chip can biometric system, in order to be replayed at an- reveal the software coderunning on the chip, even other time for gaining access. This vulnerability the actual command. The application of Simple was addressed, since the biometric component Power Analysis and Differential Power Analysis was limited in a hardware security module, with techniques is possible to break the matching mecha- physical security countermeasureimplemented and nism of the biometric system or reveal the biomet- the environment was controlled by the personnel ric template stored in smart card. Tiing attacks are of the stadium. similar and measure the processing time instead of Off-limit power fluctuation or flooding of a bio- the power consumption. The RFID smart card had metric sensor with noise data - for example flash- countermeasures implemented against these types ing light on an optical sensor, changing the tem- of attacks, including low power consumption chips, perature or humidity of the fngerprint sensor, noise generators and time-neutral code desgn. spraying materials on the surface of a sensor or Poor biometric implementations are vulnerable to vibrating the sensor outside its limits - might cause spoofing and mimicry attacks. An artificial finger the biometric device to fail. Since the correspond- made of commercially available silicon or gelatin, ing part of the security policy implementation can deceive a fingerprint biometric sensor. This ensured a controlled environment for he biometric vulnerability is addressed, since vitality detectin devices. features were implemented in the fingerprint sen- The residual biometric characteristic of a user on sor and the environment was controlled by a guard. the sensor may be sufficient to allow access to an Poor enrolment, system administration and sys- impostor (e.g. a fingerprint the sensor). The attack tem use procedures, expose the biometric system. During the enrolment phase, raw biometric data is realized on a fingerprint sensor with a residual and biometri templates can be compromised and fingerprint from the prevous measurement, by databases can be altered or filled with imprecise pressing a thin plastic bag of warm water on the user data. Poor system administration procedures, sensor, by breathing on the sensor or by using dust in addition to the above, might lead to altered with graphite, attaching a tape to the dust and system configuration files, with decreased False pressing the sensor. This vulnerability was Acceptance Rates, makingfalse acceptance easier, addressed, since the sensor deployed was cpacital thus security weaker. Similarly, a user might and not applicable to these types of attacks. Fur- exceed his/her authority, threatening the system. thermore the environment is controlled by

60 China Communications June 2007 Feature Articles: Communications & Information Security

personnel, not permitting such attacks. security and performance.Acceptability was a very A user having a similar template or a similar important factor, since the deployment of biometrics characteristic with a legitimate one, might deceive usually have a negative impact to the public due to the system, especally in identification applications, the consideration of privacy issues. The acceptance where one to many template comparisons are assessment however, revealed that especially after conducted. This vulnerability was addressed, since informing the users rearding the system operation, the algorithm performance had adequate perfor- biometrics were not only accepted by the users but mance references, according to international best also recognized as a mean to increase security and practices for performance tesing [16]. relief users from the anxiety of incidents during an The impostor may continuously attempt to enter athletic event. System security was mainly fo- the system, by sending incrementally increased cused on the biometric comonent of the pilot matching data to the matching function until a implementation. A specialized methodology was successful score is accomplished. Biometrics how- deployed for assessing the risk of the biometric ever are more resistant to this attack, than traditiona component of Athlos2 and all necessary counter- systems, since the impostor has to find a way to measures were developed within the system in insert the trial data to the system, thus combine order to address all known vulnerabilities. this vulnerability with one of those described Futurework, involves a full deployment of the above. This vulnerability was addressed, since system and the system testing in athletic events of the environment is controlled by personnel, not different types. permitting suh attacks. Regarding the remainder of the infrastructure, a security study was conducted, including a vulner- REFERENCES ability assessment for the network elements, the database, the operating systems, the applications and [1] Dimitriadis, C., Polemi, D.: Biometrics -Risks the servers. All necessary network security ontrols and Controls. Information Systems Control Journal were deployed, including firewalling and intrusion (ISACA), vol.4 (2004) 41-43 detection systems, as well as network device harden- [2] Athens 204 Olympic Games Security, SAIC ing and the deployment of secure network protocols. Magazine (2004) http://www.saic.com/news/ The database security controls were deployed ac- saicmag/2003-summer/olympics.html cording to best practices, for realizing confientiality, [3] Sydney 2000 Olympic Games Security, IN- integrity and availability especially for the user data. FRA (2000) http://www.infra.com.au/ Operating system hardening and application level SuccessStories/Sydney2000.asp countermeasures were also deployed, implement- [4] Security tight for games, BBC Sports (2002) ing a standard security policy. The security policy http://news.bbc.co.uk/sport3/common- also covered security organization issuesand per- wealthgames2002/hi/front_page/newsid_2146000/ sonnel procedures, being compatible with ISO/ 2146550.stm IEC 17799:2005: Information technology - Secu- [5] Millenium Stadium Security, (2004) http:// rity techniques - Code of practice for information www.sportsvenue-technology.com/projects/cardiff/ security management. [6] Cricket Word Cup South Africa Security (2003) http://www.cricketsecuriy.co.za/ X. CONCLUSIONS [7] 2002 World cup in South Korea - Starting the new year off (2002) http://blog.case.edu/james. Athlos2 was evaluated in terms of acceptability, chang/general/index

China Communications June 2007 61 Feature Articles: Communications & Information Security

[8] Bolle, R.: Guide to Biometrics. Springer Pro- BIOGRAPHIES fessional Computing, 2004. [9] Biometric vocabulary corpus, ISO/IEC JTC1, Dr. Christos Dimitriadis, is a SC37/SG1, 2004. researcher at the University of [10] International Biometric Group's Biometrics Piraeus, specialized in Market and Industry Report 2004-2008 prevention, detection and re- [11] Paret, D.: RFID and Contactless Smart Card sponse IT security mechanisms. Applications. John Wiley & Sons (2005) He has been invited by several [12] Finkenzellen, K.: RFID Handbook : Funda- organizations to provide lectures, including the ITU, mentals and Applications in Contactless Smart Card US-NIST and several agencies of the European and Identification. John Wiley & Sons (2003) [13] Davis, F., D.: User acceptance of information Union. Dr. Dimitriadis has 33 publications in the technology. Internation journal of Man-Machine area of IT security. His research interests include 3G Studies, vol. 38, 475-487 (1993) and 4G security architectures, identity management [14] Amberg, M., Hirchmeier, M., Schobert, D.: (founding member of the Mobile-Government Study DART - an acceptance model for the anlysis and Group - MGSG), honeynets and security protocol design of innovative technologies (2002) design and testing. Dr. Dimitriadis received a di- [15] Dimitriadis, C., Polemi, D.: Application of ploma of Electrical and Computer Engineering from multi-criteria analysis for the creation of a risk as- the University of Patras-Greece, a PhD on IT secu- sessment knowledgebase for biometric systems. rity from the University of Piraeus-Greece and is a Lecture Notes in Computer Science, Vol. 3072, Certified Information Security Manager (CISM) and Springer-Verlag (ISBN: 3-540-22146-8), ICBA, Certified Information Systems Auditor (CISA) from Hong Kong, China (2004) 724-730 the Information Systems Audit and Control Associa- [16] Wayman, J, Jain, A.K., Maltoni, D., Maio, D.: Biometric Systems : Technology, Design and Per- tion (ISACA). formance Evaluation. Springer (2004) [17] Liberty Alliance: Liberty ID-FF Bindings and NOTE Profiles Specification (2006) [18] ANSI X9.84 – Biometric Information Man- Prof. Peter Stavroulakis’s picture and CV is on agement and Security page 53.

62 China Communications June 2007 Feature Articles: Communications & Information Security

Simulation of Propagation Loss Models and Antenna Designs for Naval Troposcatter and Tropospheric Duct Communications

Nikos J. Farsaris (*), Prof. Peter P. Stavroulakis (**) (*) Aristotle's University of Thessaloniki Faculty of Electrical Engineering, Tele- communications Department. E-Mail: [email protected] (**) Technical University of Crete Electronic and Computer Engineering Department, Systems Sector, E-Mail, [email protected]

ABSTRACT operation. Then appropriate antenna design proposals are given to overcome the high propagation loss Tropospheric Scattering (Troposcatter) and Tropo- and minimize possible interferences. spheric Ducting are two different mechanisms due to Key words: naval communications, tropospheric in-homogenoueties in the lower part of the Earths scattering, tropospheric ducting atmosphere. Their common influence in propagation of microwaves is studied here in order to achieve I. INTRODUCTION – AN OVERVIEW. a feasible naval communication system. Although not new, Troposcatter together with Tropospheric Although INMARSAT and other satellite communi- Ducting communications are regaining popularity in cation networks are the main providers of today’s current military and civil applications such as iso- naval communication, there are certain limitations in lated islands and oil extraction facilities in the open operational cost or data security that cannot be met. sea. The innovation proposed here is the application Especially where sensitive data are involved (e.g. of such systems in naval communications where at least one of the stations is mobile. Several propaga- military or telemedicine information), the use of a tion together with fading models are simulated using channel that may be put out of service at provider’s appropriate programs and scientific simulation pack- will, is not desirable. Of course alternative long- ets in order to predict maximum range of such range communication mechanisms such as HF iono- communication systems in each dominant mode of spheric refraction are still operable. Their main

