Sage Journals: Discover world-class research

Abstract

Due to personal privacy, information security is a particularly important issue in wireless body area networks. Although current communication protocol has considered the security, there is still a risk that lapses in physical layer security may be a potential threat in wireless body area networks. In order to achieve the comprehensive security protection, in this article, we propose a cross-layer authentication approach, where the higher layer and physical layer are simultaneously considered. More specifically, different from current literatures, we exploit the sparse representation of the original signal as the basis of physical layer authentication, and a representative selection algorithm is presented to achieve the signal detection. Moreover, based on IEEE Standard 802.15.6, we give a feasible unite authentication scheme, in which physical layer strategy and higher layer strategy are combined to enhance the security of authentication. To verify the effectiveness of the proposed physical layer strategy, we conducted experiments and numerical simulations. Furthermore, the computational complexity of the proposed algorithm and the efficiency of the cross-layer approach are analyzed, respectively. Results showed that the proposed approach can significantly enhance the authentication and the complexity is acceptable (polynomial complexity).

Keywords

Cross layer physical layer security wireless body area networks sparse representation

Introduction

A new generation of ubiquitous body-centric systems, wireless body area networks (WBANs),^1,2 is expected to reduce the healthcare stress. As a healthcare provider, WBANs are required to ensure privacy and confidentiality of patients’ health records. However, due to the natural characteristics of wireless communication, the broadcase transmission in the air can be monitored easily by attackers. The security problem has become a bottleneck to be overcome in the application for WBANs.

For protecting the message safe, current wireless networks have established some security mechanisms. Such as IEEE Standard for local and metropolitan area networks Part 15.6, there has been an architecture of information security for WBANs.³ In this standard, messages are transmitted in secured authentication and encrypted frames, which provide measures for message authenticity and integrity validation, confidentiality, and privacy protection. Based on the Advanced Encryption Standard (AES), these security mechanisms are built on the Media Access Control (MAC) layer. Impersonation attacks and man-in-the-middle attacks can be defensed in this security policy. However, these higher layer policies are hard to resist the risks from physical layer, such as spoofing attacks. Because of the small cost and easy to launch, spoofing attacks is one of the most serious risks, and it is often used as the foundation of many senior attacks, such as denial-of-service (DoS) or man-in-the-middle attacks. Therefore, how to effectively resist spoofing attacks is a crucial issue in the security of WBANs.

Recently, a variety of physical layer authentication schemes have been proposed in previous studies,^4–17 by exploiting the properties of wireless channels, where they generally contain received signal strength (RSS),⁴ carrier frequency offsets (CFO),⁶ channel state information (CSI),^7,8 channel frequency responses (CFR),⁹ channel impulse responses (CIR),^10,11 channel power-delay profile (PDP),⁵ and power spectral density (PSD).¹² Generally speaking, RSS is easy to obtain but more susceptible to channel stability and communications noise. PDP⁵ and PSD¹² need accurate estimation which will increase the complexity of the communication system. CFO⁶ has a risk which can be imitated by the advanced signal transmitter. In WBANs, considering indoor movement with low-speed and low-complexity requirement of biosensors, channel response is applicable to the communication environment since it is a reliable characteristic information and easily obtained. Xiao et al.^13,14 have investigated the channel-based spoofing detection for time-variation channel and terminal mobility by exploiting channel response.

However, in order to develop authentication schemes which are applicable in practical systems, these physical layer authentication approaches have also taken into account a variety of enhancement techniques. For example, Xiao et al.¹⁵ explored CFR and used multiple antennas to combat the mobility of wireless terminals for improving the reliability of physical layer security,¹⁶ investigated two-dimensional quantization, which include channel amplitude and path delay, to improve the authentication performance, and¹⁷ proposed a game theory and machine learning–based spoofing detection approach to further enhance the spoofing detection. However, previous research has neglected to exploit the potential of the primary signal to enhance the detection, that is, previous studies generally focused on the statistical properties of original signal and used some advanced tools (such as multiple antenna, multiple dimensional, or advanced algorithm) to improve the performance of authentication, while they ignored the deeper distinction of the original signal.

