geo-encryption using loran
TRANSCRIPT
Geo-Encryption Using LoranGeo-Encryption Using Loran
Stanford UniversitySponsored by FAA Loran Program
Digital Cinema DistributionDigital Cinema Distribution
“Today, the film studios spend over $1 billion each year to duplicate, distribute, rejuvenate, redistribute and ultimately destroy the thousands of film reels required to bring the close to 500 films released each year to audiences across the U.S.”
• “rise against the reel”– 35-mm print cost $ 1,200– limited showings– heavy, weighs 50 lbs– platter setup takes an hour
• Digital cinema– cost less, < $100 per screen load– unlimited showing– automatic setup
Digital Distribution DisadvantageDigital Distribution Disadvantage
• Napsterization concern• Music sales are down 8%• Music company valuations are down 40%
• Satellite distribution• ~3 million unauthorized users
Encryption & DecryptionEncryption & DecryptionSymmetric Cipher: Encryption key = Decryption key
Asymmetric Cipher: Encryption key = Decryption key
Plaintext
Key
Ciphertext
Plaintext
Key
Plaintext
Encryption Key
Ciphertext
Plaintext
Decryption Key
Hybrid Systems-- a combination of asymmetric and symmetric
ciphers
Hybrid Systems-- a combination of asymmetric and symmetric
ciphers
Generate Random Key
Generate Random Key
EncryptEncrypt
DecryptDecrypt
Plaintext
Plaintext
Ciphertext
Key
Key
EncryptEncrypt
DecryptDecrypt
Encrypted Key
Key_E
Key_D
What is Geo-encryption?What is Geo-encryption?
• Proposed by Dorothy Denning and Logan Scott
• Add another layer of security
• Not a replacement of the conventional crypto algorithms
Geo-encryption Algorithm-- Enhance the security
Geo-encryption Algorithm-- Enhance the security
Generate Random Key
Generate Random Key
EncryptEncrypt
DecryptDecrypt
Plaintext
Plaintext
Ciphertext
Key
Key
EncryptEncrypt
DecryptDecrypt
GeoEncrypted Key
Key_E
Key_D
Recipient Location, Signature
Recipient Location, Signature
Location Signature →Geolock Mapping
Location Signature →Geolock Mapping ⊕⊕
AntiSpoof Enhanced GPS or Loran ReceiverAntiSpoof Enhanced
GPS or Loran Receiver
Location Signature →Geolock Mapping
Location Signature →Geolock Mapping
GeolockGeolock
GeoEncryptionGeoEncryptionGeoEncryption
GeoDecryptionGeoDecryptionGeoDecryption
⊕⊕GeolockGeolock
Comparison of the SignalsGPS v.s. LORAN
Comparison of the SignalsGPS v.s. LORAN
GPS
Pros• Stable clock• High absolute accuracy• High repeatable accuracy • Global coverage
Cons• Low SNR• Position accuracy depends on SV geometry• LOS dependent• Easy to spoof• Indoor not capable
GPS
Pros• Stable clock• High absolute accuracy• High repeatable accuracy • Global coverage
Cons• Low SNR• Position accuracy depends on SV geometry• LOS dependent• Easy to spoof• Indoor not capable
LORAN
Pros• Stationary transmitters• Know signal shapes and SNR• Groundwave propagation• High signal power • Jamming Loran is hard• Indoors capable
Cons• Skywave contaminations• Signal quality depends on the transmitter distance
LORAN
Pros• Stationary transmitters• Know signal shapes and SNR• Groundwave propagation• High signal power • Jamming Loran is hard• Indoors capable
Cons• Skywave contaminations• Signal quality depends on the transmitter distance
Research ObjectivesResearch Objectives
• Signal authentication– Allows the receivers to ascertain its origins– Allows the receivers to verify that it has not been
modified in transit• Loran location signature
– Study the consistency of Loran signal– Design Loran location signature– Map Loran location signature into geo-lock
• Build geo-encryption demonstration testbed
Modified Geo-encryptionModified Geo-encryption
Geo-lock MappingGeo-lock Mapping
Geo-lock MappingGeo-lock Mapping
Recipient’sLocation Signature
Recipient’sLocation Signature
Loran ReceiverLoran Receiver
AESAES
plaintextRandom KeyRandom Key
Symmetric key
RSARSA
Encrypted key
RSARSA
Key_E
Key_D
AESAES
plaintext
ciphertext
Symmetric key
Signal AuthenticationSignal Authentication
YesNo
Signal Authentication RequirementsSignal Authentication Requirements
• Low computation overhead for generation and verification of authentication
• Low communication overhead• Buffering requirement• Robust to packet loss• Scales to a large number of receivers
