Papers by Nicola Laurenti
Lecture notes in electrical engineering, Sep 25, 2015
Achievable secrecy rates over a multiple-input multiple-output multiple-eavesdropper (MIMOME) wir... more Achievable secrecy rates over a multiple-input multiple-output multiple-eavesdropper (MIMOME) wiretap channel are considered, when the legitimate users have perfect knowledge only of the legitimate channel state and the eavesdropper channel is drawn from a (possibly unknown) continuous probability density. Legitimate users are assumed to deploy more antennas than the eavesdropper. A signaling transmission based on K-class Gaussian mixture model (GMM) distributions is proposed, which can be considered as an artificial-noise augmented signal, where the noise statistics are data-dependent. The proposed scheme is shown to achieve the secrecy capacity, \(\log K\), in the high signal-to-noise ratio (SNR) regime. Moreover, the tradeoff between secrecy and reliability at finite SNR is explored via the characterization of an upper bound to the error probability at the legitimate receiver, an upper bound to the mutual information leakage to the eavesdropper and via numerical simulations.
While a growing number of Internet of Things (IoT) applications require reliable mechanisms to de... more While a growing number of Internet of Things (IoT) applications require reliable mechanisms to determine the precise location of remote devices, the aspects regarding the security of positioning algorithms should not be neglected. In this context, this paper proposes a physical-layer location verification method for IoT networks in which the concentrator node is assisted by several anchor nodes that are spread in the area of interest. We design an optimization problem to choose appropriately which anchor nodes should be triggered in the location verification process in order to minimize the activation rate of each anchor. The performance evaluation results show that the proposed policy achieves an activation rate reduction of the anchor nodes of at least 70%.
Cambridge University Press eBooks, Jun 27, 2017
The GNSS signal received power lies below the thermal noise and a correlation with the known spre... more The GNSS signal received power lies below the thermal noise and a correlation with the known spreading sequence is needed in order to recover it. The use of GNSS for tracking vehicles or goods has incentivized the malicious use of personal privacy devices (PPD) or jammers in order to disrupt the service. Usually jammers achieve denial of service (DoS) by the transmission of high power interfering signals, making it difficult for the victim receiver to correctly track the genuine signal. The approach of a traditional jamming attack can be seen as brute-force: it disrupts the service over a certain area rather than selectively targeting a particular device or signal. This work will examine a new class of low power GNSS jammers, that target each ranging signal individually and aim at disrupting the PNT capability for a specific receiver, by directly attacking its correlation process. Instead of overwhelming the legitimate signal with a high power interfering signal, the proposed jammer aims at disrupting the lock indicators used by receiver, e.g., the code lock indicator or the phase lock indicator. Indeed, if the these metrics are degraded, the receiver is led to discard the signal and does not produce observables. Moreover, this jamming signal can pass undetected to the traditional jamming indicators and it is much harder to filter. The paper will derive the optimal jamming waveform for this class of attacks and experimental results performed with Software Defined Radio (SDR) and real receivers will be presented.
In the proposals for Global Navigation Satellite Systems (GNSS) Navigation Message Authentication... more In the proposals for Global Navigation Satellite Systems (GNSS) Navigation Message Authentication (NMA) that are based on adapting the Timed Efficient Stream Loss-Tolerant Authentication (TESLA) protocol, the length of the one-time keys is limited (e.g. to 80 bits) by the low transmission rate. As a consequence, the hash function that is used to build the one-way key chain is constructed having a longer, secure hash function (e.g. SHA-256), preceded by a time-varying yet deterministic padding of the input and followed by a truncation of the output. We evaluate the impact of this construction on the collision resistance of the resulting hash function and of the whole chain, and show that with current proposed parameters, combined with the use of efficient hashing hardware, it can lead to a feasible attack with significant collision probability. The collision can be leveraged to mount a long lasting spoofing attack, where the victim receiver accepts all the one time keys and the navigation messages transmitted by the attacker as authentic. We conclude by suggesting possible modifications to make TESLA-based NMA more robust to such attacks.