Different from current literatures, in this study, we present a new physical layer spoofing detection scheme based on a deeper feature representation of original signal, where the distinguishability of original signal is further highlighted to enhance the authentication performance. Furthermore, considering current security protocols, we present a cross-layer approach for message authentication in WBANs, in which we take both the physical layer security and higher layer security into account simultaneously. Thus, in this article, our main contributions can be mainly summarized as follows: (1) we proposed a new physical layer spoofing detection scheme based on sparse representation to enhance the detection performance and (2) for practical application, we give a feasible cross-layer approach to message authentication for WBANs.

The rest of this article is organized as follows. In section “Physical layer authentication and sparse representation,” the theory of physical layer authentication and sparse representation is given. Section “Proposed cross-layer approach” introduces the proposed cross-layer scheme. The experiment and simulation for evaluating the physical layer security strategy is introduced in section “Evaluation of spoofing detection.” Section “Performance analysis of the unite authentication” shows the analysis of the cross-layer approach. Section “Conclusion” concludes the article.

Physical layer authentication and sparse representation

Physical layer authentication

Being different from the digital credentials in conventional authentication, physical layer authentication is a keyless security scheme. Considering a general physical layer authentication, when an initial transmission between the legitimate users is first established where the authentication is based on a higher layer security scheme, the receiver can obtain the characteristic information of the legitimate channel. Due to the uniqueness feature of wireless channel, many studies have exploited this characteristic to distinguish Eve from Alice (here, using the traditional terminology, we consider that Alice is a legitimate transmitter who wishes to communicate with Bob, and Eve is a would-be intruder who transmits to Bob with the aim of impersonating Alice), and this scheme is called channel-based (or location-based) authentication. Channel-based authentication is mainly depended on spatial location which is hard to imitate, and the security basis is not limited by computational complexity. Hence, it is a rather potential authentication for the resource-constrained scenario, such as WBANs.

Sparse representation theory

Sparse representation¹⁸ is a rapidly developing signal processing technology, which is aimed at searching for the most compact representation of a signal in terms of linear combination of atoms in an over-complete dictionary. Suppose that we have an over-complete dictionary $D = [d_{1}, \dots, d_{n}]$ and an input signal set $y \in R^{m}$ , then the input signal can be represented as a sparse linear combination of $D$ and the sparse vector matrix is $x = [x_{1}, \dots, x_{n}]^{T}$ , given by

$y = D x = \sum_{k = 1}^{n} d_{k} x_{k}$ (1)

Thus, $x$ is the sparse representation of the input signal $y$ . In this model, the number of basis of functions is greater than the dimension of the input signal, that is, $m < n$ , with which the basis is over-complete. The problem of this representation is to find a $n \times 1$ coefficient vector $x$ with the fewest number of nonzero entries. This problem can be obtained by solving an optimization problem

$\min {‖ x ‖}_{0} s . t . y = D x$ (2)

where $‖ ‖_{0}$ denotes $ℓ_{0}$ norm, its role is to count the number of nonzero entries. However, the problem described above is an NP-hard problem and cannot be efficiently solved. An approximate solution to this problem is equivalent to a convex optimization problem under $ℓ_{1}$ norm, that is

$min ‖ x ‖_{0} \begin{matrix} s . t . \begin{matrix} y = Dx \end{matrix} \end{matrix}$ (3)

where $‖ ‖_{1}$ denotes $ℓ_{1}$ norm of a vector, which is equivalent to the absolute sum of all entries in a vector.

Many algorithms can solve this optimization problem, such as gradient projection¹⁹ and greedy pursuit algorithms.²⁰ In this study, we use the popular orthogonal match pursuit (OMP) algorithm²¹ to solve this problem.

Proposed cross-layer approach

Scheme overview

As shown in Figure 1, our mechanism includes three major components: physical layer strategy, higher layer strategy and unite authentication.

Physical layer strategy. In this component, spoofing attacks are concerned. We introduce a new authentication process for spoofing detection. The raw data are preprocessed based on sparse representation, and then we proposed a representative selection algorithm (RSA) to achieve the spoofing detection.

Higher layer strategy. In this component, impersonation attacks and man-in-the-middle attacks are concerned. Here, we still use MAC frame information and the corresponding cipher to achieve the traditional identify authentication.