China Communications June 2007 63 Feature Articles: Communications & Information Security

advantage is an extremely long range (4000km with a single hop) but their main disadvantage is (2) their bandwidth, which for an HF channel never exceeds 20KHz. (3) Another alternative is the use of troposcatter links between ships or between a ship and a land base For liquid water: a=6.1121, b=617.502, c=240.97 station (LBS). Although troposcatter systems have and for ice: a=6.1115, b=22.452, c=272.55 . been used for a long time in military and civilian For almost horizontal radiowave propagation at an communications – especially when long ranges and altitude h using the Snell’s law [1] the electromagnetic inability of radio relay installation were involved rays will be curved with curvature radius : such as links between islands or off – there is not yet any mobile platform application. The main prob- (4) lems are the high gain antennas and high power trans- To overcome this complexity an equivalent Earth mitters necessary for overcoming the high path losses radius is used: (usually of the order of 250dB). In this paper it is shown that such limitation may be overcome using (5) purpose designed systems. Alternatively, the value of tropospheric ducts cannot be neglected, since In standard conditions K= 4/3 . This gives an equivalent Earth radius R . Another useful index is they are very common in the Mediterranean Sea eq especially in summer. the modified refractivity index M : (6) II. TROPOSPHERIC DUCTS AND Extended theory can be found at [1], [2]. SCATTERING. Ducting occurs if for a tropospheric

Propagation in the troposphere for VHF UHF and layer and for the layer above. This is lower SHF bands (30MHz to10GHz) beyond the line common over sea, and especially over the Aegean of sight (LOS) is governed mostly by ducting and Sea [3,4] the probability of ducting is over 70% in scattering. Although these mechanisms are differ- some cases. ent in principle, they both are effects of the refrac- This gives the possibility of radio transmissions tive index variability caused mostly by the water in the VHF, UHF and lower SHF bands over ranges vapor distribution in the troposphere. Refractiv- exceeding by far the radio electric horizon (horizon ity N is expressed in terms of pressure p and water if equivalent Earth radius is considered). vapor pressure in millibars and temperature e in Even in the absence of ducting conditions random Kelvin degrees [1,2]. irregularities of the modified refractive index may generate scattering conditions. Although no analytical (1) model has been proposed, numerical models are extensively used in order to estimate the propagation laws. In (1) the refraction index also This is the troposcatter case, presented extensively in [5] expresses the propagation velocity of radio waves in Tropospheric duct and scatter simulation programs the atmosphere, being the relative dielectric like AREPS® [6] exist, whereas several empirical constant. Close to the surface of the Earth, n is usu- models have been also developed by experienced ally 1.00025 – 1.00040. Water vapor pressure is re- amateurs (e.g. “scatter.exe” B. Atkins – KA1GT), lated to relative humidity RH and saturated vapor in the second case giving point-to-point estimations. pressure with the equations below: For these reasons, and also for evaluation purposes

64 China Communications June 2007 Feature Articles: Communications & Information Security

another more straight forward method, the Chinese It has to be noted here that the term GD is an method (described in thoroughly in [5]) for evaluating expression of the decoupling loss and has the mean- tropospheric scatter loss, have been provided by ing that if a pair of antennas are used for a troposcatter author as a Matlab ® script in Appendix A. link, then the common tropospheric volume is reduced when the gains are increased, and conse- III. A TROPOSPHERIC DUCT / SCAT- quently the absolute number of scatterers is decreased (fig.1). It is empirically given by the equation: TER COMMUNICATION SYSTEM GD,dB=0.07,exp(0.055(GT,dB+GR,dB)) (10) Consequently, antenna gains over 55dB are For a 1 Mbps capacity system (comparable with 8 impractical. It is advisable though, that reason- new INMARSAT channels) a rough estimation for a ably high antenna gains are to be used in order robust modulation scheme (AFSK for example) is a to avoid fading spread. For the system dis- 3.2 MHz channel. The received noise is cussed above if practical gains at 40dB and N=kTB (7) transmitter power about 20KW are used then For a modest C/N ratio of 20 (or 13dB ) the the maximum total loss is L 238dB. Then received carrier power (also signal power in constant tot,dB the “Chinese model” of propagation estimates amplitude systems) is: the range of the link. The case presented in Fig. C=(C/N) +N =(C/N) +10.log(kdB) (8) dB dB dB 2 is a land-to-ship communication with anten- Which gives for a system noise temperature of nas at 600m and 25m, and carrier frequency of 350 K (made possible by a sensitive high gain first 2200MHz . Comparing this method to other stage amplifier just after the antenna) a received similar ones, it seems rather pessimistic; but it power level of -96 dBm . On the other hand the radio- is good for the design stage. link budget equation is: . S min,dBm=C dBm=P TX, dBW+G T,dB-2 G D,dB+G R,dB

-L tot,dB+30 (9)

Where: PTX , dBW : Transmitter power (dBW),

GT,dB G ,dB: transmitter and receiver gains in dB, tot,dB , total propagation loss in dB.

Fig Troposcatter loss (dB) vs Range (km) esti mation using Chinese method

In order to estimate its performance, a simulation model has been developed. The critical part Fig Decoupling loss: Scattering volume between is to simulate the fading of a troposcatter link angles is larger than the volume between angles channel that has both slow and fast fading char-

(dotted lines – higher gain antennas) acteristics (Fig.3).

China Communications June 2007 65 Feature Articles: Communications & Information Security

grams of the error rate are given below (Fig.4 and 5). These results suggest the use of some form of diversity to overcome fast fading. Spatial diversity is out of discussion for the ship-based station (SBS) but not for the LBS. Although designed for troposcatter conditions this design is plausible in ducting conditions too [8] if a simple back off mechanism Fig A Troposcatter link simulation model is connected to control high- The channel characteristics are as suggested in power stages and receiver thresholds. [7] – a Rayleigh fading channel with a spread factor SF=T D 10-5 .(T ,D ) being the time and Doppler s s s s V. ANTENNA DESIGNS spread respectively). Other characteristics of the system are as described above, plus nonlinearities in The antennas needed in this type of links may be the amplifiers. The system is simulated for a 60 second interval, for 4096bit packets of data. The cumulative probability and probability density dia-

Fig Cumulative probability of the error rate

Fig Horizontal( up) and vertical (down) normal ized array factor patterns of a X Dolph Fig Probability density of the error rate Checyshev phased array

66 China Communications June 2007 Feature Articles: Communications & Information Security

either parabolic reflector antennas or phased arrays. link. These anticipations and the results so far As it has been stated thoroughly in [8,9] parabolic are encouraging for systems of ducting and reflectors on board a ship pose a significant drag troposcatter for naval use. and severe steer ability in adverse weather conditions. It is a good choice though for the ground REFERENCES base stations though. Although complex, phased arrays are the only way [1]: Rec. ITU-R P.453-8 1 RECOMMENDA- to achieve the desired gain. In order to suppress side TION ITU-R P.453-8: “The radio refractive index: lobes (usual in array antennas) the most attractive its formula and refractivity data”, 2001 design appears to be a 200x50 Dolph-Chebyshev [2]: S.S. Kouris: “Elements of Antenna Theory and phased array with elements placed ~ /2 apart. This Radio Wave Propagation” Zitis Editions 1985, Chap. gives 1.4x5.6 degrees of main beam (-3dB angles) 9 (in Greek) and allows a desired limit of side lobe level of -40 dB [3]: Isaakidis S.A., Xenos T.D., Dris N.A., "Tro- maximum as it is shown in fig.6. Phased arrays have pospheric Ducting Phenomena over the Hellenic also the capability of conformal installation on the Region", International Journal of Communication ships outer frame, and the ease of instantaneously Systems, Wiley, V17.4, p. 337-346, change their main lobe direction. [4] Isaakidis S.A., Xenos T.D., “10 Years Analy- Phased arrays also are easy to function as sis of Tropospheric Refractivity Variations”, Annals monopulse tracking antennas (like a tracking radar) of Geophysics, accepted: 15-1-2004 now tracking a static target (the LBS) from a mobile [5]: Giovanni Roda: “Troposcatter Radio Links”, platform (the SBS). Artech House 1988. [6]: Wayne Patterson, Gary Lindem, Amalia CONCLUSIONS Barios: “Advanced Refractive Effects Prediction System, Space and Naval Warfare Systems Center, So far, this proposition of solutions is more than San Diego. encouraging for possible applications which require [7]: John G. Proakis: “Digital Communication high level data security, long range transmission and Systems.” 2nd ed. McGraw Hill 1989, Chap. 7. comparably high link capacity. Problems occurring [8]: Nikos Farsaris, Peter Stavroulakis “GSM-DCS by fading require a little more effort to be solved but Communications for Sea-Liners in the Aegean Sea” research is underway and the minimization of these 1999 International Workshop for Mobile Commu- problems will eventually be achieved. Further case nications Proceedings Chania Crete, June 1999 study of course will required for each ship, commu- [9]: Nikos Farsaris, Theano Lyrantonaki, Peter nication signal parameters, vessel design and com- Stavroulakis: “Monopulse and Phased Array Tech- niques for Long Range Marine Troposcatter Link patibility with existing communication Communications” IASTED Antenna and Radar equipment. Comparing it to satellite communi- Conf. Banff Alberta Canada July 2005. cations the proposed system is independent from satellites (which in some cases could be Appendix A:The Chinese Method for evaluat- unavailable, or monitored by the satellite net- ing a troposcatter link work operator). It has larger capacity than a HF ionospheric link and high directivity antennas %Nikos Farsaris 2003-2005 tracking each other may be used to avoid signal %Matlab 6 code for Chinese method interception, or interference. It has longer range %based on G.Roda and ITU than any VHF-UHF conventional point-to-point %undocumented... contact [email protected] for