Currently, the operational Global Navigation Satellite Systems (GNSS) do not offer message, nor s... more Currently, the operational Global Navigation Satellite Systems (GNSS) do not offer message, nor signal Authentication and Integrity Protection toward the Open Service (OS) users. But a well-motivated attacker equipped with a single antenna can successively perform several attacks, e.g. Jamming, and Signal-Synthesis attack to affect the position solution, or even a Replay attack which modify the timing awareness. Because of this threats, robust defending techniques are needed. The nascent European navigation system-Galileo, aspires to offer an E1 OS signal authentication and integrity protection mechanism integrated from the outset. Actually, a wide State-Of-Art about defende techniques already exists. But these all have a common vulnerability: they are based on computationally secure algorithms (e.g. Digital Signal Algorithm), or are designed only against a specific attack. This thesis work, inserted into a collaborative project with the European Space Agency (ESA), aims at contributing to the issue by adopting a different approach. Namely, we deal the problem from the Physical Layer point of view, and without limiting the attacker capabilities and advantages. Furthermore, no specific authentication scheme is chosen or designed, but only generic channel models are considered. In this manner, a theoretic key entropy lower bound is defined for both Data and Signal level. Their performance is then presented considering some simplified channel and signal setting, but against a well-equipped attacker. In addition, the Data-layer bound is compared with the actual most promising protocol-TESLA. Therefore, the work provides a reference bound to guarantee unconditionally secure Authentication and Integrity Protection. Finally, the DLR channel model is exploited in order to extract some useful features (e.g. coherence time) within a more realistic scenery.
Lecture Notes in Computer Science, 2002
The Hiperlan/2 standard [1]-[3] for wireless LAN transmission in the 5 GHz frequency band makes u... more The Hiperlan/2 standard [1]-[3] for wireless LAN transmission in the 5 GHz frequency band makes use of OFDM modulation with a TDMA access scheme, in order to efficiently exploit time dispersive channels with frequency selective fading. It is well known that the performance of OFDM schemes is very sensitive to synchronization: symbol timing and carrier frequency errors must be carefully estimated and corrected at the receiver. We propose a scheme for time and frequency offset estimation, derived form those presented in [4]-[7], suited to all the transmission burst types of the standard. The scheme makes use of the periodic structure of each burst preamble and is robust with respect to distortions induced by dispersive channels. We evaluate its performance both via statistical analysis and simulation in the presence of AWGN and dispersive channels, and also present an original technique for performance evaluation of the timing synchronization in dispersive environments, based on the cumulative distribution function of the useful signal power after demodulation.
arXiv (Cornell University), May 14, 2013
We consider a system where an agent (Alice) aims at transmitting a message to a second agent (Bob... more We consider a system where an agent (Alice) aims at transmitting a message to a second agent (Bob) over a set of parallel channels, while keeping it secret from a third agent (Eve) by using physical layer security techniques. We assume that Alice perfectly knows the set of channels with respect to Bob, but she has only a statistical knowledge of the channels with respect to Eve. We derive bounds on the achievable outage secrecy rates, by considering coding either within each channel or across all parallel channels. Transmit power is adapted to the channel conditions, with a constraint on the average power over the whole transmission. We also focus on the maximum cumulative outage secrecy rate that can be achieved. Moreover, in order to assess the performance in a real life scenario, we consider the use of practical error correcting codes. We extend the definitions of security gap and equivocation rate, previously applied to the single additive white Gaussian noise channel, to Rayleigh distributed parallel channels, on the basis of the error rate targets and the outage probability. Bounds on these metrics are also derived, taking into account the statistics of the parallel channels. Numerical results are provided, that confirm the feasibility of the considered physical layer security techniques. Manuscript received ***; revised ***.
River Publishers eBooks, Sep 1, 2022
EAI/Springer Innovations in Communication and Computing, 2021
Proceedings of the Satellite Division's International Technical Meeting, Oct 11, 2019
Proceedings of the Satellite Division's International Technical Meeting, Nov 3, 2017
2023 International Balkan Conference on Communications and Networking (BalkanCom)
2023 IEEE/ION Position, Location and Navigation Symposium (PLANS)
arXiv (Cornell University), Apr 6, 2023
Global navigation satellite systems (GNSSs) are implementing security mechanisms: examples are Ga... more Global navigation satellite systems (GNSSs) are implementing security mechanisms: examples are Galileo open service navigation message authentication (OS-NMA) and GPS chips-message robust authentication (CHIMERA). Each of these mechanisms operates in a single band. However, nowadays, even commercial GNSS receivers typically compute the position, velocity, and time (PVT) solution using multiple constellations and signals from multiple bands at once, significantly improving both accuracy and availability. Hence, cross-authentication checks have been proposed, based on the PVT obtained from the mixture of authenticated and non-authenticated signals. In this paper, first, we formalize the models for the crossauthentication checks. Next, we describe, for each check, a spoofing attack to generate a fake signal leading the victim to a target PVT without notice. We analytically relate the degrees of the freedom of the attacker in manipulating the victim's solution to both the employed security checks and the number of open signals that can be tampered with by the attacker. We test the performance of the considered attack strategies on an experimental dataset. Lastly, we show the limits of the PVT-based GNSS cross-authentication checks, where both authenticated and non-authenticated signals are used.