Unite authentication. After physical layer and higher layer strategy, the final security authentication is given by unite authentication, which will enhance the security level.

Figure 1.

Flow chart of the proposed cross-layer approach.

Physical layer strategy

In this subsection, we present the details of physical layer strategy, which includes signal preprocessing based on sparse representation, RSA, and binary hypothesis test.

Signal preprocessing based on sparse representation

Sparse decomposition is based on the sparse representation theory, and it uses the sparse representation coefficients to represent the received signal in over-complete dictionary. The selection of a proper dictionary is a significant procedure, since this dictionary should not only sparsely represent the input signal but also contains the features of interest. In this study, standard multi-resolution dictionary is an effective option, such as those based on wavelets, which have represented the nature scene images in previous works.²² The wavelet function $ψ (t)$ and a scaling function $ϕ (t)$ can be translated and dilated to establish the redundant over-complete wavelet dictionary

${\begin{matrix} ψ_{j, k} (t) = 2^{- j / 2} ψ (2^{- j} t - k) \\ ϕ_{j, k} (t) = 2^{- j / 2} ϕ (2^{- j} t - k) \end{matrix}$ (4)

where $j = j_{0}, \dots, \log_{2} (n) - 1$ is the dyadic scales of the discrete collection of mother wavelets, $k = 0, \dots, 2^{j} - 1$ is the integer multiples of the scale, and t is the index of the duration.²³

In this study, Symlets wavelets are used to construct the over-complete dictionary. According to equations (1) and (3), we can obtain the sparse representation coefficients of the raw data. In other words, the received signals can be decomposed to sparse vectors based on OMP algorithm and wavelet dictionary.

Subsequently, to avoid the larger memory requirement and higher computational complexity, we use principal component analysis (PCA)²⁴ to decrease the dimension of the sparse coefficient vectors.

Suppose that the input sparse vector is $p = [p_{1}, \dots, p_{n}]$ , we want to transform this vector into a lower dimension vector $p_{V} = [p_{1}, \dots, p_{v}]$ , and this problem is given by

$p_{v} = E (p - μ_{p})$ (5)

where $p_{v}$ is the PCA coefficient that can represent the original sparse coefficient vector with reduced dimensionality. $E$ consists of v eigenvectors corresponding to the first v largest eigenvalues of the covariance matrix of $p$ , and $μ_{p}$ denotes the mean of the samples.

RSA

In order to establish the quantifiable characteristics space that can detect the spoofing attacks, we choose the following prominent features.

The first feature is the concentration ratio

$F^{(1)} = \frac{\sum_{k = 2 n - 1 - i}^{2 n - 1 + i} d (i)}{\sum_{k = 0}^{2 n - 1} d (i)}$ (6)

Practically, k can be determined by the imbalance property of $d (i)$ . That is, k can be immediately obtained once the right value $d (2 n - 1 + k)$ has surpassed the left value $d (2 n - 1 - k)$ by $δ$ (a simple and practical strategy is directly set $δ$ to 0), given by

$k = \underset{i}{min \arg} {d (2 n - 1 + i) - d (2 n - 1 - i) > δ}$ (7)

Second feature is the middle section variance

$F^{(2)} = \sum_{k = 2 n - 1 - i}^{2 n - 1 + i} {(d (i) - \frac{1}{2 i - 1} \sum_{k = 2 n - 1 - i}^{2 n - 1 + i} d (i))}^{2}$ (8)

The third feature is the shape imbalance

$F^{(3)} = \sum_{k = 2 n - 1 + i}^{2 n - 1} d (i) - \sum_{k = 1}^{2 n - 1 - i} d (i)$ (9)

By taking full advantage of the developed characteristic waveforms, we have constituted a feature space $[F^{(1)}, F^{(2)}, F^{(3)}]$ which is dedicated to separate the two channel states. Then, we directly resort to the equal combination (EC) rule for combination of these features

$F = μ_{1} F^{(1)} + μ_{2} F^{(2)} + μ_{3} F^{(3)}$ (10)

where $μ_{m} = \frac{1}{mean (F^{(m)})}$ , $m = {1, 2, 3}$ .