China Communications June 2007 67 Feature Articles: Communications & Information Security

detail 238*ones(size(Xk)),'-.k') clear all; legend( 'Prop. 50%','Prop. 84%','Prop. 99%', clc; 'Threshold') RG=6400; xlabel('Range km') K=4/3; Ylabel('Loss dB and threshold') RE=K*RG; grid on htx=0.6; %Km hrx=0.024; %Km BIOGRAPHIES Ns=335; DN=40; f=2200; Nikos J. Farsaris holds a Diploma of Electrical Xk=[200:5:600]; Engineering from the Aristotle’s University of for i=1:length(Xk) Thessaloniki since 1994 and was specialized in Ra- Xr=Xk(i); dio Telecommunications. He theta=(Xr/RE)-sqrt(2*htx/RE)-sqrt(2*hrx/RE); is a Ph.D. Candidate in the %rad same university since 2003. dtx=sqrt(2*RE*htx); From 1995 to 1999 he was a thtx=-dtx/RE; research assistant in the Tele- drx=sqrt(2*RE*hrx); communication Systems Insti- thrx=-drx/RE; tute (TSI) of Crete, and a labo- alpha=thtx+Xr/(2*RE)+(htx-hrx)/Xr; ratory instructor in the Tech- beta=thrx+Xr/(2*RE)-(htx-hrx)/Xr; nical Education Institute of Crete. From 1999 to dstx=Xr*beta/theta; 2001 he served in the Hellenic Army as a Lieutenant dsrx=Xr*alpha/theta; of the Armored Cavalry. From 2001 to 2002 he was dshor=Xr-dtx-drx; an instructor in the Merchant Marine Academy of Hx=theta*dstx*dsrx/Xr; Crete. Currently alongside his Ph.D. he is an in- LHx=20*log10(5+0.3*Hx)+0.65*Hx; %... structor of Technical Education Institute of Crete, LNs=-0.08*(Ns-320); and a researcher in its Electromagnetic Radiation A=LHx+LNs; Measurement Laboratory. From 2004 to 2005 he L50(i)=124.6+30*log10(f)+30*log10(theta) was also a technical consultant of the Olympic +10*log10(Xr)+A; ctrlf=alpha+beta-theta % <10e-12 Games Security Department oh the Hellenic Police. sigma=8.8+0.11*DN*exp(-3e-3*dshor); He is the author of nine international journal papers, L84(i)=L50(i)+sigma; and twenty six refereed conference papers in the Lpm(i)=L50(i)+3.1*sigma; areas of Antennas, Tropospheric and Ionospheric end Propagation, Radar and Electronic Warfare, Air- figure(1) borne and Satellite Communications, and Electro- plot(Xk,-L50,':k',Xk,-L84,'-k',Xk,-Lpm,'--k',Xk,- magnetic Compatibility.

68 China Communications June 2007 Feature Articles: Communications & Information Security

Chaos-based Applications in Secure Optical Communications

A. Argyris, A.Bogris and D. Syvridis Department of Informatics and Telecommunications, University of Athens, 15784, Greece. [email protected], [email protected] and [email protected] .

ABSTRACT uppermost possible privacy and security of the interconnected users, encryption methods are also ap- A comprehensive study of an all-optical chaotic plied to the physical layer of the communication communication system, including experimental procedure. Various approaches have been essayed realization, real-world testing and performance char- over the last decade, including quantum cryptogra- acterization through bit-error-rate analysis, is phy [1] and chaos-encrypted digital [2], electrical [3] and presented. Pseudorandom bit sequences that are ef- optical systems [4]. Especially chaotic optical com- fectively encrypted in a broadband carrier produced munications is a flourishing contemporary research by a chaotic emitter and sent for transmission are field, very promising in shielding the security as- recovered at the receiver side. Bit-error-rate (BER) pects of the future optical networks. The potential of values as low as 10-7 for 1 Gb/s data rate have been synchronizing coupled non-linear generators has achieved. Different data code lengths and bit-rates at been proved to a great extend [5], including semicon- the Gb/s region have been tested. The application of ductor laser emitters that operate in the telecommu- optical transmission using 100km fiber spools in nication wavelengths and that exhibit chaotic dy- an in-situ experiment and 120km in an installed namics of high complexity [6-10]. Optical feedback [11- optical network showed that transmission effects 17], optical injection [18-20] or optoelectronic feedback do not act as a considerably deteriorating factor in [21-23] are some of the typical configurations used to the final performance of chaos-based optical com- generate a high-dimensional chaotic laser output. munication systems. The bandwidth of such chaotic carriers may extend Key words: optical communications, chaos, even up to tens of gigahertz, making them ideal encryption, synchronization, security candidates for high bit-rate message encryption. Experimental observation of chaos synchronization has been reported for all the above systems [23-26]. I. INTRODUCTION In recent experiments that involve data communications in chaotic optical systems, encoding and Optical communication systems are now well estab- decoding of sinusoidal signals with frequencies up to lished in the infrastructure of the global communica- a few gigahertz has been demonstrated [27]. A 2.5Gb/ tion nest, providing a huge bandwidth potential for s non-return-to-zero (NRZ) pseudorandom bit se- demanding future applications. In order to assure the quence has been referred to be masked in a chaotic

China Communications June 2007 69 Feature Articles: Communications & Information Security

carrier, produced by a 1.3µm DFB diode laser sub- extremely broadened spectrum (in the order on many jected to optoelectronic feedback, and partially re- tens of GHz). The information (typically an on-off covered [28]. Also, a similar system was developed by keying bit stream) is encoded on this chaotic carrier Larger et al. at 1,55µm, who successfully encrypted using different techniques (e.g. a simple yet efficient a 3Gb/s pseudorandom message into a chaotic carrier, method is to use an external optical modulator elec- while the system’s decoding efficiency was charac- trically driven by the information bit stream while at terized by low BER values of the order of 10-9 [29]; its input is coupled the optical chaotic carrier). It is however the non-linear medium in that case was a practically impossible to extract this encoded infor- Mach-Zehnder modulator. Finally, a 1,55µm all- mation using conventional techniques like linear optical communication system with chaotic carriers filtering, frequency domain analysis or phase space has been successfully developed and characterized reconstruction, assuming a high complexity in signal by the authors, with BER measurements at gigabit carrier and message amplitude that does not exceed rates that exhibited promising results [30]. All the a few percent of the amplitude of the chaotic carrier. above communication systems have been studied in At the receiver side of the system a second chaotic an in-situ transmitter-receiver configuration, in ab- oscillator is used, as “similar” as possible to that of sence of any transmission medium. the transmitter. This “similarity” refers to: (a) semi- In this work we demonstrate an all-optical gigabit conductor laser structural, emission (emitting communication system based on chaos encryption wavelength, slope efficiency, current threshold, etc.) that includes transmission medium. Pseudorandom and intrinsic parameters (linewidth enhancement bit sequences that are effectively encrypted into factor, non-linear gain, photon lifetime, etc.), (b) optical chaotic carriers are transmitted over a length of 100km single-mode fiber and are successfully decrypted at the receiver side. BER measurements are presented for different message bit-rates in order to characterize the system’s performance and to identify the extent of the transmission effects induced by the fiber link, assuming various configurations of dispersion management Fig Principle of operation in the transmission path. feedback loop characteristics (cavity length, cavity II. PRINCIPLE OF OPERATION losses, possible non-linearity, etc.) and (c) operating parameters (bias currents, feedback strength, etc.). The above set of hardware-related parameters con- The operation principle of the chaos based optical stitutes “the key” of the encryption procedure. communications systems is schematically depicted The extraction process is based on the so called in figure 1. In the conventional communications “synchronization process”. In the context of chaotic systems an optical oscillator (semiconductor laser), generates a coherent optical carrier on which the communications’ terminology, synchronization information is encoded using one of the many avail- means that the time evolution of fast fluctuating able modulation schemes. On the contrary, in the optical power produced by the chaotic emitter, can proposed approach of the chaos based communica- be perfectly reproduced by the receiver, provided tions the transmitter consists of an optical oscillator that both transmitter and receiver chaotic oscilla- forced to operate at the chaotic regime by an external tors are “similar” in terms of the above set of feedback, producing thus an optical carrier with parameters. Even minor discrepancies (e.g. only

