You are on page 1of 5



Gill R. Tsouri and Dov Wulich
Ben-Gurion University of the Negev,
Department of Electrical and Computer Engineering - Communications Laboratory
Beer-Sheva 84105, ISRAEL,
e-mail: or


A method for securing wireless multiple access channels is

proposed. The method is based on the dispersive nature of TX2
wireless channels. Specifically, on the fact the channels from RX

distributed nodes in space to a receiver are unique to the .

receivers point in space and change over time. Each node .
estimates the channel between itself and the receiver. It then .
transmits a compensated signal yielding a robust joint TXN
constellation at the receivers point in space. The receiver
decodes and separates all nodes at once from the joint
constellation. An eavesdropper, placed at least a few
wavelengths aside the receiver, experiences a different and EAVESDROPPER
unknown channel. It is shown that this impairs his decoding
ability for various reasons. The method requires no extra
decoding complexity at the receiver, and allows the sources Fig.1 The general multiple access scheme
to transmit independently of one another. It is applicable to
systems with linear modulation and flat fading channels. Frequency Division Multiplexing (OFDM) a leading
method for many wireless air interface standards.
1. INTRODUCTION In the proposed method the receiver sends a pilot signal to
Due to the broadcast nature of the wireless channel, the nodes. Each node estimates the CSI between itself and the
commercial and military wireless communication systems receiver. It then uses a set of predefined Base Band (BB)
rely heavily on information security techniques [1,2]. Among information symbols and some form of linear modulation to
other possibilities, security can be inherent to the transmit a channel compensated signal to the receiver,
transmission method. This form of security is commonly independently to all other nodes. All nodes transmit their
termed Transmission Security (TranSec). Various TranSec channel compensated signal simultaneously using the same
methods have been suggested in the past [1,2,3]. For carrier frequency and the same pulse shaping.
example, spread spectrum systems utilize frequency hoping The receiver is equipped with a single MF, matched to the
or direct sequence transmission with pseudo random shaping pulse. Due to the linearity of the wireless channel,
sequences derived via cryptographic algorithms and keys [3]. the MF output is the sum of the compensated BB symbols
For obvious reasons, military applications are deeply engaged sent from each node separately. This sum constitutes a joint
with the issue as well [7]. The general multiple access scheme symbol, which carries the information from all nodes. Based
is depicted in Fig.1. on this joint symbol, the receiver performs joint decoding of
It is common practice to have the transmitters adjust their the information from all nodes using Maximum Likelihood
power-emission and transmission time based on channel (ML) detection.
conditions and network scheduling [3]. For achieving such The BB symbol sets are found offline to have a joint
control the receiver or transmitters must have Channel State symbol constellation at the receiver with maximal minimum
Information (CSI) of the channels from all nodes to the Euclidean distance, while keeping the nodes power emission
receiver. CSI is commonly obtained through the use of pilot constraints. Such an optimization yields a one to one mapping
signals. between any instance of nodes symbols and the symbols of
We adopt these prerequisites and further assume that: (i) the joint constellation. It also results with a constellation
linear modulation is applied for data transmission, (ii) Time having the lowest Bit Error Rate (BER) for additive Gaussian
Division Duplex (TDD) is used, and (iii) the channel exhibits noise, when ML detection is used.
slow flat fading, as is the case, for example, in Orthogonal