Up to now, we have already established an integrated feature F to measure the different levels of obtained signal sparse representation. Thus, each received signal sparse representation $x = [x_{1}, \dots, x_{v}]$ (processed by PCA) can be mapped into one single feature point in the feature vector $F = [F_{1}, \dots, F_{L}]$ and L is the number of different feature. Assume that at level $F_{l}$ , the number of signals ( $l \in {1, 2, \dots, L}$ ) is denoted by $M_{l}$ and the total number of signals is $N = M_{1} + M_{2} + \dots + M_{L}$ , then the probability distribution of each value $F_{l}$ is

$p (F_{l}) = \frac{M_{l}}{N}$ (11)

where $p (F_{l}) \geq 0$ and $\sum_{l = 1}^{L} p (F_{l}) = 1$ .

Hereinafter, we utilize an unsupervised approach to search the optimal threshold (denoted by $ε$ ) to dichotomize these feature vectors. Here, we formulate this searching optimal threshold problem as an optimization problem,²⁵ given by

$\begin{matrix} \begin{matrix} ε = \arg max_{l} σ_{B}^{2} (l), & l \in [1, \dots, L] \end{matrix} \\ \begin{matrix} Subjected & to & {\begin{matrix} ω (l) (1 - ω (l)) > 0 \\ \begin{matrix} or & 0 < ω (l) < 1 \end{matrix} \end{matrix} \end{matrix} \end{matrix}$ (12)

where, $ω (k) = \sum_{i = 1}^{k} p (F_{l})$ and $σ_{B}^{2} (l)$ is the between-class variance, which is defined as

$σ_{B}^{2} (l) = \frac{{[μ_{T} ω (l) - μ (l)]}^{2}}{ω (l) [1 - ω (l)]}$ (13)

In equation (13), $μ_{T}$ is the total mean level, which is defined as

$μ_{T} = \sum_{l = 1}^{L} F_{l} p (F_{l})$ (14)

and $μ (l)$ is the average of one single class and defined as

$μ (l) = \sum_{1}^{l} F_{l} p (F_{l})$ (15)

According to equations (13) and (15), we can solve this optimization problem, that is, equation (12), and the optimal threshold $ε$ can be obtained. Thus, the feature vector $F = [F_{1}, \dots, F_{L}]$ is dichotomized into two classes $[F_{1}, \dots, F_{ε}]$ and $[F_{ε}, \dots, F_{L}]$ . Meanwhile, we choose the middle level of these two classes ( $F_{⌊ (k^{*} + 1) / 2 ⌋}$ and $F_{⌈ (k^{*} + L) / 2 ⌉}$ ) as the representative of class. As a result, the target sparse coefficients $o^{(a)}$ and $o^{(b)}$ which correspond to the features $F_{⌊ (k^{*} + 1) / 2 ⌋}$ and $F_{⌈ (k^{*} + L) / 2 ⌉}$ can be selected.

Binary hypothesis test

After signal preprocessing and RSA, the spoofing detection can be formulated by a binary hypothesis test. First, we use Pearson’s correlation coefficient to describe the relationship between the received signals

$r = \frac{\sum_{i = 1}^{n} (o_{i}^{(a)} - \bar{o^{(a)}}) (o_{i}^{(b)} - \bar{o^{(b)}})}{\sqrt{\sum_{i = 1}^{n} {(o_{i}^{(a)} - \bar{o^{(a)}})}^{2}} \sqrt{\sum_{i = 1}^{n} {(o_{i}^{(b)} - \bar{o^{(b)}})}^{2}}}$ (16)

where $o_{i}^{(a)}$ and $o_{i}^{(b)}$ are the target sparse coefficients and $\bar{o^{(a)}}$ and $\bar{o^{(b)}}$ are the mean values of a sequence of packets.

Based on the uniqueness of the channel states, the receiver authenticates the kth packet based on the received signals’ channel state. If the channel states are similar, that is, the correlation rate between the selected signals is high, the packet is assumed to be sent from the same transmitter; otherwise, the packet is spoofing.