70 China Communications June 2007 Feature Articles: Communications & Information Security

few percent in the relevant parameters) between identical characteristics have been selected as the the two oscillators can already result in poor transmitter and the receiver lasers. Both lasers oper- synchronization, which in turn leads to poor re- ate at current values of 9.6mA and 9.1mA respec- production of the emitter’s chaotic carrier. tively (with threshold current at 8mA) and with The key issue for efficient message decoding re- proper temperature controlling they emit at 1552. sides in the fact that the receiver synchronizes to 1nm. Their relaxation frequency oscillation is at the chaotic oscillations of the emitter without 3GHz. The chaotic carrier is generated in a 6m being affected by the encoded message. Based optical external cavity formed between the master on the above considerations, the receiver’s op- laser and a digital variable reflector that determines eration can be easily understood. Part of the the amount of optical feedback that is sent into the incoming message with the encoded informa- master laser - set in our setup to 2% of the tion is injected into the receiver. Assuming laser’s outpour optical power. A polarization sufficiently good synchronization, the receiver controller inside the cavity is used to adjust the generates at its output a chaotic carrier almost polarization state of the light reflected back identical to the injected (without the encoded from the reflector. A non-return-to-zero pseu- information). Therefore, by subtracting the cha- dorandom message with small amplitude and 7 otic carrier from the incoming chaotic signal code length of at least 2 -1 is encrypted into the with the encoded information, the initial infor- chaotic carrier of the external cavity’s output mation is revealed. by externally modulating a Mach-Zehnder LiNbO3 modulator.

III. EXPERIMENTAL CONFIGURATION 3.2 Transmission path

3.1 Transmitter The chaotic carrier with the encrypted message is amplified to gain enough optical power (4mW) and The experimental setup of an all-optical open-loop is transmitted through a total length of 100km fiber chaotic communication system is shown in figure 2. span, formed by two transmission modules. Each of Two DFB lasers from the same wafer with almost them consists of 50km single mode fiber (type G. 652), a dispersion compensation fiber module that is used to eliminate the chromatic dispersion, an erbium- doped fiber amplifier (EDFA) that is used to compensate the transmission losses and an optical filter that rejects most of the amplified spontaneous emission (ASE) noise of the EDFA. The transmission characteristics of the two modules are presented in detail in table I. Depending on the sequence of the transmission components used in the transmission modules, different dispersion management techniques can be Fig Experimental setup of an alloptical communication transmission system based on chaotic carriers PC: polarization controller OI: opti evaluated: the pre-compensation cal isolator PD: photoreceiver ATT: attenuator technique, in which the DCF pre-

China Communications June 2007 71 Feature Articles: Communications & Information Security

tronic signal. The photoreceiver used to collect the optical signal emitted by the receiver adds a π -phase shift to the electrical output related to the optical one. Consequently, by com- bining with a microwave coupler the two electrical chaotic signals - the transmitter’s output and the inverted receiver’s output - an effective sub- Fig Optical transmission modules: a) precompensation and b) post traction is actually carried out. In the compensation dispersion configurations SMF: Singlemode fiber DCF: Dispersioncompensation fiber EDFA: Erbniumdoped fiber amplifier transmitter’s optical path an optical variable attenuator is used to achieve TableI Transmission parameters equal optical power between the two outputs, while a variable optical delay line in the receiver’s optical path determines temporal alignment of both signal waveforms. The subtraction product is the amplified message, along with the residual frequency components of chaotic carrier which are finally rejected by an electrical filter of the appropriate bandwidth. cedes the SMF (figure 3a) and the post-compensation technique, in which the DCF follows the SMF (figure 3b). IV. SYSTEM OPTIMIZATION

3.3 Receiver The first attempt to use the all-optical approach for an optical communication system based on chaotic At the receiver’s side, the transmitted output is carrier encryption, as implemented in the setup of unidirectionally injected into the slave laser, in order figure 2, was presented in [30]. That preliminary work, to force the latter to synchronize and reproduce the based on a back-to-back configuration gave promis- emitter’s chaotic waveform. The optical power of ing results regarding the decoding efficiency of the the injected signal into the receiver’s laser diode is set to around 0.4mW. Lower values of optical injec- encrypted pseudorandom message. Especially when tion power prove to be insufficient to force the the data encoding was performed by externally modu- receiver to synchronize satisfactorily, while higher lating the chaotic carrier, BER values of the recov- values of injection power lead to reproduction not ered message were as low as three orders of only of the chaotic carrier but of the message also. magnitude, in respect to those of the encrypted one, . -5 The use of a polarization controller in the injection equal to 7 10 . path is critical, since the most efficient reproduction In order to further improve the above decoding of the chaotic carrier by the receiver can be achieved efficiency some modifications have been performed only for an appropriate polarization state. The chain this back-to-back system. The first act was to use otic waveforms of the transmitter and the receiver an ultra-broadband microwave amplifier (Picosecond are driven through a 50/50 coupler to two fast photo- model 5840A) at the output of the receiver that has a detectors that convert the optical input into elec- very low frequency cutoff limit (80kHz). Thus, the

72 China Communications June 2007 Feature Articles: Communications & Information Security

amplifier is able now to respond even at the lower modulator. By optically amplifying the modulator’s spectral components of the message, especially when output, compensation of the optical losses induced the bit-stream length is large (223-1). The specific by the modulator - due to the selected operation point amplifier was also preferred for the relatively low - is achieved and the message gains enough optical noise figure - 5.8dB at 100 MHz - since ultra-broad- power. Following the above guidelines, the noise band amplifiers suffer from very high noise figure, effects are more prominent to the “ones”, while “ze- mainly at the low frequency region. The second ros” exhibit a flattened noise profile, as depicted in modification was to adjust the biasing voltage of the the eye-diagram of the form of figure 4 (Q3 case). external modulator through which the message is Such a form can lead to lower BER values if the applied. Given that the applied message amplitude measurement takes place not symmetrically in re- V is much smaller than V of the modulator - in spect to “one” and “zero” levels, but in a level closer mod π order to be efficiently encrypted into the chaotic to the “zero” level. carrier, one can operate among an excess of biasing voltages Vb on the responsivity characteristic of the V. RESULTS AND DISCUSSION modulator. However, as depicted in fig. 3, the biasing voltage determines the operation point of the 5.1 Back-to-back system performance modulator and hence the quality of the modulated optical carrier. In the specific experiments that follow, By applying the conditions analyzed in section 3 in we choose the biasing point of Q3 (figure 4). This the proposed communication system and by opti- selection depends on the amplitude modulation, so cally injecting 0.4mW of the transmitter’s output that the “zeros” of the digital modulation signal cor- into the receiver, the best BER curve achieved for respond to 5V voltage, at which the modulator op- different message bit-rates is shown in figure 5. The erates at the minimum transparency. In such a way BER values achieved now are several orders of we achieve minimal optical power of “zeros” and magnitude lower than the ones presented in [30]. The code consequently negligible noise effect due to the length of the pseudorandom message is 27-1, however, system. The message “ones”, on the other hand, are almost the same results were obtained by using a code obliged to an attenuated response from the length of 223-1. The message amplitude, determined by the applied modulation voltage Vmod, is set at such levels so that the filtered encrypted message that arrives

Fig Transfer function of the LiNBO modulator Since V V different operating conditions Q (V ) Since Vmod Vπ different operating conditions Qi (Vbi) lead to dissimilar quality of the modulated optical carrier as depicted from the corresponding eye dia Fig BER measurements of the encrypted and the grams that emerge after optically amplifying the recovered message in a backtoback configuration modulator’s output for different message repetition rates

