# Identity Authentication over Noisy Channels

^{1}

^{2}

^{3}

^{4}

^{5}

^{*}

## Abstract

**:**

## 1. Introduction

^{−}

^{I}

^{(}

^{K}

^{;}

^{X,Y}

^{)}(the rigorous proof will be given in Section 3.1). One can easily find out that this lower bound reduces to P ≥ 2

^{−}

^{H}

^{(}

^{K}

^{)}when H(K|X, Y) = 0, since I(K; X, Y) = H(K) − H(K|X, Y). In this case, all information of the secret key is used to protect Eve’s attack one time. That is, the secret key K needs to be changed in every round of authentication, because Eve is aware of K after eavesdropping on X and Y.

^{n}and Y

^{n}respectively denote the n-length sequences of X and Y. This lower bound suggests that after eavesdropping on several rounds of authentication, Eve can be aware of almost all of the information about the secret key K. Then, she can initiate an attack successfully with a high probability. That is, reusing the secret key will cause the secret key’s information leakage. However, recent research [8,9] about the message authentication (also known as data-origin authentication, which validates a message’s integrity and originator [1,2,10,11]) showed that channel noise can help prevent the secret key’s information leakage based on Wyner’s wiretap channel.

^{−}

^{H}

^{(}

^{K}

^{)/2}to P = 2

^{−}

^{H}

^{(}

^{K}

^{)}, since the secret key can be hidden from her by channel noise. Furthermore, our previous work [9] introduced noisy channels into the systematic authentication code and proved that it is more robust and flexible than Simmons’s authentication to protect against Eve’s attacks.

- We present a general analysis and design framework of the challenge-response authentication, and investigate the authentication scenarios of single time and multiple times. For each scenario, we respectively derive an information-theoretic lower bound on the opponent’s success probability in the classical model and our new one. This shows that after introducing channel noise into the classical authentication model, the opponent’s success probability is significantly reduced.
- We find out that the Cartesian authentication code satisfies the optimal strategy to maximize the security performance. Then, with a slight improvement of the classical authentication, the security performance can be dramatically promoted.
- In the multiple-time authentication scenario, with the Cartesian authentication code, we show that the noise spreading over two separate channels can together hide the secret key from the opponent. In this way, the opponent’s success probability can be effectively reduced.

^{n}(e.g., X

^{n}= X

_{1}, X

_{2}, …, X

_{n}).

## 2. Proposed Authentication Scheme

#### 2.1. Scenario

#### 2.2. Channel Model

**Definition 1**([15,16]). A wiretap channel$\mathcal{X}\to (\mathcal{Y},\mathcal{Z})$ is less noisy if the main channel$\mathcal{X}\to \mathcal{Y}$ is less noisy than the wiretapper’s channel$\mathcal{X}\to \mathcal{Z}$, i.e., for all possible U → X → (Y, Z), I(U; Y) ≥ I(U; Z).

_{s}= max R

_{e}. Additionally, there are several technologies (e.g., beamforming and artificial noise [18–20]) to ensure that a wiretap channel is less noisy (i.e., C

_{s}> 0). Thus, we can make the above assumption.

#### 2.3. Authentication Model

## 3. Single-Time Authentication

#### 3.1. Noiseless Channels Model

**Lemma 1.**In the classical authentication model, Eve’s success probability is lower bounded by:

**Proof.**This result is derived because:

#### 3.2. Noisy Channels Model

**Lemma 2.**In our new authentication model, Eve’s success probability is lower bounded by:

**Proof.**Please refer to Appendix A for technical details. □

**Definition 2**([25,26]). If the authentication code satisfies that given any message y, there exists a unique source state x, such that y = f(x, e) for every encoding rules e contained in y, i.e., the authentication code satisfies H(X|Y) = 0, then the code is called a Cartesian authentication code.

**Definition 3**([27,28]). If the Cartesian authentication code satisfies that the message y is formed by its source state x and an authenticator t (e.g., y = (x, t) = (x, g(x, e)) where e represents the encoding rule), then the code is called a systematic Cartesian authentication code.

**Theorem 1.**In our new authentication model, to promote the security performance maximally, the optimal strategy for f(·) is the Cartesian authentication code.

**Proof.**The authentication’s security performance is indicated by the achievable lower bound on Eve’s success probability [4,5,8]. The lower the achievable bound is, the more secure the authentication is. Thus, according to Equation (5) and Equation (9), we use $\underset{\xaf}{P}$ to represent the achievable lower bound of P (in Equation (5)) and denote the promoted performance as:

**Remark 1.**Theorem 1 demonstrates that a slight improvement (e.g., Example 1) can significantly promote the security performance. Specifically, since the wiretap channel Alice → (Bob, Eve) is less noisy (i.e., the secrecy capacity is positive), Eve only obtains an equivocal challenge message$\widehat{X}$. When using the Cartesian authentication code, the response message Y contains all of the information of the challenge message X. Then, the transmitting process of the challenge message X is equal to a secret key agreement, which generates$H(X|\widehat{X})$ new secret key information.