Why is Security for Broadcasts Hard?• Symmetric authentication - not secure• Asymmetric mechanism - not as efficient as symmetric
authentication.Timed Efficient Stream Loss-tolerant Authentication (TESLA)Timed Efficient Stream Loss-tolerant Authentication (TESLA)
• Hash function : One way function– Collision resistant– Digest any message to a fixed hash value– MD5 (128 bits), SHA1 (160 bits), SHA256 (256 bits)
• Message Authentication Code (MAC)– Keyed hash function– Symmetric– Require to transmit the key– TESLA uses MAC
Crypto ReviewCrypto Review
plaintext
mac Verify
TESLA – SenderTESLA – Sender
timeInterval i-1 Interval i+2Interval i+1Interval i
KiKi+2Ki+1Ki-1
F(Ki) F(Ki+1) F(Ki+2) F(Ki+3)
K’i-1 K’i K’i+1K’i+2
F’(Ki) F’(Ki+1) F’(Ki+2) F’(Ki+3)
Pj Pj+1 Pj+2 Pj+3MiKi-1
MAC(Mi, Ki’)
Pi-1
Mi+1Ki
MAC(Mi+1, Ki+1’)
Mi+2Ki+1
MAC(Mi+2, Ki+2’)
Mi-1Ki-2
MAC(Mi-1, Ki-1’)
Pi+2Pi+1Pi
• Pre-compute a sequence of key values using one-way hash functions or pseudo-random functions. Kn = F(Kn-1), …, K1 = F(K2)• Use another hash function to compute K’. Ki’ = F’(Ki)• Generate MAC using K’ and Message M• Send packet P. Pi = <Mi, Ki-d, MACi>
TESLA – ReceiverTESLA – Receiver
• The receiver buffers the packet• Each receiver also checks that the disclosed key is correct using self-authentication and previously released keys• checks the correctness of the MAC of buffered packets that sent in the time interval of disclosed key• If the MAC is correct, the receiver accepts the packet•Message Sequence is arbitrary
Mi-1Ki-2
MAC(Mi-1, K’i-1)
Mi+1Ki
MAC(Mi+1, K’i+1)
MiKi-1
MAC(Mi, K’i)
authenticated authenticated afterreception of Pi+d
not yet authenticated
Pi-1 Pi+1Pi
Loran TransmissionLoran Transmission
Time
Master MasterStation W Station YStation X
Station WGroup Repetition Interval (GRI)
Time Difference (TD)
GRI range40,000 ~ 99,990 μsec
GRI range40,000 ~ 99,990 μsec
Loran Data Channel Communication-- Ninth-Pulse Modulation
Loran Data Channel Communication-- Ninth-Pulse Modulation
Master
SecondaryModulated 9th pulse
Loran Signal
Loran Modulation Technique-- Pulse Position Modulation
Loran Modulation Technique-- Pulse Position Modulation
0 50 100 150 200 250 300 350 400-1
-0.8
-0.6
-0.4
-0.2
0
0.2
0.4
0.6
0.8
1Time Domain of 32-state PPM
μsec
Each GRI can carry 5 symbols
))(*2.0sin()()()
65)(2
(2i
dt
ii dtedttsi
−−=−−
πModulated Loran Pulse:
Matched Filter ModelMatched Filter Model
matched to delay 1
matched to delay 2
matched to delay 32)()( tntsi +
)()( tntsi +
)()( tntsi + ∫ +−+= ττττ dtTsnsty i )()]()([)( 11
∫ +−+= ττττ dtTsnsty i )()]()([)( 22
∫ +−+= ττττ dtTsnsty i )()]()([)( 33
Comparator… …
Loran MessagesLoran Messages
45…1194…440…3Bit assignment75414Length (bits)
ParityPayloadTypeSection
Time of day111115
Undefined0011 thru 11103-14
Message for government use only00102
Almanac00011
Differential Phase Correction00000
DescriptionType codeType
How to Implement TESLA?How to Implement TESLA?
Certified Loran Receiver• embed K0 inside the receiver• capable to compute station
dependent keys and timedependent keys
• keys can’t be recovered• Synchronized with Loran
stations
Certified Loran Receiver• embed K0 inside the receiver• capable to compute station
dependent keys and timedependent keys
• keys can’t be recovered• Synchronized with Loran
stations
Loran Station Dependent
Time Dependent
K0
…KFallon KGeorge KSearchlight
…K0(ti-1) K0(ti) K0(ti+n)
…K1(ti) K2(ti) Km(ti)TESLA key sequence
K0(ti) K0(ti+n)
time
…
Station Dependent Keys GenerationStation Dependent Keys Generation
Random Key K0MD5(‘E4DAE8F68387ABF329F1E183B4F38EF6’)
‘e4224c00d5a648ffe65f325f80bcad3f’16-bytes16-bytes
MD5(‘Fallon’)‘96ddabca419f7153f2c0ed0cba63a9e4’
MD5(‘Middletown’)‘e1edacbd3f1982411ec85566099fcc19’
‘98D9A6C04F977E55FAC3E50BB068A6E7’‘98D9A6C04F977E55FAC3E50BB068A6E7’ ‘EFE9A1B731118D4716CB5D610394C31A’‘EFE9A1B731118D4716CB5D610394C31A’
Proposed Authentication SchemeProposed Authentication Scheme
• SHA-256• HMAC – 256-bit output, minimum key size 128 bits• 384/41 ~ 10 messages/TESLA packet
F F F
0 1 2 3 15 0 1 0 1 2 3 15 0 110 msg 10 msg
Ki+1 Ki+2 Ki+3
How TESLA Enhances Security?How TESLA Enhances Security?