China Communications June 2007 73 Feature Articles: Communications & Information Security

at the receiver has a BER value of no less than 6.10-2. circles). For a 0.8Gb/s message the best attained For each bit-rate studied, electrical filters of differ- BER value is now 10-7. Such an increase is attrib- ent bandwidth have been tested in order to ensure an uted to the amplified spontaneous emission noise optimized BER performance of the recovered from the amplifiers, as well as to the non-linear message. The filter bandwidth Bf selection is crucial self-phase modulation effects induced by the 4mW and is not only determined by the message band- transmitted signal. width B but it is associated to the chaotic carrier When dispersion compensation is applied by cancellation that is achieved at the receiver. For including into the transmission modules the ap- example, at the decoding process stage, if the chaos propriate dispersion compensation fibers, the BER cancellation is not significant the residual spectral curves reveal a slightly better system performance components of the chaotic carriers will probably in respect to the case without dispersion compen- cover the largest part of the decoded message sation as the message rate increases. Two different spectrum. In this case, the lowest BER value will dispersion compensation configurations that are emerge by using a filter that rejects the chaotic commonly used in optical communication trans- components, even if it rejects simultaneously part of mission systems have been employed. The first

the message itself (Bf < B). On the contrary, for a very named “symmetrical map” consists of the trans- good decoding performance, the lowest BER value mission module of figure 3a followed by the trans-

may emerge by using a filter with Bf > B. mission module of figure 3b. The second named The lowest BER value measured for the recovered “pre-compensation map” consists of two trans- . -9 message was 4 10 , for message bit-rate of 0.8Gb/s. mission modules that correspond to figure 3b. The As the bit-rate is increased to a multi-Gb/s scale, the corresponding BER values of these two BER values are also increased monotonically. This configurations, for the different message rates, are is mainly attributed to the filtering properties of the presented in figure 6 (up and down triangles, message at the receiver. The message filtering effect respectively). For message bit-rates up to 1.5Gb/ has been confirmed to be larger for lower frequen- s, the decryption performance is practically com- cies and decreases as message spectral components approach the relaxation oscillation frequency of the laser in the gigahertz regime, similar to the response of steady-state injection-locked lasers to small-signal modulation [17]. The above observation is consis- tent with the results of figure 5. As the message rate approaches the relaxation frequency of the receiver’s laser (~3GHz) the deteriorated message filtering leads to decrypted signal BER values higher than 10-4.

5.2 Transmission system performance

When intercepting the optical transmission path of 100km the BER values are slightly increased, when compared with the back-to-back configuration. Specifically, when no compensation of the chro- Fig BER measurements of the encrypted the back matic dispersion is included in the transmission toback decoded and the decoded message after km of transmission for different compensation path - i.e. absence of the dispersion compensation management techniques (no compensation sym fiber (DCF) in figures 2 - the BER values are metrical map precompensation map) in respect to increased over an order of magnitude (figure 6, the message repetition rate

74 China Communications June 2007 Feature Articles: Communications & Information Security

parable to the case where dispersion compensa- used within the optical link for compensation of tion is not included. By increasing the message the optical losses and amplified spontaneous emis- rates, chromatic dispersion plays a more impor- sion noise filtering, respectively. tant role in the final decoding performance, so by including different dispersion compensation maps 6.2 Results a slight improvement can be achieved. In fact, the The system’s efficiency on the encryption and pre-compensation configuration shows a very small decryption performance is studied by bit-error rate advantage over the symmetrical map for high bit- (BER) analysis of the encrypted/decoded message [31]. rates, up to 2.5GHz. The message amplitude is attuned so that the BER values of the filtered encrypted message do not exceed in any case the value 6.10-2. In figure 9, spectra of the encrypted (upper trace) and the decrypted - after the transmission link - (lower trace), 27-1 length, 1Gb/s message are shown. The good synchronization performance of the transmitter-receiver setup leads to an efficient chaotic carrier cancellation and hence to a satisfactory decoding process. The perfor- Fig Typical eye diagrams of Gb/s (a) encrypted message mance of the chaotic transmission system has and (b) decrypted message after km transmission been studied for different message bit rates up to 2.4Gb/s and for 2 different code lengths: 27- VI. FIELD EXPERIMENT 1 and 223-1 (figure 10). All BER values have been measured after filtering the electric subtraction 6.1 The transmission infrastructure signal, by using low-pass filters with bandwidth

The next step followed is to test this encryption system to the real world, by sending chaos-encrypted data in a commercially available fiber network. The transmission infrastructure is an installed optical network of single mode fiber that covers the wider metropolitan area of Athens, has a total length of 120km and is provided by Attika Telecom SA. The topology of the link is shown in the map of figure 8. The transmitter and the receiver are both in the University campus, separated by the optical fiber transmission link, which consists of three fiber rings, coupled together at specific cross-connect points. A dispersion compensation fiber (DCF) module, set at the beginning of the link (pre-compensation technique), cancels the chromatic dispersion induced by the single mode fiber transmission. Two amplification units that consist of erbium- Fig Topology of the km total transmission link in doped fiber amplifiers and optical filters are the metropolitan area of Athens

China Communications June 2007 75 Feature Articles: Communications & Information Security

quences that were efficiently hidden into broadband chaotic carriers were transmitted over a fiber length of 100km and successfully recovered at the receiver side, with BER values as low as 10-7. The transmission effects induced by the optical medium in optical communication systems can play an important role in the final performance. The fact that the receiver output needs to be synchronized with the signal that reaches the receiver, rather than the signal generated at the emitter, leads to this dependence on the transmission effects. Transmission non-linear effects such Fig RF spectra of the encrypted and the recovered as self-phase modulation degrade the system from its Gb/s message back-to-back performance. Additionally, chromatic dispersion effects that become significant for high bit- rates can be encountered by employing different dispersion compensation maps. Our results show that information can be transmitted at high bit rates using deter- ministic chaos in a manner that is robust to perturba- tions and channel disturbances unavoidable under real- word conditions for distances in the order of 200km.

REFERENCES

[1]. P.D. Townsend, S.J.D. Phoenix, K.J. Blow, S. M. Barnett, “Design of quantum cryptography sys- Fig BER performance of encrypted (squares) back toback decoded (circles) and after transmission link tems for passive optical networks,” Electron. Lett. decoded (triangles) message 30, 1875 - 1877 (1994). [2]. D.R. Frey, “Chaotic digital encoding: an ap- adjusted each time to the message bit rate. For sub- proach to secure communication,” IEEE Trans. Cir- gigahertz bit-rates the recovered message exhibits cuits Syst. II 40, 660-666 (1993). -7 BER values lower than 10 , while for higher bit- [3]. K.M. Cuomo, A.V. Oppenheim, S.H. Strogatz, rates a relatively high increase is observed. This “Synchronization of Lorenz-based chaotic circuits behaviour characterizes the back-to-back and the with applications to communications,” IEEE Trans. transmission setup, with relatively small differ- Circuits Syst. II 40, (626-633) 1993. ences in the BER values, revealing only a slight [4]. H.D.I. Abarbanel, P.S. Linsay, “Secure com- degradation of the system performance due to the munications and unstable periodic orbits of strange transmission link. attractors,” IEEE Trans. Circuits Syst. II 40, (643- 645) 1993. VII. CONCLUSION [5]. L. M. Pecora and T. L. Carroll, “Synchroni- zation in chaotic systems,” Phys. Rev. Lett. 64, 821- The bit-error-rate performance of an all-optical com- 824, (1990). munication transmission system based on chaotic [6]. P. Colet and R. Roy, “Digital communication encryption has been studied. Pseudorandom bit se- with synchronized chaotic lasers,” Opt. Lett. 19,