2007 EURASIP 688

constellation as the intercepted encrypted message. A pilot
sent by the receiver is in fact invoking a new key to be used
x1 superposition
due to channel by the nodes. The keys are drawn from the probability
h2 linearity receiver distribution describing the varying wireless channel. A key
may be re-invoked after a time period of channel coherence
x2 y ML time.
r decision
TX2 device
The multiple access system of Fig.1 is modeled using the
. BB equivalent model as depicted in Fig.2. It acts in two
phases: during phase 1 RX synchronizes the TXs to have
TXN their transmissions reach him simultaneously and then RX
sends a single pilot signal to all TXs to estimate their channel;
Fig.2 Baseband model of nodes to receiver transmission during phase 2 all nodes transmit their channel compensated
BB symbols to RX.
It follows, that the nodes may transmit their information
independently, and that the receiver can separate their 2.1 Channel compensation at TX
transmitted information from the single received joint It is assumed that node no. i , i = 1,2,..., N estimates the
This joint detection approach should be distinguished from complex valued channel attenuation, hi , from RX to node i
superposition modulation with successive decoding [10], and vice versa (TDD). Let s i be the information payload
where the nodes are indeed transmitting together, but each symbol of node i . The compensated symbol of node i
node is decoded in turn based on its own transmitted equals to
constellation, and is removed from the joint symbol based on 2
interference cancellation. It is possible to formulate the x i = s i hi* hi . (1)
proposed TranSec layer for successive decoding as well, but
that is beyond the scope of this work.
The set of { }
xi iN=1 is simultaneously received yielding at RX:
It should also be distinguished from Multi User Detection r = y + n , where
(MUD) [4], where multiple matched filters are used to N N N
perform interference cancellation of multiple CDMA users.
The complexity of MUD rises exponentially with the number
y= hi xi = hi si hi* hi
2 =
si (2)
i =1 i =1 i =1
of users. and n is the additive complex Gaussian noise. The received
The joint constellation at the receiver is the result of a signal r is fed to a ML decision device, which evaluates all
compensated, coherent, sum of nodes' BB symbols and
occurs at a unique position in space only: the position of the {s i }iN=1 at once.
receiver. Since the eavesdropper would have to occupy a It is assumed that hi is large enough (the attenuation is
different position in space it will receive some other sub-
limited) to be within the nodes power constraint. This
optimal joint constellation. This joint constellation would
assumption is usually made in multiple access systems with
change in time for a dispersive time varying channel and its
power control at the nodes. For example, in cellular telephony
structure would be a-priory unknown to the eavesdropper
a user would roam to a different base station when it cannot
because it has no knowledge of the channel compensation
compensate for the channel attenuation. So, at any instance of
done at each node. This knowledge is unattainable to an
time the base station manages nodes which are able to
eavesdropper because only the nodes receive the receiver
compensate for channel attenuation and the assumption holds.
pilots at their position in space. It follows that the
For now it is assumed that hi is estimated without error.
eavesdropper would have to find the unknown joint
constellation using some sort of blind estimation and then
decode the information based on a deteriorated joint signal 2.2 Optimal constellation at RX
constellation. For time varying channels, the eavesdropper s i is a payload symbol with limited energy which belongs
has to perform this during the time period for which the to a predefined set S i . The signal constellation at the receiver
channel is approximately constant.
It is possible to describe the proposed security layer using is made up of all the permutations in {S i }iN=1 which generate
the model for secrecy systems as defined in [9]. The nodes' y.
channel compensation can be thought of as an encryption To obtain the optimal constellation at RX we proceed as
operation, where the nodes wireless channel estimate is the
encryption key. The wireless channel can be viewed as a
follows. {S i }iN=1 are sets of complex numbers where
deciphering operation and the eavesdropper joint { }
S i = s1(i ) , s 2(i ) ,..., s (iM) ; i = 1,2,..., N and M is the number of

2007 EURASIP 689

bits per symbol per transmitter. y is a set of complex
numbers made of all possible summations of N numbers,
where each number belongs to a different set S i , i.e.,
y y1 , y 2 ,..., y 2 NM } with
yj = l (ji ) , j = 1,2,...,2 M (3)
i =1