In this study, the goal of spoofing detection is to determine whether there is another sender which is different from Alice. We establish a hypothesis test to achieve the spoofing detection

$H_{0} : H_{T} (k + 1) = H_{A} (k + 1)$

$H_{1} : H_{T} (k + 1) = H_{E} (k + 1)$

There are two types of errors: false alarm, $P_{FA}$ ( $H_{1}$ is decided, when in fact $H_{0}$ is true), and miss detection $P_{MD}$ ( $H_{0}$ is decided, when in fact $H_{0}$ is true). The probability of false alarm ( $P_{FA}$ ) and the probability of miss detection ( $P_{MD}$ ) of the signal can be achieved via utilizing the Neyman–Pearson theorem as defined in Shin et al.²⁶

Since the original channels’ state information obeys Gaussian distribution, the target sparse coefficients after preprocessing and RSA still obeys Gaussian distribution. As a result, the binary hypothesis test can be represented by the correlation rate T between the target sparse coefficients

$T ~ {\begin{matrix} N (μ_{0}, σ^{2}) & H_{0} \\ N (μ_{1}, σ^{2}) & H_{1} \end{matrix}$ (17)

where, $μ_{0} > μ_{1}$ . Based on the Neyman–Pearson theorem, for a given $P_{FA}$ , the threshold can be determined by

$L (T) = \frac{p (T; H_{1})}{p (T; H_{0})} > γ$ (18)

where $L (T)$ is maximum likelihood ratio, equation (18) is called likelihood ratio test (LRT), and the threshold can be defined by $P_{FA} = \int_{{x : L (x) > γ}} p (x; H_{0}) dx$ and $γ' = \sqrt{\frac{σ^{2}}{N}} Q^{- 1} (P_{FA})$ .

Then, we have

$P_{FA} = \Pr {T > γ; H_{0}} = Q (\frac{γ' - μ_{0}}{σ})$ (19)

$\begin{matrix} P_{D} = \Pr {T > γ; H_{1}} = Q (\frac{γ' - μ_{1}}{σ}) \\ = Q (Q^{- 1} (P_{FA}) - (\frac{μ_{0} - μ_{1}}{σ})) \end{matrix}$ (20)

where, $Q (*)$ is the Q-function, and it is defined as

$Q (t) = \int_{t}^{\infty} \frac{1}{\sqrt{2 π}} e^{- \frac{1}{2} u^{2} du}$ (21)

Higher layer strategy

To resist impersonation attacks and man-in-the-middle attacks, we still consider cryptographic schemes based on IEEE Standard 802.15.6. During IEEE Standard for local and metropolitan area networks Part-15.6, security paradigm is established between nodes and hub, and they need to activate a pre-shared mater key (MK) and create a pairwise temporal key (PTK) for secured communication.

As shown in Figure 2, the protocol generates the MK and PTK with the benefit of assisting in keeping third parties from launching man-in-the-middle attacks or impersonation attacks. In addition, since this protocol is based on MAC frames, this security is built on MAC level. For more details, refer to IEEE Standards Association.³

Figure 2.

Flow chart of the higher layer security structure.

Unite authentication

In order to enhance the security of WBANs, we employ a unite authentication scheme, in which we consider the physical layer detection and higher layer authentication, simultaneously. Figure 3 shows the schematic diagram of the unite message authentication.

Figure 3.

Illustration of the unite message authentication. ⊕ is the bitwise exclusive-OR and ⊗ is the bitwise AND operator.

For higher layer, that is, MAC layer, the message integrity code (MIC) field in an authenticated frame can be calculated, that is

$MIC = LMB_n (M), M = AES (Ct r_{0}) \oplus X_{m}$ (22)

$X_{0} = AES (B_{0}), X_{i} = AES (B_{i} \oplus X_{i - 1}), i = 1, \dots, m$ (23)

where $LMB_n (M)$ designates the n leftmost bits of the bit string M, the symbol ⊕ denotes the bitwise exclusive-OR, and $AES (*)$ represents the output of the forward cipher function of the AES block cipher algorithm applied to block * under the AES key PTK or group temporal key (GTK) used to secure the frame.