76 China Communications June 2007 Feature Articles: Communications & Information Security

2056-2058 (1994). [18]. V. Annovazzi-Lodi, S. Donati, M. Manna, [7]. V. Annovazzi-Lodi, S. Donati, A. Scire, “Syn- “Chaos and locking in a semiconductor laser due to chronization of chaotic injected laser systems and external injection,” IEEE J. Quantum Electron. 30, its application to optical cryptography,” IEEE J. 1537-1541 (1994). Quantum Electron. 32, 953-959 (1996). [19]. V. Annovazzi-Lodi, S. Donati, A. Scire, [8]. C. R. Mirasso, P. Colet, P. Garcia-Fernandez, “Synchronization of chaotic injected laser systems “Synchronization of chaotic semiconductor lasers: and its application to optical cryptography,” IEEE Application to encoded communications,” IEEE J. Quantum Electron. 32, 953-959 (1996). Photon. Technol. Lett. 8, 299-301 (1996). [20]. V. Annovazzi-Lodi, A. Scire, M. Sorel, S. [9]. G.D. Van Wiggeren, and R. Roy, “Communi- Donati, “Dynamic behavior and locking of a semi- cations with chaotic lasers,” Science 279, 1198-1200 conductor laser subjected to external injection”, (1998). IEEE J. Quantum Electron. 34, 2350-2357 (1998). [10]. L. Larger, J.-P. Goedgebuer and F. Delorme, [21]. H. D. I. Abarbanel, M. B. Kennel, L. Illing, “Optical encryption system using hyperchaos gen- S. Tang, and J. M. Liu, “Synchronization and com- erated by an optoelectronic wavelength oscillator”, munication using semiconductor lasers with opto- Phys. Rev. E 57, 6618-6624 (1998). electronic feedback,” IEEE J. Quantum Electron. 37, [11]. R. Lang, K. Kobayashi, “External optical 1301-1311 (2001). feedback effects on semiconductor injection laser [22]. Y. Liu, H.F. Chen, J.M. Liu, P. Davis, T. properties”, IEEE J. Quantum Electr. QE-16, 347- Aida, “Optical-Communication Systems Based on 355 (1980). Chaos in Semiconductor Lasers,” IEEE Trans. Cir- [12]. J. Mork, B. Tromborg, J. Mark, “Chaos in cuits Syst. I 48, 1474-1483 (2001). semiconductor lasers with optical feedback: theory [23]. J.-P. Goedgebuer, P. Levy, L. Larger, C.-C. and experiment”, IEEE J. Quantum Electr. 28, 93- Chen, W. T. Rhodes, “Optical communication with 107 (1992). synchronized hyperchaos generated electooptically, [13]. Y. Liu, H.F. Chen, J.M. Liu, P. Davis, T. ” IEEE J. Quantum Electron. 38, 1178-1183 (2002). [24]. T. Heil, J. Mulet, I. Fischer, C. R. Mirasso, Aida, “Communication using synchronization of M. Peil, P. Colet, and W. Elsasser, “On/off phase optical-feedback-induced chaos in semiconductor shift-keying for chaos-encrypted communication lasers”, IEEE Trans. Circuits Syst. I 48, 1484-1490 using external-cavity semiconductor lasers,” IEEE (2001). J. Quantum Electron. 38, 1162-1170 (2002). [14]. S. Sivaprakasam, E.M. Shahverdiev, P.S. [25]. J. Paul, S. Sivaprakasam, P.S. Spencer, P. Spencer, K.A. Shore, “Experimental demonstration Rees, K.A. Shore, “GHz bandwidth message trans- of anticipating solution in chaotic semiconductor mission using chaotic diode lasers”, Electron. Lett. lasers with optical feedback”, Phys. Rev. Lett. 87, 38, 28-29 (2002). 4101-4103 (2001). [26]. A. Argyris, D. Kanakidis, A. Bogris, D. [15]. A. Locquet, C. Massoler, C.R. Mirasso, “Syn- Syvridis, “Spectral Synchronization in Chaotic Op- chronization regimes of optical-feedback-induced tical Communication Systems,” IEEE J. Quantum chaos in unidirectionally coupled semiconductor Electron. 41, 892-897 (2005). lasers”, Phys. Rev. E 65, 056205 (2002). [16]. J. Ohtsubo, “Chaos synchronization and cha- [27]. J. Paul, M.W. Lee, K.A. Shore, “3.5-GHz otic signal masking in semiconductor lasers with Signal Transmission in an All-Optical Chaotic Com- optical feedback,” IEEE J. Quantum Electron. 38, munication Scheme Using 1550-nm Diode Lasers”, 1141-1154 (2002). IEEE Photon. Technol. Lett. 17, 920-922 (2005). [17]. A. Uchida, Y. Liu, P. Davis, “Characteris- [28]. J.-M. Liu, H.-F. Chen, S. Tang, “Synchronized tics of chaotic masking in synchronized semicon- chaotic optical communications at high bit-rates”, ductor lasers,” IEEE J. Quantum Electron. 39, 963- IEEE J. Quantum Electron. 38, 1184-1196 (2002). 970 (2003). [29]. L. Larger, J.-P. Goedgebuer, V. Udaltsov,

China Communications June 2007 77 Feature Articles: Communications & Information Security

“Ikeda-based nonlinear delayed dynamics for appli- Europe region and was also named as “Top Young cation to secure optical transmission systems using Innovator 2006 - TR35” from the Technology Re- chaos”, C. R. Physique 5, 669-681 (2004). view magazine and the Massachusetts Institute of [30]. A. Argyris, D. Kanakidis, A. Bogris, D. Technology. He has authored and coauthored more Syvridis, “Experimental evaluation of an open-loop than 20 articles published in international scientific all-optical chaotic communication system,” IEEE J. journals and conferences. Sel. Topics Quantum Electron. 10, 927-935 (2004). [31]. A. Argyris, D. Syvridis, L. Larger, V. Adonis Bogris was born in Annovazzi-Lodi, P. Colet, I. Fischer, J. Garcia- Athens, Greece, on June 16, 1975. Ojalvo, C.R. Mirasso, L. Pesquera, K.A. Shore, He received the B.S.degree in “Chaos-based communications at high bit rates us- informatics, the M.Sc. in ing commercial fibre-optic links”, Nature 438 telecommunications, and the Ph.D. (7066), 343-346 (2005). degree in all-optical processing based on fiber- based devices from the National and Kapodistrian BIOGRAPHY University of Athens, Athens, Greece, in 1997 and 1999, and 2005 respectively. He is a research Apostolos Argyris was born in assistant working for the Optical Communications Thessaloniki, Greece, in 1976. He Laboratory of the National and Kapodistrian Uni- received the B.S. degree in physics versity of Athens participating in local and Euro- from the Aristotle University of pean projects. His research interests include high- speed all-optical transmission systems, non-linear Thessaloniki, Greece, in 1999, the effects in optical fibers, semiconductor lasers dy- M.Sc. degree in Microelectronics and Optoelectron- namics and chaotic optical cryptography. He is a ics from the University of Crete, Greece, in 2001 and reviewer for the IEEE Photonics Technology Letters. the Ph.D. degree in Informatics and Telecommuni- cations from the National University of Athens, Dimitris Syvridis received the B. Greece, in 2006. He also received the B.Sc. degree as Sc. degree in physics, the MSc. de- an Observer Meteorologist from the Hellenic Na- gree in telecommunications, and the tional Meteorological Service in 2005. In 2000-2001 Ph.D. degree in physics from the he was with the Foundation of Research and Tech- University of Athens, Athens, Greece, nology Hellas, working on fiber Bragg gratings in 1982, 1984, and 1988, respectively. From 1990 to fabrication and applications. He is currently a re- 1994, he was a Researcher with the Institute of searcher in the Optical Communications Labora- Quantum Electronics, Swiss Federal Institute of tory in the Dept. of Informatics and Telecommunica- Technology (ETH-Zurich). Since 1994, he has been tions of the National University of Athens, Greece with the Department of Informatics and and an adjunct lecturer in the Dept. of Computer Telecommunications, University of Athens, where Engineering, Telecommunications and Networks of he is currently an Associate Professor. He has par- the University of Thessaly, Greece. His research ticipated in many European research projects in the interests include semiconductor lasers dynamics, field of optical communications. His research inter- four-wave mixing, fiber Bragg gratings, LIDAR ests cover the areas of optical communications and systems, chaotic encryption and optical networks, photonic devices, and subsystems, as well communications. He serves as a reviewer for the as photonic integration. He has authored and coau- IEEE. In 2006, he was awarded the “Ericsson Tele- thored more than 100 articles published in interna- communications Award 2006” for the South-East tional scientific journals and conferences.

78 China Communications June 2007 Feature Articles: Communications & Information Security

PIM Interference Analysis under Multi-band Multi-signal Input in Duplex Indoor Distribution System

Pauling Huang, Wang Baohua , Senior Engineer, China Unicom Email:[email protected], [email protected]

ABSTRACT I. INTRODUCTION

This analysis focuses on PIM interference under Passive Intermodulation (PIM) is a co-existent phe- multi-band multi-signal input in mobile communi- nomena in radio system. When two or more signals cation system. Unlike single band system that only transmit through passive components (e.g. antennae, odd order PIM (especially 3rd order) should be connectors, combiners, couplers, isolators, switches, diplexers and cable assembly), the nonlinear response, concerned, in multi-band multi-signal case, both a decaying series of PIM products (IMPs) of all odd and even order PIM could be interference orders, are generated. If some of IMPs are at the same source because of more complicated frequencies and strong enough with receiving signals, intermodulation, more IMPs generated and more they interfere to them. The physical mechanism of receive bands. Especially, the 2nd order PIM may PIM and precautions to minimize PIM level are interfere more serious to receiving channel for its simply described in section 2. strong magnitude. In duplex indoor distribute In modern communication system, high power (e. system, the PIM interference is a potential problem g. 43dBm for GSM) transmitting signal IMPs may to GSM900, DCS1800, CDMA, and even 3G sys- interfere to the sensitive receiving signals (e.g. mini- tem wireless services, because the PIM frequencies mum -104dBm for GSM) if they are at the same may fall in receive bands and interfere to the receiv- frequency. This may deteriorate the communication quality, reduce capacity, make bad calls or even drop ing channels. In radio system design and wireless calls [1~5]. Multi-band multi-signal input will ad- channel assignment, precautions must be taken to dress the problem because of more complicated minimize the PIM level and to avoid interfere to intermodulation, more IMPs generated and more receiving channels. For practical use, the lower receive bands. order possible PIM interference to 2G and 3G Most of discussions on PIM assume the input systems is calculated. signals in a single frequency band, so it’s reasonable Key words: PIM , IMP, interference, Multi-band they just concern about the odd order PIM (e.g. 3rd multi-signal, 2G and 3G systems order, ab. IP3), because only odd order PIM may fall