where l (ji ) S i is the j-th symbol of the i-th transmitter

{ } { }
(node). l (j1) ,l (j2 ) ,...,l (jN ) lk(1) ,lk(2 ) ,...,lk(N ) for all j k , i.e.,
there is a one to one mapping of transmitted symbols vector
to received joint symbol.
Given the definition: d min = min y j y k , we wish to
j k Fig.3 received joint symbol constellation at receiver
find { }
S i iN=1 which yield max(d min ) under the following
power emission constraint: 3. TRANSMISSION SECURITY PROPERTIES
2 M The eavesdropper BB model is the same as depicted in
s (ji )
= P , i = 1,2 ,..., N . (4) Fig.2, with hi and n replacing hi and n respectfully. The
2M j =1 eavesdropper MF output is r = y + n , where
2.3 Illustrative example
We limit each symbol set to be a rotated and scaled version
y = x i hi = si hi hi + n (7)
i =1 i =1
of BPSK. The following symbols sets were found by an Where hi is the channel coefficient from node i to the
offline parametric search over rotation and scale of all symbol
eavesdropper position, n is its additive complex Gaussian
sets, and guarantee max(d min ) at RX:
noise, and y is its received joint constellation.
S1 = {0.7124 exp( j 2.5558); 0.7124 exp( j 0.5858)}
The eavesdropped cannot estimate hi and hi from the
S = {0.9965 exp( j1.3720); 0.9965 exp( j1.7696)} (5)
pilot sent by RX as its position is different than that of the
S3 = {0.9890 exp( j 0.2016); 0.9890 exp( j 2.9400)} nodes. It may estimate the ratio hi hi using blind
A polar presentation of the resulting joint symbol estimation, but for that it needs sufficient observation time
constellation, along with the bit mapping to each joint and then estimation time.
symbol, is depicted in Fig.3. The bits correspond to TX1/2/3
from left to right. It so happens that this joint constellation is 3.1 Security layer setup
in fact a type of 8QAM used in some industry standards [5].
Let Ts denote symbol duration and LTS the number of
The ML decoding complexity of this constellation is as that
of the common 8QAM [6]. secured symbols. The protocol for setting up the security
In Fig.4 BER of the joint 8QAM constellation is displayed layer is as follows:
vs. Eb/N0. To make sure the proposed security layer does not
hinder performance, a common 8QAM [6] performance curve 1. N nodes request a secure link to RX.
of a single transmitter is displayed as reference. Performance 2. The receiver defines the secured transmission time
of the joint 8QAM is as that of the common 8QAM. TSEC = Ts LTS
To check the effects of power control errors and 3. The receiver assigns an index to each node.
synchronization errors, erroneous CSI is introduced to the 4. Each node uses its index to retrieve a symbol set from its
model. The CSI error is modeled as: predefined look up table.
~ 5. The receiver transmits a pilot signal.
hi = hi + ei
. (6) 6. Each node estimates hi .
Where ei is a complex normal random variable with a
7. Each node transmits LTS symbols and waits for a new
standard deviation of 1/10 that of hi . This is equivalent to a pilot from the receiver.
pilot signal with SNR 10dB higher than data SNR. It is seen 8. After a period of Tstat - the time when hi const
that CSI estimation errors of that magnitude have some effect
(channel coherence time) has passed, steps 5-8 are
on receiver performance (up to 1dB degradation for the given
example). * Note that after step 4 no pilots are transmitted by the nodes.

2007 EURASIP 690


N=5 N=7


Probability of total security





0 50 100 150 200 250 300 350 400 450 500

Fig.4 Performance curves for given scenario Fig.5 Probabilities of total security for various N and L
3.2 Probability of security the proposed TranSec layer offers security with probability 1
As explained before, the security layer is based on the (total security) for these 2N symbols. Following 2N symbols
reception of a deteriorated signal by the eavesdropper. The the eavesdropper has some probability of receiving all
deterioration of the signal is due to four factors: possible joint symbols and the probability for security
decreases as more joint symbols are received by the
1. The eavesdropper would have difficulty knowing the eavesdropper. It follows that in order to achieve total
expected joint symbol constellation at its MF output, since it security:
has no knowledge of the channel compensation done at each
2 N Ts Tstat . (8)
transmitter, and no prior knowledge of the CSI from the nodes
to itself. Tstat is proportional to 1 B d , where B d is the Doppler
2. The signals from the group nodes would not reach the spread. It is commonly assumed that Tstat = 0.1 B d .
eavesdropper simultaneously. The minimal number of nodes for total security is:
3. The decoding complexity of the eavesdropper would be
N TS = log 2 (Tstat TS ) . (9)
much higher than that of RX. This is due to the fact that for
each channel instance the eavesdroppers' joint constellation As an example, for TS = 4 sec and B d = 100 Hz we have:
would change, making it impossible to design a constant and NTS = 8 .
computational efficient decoding algorithm. The RX decoding For some values of Tstat and Ts , the required N TS for
algorithm would be constant because each channel instance is
total security might be to big for a system at hand, so we
compensated for. This means that online decoding by the
analyze the effect on security when N < N TS .
eavesdropper is much more complex than at RX.
4. The joint constellation formed at the eavesdropper MF The probability for total security after receiving the first L
output is not optimal, since it was made to be optimal at a symbols PTS (L ) is defined as the probability that an
different point in space that of RX. eavesdropper does not receive all typed of joint symbols from
these L symbols. For L < 2 N , PTS (L ) = 1 , for L 2 N the
Factors 2,3 might be compromised based on the assumptions
of eavesdropper proximity to receiver and infinite online probability PTS (L ) corresponds to the dice problem
computation power. However, dismissing factor 1 requires that formulated in [11 pg. 8]:
the eavesdropper finds some means to discover its received 2 N 1 N N
( 1) j +1 2 2 j
joint constellation structure. The best case scenario for an
eavesdropper is to deduce its received joint constellation based
PTS ( L ) = j 2 N

j =1
on samples taken from the noisy channel. This in itself is a
Fig.5 displays this probability for various N and L . Notice
problem for the eavesdropper, but for the sake of argument we
assume that blind estimation is possible without error. that PTS (L ) is a non-increasing function of L and that
However, any blind estimation by the eavesdropper would when PTS (L ) decreases it decreases slower for larger N .
have to rely on receiving at least one joint symbol of all joint This means that as N increases total security is compromised
symbol types. Since there are 2N joint symbols the less. If for example we tolerate PTS (L ) > 0.99 , we obtain
eavesdropper remains blind for at least the first 2N symbols
duration of each node following a receiver pilot. It follows that such a security level for L LTS secure symbols as is shown
in Tab.1, which was derived from Fig.5. Note that LTS