Meanwhile, through sparse representation and RSA, the physical layer spoofing detection can give an indicator which contains the information of detection result. This indicator is sent to the MAC level. Whereafter, the bitwise AND operator is performed to achieve the unite message authentication, where if the calculated MIC value is equal to the received MIC value, and the physical layer indicator is positive, the authentication is accepted; otherwise, the current received signal contains risk information.

Evaluation of spoofing detection

Data acquisition

In order to validate the feasibility of our proposed physical layer spoofing detection, we set up our evaluation scenario and conduct experiments to obtain corresponding data. Herein, we configure two mobile nodes (homemade hardware) worn on the chest and the arms as signal transmitters. And software-defined radio (SDR) platform is used to emulate the controller. The SDR is Microsoft research software radio, also known as Sora.²⁷ Sora is a high-performance fully programmable software radio based on general-purpose processors (i.e. CPU) in commodity PC architecture. Figure 4 shows the mobile nodes and the SDR platform in our experiments.

Figure 4.

Mobile node and software-defined radio platform (Sora) in the experiment.

In this experiment, mobile nodes send pulse signals and the SDR platform receives these signals. Propagation measurement is performed in a workplace where there is a typical indoor scenario. The distance between the mobile nodes and the SDR platform is about 2 m, and the speed is about 1 m/s. Table 1 indicates the composition of the simulated scenarios.

Table 1.

Composition of the simulated scenarios.

Testing phase	Attacking scenario	Normal scenario
Transmitting	Two mobile node	One mobile node
Received	One MAC address	One MAC address

In Figure 5, we report the example of the obtained results after the signal preprocessing and RSA. We observe that the correlation coefficients under attacking and normal scenarios are significantly different. In normal scenario, the correlation coefficient curve is mostly above 0.5, while in attacking scenario, the curve is generally less than 0.25. Next, based on these experiment data, we will analyse the performance of the proposed scheme.

Figure 5.

Correlation of the sparse coefficients.

Performance comparison between traditional and proposed schemes

To verify the superiority of the proposed signal preprocessing and RSA-based sparse representation, we estimate the detection performance relative to the previously developed method. The proposed method is given in section “Physical layer strategy,” and the reference feature includes RSS and original CIR, which are used in Shi et al.⁴ and Xiao et al.,¹⁴ respectively. Note that RSS is the most commonly used features, and since our proposed scheme is also a CIR-based method, it is necessary to compare with original CIR feature. For consistency, we consider that they have the same original signal sets which are obtained in the experiment, and the detection schemes are similar, where the Neyman–Pearson detection theory is utilized.

Receiver operating characteristics (ROC) curves show the accuracy of the detected signal against false alarms. We use the ROC curves to show the authentication performance under different feature extraction methods. The results are shown in Figure 6, and it is demonstrated that better detection rates can be achieved when the requirement of false alarms is decreased. From Figure 6, we can see that under the same false alarm rate ( $P_{FA}$ ), the proposed method (i.e. sparse representation–based CIR, which denotes the channel impulse response (CIR) information after signal processing based on sparse representation) clearly shows the better miss detection rate ( $P_{MD}$ ) than that of other features (i.e. original CIR and RSS). It implies that under the same conditions, our proposed signal processing method can significantly reinforce the performance of CIR.

Figure 6.

ROC under different feature extraction.

Complexity analysis

After the comprehensive performance evaluations, we now investigate the computational complexity of this presented spoofing detection scheme. In our discussion, we simply employ the total number of multiplication operations as a rough indication of the computational complexity. Based on the derivations of the characteristic space, we find that the total multiplications of our algorithm in feature construction which is based on sparse representation is approximately $O (N^{2} + 3 N + 2 K)$ . While for NP testing, the estimator is based on LRT criterion, and it is observed that the times of multiplication operations are $O (N^{2})$ for each symbol. As a consequence, the whole computational complexity of the proposed physical layer authentication is almost $O (2 N^{2} + 3 N + 2 K)$ , which is also the polynomial complexity.

Performance analysis of the unite authentication

In order to demonstrate the performance of the cross-layer scheme, we use a hypothesis testing to investigate the final unite authentication. Let $D_{in} (k)$ denotes the physical layer or higher layer detection, which is given by

$D_{in} = {\begin{matrix} 1 \\ 0 \end{matrix} \begin{matrix} Reject \\ Accept \end{matrix}$ (24)

where $in = 1$ denotes the physical layer indicator and $in = 2$ represents the higher layer indicator.