CertifiedLoran Receiver
CertifiedLoran Receiver
• Keys are not right• Can’t verify MACs
Repositionthe pulses
• Keys are delayed• Can’t verify MACs
Ki Ki+1 Ki+2
Ki
delay due to repositioning the pulses
Time of AlarmTime of Alarm
30 35 40 45 50 55 60 65 70 7530
40
50
60
70
80
90
100
110Authentication Performance -- without Message Loss
Authenticated Bandwidth Percentage (%)
Aut
hent
icat
ion
Tim
e (s
ec)
TESLA d = 1DSA
• consider GRI 9990
• DSA size > MAC size
• DSA verification hashigh computationoverhead
TESLA PerformanceTESLA PerformancePPM32 Probability of Symbol Error
-2 0 2 4 6 8 1010-7
10-6
10-5
10-4
10-3
10-2
10-1
100
SNR(dB)
Pro
babi
lity
Erro
r Rat
e
PPM 32 Level
AnalyticalSimulated
0 0.05 0.1 0.15 0.210-10
10-8
10-6
10-4
10-2
100
Analytical Message Loss vs. Packet Loss
Average Packet Loss
Mes
sage
Los
s
Message Loss
n
jt
j
k
RS
jnjn
tj
q
qjn
qerrorectedunP
ppjn
failuredecordererror
)1()1()_det(
)1()_/Pr(
0
1
−⎟⎟⎠
⎞⎜⎜⎝
⎛−
=
−⎟⎟⎠
⎞⎜⎜⎝
⎛=
∑
∑
=
−
+=
Time of Alarm with Message LossTime of Alarm with Message Loss
35 40 45 50 55 60 65 70
50
100
150
200
250
300
350
TESLA Authentication Performance -- with Message Loss
Authenticated Bandwidth Percentage (%)
Aut
hent
icat
ion
Tim
e (s
ec)
SNR = 0SNR = 1SNR = 2SNR = 3SNR = 4SNR = 5SNR = 6SNR = 7SNR = 8SNR = 9SNR = 10w/o message loss
Next Step: Geo-lock DesignNext Step: Geo-lock Design
plaintext
Geo-lock MappingGeo-lock Mapping
Geo-lock MappingGeo-lock Mapping
Recipient’sLocation Signature
Recipient’sLocation Signature
Loran ReceiverLoran Receiver
AESAES
plaintextRandom KeyRandom Key
Symmetric key
RSARSA
Encrypted key
RSARSA
Key_E
Key_D
AESAES
plaintext
ciphertext
Symmetric key
Signal AuthenticationSignal Authentication
YesNo
Geolock Mapping functionGeolock Mapping functionLa
titu
de
B4124809 AF4534E7 281841BD 60AB7CFA
576F4595 C8F3262A 4E18CC0A 43653816
11AE2637 B8323B7F 952E3574 43D264E8
7C09A4D6 1482C152 124C1214 266B1F6D
E3D73F28 A4054068 93919767 6E76ED2A
EEAB8B2B FE8205A7 F82C9516 FC6D27DD
814CCF71 1DABFD91 85383231 F2F7218C
95CBDC2C 28DBB56E AAD8DF8E 78120469
Longitude
E61014C 955FC38 5DC67F29 BE15DD27
D58860CE 82DECE41 D3A8378E 127506C0
D6F02579 499D9599 588DA916 68A95323
F0E74523 5DF41C17 93F35661 14527F1D
Time
Possible Parameters
• ECD• TD• TDOA• Envelope shape
Pseudo-random SequencePseudo-random Sequence
cryptologyLinear complexity
Spread spectrum communicationsNavigationSystem test and analysis
Good cross-correlation
Range and navigationSpread spectrum communicationsScrambling
Good auto-correlation
Application areaRequirement
Keystream GeneratorKeystream Generator
Geffe generator: a keystream generator using three LFSRs, combined in a nonlinear manner.
LFSR 1, a1
LFSR 2, a2
LFSR 3, a3
Multiplexer
(a1^a2) (( a1)^a3)
Steps to Build a TestbedSteps to Build a Testbed
Recipient’s location Mapping Algorithm Geo-lock
Geo-lock Generation (Matlab Simulation)
Loran Messages
Authenticating Message Generation• time-dependent key• TESLA key sequence• HMAC• complete one TESLA packet
Modulate Loran data and authenticating message
on 9th pulse using PPM32DAC
ground
Loran Front-end ADC
Demodulation
Verify authenticating messageyes
Loran location signature
Mapping Algorithm
Geo-lock
Testbed SetupTestbed Setup
Modulated Loran Signal(MATLAB simulation) ICS-660
Loran H-field antenna
power
ICS-652/ICS-650
Thank You!Thank You!