The open nature of wireless environment makes radio communications vulnerable [adversarial_survey_2016] to eavesdropping data interception [eavesdropping_CM_2015]. Defence strategies [adversarial_JASC_2018], such as millimetre wave, beamforming, artificial noise, security coding and directional modulation are proposed to mitigate the eavesdropping. Existing defence solutions are more likely dependent on surrounding channel environment and therefore are not robust in time-variant multipath fading channels when channel state information (CSI) is imperfectly known [security_CM_CSI_2015]. Traditional theoretical research prefers assuming perfect CSI or some other ideal assumptions, which makes theoretically achieved discoveries unrealistic in practical field experiment tests. Secure multiple user access is hardly implementable when legitimate users and eavesdroppers are close in space [eavesdropping_CM_2015], which is limited by imperfect beamforming leakages. In addition, the typical non-orthogonal multiple access (NOMA) based solution [NOMA_TCom_2017] has risks of information leakages since one user is allowed to decode signals from other users. Traditional ways to extend secure communication coverage would rely on error correction coding [security_TIT_2007] while its power and throughput efficiency is limited. Artificial noise enabled security is treated as an efficient defence solution [security_AN_TWC_2008]. However, extra power would be wasted to generate noise and security reliability is compromised. Data encryption [Zhang2017DesignOA], widely used at link or transport layers, is also applicable to enhance physical layer security. However, its applications are limited and unrealistic in low-cost consumer-level products. Moreover, encrypted data could be captured by eavesdroppers and processed offline using brute-force tactics. Therefore, advanced defence countermeasures are needed to replace or complement traditional channel dependent physical layer security solutions.
where a legitimate user can use fake labels to fool an adversary attacker. In this case, the attacker cannot intelligently train a reliable signal classifier at the inference attack stage. This is equivalent to a causative attack from a legitimate user to the attacker by falsifying the attacker’s training data. However, the throughput would be reduced because of the fake labels transmission. Therefore, maintaining a balanced throughput and security quality is a challenge to be solved.
A non-orthogonal waveform spectrally efficient frequency division multiplexing (SEFDM), unlikely to be identified by eavesdroppers, is crafted for enhancing physical layer security. The research of the non-orthogonal waveform is traced back to 2003 [SEFDM2003]. Unlike the multicarrier orthogonal frequency division multiplexing (OFDM) signal, SEFDM packs sub-carriers closer by violating the orthogonality leading to either bandwidth saving or data rate increase advantages. Better than the non-built-in security OFDM, the non-orthogonally packed sub-carriers in SEFDM bring inter carrier interference (ICI), which complicates signal detections but in turn contributes to secure communications since computationally complex signal detectors would increase the cost of eavesdroppers to detect signals. Previous work in [MOFDM_PIMRC2009] studied the possibility of a similar strategy in physical layer security. The main idea is to overlap two orthogonal OFDM signals. In this case, interference is introduced between two overlapped OFDM signals and eavesdroppers cannot intercept signals without advanced signal detectors. This might be true when computational complexity is the primary concern. However, with the advancement in hardware, brute-force but optimal performance achievable detectors become realistic in consumer-level hardware. Thus, the traditional waveform encryption in [MOFDM_PIMRC2009] is easily broken down and a solution, which can efficiently combat with time-variant multipath fading, multiple user access, deep learning adversarial attack, brute-force offline interception and beamforming leakage for low-cost hardware working in a wide communication range, is in urgent need.
This work will investigate two waveform dependent defence methods. Firstly, a waveform scaling strategy aiming to increase the number of non-orthogonally packed sub-carriers, can significantly increase the computational complexity of signal detections but in turn prevent eavesdropping and enhance information confidentiality. Secondly, a waveform tuning strategy, related to a waveform bandwidth compression factor adjustment, is proposed to confuse eavesdroppers by misidentifying signals. Deep learning has seen great success in various applications and is believed to be a potential approach to assist eavesdropping. Therefore, a deep learning based eavesdropping attack model is trained to evaluate the robustness of the proposed defence waveforms. Results indicate that by intentionally tuning waveform parameters (i.e. bandwidth compression factor), signal features cannot be correctly identified by eavesdroppers, which results in subsequent eavesdropping detection failures.