Let $S = A (Alice) or E (Eve)$ represents the actual sender of the message. Furthermore, false alarm and miss detection can be written as

$α_{in} = P_{r} (D_{in} = 1 | S = A)$ (25)

$β_{in} = P_{r} (D_{in} = 0 | S = E)$ (26)

where $α$ is the false alarm statistics, and $β$ is the miss detection statistics (i.e. two typical error in signal detection).

The proposed cross-layer system has four possible error states. Based on equations (25) and (26), we can calculate the probability of the system error. Let $D F_{f}$ denotes the false alarm rate of system and $D F_{d}$ represents the miss detection rate of system. According to hypothesis testing theory, $D F_{d}$ and $D F_{f}$ can be written as

$D F_{f} = P_{r} (D_{n} = 1 | S = A) = α_{2} + (1 - α_{2}) α_{1}$ (27)

$D F_{d} = P_{r} (D_{n} = 0 | S = E) = β_{2} β_{1}$ (28)

Because 0 < $α_{1}$ < 1 and 0 < $α_{2}$ < 1, based on (27), we can obtain $D F_{f} \geq α_{2}$ ; however, as analysis above (section V-B), the value of $α_{1}$ and $β_{1}$ are rather small. As a result, we have $D F_{f} \approx α_{2}$ . However, according to formula (28), we have $D F_{d}$ << $β_{1}$ and $D F_{d}$ << $β_{2}$ .

Consequently, we find that the advantage of the proposed cross-layer system shows on miss detection rate, that is, it far exceeds separate parts. Meanwhile, false alarm rate of unite authentication is closer to the original higher layer authentication. Generally, the risk of miss detection is higher than that of false alarm. Therefore, the security level of cross-layer scheme is superior to only physical layer strategy or only higher layer strategy.

Conclusion

As stated previously, this study is sought to integrate the physical layer security technology and existing security protocol to enhance the performance of message authentication for WBANs. Based on sparse representation, a new spoofing detection method, that is, RSA, was proposed to enhance the physical layer authentication. Furthermore, in order to achieve the aim of improving security level, a simple and feasible cross-layer approach was presented. The effectiveness of the physical layer scheme was validated through experiments and simulations, and the performance of the cross-layer approach was analyzed by hypothesis testing. In conclusion, the results showed that the proposed approach is able to improve the security of authentication.

Footnotes

Academic Editor: Fei Yu

Declaration of conflicting interests

The author(s) declared no potential conflicts of interest with respect to the research,authorship,and/or publication of this article.

Funding

The author(s) disclosed receipt of the following financial support for the research,authorship,and/or publication of this article: This work was supported by Han-dan Municipal Science and Technology Projects (1621203037-1).

References

Rathee

Rangi

Chakarvarti

. Recent trends in wireless body area network (WBAN) research and cognition based adaptive WBAN architecture for healthcare. Health Technol 2014; 4(3): 239–244.

Chen

Gonzalez

Vasilakos

. Body area networks: a survey. Mobile Netw Appl 2011; 16(2): 171–193.

IEEE Standards Association. IEEE standard for local and metropolitan area networks-part 15.6: wireless body area networks (IEEE standard for information technology, IEEE 802.6). New York: IEEE, 2012, pp.1–271.

Shi

. BANA: body area network authentication exploiting channel characteristics. IEEE J Sel Area Comm 2013; 31(9): 1803–1816.

Chin

WLW

Tseng

CL.

Authentication scheme for mobile OFDM based on security information technology of physical layer over time-variant and multipath fading channels. Inform Sciences 2015; 321: 238–249.

Hou

Wang

Chouinard

. Physical layer authentication for mobile systems with time-varying carrier frequency offsets. IEEE T Commun 2014; 62(5): 1658–1667.

Liu

Wang

Liu

. Practical user authentication leveraging channel state information (CSI). In: Proceedings of the 9th ACM symposium on information, computer and communications security, Kyoto, Japan, 4–6 June 2014, pp.389–400. New York: ACM.