China Communications June 2007 79 Feature Articles: Communications & Information Security

in the receive band. However, in current mobile input in section 4. networks, sites and indoor distribution systems are often shared by several mobile networks which II. CAUSES OF PIM AS PHYSICAL belong to different frequency bands. In this situation, PHENOMENA both even and odd order of PIM may fall in receive bands [1, 7, 8]. So under multi-band multi-signal In radio systems, passive components are usually input, more IMPs may be interference source ex- assumed electrical linearity. In other word, signals cept for IP3. between output and input are linear relationship. But PIM is a rapid decaying series by its order, the if the input signals are strong enough, the passive lower the order is, the stronger of its magnitude. The components behave weak nonlinearity, producing 2nd order intermodulation product (IP2) is much high order harmonics and intermodulation products. stranger than IP3. If IP2 falls in a receiving channel, In particular, when these components contain the it can interfere to receiving signals more serious. magnetic material or are rusted, polluted by chemi- Theoretical analysis of PIM is described and 4 cal material or loosely connected, the PIM can be lower order modulation components are deducted more obvious. in section 3. As described by many studies[5,8,10]it is ex- With the communication technology development tremely complex about the mechanism of nonlinearity and the increasingly demand of wireless service, in the passive components and usually divide into there are more and more communication networks three kinds: coming into use. In China, there are at least 5 mobile 1. Contact nonlinearity: Caused by different networks now. It is hard to find suitable places to conductor’s contact surfaces, the possible reasons locate all base transceiver stationsBTSsfor all are as following: (1) The contact surface between systems separately, and even harder to get ap- two conductors exist microscale concave-convex, proval by landlord and residents. As a result, co- only some small bulges connect. This causes the locating (for different operators) or sharing (for surface electric currency nonuniformity, and the the same operator) sites and antenna systems are contact resistance changes; (2) The conductor sur- commonly appreciative. For indoor coverage, more face covers a thin layer oxidation which causes “the and more indoor distribution systems have to be diode effect”. When the voltage comes to a certain shared by all networks. intensity, the tunnel effect achieves; (3) The In crowded co-locating BTS site and multiple nonuniformity rust eclipses on surface that causes system shared indoor duplex antenna distribution the surface current density nonuniformity; (4) Sol- system, there exist a large number of passive compo- dering contamination and oxide on the connection nents (antennae, connectors, cable, etc.) and steel pole, tower, rusted bolts that may cause PIM. In a surface etc. famous casino in Macau, a serious PIM interference 2. Material nonlinearity: Ferromagnetic material, in indoor distribution system made it can not make non-linear dielectric medium, conductor corrosion any call. Finally by adjusting some input signal and environment temperature change may cause the channels, the system worked normally. In China, surface resistance change. The incident electromag- many sites are co-locating and most of the indoor netic wave response voltage, electric current change distribution systems are often shared by several non-linearly or achieve the magnetic hysteresis, so networks, so PIM is inevitable and worth of carefully the second radiating waves have been distorted. The study. For practical use, the important 4 lower orders commonly used non-linear material includes: Nickel, IMPs that possibly interfere to 2G and 3G system are iron, cobalt and their alloy material, lanthanon calculated under the presenting of 2G system signals material, aluminum magnesium copper alloy, ferro-

80 China Communications June 2007 Feature Articles: Communications & Information Security

magnetic material, ferrous oxide compound material, integral commonly used to express nonlinear output non-linear dielectric medium material etc. [13, 14, 15], but PIM is non-time-depend weak 3. Surface effect: The conductor surface microscale nonlinear phenomenon, so the PIM products y(x) roughness, pollution and the welding remains make may simplify as Taylor series [1, 3, 10]: the reflected electromagnetic wave non-linear. Contact nonlinearity induces IP3 level lower than -100dBc and easily influenced by movement or 1 vibration; Magnetic hysteretic material nonlinearity The magnitude ak reduces rapidly with the in- induces IP3 level from 90 to 100dBc, but it has crease of k, the higher of k is the much smaller ak, nothing to do with external force [12]. Obviously, that is a >>a >>a >>...... y(x) is convergent. the material nonlinearity caused the PIM is stranger. 1 2 3 In GSM network with 20W (43dBm) transmitting Therefore, usually only several lower terms take into power, the IP3 level is usually from -90 to -120dBm consideration, the higher terms are neglected. Here [8]. No data could be found yet about IP2 level. But below we discuss 4 lower terms. it is reasonable that IP2 is much stronger than IP3 as For N sine signals input x: IP2 is lower in order than IP3. so IP2 can more serious interfere to sensitive receiving signal if they (2) at the same frequency. To minimize PIM interference, some precautions should be taken into account in mobile network In complex form: planning, construction and wireless channel assignment: 1. Avoid to use nickel, iron and the ferromagnetic material or their coat on passive component, the Where 3 electricity silver-plating or copper-plating may re- (3) substitutes into (1) : duce PIM level. 2. Use less connectors as possible, and use welding connection rather than screw connection. If screw connectors have to be used, cleanup the connect interface and screw tightly to ensure enough con- 4 tact area. Where, , m is integer or 3. Avoid to us braid covered flexible jumper, great i zero. angle curve, intense extrusion distortion, make the From (1), (4): cable lay straight as possible. 4. Make enough space between transmitting and receiving antennas to avoid transmitting signal PIMs 5 going through receiving path. When k = 1, from (5): 5. Change some channels to avoid lower order PIM frequencies falling into receiving channels. 6

III. PIM MATHEMATICAL ANALYSIS (6) is linear output component, proportional to input signals x. According to nonlinear system theory, the Volterra When k = 2, from (5):

China Communications June 2007 81 Feature Articles: Communications & Information Security

In (7), the first item is zero order (direct current) components, the second item is the second order harmonics, and the third item is IMPs. When k = 3, by (5) :

In (8) , the first item is linear components, the second item is the 3rd order harmonics, the third item is 3rd order IMPs with arbitrary two out of all input signals, the 4th item is 3rd order IMPs with arbitrary three out of all input signals. When k = 4, from (5):

82 China Communications June 2007 Feature Articles: Communications & Information Security

In (9), the 1st item is the linear components, the 5. All higher order modulations have contribution 2nd item is the 2nd order harmonics, the 3rd and 4th to the same parity lower order IMPs and harmonics. item are 2nd order IMPs, the 5th item is the 4th order harmonics, the 6th item is the 4th order IMPs IV. PIM IN INDOOR DISTRIBUTION with arbitrary 1 signal and an other signal’s 3rd or- SYSTEM OF MOBILE der harmonics , the 7th item is 4th order IMPs with COMMUNICATION arbitrary 2 signal’s 2nd order harmonics, the 8th item is the 4th order IMPs with arbitrary 2 signals and an According to the overseas statistics, there is approxi- other signal’s 2nd harmonics. The last term is the 4th order IMPs with arbitrary 4 signals. mately 80% communication traffic occurred in indoor, and the percentage is increasing with the For k>4, yk is more complicated but small of its magnitude. From the above discussion we can come growth of 3G technology and the demand of wire- to the conclusions: less data communication. Therefore, indoor distri- 1. The lower the order is, the much stranger of bution system pays more and more important role IMP magnitude, IP2 level is the strangest. to ensure high quality and heavy traffic load of in- 2. The multi-signals modulation can have all pos- door communication. So PIM interference in indoor sible mixed products including every order IMP and distribution system must be concerned significantly. harmonic. There are usually two fundamental modes in in- 3. The higher order modulation can have the same door distribution system design: Duplex and Sim- and lower order harmonics and IMPs. plex [16]. In duplex mode, there is only one set of 4. The even order modulation has the even order antenna and cable assembly shared by signal recep- IMPs and harmonics, the odd order modulation has tion and transmission (fig. 1 A). In simplex mode, the odd order IMPs and harmonics. two sets of antenna and cable assembly are con-