Ii Defence Strategy
Ii-a Defence Waveform
The proposed defence waveform has self-created ICI, which is the essential mechanism of preventing eavesdroppers to accurately identify or detect signals. The principle of the waveform is expressed as
where indicates the single-carrier symbol within one SEFDM symbol, is the number of sub-carriers, denotes time sample index and is the bandwidth compression factor where is the time period of one SEFDM symbol and is the sub-carrier spacing. The power of one SEFDM symbol is computed in the following
The self-created ICI within the SEFDM waveform complicates signal detections and therefore increases the cost of eavesdropping. To separate the constructive signal from its self-created destructive interference, variables and are introduced in (2). The signal part is defined when while the interference part is the term when . It should be noted that the value of determines the interference term, which is zero when (i.e. OFDM) while non-zero when (i.e. SEFDM). An illustration of the non-orthogonal sub-carrier overlapping interference is shown in Fig. 1, where it clearly shows the ICI at each sub-carrier location in SEFDM signals.
The generation of SEFDM signals is simply performed via IFFT. To remove the parameter in (1), a new parameter
is defined. By padding
zeros at the end of each input vector (i.e. a vector consists ofsingle-carrier symbols), a new vector of input symbols is obtained as
where the value of has to be an integer and simultaneously a power of two, , which allows the IDFT to be implemented by the computationally efficient radix-2 IFFT. The SEFDM signal in a new format is defined as
where . The output is cut with only samples reserved and the rest samples are discarded. Due to the discard of the last samples, ICI is therefore introduced and is treated as a new enhancement solution for physical layer security.
Ii-B Waveform Scaling Defence
This section will firstly evaluate the defence methodology proposed in [MOFDM_PIMRC2009], which expects significant performance degradation without using a complex signal detector. An eavesdropper therefore would not extract confidential information from the non-orthogonal signals. The detection of traditional OFDM signals depends on the matched filter (MF), which is essentially an FFT operation at the receiver. The complexity of FFT is acceptable in widely used communication systems, which requires multiplications and additions. For the proposed non-orthogonal signal, the detection relies on the brute-force maximum likelihood (ML) detector, which has exponentially increased computational complexity.
In practice, a performance maintained but simpler sphere decoding (SD) detector is used instead of ML due to the reduced signal processing complexity by searching for a partial number of solutions. In this case, SD is faster than ML. However, the complexity of SD is random since the search for an optimal solution is related to noise power. Therefore, to get a fair and convincing comparison, the upper bound complexity is considered leading to the search for all possible solutions, which is the case when noise power dominates. In this case, the complexity is fixed and is only related to the number of sub-carriers. This section computes complexity in real-valued operations and only considers the complexity for one OFDM/SEFDM symbol. The computations of multiplication and addition operations are mathematically defined as
With the breakthrough of low-cost hardware, a complex but powerful detector is no longer a barrier for eavesdroppers to intercept small size signals such as a signal with =12 sub-carriers, which is the size of one resource block in 5G-NR [Erik_book_5G]. Therefore, a straightforward solution to prevent the interception is to make the signal detection harder by scaling up the size of the non-orthogonal signal. The complexity of SD is random but it is proportional to the number of sub-carriers. A higher number of sub-carriers can enhance signal encryption by complicating signal detections. Numerical comparisons are presented in Fig. 2 where only multiplication is considered since its complexity is more concerned in practical systems. For the purpose of illustrations, the number of operations in Fig. 2 is expressed by a logarithmic scale. Therefore, it is clearly shown that the FFT operation maintains at a low complexity level while the SD complexity increases exponentially. A signal with =256 sub-carriers has an upper bound complexity of as shown in Fig. 2. Such a large number of mathematical operations would take a significant processing time for the SD detector, which is unrealistic in consumer-level hardware. Thus, the waveform scaling will increase the cost of eavesdroppers to intercept the signals and therefore ensures information confidentiality.
