Zero-Padded Waveform for Secure Channel Estimation in IEEE 802.11-17
Security is a vital aspect in IEEE 802.11az, particularly in secure ranging applications. This document introduces zero-padded waveforms to protect channel estimation against attackers aiming to manipulate the range of STAs. The proposal outlines requirements, including the need to eliminate predictable structures like cyclic prefixes, and suggests the use of guard intervals with FFT/IFFT analysis windows. Zero-padded waveforms consist of a zero prefix, core symbol, and zero postfix to enhance channel estimation and combat potential threats like CP-replay attacks.
- Secure Channel Estimation
- IEEE 802.11-17
- Zero-Padded Waveform
- Security Threat Models
- CP-Replay Threat
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
E N D
Presentation Transcript
Sept. 2017 doc.: IEEE 802.11-17/1378r2 Zero-Padded Waveform for Secure Channel Estimation Date: 2017-09-11 Authors: Name Mingguang Xu Affiliations Address Phone email mingguang_xu@apple.com John Dogan mithat_dogan@apple.com SK Yong skyong@apple.com 1 Infinite Loop, Cupertino, CA 95014 Apple Inc. (408) 996 1010 Qi Wang qi_wang2@apple.com Kyle Brogle kbrogle@apple.com AJ Ringer aringer@apple.com Submission Slide 1 Xu, Dogan, Yong, Wang, Brogle, Ringer - Apple
Sept. 2017 doc.: IEEE 802.11-17/1378r2 Abstract (1) Security is one of the most important features in 11az. To achieve secure ranging, the waveform used for channel estimation needs to be protected against attackers. FRD [1] describes Type A and Type B adversaries that are characterized according to attacker s response time. Adversary goal: to spoof the range of STA. Type A: 1 msec response time. Type B: 1 usec response time. A few security threat models are listed in [2]-[3]. Submission Slide 2 Xu, Dogan, Yong, Wang, Brogle, Ringer - Apple
Sept. 2017 doc.: IEEE 802.11-17/1378r2 Abstract (2) In CP-replay threat model [3], attacker can exploit all waveforms with repetition or any predictable structure to perform an attack. E.g., cyclic prefix (CP), Golay sequence, etc. Can be realized by a Type B adversary. We propose a framework of zero-padded waveforms for protecting against CP-replay threat. Submission Slide 3 Xu, Dogan, Yong, Wang, Brogle, Ringer - Apple
Sept. 2017 doc.: IEEE 802.11-17/1378r2 Zero-Padded Waveform (1) Requirements for ranging waveform. To protect against CP-replay attack: The waveform used for channel estimation should not contain any form of repetition and structure that is predictable (e.g, CP, Golay sequences). For the purpose of performance and implementation: Channel estimation can be implemented in an efficient way. Ranging performance difference as compared to existing waveform of CP- OFDM should be acceptably small. A proposal: zero-padded waveform. Guard interval should be present and padded with zero. Choose FFT/IFFT analysis window at Tx/Rx side to enable distortionless channel estimation. Guard interval after each symbol may be needed. Submission Slide 4 Xu, Dogan, Yong, Wang, Brogle, Ringer - Apple
Sept. 2017 doc.: IEEE 802.11-17/1378r2 Zero-Padded Waveform (2) Zero-padded waveform is composed of three parts: zero prefix, core symbol, and zero postfix. Zero prefix Guard internal (GI) needs to be inserted to remove inter-symbol interference. Zero signal needs to be transmitted in GI. Core symbol Core symbol is composed by the training sequence, which is random. Zero postfix (when necessary) Zero signal is appended to each symbol if waveform is followed by non-zero signal. Zero postfix enables transform-domain channel estimation without any distortion if FFT/IFFT analysis window is chosen correctly. Submission Slide 5 Xu, Dogan, Yong, Wang, Brogle, Ringer - Apple
Sept. 2017 doc.: IEEE 802.11-17/1378r2 Zero-Padded Waveform (3) Example 1: Waveform for one symbol. Zero postfix needs to be appended if core symbol to be followed by non-zero signal. Example 2: Waveform for three symbols. The prefix of next symbol can be viewed as the postfix of the current symbol. The postfix for each symbol is omitted except the last one. Submission Slide 6 Xu, Dogan, Yong, Wang, Brogle, Ringer - Apple
Sept. 2017 doc.: IEEE 802.11-17/1378r2 Zero-Padded Waveform (4) Overlap-add processing: Subject to replay attack. Can be viewed as the dual of CP- replay attack. Submission Slide 7 Xu, Dogan, Yong, Wang, Brogle, Ringer - Apple
Sept. 2017 doc.: IEEE 802.11-17/1378r2 Zero-Padded Waveform (5) FFT/IFFT analysis window: When the received signal corresponding to zero postfix is included in the FFT/IFFT analysis window Linear convolution with multi-path channel is turned into cyclic convolution, and Transform-domain channel estimation can be applied without any distortion. Pilot sequences (in frequency) is the frequency-domain response of core symbol padded with zeros. For better performance can use advanced channel estimation methods. FFT/IFFT size: Can be the same as the sum of the lengths of core symbol and zero postfix. Or can be larger by adding more zeros onto received signals for efficient FFT/IFFT operation (e.g., power of 2, or split-radix FFT). Submission Slide 8 Xu, Dogan, Yong, Wang, Brogle, Ringer - Apple
Sept. 2017 doc.: IEEE 802.11-17/1378r2 Zero-Padded Waveform (6) Training sequence loaded in core symbol. Needs to be random and different across different symbols. The resulting constellation points can be loaded in frequency domain or time domain. Frequency domain: OFDM like. Time domain: Similar to single-carrier PHY in 11ad/ay. For better performance on channel estimation, may consider shifted modulation, e.g., pi/2-BPSK or pi/4-QPSK. Potentially less dips on the magnitude of pilot sequences in frequency between subcarriers. Submission Slide 9 Xu, Dogan, Yong, Wang, Brogle, Ringer - Apple
Sept. 2017 doc.: IEEE 802.11-17/1378r2 Discussion Zero-padded waveform requires to ramp up/down signals quickly. Time needed to ramp up/down signal? Performance impact for non-ideal signal ramping up/down. Other RF impairments? PAPR of core symbol. Beyond transform-domain channel estimation. Efficient methods of channel estimation to deal with non-ideal effective pilot sequences (in freq), i.e., magnitudes of pilot sequences are not flat. Submission Slide 10 Xu, Dogan, Yong, Wang, Brogle, Ringer - Apple
Sept. 2017 doc.: IEEE 802.11-17/1378r2 Summary Zero-padded waveforms can protect against CP-replay threat with proper signal processing at both Tx/Rx sides. Distortionless and efficient channel estimation can be achieved if FFT/IFFT analysis window and sizes are delicately chosen. More investigation on the details about length of core symbol, FFT/IFFT size, training sequences, etc. More to come for advanced channel estimation methods. High resolution. MMSE based on conjugate gradient methods. Submission Slide 11 Xu, Dogan, Yong, Wang, Brogle, Ringer - Apple
Sept. 2017 doc.: IEEE 802.11-17/1378r2 References [1] IEEE 802.11-16/424R5, 11az FRD. [2] IEEE 802.11-17/0120r2: Intel secured location threat model , B. Abramovsky, O. Bar-Shalom, and C. Ghosh, January 2017. [3] IEEE 802.11-17/1122r0: CP-replay threat model for 11az , M. Xu, J. Dogan, K. Brogle, A.J. Ringer, SK Yong, and Q. Wang, July 2017. Submission Slide 12 Xu, Dogan, Yong, Wang, Brogle, Ringer - Apple