2022 IEEE Workshop on Metrology for Agriculture and Forestry (MetroAgriFor)
arXiv (Cornell University), Feb 3, 2023
The threat of signal spoofing attacks against global navigation satellite system (GNSS) has grown... more The threat of signal spoofing attacks against global navigation satellite system (GNSS) has grown in recent years and has motivated the study of anti-spoofing techniques. However, defense methods have been designed only against specific attacks. This paper introduces a general model of the spoofing attack framework in GNSS, from which optimal attack and defense strategies are derived. We consider a scenario with a legitimate receiver (Bob) testing if the received signals come from multiple legitimate space vehicles (Alice) or from an attack device (Eve). We first derive the optimal attack strategy against a Gaussian transmission from Alice, by minimizing an outer bound on the achievable error probability region of the spoofing detection test. Then, framing the spoofing and its detection as an adversarial game, we show that the Gaussian transmission and the corresponding optimal attack constitute a Nash equilibrium. Lastly, we consider the case of practical modulation schemes for Alice and derive the generalized likelihood ratio test. Numerical results validate the analytical derivations and show that the bound on the achievable error region is representative of the actual performance.
Sensors
Global navigation satellite systems (GNSSs) provide accurate positioning and timing services in a... more Global navigation satellite systems (GNSSs) provide accurate positioning and timing services in a large gamut of sectors, including financial institutions, Industry 4.0, and Internet of things (IoT). Any industrial system involving multiple devices interacting and/or coordinating their functionalities needs accurate, dependable, and trustworthy time synchronization, which can be obtained by using authenticated GNSS signals. However, GNSS vulnerabilities to time-spoofing attacks may cause security issues for their applications. Galileo is currently developing new services aimed at providing increased security and robustness against attacks, such as the open service navigation message authentication (OS-NMA) and commercial authentication service (CAS). In this paper, we propose a robust and secure timing protocol that is independent of external time sources, and solely relies on assisted commercial authentication service (ACAS) and OS-NMA features. We analyze the performance of the pr...
2020 International Conference on Localization and GNSS (ICL-GNSS)
Recently, global navigation satellite systems (GNSSs) have started offering additional services t... more Recently, global navigation satellite systems (GNSSs) have started offering additional services to improve the precision of positioning, authenticate the GNSS signal, and broadcast messages (e.g., almanacs or information needed for search and rescue purposes). In all these scenarios, possibly long messages must be broadcast over the low-rate satellite-ground communication link. By splitting the message into sub-messages, each transmitted by a different satellite, the receiver can decode them simultaneously, achieving a higher equivalent data rate. In this paper we address the problem of scheduling sub-message transmissions on a constellation of satellites for transmission over error-free and erasure channels. For the error-free case we aim at maximizing the area over the earth, where the entire message can be decoded. Both optimal (by binary linear programming) and sub-optimal low-complexity solutions are investigated. For erasure channels we consider two possible targets: either the minimization of the maximum packet error rate (PER) on the earth surface, or, in a dual fashion, the maximization of the area where all sub-messages are received with PER below a given threshold. Both problems are framed as integer linear programming problems, and again suboptimal, less computationally demanding solutions are also developed.
2017 European Navigation Conference (ENC), 2017
Navigation Message Authentication (NMA) is a necessary security provision in GNSS open service, c... more Navigation Message Authentication (NMA) is a necessary security provision in GNSS open service, considering that more and more infrastructures rely on civilian GNSS signals, and several cryptographic mechanisms have been proposed to implement it. Most solutions adapt existing protocols to the specific requirement and constraints of the GNSS scenario, which is inherently one-way and asymmetric, and hence make use of asymmetric cryptography. However, no similar proposal has yet been made for the provision of key management services (distribution, upgrade, revocation), which are crucial for the security of any cryptographic mechanism.
Uploads
Papers by Nicola Laurenti