Waveform scaling is an efficient encryption method to prevent eavesdropping but it also prevents communications between legitimate users. To deal with the detection of such a large size signal, a specially crafted MultiSD detector was proposed in [Tongyang_wincom2017], which can recover large size non-orthogonal signals with linear computational complexity as shown in Fig. 3. The newly designed detector still has higher computational complexity than FFT. However, its multiple-SD architecture enables parallel processing, which is applicable in consumer-level hardware. Its complexity is mathematically expressed as
In Fig. 4, it clearly shows that the complexity of MultiSD is significantly reduced relative to the traditional SD detector considering the same signal scale. This discovery however endangers the waveform scaling defence since eavesdroppers can intercept signals using the MultiSD detector as well. Therefore, a more clever and robust defence method is needed to cope with the eavesdropping signal detection.
Ii-C Waveform Tuning Defence
In practice, an eavesdropper has to learn a signal classifier, which can identify different signal formats before any intentional attacks. Existing defence actions for such artificial intelligence (AI) dependent eavesdropping would falsify data or labels to prevent accurate classifier training. Without accurate signal identifications, eavesdroppers cannot effectively carry out subsequent attacks. However, these traditional defence mechanisms rely on additional transmissions of fake data and labels, which reduces data throughput between legitimate users. An efficient approach to address the potential detection attack is to design a waveform tuning defence method, which can mislead eavesdroppers into misclassifying the format of signals. The wrong classification of signal formats would result in subsequent detection errors. This solution is to prevent the potential interception from eavesdroppers when the MultiSD detector is known.
The principle of waveform tuning defence is shown in Fig. 5. It is clearly seen that by tuning the bandwidth compression factors, signal waveforms would have trade-off between diversity and similarity. Type-I shows apparent signal diversity since adjacent signals have evident differences while Type-II shows increased signal similarity because adjacent signals have close features. We would expect that the second type of signals are more difficult to separate from each other than the first type of signals. The same QPSK data is modulated on all the waveforms in Fig. 5
merely for signal feature diversity and similarity visualization. For realistic training and testing in the following sections, we would use random QPSK data for each signal waveform. This work assumes that an eavesdropper would automatically learn the features of signals. Therefore, manual feature extractions are not taken into account in this work.
Iii Eavesdropping Model
It is assumed that an eavesdropper can train an AI signal classifier, which will be used for automatic signal format identification. There is no standardized training methodology for signal classification. Therefore, we apply the deep learning convolutional neural network (CNN) model for the eavesdropping signal classifier. The CNN architecture [tongyang_VTC2020_DL_classification] is illustrated in Fig. 6 where seven neural network (NN) layers are designed for signal feature extraction. The first six NN layers have the same structure while the last NN
|Sampling frequency (kHz)||200|
|IFFT sample length||2048|
|No. of data sub-carriers||256|
|Bandwidth compression factor||1,0.95,0.9,0.85,0.8,0.75,0.7|
|RF center frequency (MHz)||900|
|Path delay (s)||[0 9e-6 1.7e-5]|
|Path relative power (dB)||[0 -2 -10]|
|Maximum Doppler frequency (Hz)||4|
|Frequency offset (PPM)||2|
|Omni-directional antenna gain (dBi)||2|
Unlike the single-band signal generation in [tongyang_VTC2020_DL_classification], this work applies the multi-band signal architecture [Tongyang_wincom2017], which can confuse eavesdropping signal identification while make legitimate user signal detection possible. The signal for each class (i.e. each ) is generated according to Table LABEL:tab:table_signal_channel_specifications. Since over-the-air signals would experience a variety of wireless environments, therefore the signal dataset can be enlarged similar to [tongyang_VTC2020_DL_classification] via data augmentation passing through the time-variant channel models in Table LABEL:tab:table_signal_channel_specifications. Training is operated offline in a computer equipped with an Intel(R) Xeon(R) Silver 4114 CPU (2 processors). Two eavesdropping classifiers, CNN-1 and CNN-2, are trained using the Type-I and Type-II data respectively, which are both distorted by the channel/hardware impairments at a fixed Es/N0=20 dB. A number of 2000 frames (i.e. OFDM/SEFDM symbols) per signal class are generated after the channel/hardware data augmentation. Therefore, there are overall 8000 training frames for the CNN-1. The amount would increase to 14000 training frames for the CNN-2.
