Introduction


This project aims at studying security in wireless communications from an information theoretical point of view. Information theoretical security contrasts with computational security, which relies on computational assumptions on the adversary, typically that the adversary does not have enough computational power to break a problem thought hard. Information theoretical security is unconditional and relies on the uncertainty that the adversary faces. In the context of communication systems, it is often obtained by exploiting the noise inherently present over communication channels, and eventually amplifying it by a careful coding strategy that further injects random bits. This idea stems from the seminal work of Wyner and the introduction of the wiretap channel, a broadcast channel where a legitimate player Alice communicates to two users, a legimitate user Bob, and an eavesdropper Eve. By exploiting the difference in channels between the two users, Wyner showed that it is possible to communicate confidentially to Bob over discrete memoryless channels, that is, there exist codes, namely wiretap codes, that allow both reliable and confidential communications. One of the goals of this project is to look for wiretap codes for different classes of channels, and in particular wireless channels such as fading or MIMO channels. A dual class of problems consists of using wiretap codes, or other techniques from coding theory, to help in achieving cryptographic protocols over noisy channels.

We have built a USRP testbed to experiment the theory that we have developed around wiretap codes, more details of experiments are available on the testbed webpage .

Wiretap Codes for the Gaussian Channel


We consider a Gaussian wiretap channel, where Alice communicates with Bob over a Gaussian channel, and similarly Eve can eavesdrop communication over a Gaussian channel. We analyze the probability of Eve being able to correctly decode the message intended to Bob when Alice transmits information using as strategy coset lattice encoding ([C2]), namely two lattices are used: a fine lattice to communicate with Bob (a regular lattice code for Gaussian channels), and a coarse lattice encoding random bits to confuse the eavesdropper. It is shown that confusion at the eavesdropper can be increased by a careful coding, which is characterized by the notion of secrecy gain. Secrecy gain is a new lattice invariant related to the theta series of the coarse lattice intended for Eve.
In [J4], we study the secrecy gain for even unimodular lattices: in particular, the secrecy gain of extremal even unimodular lattices is computed, and asymptotic bounds on the secrecy gain are given. Finally, examples of code constructions are worked out. The case of odd unimodular lattices is studied in [C6], and in fact, all the unimodular lattices in dimension less than 23 are classified with respect to their secrecy gain in [J5]. Unimodular lattices in higher dimensions are investigated in [C8], using the duality between self-dual codes and unimodular lattices. Motivated by the need to encode and decode unimodular lattices, their connection with codes via Constructions A, A' and D are revisited in [C10] and [J8].
Examples of even 2- and 3-modular lattices are considered in [C7], and a more general study of 2- and 3- modular lattices, including odd 2-modular lattices is available in [J7], which shows that in small dimensions (less than 24), there exist 2- and 3- modular lattices with higher secrecy gain than the best unimodular lattices in the same dimension. In an attempt to understand how the lattice level influences the secrecy gain, [C19] looks at the construction and secrecy gain of 5- modular lattices, but no general behavior can be seen from the proposed lattice codes.

Wiretap Codes for Fading Channels


We consider a wireless wiretap channel, where all the players (Alice, Bob and the eavesdropper Eve) are equipped with one antenna, corresponding to fast fading and block fading channels. In [C3], we propose a code design criterion to design wiretap lattice codes for fading channels, this design is made available for finite signal constellations in [J9]. In [C11] and [J9], we consider wiretap lattices built over number fields for fast fading channels, and study some of the trade-offs involved in terms of choosing the right number field to help getting both reliability and confidentiality: more precisely, the role of elements of small norms is looked at in [J9], while that of the lattice volume and underlying regulator is analyzed in [C15]. In [C12] and [J10], motivated by the need to perform coset encoding with algebraic lattices, we study generalizations of Construction A over number fields.

MIMO wiretap codes are used when all players are equipped with multiple antennas (transmit antennas for Alice, and receive antennas for Bob and Eve). We analyze the probability of Eve being able to correctly decode the message intended to Bob when Alice transmits information using as strategy coset lattice encoding ([J6]). The particular case of the Alamouti code is detailed carefully. Howerer here again wiretap coding relies on coset coding and thus we look at ways of implementing Construction A in an algebra setting in [C14] and [C17].

Wiretap Codes for Network Coding


It is known from the work of Silva et al. that rank metric codes can be used as wiretap tap codes for network coding. It is also known that generalized Hamming weights characterize the performance of wiretap codes of type II. In [C9], we introduce a definition of generalized rank weights, motivated by the security provided by rank metric codes for network coding. In [C13], generalized rank weights of the dual codes are considered, where they are shown to interlace the rank weights of the code, similarly as for the case of the Hamming weights. The rank hierarchy of cyclic codes is studied in [C18].

Enhanced Security of Systems using the Encoding-Encryption Paradigm


It is standard for communication systems that use both error-correction coding for reliability and encryption for security to first perform the encryption, and only then the encoding. In this project, we focus on those systems which adopted the reverse approach, namely they first encode the data and then encrypt it, which is referred to as the encoding-encryption paradigm . A motivating example is the standard for Global Telephony GSM. In this project, we study how the security of systems such as GSM could be enhanced by using wiretap coding. More precisely, since systems using the encoding-encryption paradigm rely their security on a stream cipher, we are interested in protecting the stream cipher key against both passive and active attacks. To do so, we introduce a wiretap encoder which injects extra randomness in the system, and study the security it provides.
We first consider an information theoretical analysis, which focuses on the equivocation of the key, and show that under chosen plaintext attacks ([C1]), even when the adversary can add some controled noise and learn the resulting effect on the legitimate user's decoding ([J2]), the addition of the wiretap encoder provides an unconditional security as long as the adversary does not collect too many samples, after which, the unconditional security is lost. The fact that the adversary can recover the key with a very high probability however does not mean that it is easy to do so, it only tells that a computational security analysis is needed.
We show in ([J3]) that the computational security of systems using the encoding-encryption paradigm enhanced with a wiretap encoder is related to the difficutly of sovling the LPN (Learning Parity in Noise) problem. Furthermore, the complexity of the LPN problem can be increased by a careful design of the wiretap encoder. We thus propose code design criteria for designing wiretap codes that maximize the security of the system, both from an unconditional and computational point of view, and give a corresponding generic code construction.

Publications