China Communications June 2007 83 Feature Articles: Communications & Information Security

structed for signal reception or transmission sepa- to fall into 2G or 3G system receive band, some rately (fig. 1 B). Certainly, we also can design a sepa- receiving channels can not be used. So PIM interfer- rate one for each network, but this wastes money ence and channel assignment should be carefully and difficult to construct. Actually, the indoor dis- studied. tribution system is often shared by several networks In China, the current 2G mobile systems are 3 for money save and difficult lease. kinds: CDMA1X, GSM900 and DCS1800 systems, Obviously, duplex mode is economical, but the networks are 5: 1 CDMA1X, 2 GSM900 and 2 transmitting signals and receiving signals propagate DCS1800, which belong to 2 operators respectively: through the same antenna and cable assembly, so China Mobile owns 1 GSM900, 1 DCS1800 and IMPs achieved by transmitting signals can easily in- China Unicom owns 1 CDMA1X, 1 GSM900, 1 terfere to the receiving signals. Simplex mode can DCS1800. For 3G systems, there may be 3 kinds: separate transmitting signals from receiving signals, WCDMA, CDMA2000 and TD-SCDMA. So there so PIM interference can be avoided effectively. but may be 6 kinds of systems, 8 networks after the it is almost double investment for needing of double license provided by the government in not long passive components (e.g. antennas, connectors, cable future. The PIM interference will be more serious etc.) than simplex mode. Balancing between good and complicated. quality service and investment controlling, a sim- According to 2G systems radio frequency actual plex mode system shared by all networks is usage and 3G system radio frequency assignment practicable. published in document [2002] No.479 published by In China, the indoor distribution system covers China Information Industry Ministry[17], the public almost all public places now. Generally, it is con- mobile communication system frequency assigns as structed by operator independently. But in huge pub- in table1: lic place (e.g. People’s Conference Building, Olym- The Frequency Assignment for China Public Mo- pic Games fields and halls), only one indoor distri- bile Communication Systems bution system is permitted to construct for all Actually, China Unicom CDMA system use operators. Operators have to cooperate. This was the just 3 channels (No. 283,242,201), China Mobile same in Hong Kong and Macao earlier, but the situ- GSM system occupies more 5 MHz bandwidth of ation is changing now, many indoor distribution sys- frequency for analog mobile system before tem are constructed by all operators because of the (EGSM band). resistance of landlord, high investment and construc- For 3G systemWCDMA and CDMA2000 adopt tion difficulty. frequency division duplex (FDD) mode, uplink and Cooperation is beneficial, it can plan and design downlink use different frequency just like GSM. perfectly, avoid estate re-negotiation, re- TD-SCDMA adopts time division duplex (TDD) construction, capitals wasting, minimize the incon- mode, uplink and downlink share the same fre- venience to residents and maximize society benefits. quency by time. If the 3G system signals join into an In China, there will be more operators and net- indoor distribution system, their transmitting signals works with the 3G system coming into use. With can modulate just like 2G system signals, and induce the competition behavior regularization and ratio- IMPs and harmonics which may interfere to wider nal among operators. I’m sure that there will be more frequency band. But fortunately, 3G system has few and more cooperations among operators in indoor channels. distribution system construction in the 3G era. Because it isn’t clear for 3G system licensure It’s possible that some or all radio networks of 2G yet, here we only discuss 2G system transmitting and 3G system have to share a duplex indoor distri- signal PIM interfering to 2G and 3G system receiv- bution system. In this situation, if the IMP happens ing signals.

84 China Communications June 2007 Feature Articles: Communications & Information Security

For N transmitting signals which frequency are f1 f2 fN respectively, from section 3, we can get PIM frequency as following: 10

And where C is order of intermodul-ation. Especial case: when all mi is zero except one then C mI where I is the ith signal. That is the C order of harmonic for fI. Assume that ith transmitting signal frequency , where fi0 is the channel center frequency, i is channel bandwidth. Then for the existing 2G system transmission we can get following 2nd~4th order intermodulation form which may cause interference to receive bands: 1 2nd order f1+f2 11 2 2nd order f1 f2 assuming that f1 f2 >0 (12) 3 3rd order f1+f2-f3 assuming that f1+f2-f3>0 (13) 4 4th order f1+f2 f3 f4 assuming that f1+f2 f3 f4>0:

(14) 5 4th order f1 f2 f3 f4 assuming that f1+f2-f3 f4>0:

China Communications June 2007 85 Feature Articles: Communications & Information Security

Obviously, the PIM frequency bandwidth is 4. In duplex indoor distribution system widened; it is the sum of all participated transmitting construction, it is good to use low PIM level signal frequency bandwidths, so it may interferes to components, such as antennas, cable jumpings, more channels. connectors, diplexer, combiners and cable, and should Because the lower order IMPs are strong, Here the be careful laying and fixing to avoid distortion, loose important 3 lower order IMPs, which may interfere connection or remains, chemical pollution in to receive band, are calculated and listed in the at- compoments. tached table: “ 2G System 2nd- 4th Order PIM In- terference to 2G And 3G Systems”. REFERENCES We can look up the table by transmitting frequency to find whether the PIMs fall into receiving fre- [1] Manfred Lang “The Intermodulation Problem quency bands, and can calculate the interfered band- in Mobile Communications” Microwave Journal, width by (11)-(15) above. Special attention must be May 1995 Issue paid to the 2nd, 3rd order PIM products interference [2] G. Paschos, S. A. Kotsopoulos, D. A. Zogas, for their strong magnitude. If the higher order PIM and G. K. Karagiannidis,°∞The impact of products (e.g. 4th, 5th) are strong enough to compare intermodulation interference in superimposed 2G with the sensitive receiving signal, they also should and 3G wireless networks and optimization issues take into account. of the provided QoS “, http://www.wltl.ee.upatras. It is difficult to locate which component causes gr/Archive/Papers/ high level PIM products in a large indoor distribu- [3] Nuno Borges de Carvalho, Raquel Castro tion system. To avoid PIM interference, it is prac- Madureira “Intermodulation Interference in the tical to assign transmitting signal channels to en- GSM/UMTS Bands”, http://www.co.it.pt/ sure all lower order PIM products out of the receiv- conftele2001/proc/ ing channels. [4] Zidong Liu “Passive Intermodulation Distor- tion in Triband Antenna Systems” www.csa- V. CONCLUSIONS wireless.com [5] David Weinstein “Passive Intermodulation This article discusses on PIM phenomena in du- Distortion in Connectors, Cable and Cable Assem- plex indoor distribution system under multi-band blies” www.amphenolrf.com/simple/PIM Paper.pdf multi-signal input, the results are also suitable [6] Reimer Nagel, Karl Audenaerde,Passive for multi-band antenna system and co-locate an- intermodulation in Duplex Communication Systems tenna in a crowed site. The main conclusions are www.rfs-kmp.com.br as following [7] Hartmut Gohdes,IMPACT OF POWER 1. Nonlinearity of passive component causes PIM. VARIATION ON 3RD ORDER PASSIVE Contact nonlinear, material nonlinear and surface INTERMODULATION OF COAXIAL RF- effect are the physical reasons to induce PIM. CABLES AND THEIR CONNECTORS 2. Under multi-band multi-signal input, both even http://www.rfs-kmp.com.br/userfiles/pdf/im- and odd order PIM may interfere to receiving signal, pact-of-power-variation.pdf and especial attention should be paid to 2nd and 3rd [8] Paul E. CastrucciPassive intermodulation order PIM which may cause serious interference. in antenna systems 3. All channels of the joined radio networks should http://www.keepmedia.com/pubs/ be carefully arranged to avoid their lower order PIM SiteManagementTechnology/2002/12/01/151730? products falling into receiving channels. extID=10032&oliID=213

86 China Communications June 2007 Feature Articles: Communications & Information Security

[9] S. Hienonen, V. Golikov, P. Vainikainen, A. YD/T 5XXX-200X, Communication Industry Stan- V. R?is?nen, “Passive intermodulation distortion in dard of P. R. China base station antennas”, [17] Circular on the issue of frequency assign- http://www.hut.fi/Units/Radio/research / ment for the 3rd generation public mobile communi- rf_applications_in_mobile_communication cation system, No. [2002]479 of Dept. of Radio [10] Sami Hienonen “STUDIES ON MICRO- Management of MII of P. R. China WAVE ANTENNAS: PASSIVE INTERMOD- ULATION DISTORTION IN ANTENNA STRUC- BIOGRAPHY TURES AND DESIGN OF MICROSTRIP AN- TENNA ELEMENTS”, Helsinki University of Tech- Pauling Huang is a senior engineer and member nology Radio Laboratory Publications,Teknillisen of China Institute of Communications. He received korkeakoulun Radiolaboratorion julkaisuja Espoo, the B.S degree in radio March 2005 REPORT S 267 propagation and antenna, [11 ]Dr. Raymond McArchur “Intermodulation the M.S degree in radio phys- Fundamentals” WWW.sinctech.com ics in Wuhan University and [12] Paul E. Castrucci ,“ Passive intermodulation 1986 and 1991 respectively. in antenna systems” , http://www.findarticles.com/ He has been working on mo- p/articles/mi_m0LEF bile network planning, [13]Tommy W. S. Chow, Hong-Zhou Tan, Yong engineering, operation over Fang “ nonlinear system representation” 10 year and fulfilled 4 local http://www.site.uottawa.ca [14] GEORGE ZAMES NONLINEAR OP- mobile networks construc- ERATORS FOR SYSTEM ANALYSIS MASSA- tion and Macao CDMA network construction in CHUSETTS INSTITUTE OF TECHNOLOGYRE- China Unicom. His interest is in communication SEARCH LABORATORY OF ELECTR-ONICS technology , engineering and wireless network Technical Report 370 August 25, 1960 optimization. [15] Wilson J. Rugh Nonlinear System Theory published by The Johns Hopkins University Press, Wangbaohua is a senior engineer, M.S in radio 1981 (ISBN O-8018-2549-0) electronins, he is now researching in mobile com- [16] Specifications for indoor coverage engineer- munication technology in China Unicom ing designation of wireless communication systems, Guangdong branch.

China Communications June 2007 87