Zhang

Peng

. A real-time two-way authentication method based on instantaneous channel state information for wireless communication systems. J Commun 2011; 6(6): 471–476.

Liu

Wang

Tang

. Robust physical layer authentication using inherent properties of channel impulse response. In: Proceedings of the 2011-MILCOM 2011 military communications conference, Baltimore, MD, 7–10 November 2011, pp.538–542. New York: IEEE.

10.

Xiao

Greenstein

Mandayam

. Fingerprints in the ether: using the physical layer for wireless authentication. In: Proceedings of the 2007 IEEE international conference on communications, Glasgow, 24–28 June 2007, pp.4646–4651. New York: IEEE.

11.

Xiao

Reznik

Trappe

. PHY-authentication protocol for spoofing detection in wireless networks. In: Proceedings of the global telecommunications conference (GLOBECOM 2010), Miami, FL, 6–10 December 2010, pp.1–6. New York: IEEE.

12.

Tugnait

JK.

Wireless user authentication via comparison of power spectral densities. IEEE J Sel Area Comm 2013; 31(9): 1791–1802.

13.

Xiao

Greenstein

Mandayam

. Using the physical layer for wireless authentication in time-variant channels. IEEE T Wirel Commun 2008; 7: 2571–2579.

14.

Xiao

Greenstein

Mandayam

. Channel-based spoofing detection in frequency-selective rayleigh channels. IEEE T Wirel Commun 2009; 8(12): 5948–5956.

15.

Xiao

Greenstein

Mandayam

. MIMO-assisted channel-based authentication in wireless networks. In: Proceedings of the 42nd annual conference on information sciences and systems (CISS 2008), Princeton, NJ, 19–21 March 2008, pp.642–646. New York: IEEE.

16.

Liu

Wang

Physical layer authentication enhancement using two-dimensional channel quantization. IEEE T Wirel Commun 2016; 15: 4171–4182.

17.

Xiao

Han

. PHY-layer spoofing detection with reinforcement learning in wireless networks. IEEE T Veh Technol 2016; 65: 10037–10047.

18.

Guha

Ward

RK.

Learning sparse representations for human action recognition. IEEE T Pattern Anal 2012; 34(8): 1576–1588.

19.

Figueiredo Mário

Robert

Nowak . Gradient projection for sparse reconstruction: application to compressed sensing and other inverse problems. IEEE J Sel Top Signa 2007; 1(4): 586–597.

20.

Mallat

Zhang

Matching pursuits with time-frequency dictionaries. IEEE T Signal Proces 1993; 41(12): 3397–3415.

21.

Tropp

Gilbert

AC.

Signal recovery from random measurements via orthogonal matching pursuit. IEEE T Inform Theory 2007; 53(12): 4655–4666.

22.

Starck

J-L

Elad

David

. Image decomposition via the combination of sparse representations and a variational approach. IEEE T Image Process 2005; 14(10): 1570–1582.

23.

Jolliffe

Principal component analysis. New York: John Wiley & Sons, 2002.

24.

Otsu

A threshold selection method from gray-level histograms. Automatica 1975; 11(285–296): 23–27.

25.

Kay

SM.

Fundamentals of statistical signal processing, volume II: detection theory. Upper Saddle River, NJ: Prentice Hall, 2011.

26.

Shin

Devgan

Grigoryan

. SNR improvement of DPSK signals in a semiconductor optical regenerative amplifier. IEEE Photonic Tech L 2006; 18(1): 49–51.

27.

Chen

Donoho

Saunders

MA.

Atomic decomposition by basis pursui. SIAM Rev 2001; 43(1): 129–159.

A cross-layer approach to message authentication based on sparse representation for wireless body area networks

Abstract

Keywords

Introduction

Physical layer authentication and sparse representation

Physical layer authentication

Sparse representation theory

Proposed cross-layer approach

Scheme overview

Physical layer strategy

Signal preprocessing based on sparse representation

RSA

Binary hypothesis test

Higher layer strategy

Unite authentication

Evaluation of spoofing detection

Data acquisition

Performance comparison between traditional and proposed schemes

Complexity analysis

Performance analysis of the unite authentication

Conclusion

Footnotes

Declaration of conflicting interests

Funding

References