Iv Defence Impact
The original waveform encryption proposal [MOFDM_PIMRC2009] is firstly evaluated in Fig. 7(a), in which it assumes that the optimal but complex SD detector is technically challenging for eavesdroppers. Therefore, only simple detectors such as MF is applicable. It is clearly seen that the non-orthogonal signal, modulated by 12 sub-carriers, is perfectly recovered by legitimate users using the SD detector while it is undetectable by an eavesdropper using MF. However, the risk of knowing and applying SD detection for eavesdropping still exists since the rapid advances of hardware making SD detection possible in consumer-level hardware. A straightforward solution is to make detection harder by enlarging the signal size. The performance in Fig. 7(b) shows the waveform scaling defence impact on a signal of =256 sub-carriers. The detection of such a signal using SD is impossible since the computational complexity increases exponentially to the upper bound complexity of . Therefore, it can efficiently prevent eavesdropping. However, it will prevent communications between legitimate users since SD for such a large size signal is not possible for them either.
The proposed waveform tuning can simultaneously deal with eavesdropping encryption and legitimate user signal recovery. Its performance is shown in Fig. 8. The target signal waveform is defined by =0.8 while eavesdroppers have no knowledge of signal formats in advance. It clearly shows that the use of incorrect signal detectors (e.g. =0.9, 0.85, 0.75, 0.7) results in great BER performance degradation. It should be noted that the error floors exist for eavesdroppers with or without knowing the MultiSD detector. Only the target legitimate user who knows exact signal formats is able to apply the correct detector (i.e. =0.8) to recover the signal. Thus, the waveform tuning method fundamentally prevents unauthorized interception even the MultiSD detector is leaked to eavesdroppers.
A realistic waveform tuning impact is shown in Fig. 9 where confusion matrices, in a similar representation to that of [OShea_classification_2018], are illustrated for signal classification accuracy. In each sub-figure, classes indicate the bandwidth compression factors , vertical labels indicate true transmitted signal classes and horizontal labels indicate predicted signal classes. Perfect signal classification would show only diagonal elements in each confusion matrix. Therefore, it is visually concluded that Type-I signals yield higher classification accuracy than Type-II signals. The Type-I signal, with less feature similarity, is nearly 100% accuracy identified by the CNN-1 classifier. By tuning the waveform parameter to enhance feature similarity, only 56.3% of Type-II signals are classified into correct signal class.
The misclassification of signal formats, as revealed in Fig. 9, would result in significant eavesdropping BER performance degradation as shown in Fig. 10. The BER is zero for traditional OFDM and the MultiSD detected Type-I signal. The Type-I signal has minor BER degradation when MF is used. However, the performance of Type-II signal greatly deteriorates whether or not the MultiSD is known. This effectively proves the robustness of the non-orthogonal waveform and its tailored waveform defence strategies in secure communications.
This paper investigates the capability of using non-orthogonal waveforms to defend against eavesdropping. Existing proposals on non-orthogonal waveforms rely on the assumption that an eavesdropper cannot intercept signals without complex detectors. However, with the advancement of hardware, the complexity of brute-force signal detection is no longer a barrier. Therefore, a waveform scaling defence strategy is proposed to intentionally further complicate signal detections by scaling up the signal size. The processing complexity increases exponentially and would go up to a level of . The interception for such signals is impossible to eavesdroppers. However, it also prevents communications between legitimate users since data recovery is also challenging for them. A performance-complexity optimized detector is crafted to deal with large scale non-orthogonal signal detections. However, this endangers secure communications since eavesdroppers can get access to the advanced detector as well. Therefore, a waveform tuning defence strategy is proposed to cope with the aforementioned issue by intentionally tuning waveform parameters. In this case, signals would be tuned to have high feature similarity and eavesdroppers cannot easily identify them. Confusion matrices show that the classification accuracy for diversity dominant signals can approach 100% while it reduces to 56.3% when similarity dominates. The low classification accuracy would cause the failure of subsequent signal detections. BER performance reveals the robustness of the waveform tuning strategy, where the misclassification of signals results in detection error floors when the advanced detector is either known or not.