2007 EURASIP 691

N 2 3 4 5 6 7 5. CONCLUSION
LTS 3 8 25 68 175 434 A method for generating a transmission security layer for
nodes in wireless multiple access systems was proposed. The
Tab.1 Number of secured symbols with prob. 0.99 method is based on a physical impossibility a set of
transmitted signals cannot be made to be coherent for two
becomes much larger than 2 N as N increases, meaning that
different points in space. It was shown that the method gives
the relaxing condition of PTS (L ) > 0.99 extends the number total security for a certain transmission time the time it
of secured samples significantly. Since each joint symbol is takes the eavesdropper to perform blind estimation. This
the result of N separate node symbols, L indicates also the secured transmission time increases with the number of
number of secured symbols per node. participating nodes, and increases dramatically when the
The behavior of PTS (L ) is similar to that of equivocation probability of security is set to 0.99 instead of 1. An
as defined in [9]. Indeed, as for the unicity distance defined in illustrative example was given for three nodes in Rayleigh
[9], it is also inevitable that the eavesdropper would have full fading. It was shown that the BER of the eavesdropper
knowledge of its joint constellation with probability close to 1 degrades catastrophically even after total security has been
after some L > LTS is reached. breached, despite many relaxing assumptions. It was also
shown that system performance is unhindered by the method,
In the next section we analyze the illustrative example of that its decoding complexity remains low, and that it suffers
subsection 2.3 with regard to factor 4 for the case when L tolerable performance degradation in the face of channel
has been reached, and the eavesdropper can perform its own estimation errors.
joint decoding of the nodes.
3.3 Illustrative example continued
We assume the three nodes are communicating to a central [1] R. K. Nichols, P. C. Lekkas, Wireless Security, McGraw-
RX in a slow flat Rayleigh fading channel, and that factors Hill 2002.
1,2,3 are compromised completely. We also ignore any other
attempt to secure the data, such as changing nodes symbol [2] J. R. Vacca, Guide to Wireless Network Security, Springer
indexes according to some predefined rule, scrambling, coded 2003.
encryption etc. [3] T. S. Rappaport, Wireless Communications., Prentice
It is assumed that all channels to RX and eavesdropper are Hall, 1996.
independent and have equal variance. This assumption is
valid if the eavesdropper is located at least a few wave- [4] S. Verdu, Multiuser Detection, Cambridge University
lengths away from the receiver [8], which is a small distance Press, 1998.
at high frequencies. [5] Data Over Cable Systems 2.0,Part 1:Radio Frequency
Fig. 4 depicts the BER of the eavesdropper. Recall that Interface, ANSI/SCTE 79-1 2003, page 53.
only factor 4 of subsection 3.2 is considered. It is clear that
the eavesdropper ML decoding is unsatisfactory for correct [6] J. G. Proakis, Digital Communications., 4-th. ed.,
decoding of the data. For example, if RX operates at Eb/N0 McGraw Hill, 1995.
of 14dB it would have an average error rate of 10-3, and the [7] S. Shanken, D. Hughes, T. Carter, Secure Wireless Local
eavesdropper would have an error rate of 10-1. It follows that Area Network, MILCOM 2004.
for the given scenario the eavesdropper cannot effectively
intercept the messages from the nodes, even when factors 1-3 [8] W. C. Lee, Mobile Communication Engineering,
are compromised. McGraw-Hill, New York, 1982.
[9] C. Shannon, Communication Theory of Secrecy
4. APPLICATIONS Systems, BSTJ 28(4), 656--715, 1949.
The proposed method may be used in TDMA, FDMA
and CDMA multiple access systems. The difference is in the [10] A. Goldsmith, Wireless Communications, Cambridge
way the receiver groups the nodes. In TDMA the receiver University Press, 2005.
should assign them the same time slot, in FDMA the same [11] M. Conroy, A Collection of Dice Problems, 2007,
carrier frequency, and in CDMA the same complex signature
waveform. hematics.htm

2007 EURASIP 692