**Example 1.**In practical classical authentication, the response message Y is a short data block, which comes from the challenge message X and the secret key K, i.e., Y = f(X, K) where f(·) encapsulates a compressive function. However, in our new authentication model, if we improve the response message to Y = (X, g(X, K)) (i.e., the systematic Cartesian authentication code, where g(·) is the compressive function in f(·)), Eve’s success probability will reduce to:

## 4. Multiple-Time Authentication

#### 4.1. Noiseless Channels Model

_{i}to denote the success probability of Eve’s attack in the i-th round of authentication. Following from the same steps as those used in the proof of Lemma 1, the lower bound on P

_{i}is derived as:

^{i}

^{−1}, Y

^{i}

^{−1}) → K → (X

_{i}, Y

_{i}) forms a Markov chain, we have I(K; X

_{i}, Y

_{i}|X

^{i}

^{−1}, Y

^{i}

^{−1}) ≤ I(K; X

_{i}, Y

_{i}). Obviously, reusing the secret key K results in the increase of Eve’s success probability.

**Lemma 3.**In the classical authentication model, Eve’s success probability is lower bounded by:

**Proof.**This result is derived due to:

**Remark 2.**This lower bound demonstrates that if Eve initiates an attack at any round i (1 ≤ i ≤ n), no authentication strategy can prevent her from being successful with probability at least${2}^{-I(K;{X}^{n},{Y}^{n})/n}$. A secret key K is used optimally when all of these success probabilities are (roughly) equal [5,6]. Thus, in an optimal scheme, the secret key is split into n nearly equal parts, each of which is allocated to protect against an attack at the i-th round of authentication. Then, after eavesdropping on n rounds of authentication, Eve may be aware of almost all of the information about the secret key and able to attack successfully with a high probability.

#### 4.2. Noisy Channels Model

_{i}

_{−1}and an equivocal challenge message ${\widehat{X}}_{i}$ in the i-th round. We use ${\overline{P}}_{i}$ to denote the success probability of Eve’s attack in the i-th round of authentication. Following the same steps as those used in Equation (6), the lower bounded on ${\overline{P}}_{i}$ is derived as:

**Lemma 4.**In our new authentication model, Eve’s success probability at the i-th round of authentication is lower bounded by:

**Proof.**Please refer to Appendix B for technical details.

**Theorem 2.**If there are no information leaks to Eve in the wiretap channels (i.e., $I({X}_{i};{\widehat{X}}_{i})=0$ and$I({Y}_{i};{\widehat{Y}}_{i})=0$), Eve’s success probability is lower bounded by:

**Proof.**As is explained in Section 2.2, since the wiretap channels Alice → (Bob, Eve) and Bob → (Alice, Eve) are less noisy, there must exist a codebook, such that the transmitted messages can be perfectly obtained by Alice and Bob, but completely hidden from Eve [8,12,17], i.e., $I({X}_{i};{\widehat{X}}_{i})=0$ and I(Y

_{i}; Ŷ

_{i}) = 0. Then, Equation (20) becomes:

_{i}) = H(Y). Then, similar to the proof of Lemma 3, we have:

**Remark 3.**In the classical authentication model, after Eve eavesdrops on several rounds of authentication, the knowledge of the challenge messages and response messages enable the information of the secret key to be determined (i.e., Lemma 3). In contrast, in our new authentication model, Eve’s success probability can remain the same even if she continues eavesdropping (i.e., Theorem 2).

**Remark 4.**H(X, Y ) is constant, since X and K are uniformly distributed, and:

#### 4.3. Single-Wiretap Channel and Double-Wiretap Channels

_{s}> 0). If a wiretap channel is not less noisy, it cannot ensure that Equation (1) remains positive under the optimal selection U = X for less noisy wiretap channels [16]. Without loss of generality, if a wiretap channel in Figure 3 is not less noisy, we assume that Eve can obtain what legitimate users receive.

**Theorem 3.**With the Cartesian authentication code, we have:

**Proof.**Specifically, when i = 1, X

^{i}

^{−1}, ${\widehat{X}}^{i-1}$, Y

^{i}

^{−1}and Ŷ

_{i}

_{−1}do not exist. At this time, Equation (29a) is same with Equation (29b), and Equation (29c) is equal to zero. Hence, Equation (30) is satisfied.

**Remark 5.**Theorem 3 demonstrates that with the Cartesian authentication code, the noise of two separate wiretap channels can together hide the secret key information from Eve. Therefore, though the secret key information is all contained in the response message Y, by securely transmitting the challenge message X, we can further reduce Eve’s success probability from P ≥ 2

^{−}

^{H}

^{(}

^{Y}

^{)}to P ≥ 2

^{−}

^{H}

^{(}

^{X,Y}

^{)}(i.e., Remark 4).

#### 5. Application

## 6. Conclusion

## Appendix

## A. Proof of Lemma 2

## B. Proof of Lemma 4

## Acknowledgments

## Author Contributions

## Conflicts of Interest

## References

- Menezes, A.J.; Vanstone, S.A.; Oorschot, P.C.V. Handbook of Applied Cryptography; CRC Press: Boca Raton, FL, USA, 1997. [Google Scholar]
- Yang, L. Course Notes: Biometrics and Cryptography. Available online: http://web2.utc.edu/~Li-Yang/cpsc4600/08_Entity-Authentication14.ppt accessed on 10 July 2015.
- Yu, P.; Baras, J.; Sadler, B. An Implementation of Physical Layer Authentication Using Software Radio; Technical report, DTIC Document, ARL-TR-4888; Army Research Laboratory: Adelphi, MD, USA, July 2009. [Google Scholar]
- Simmons, G.J. Authentication theory/coding theory. In Advances in Cryptology; Blakley, G.R., Chaum, D., Eds.; Springer: Berlin/Heidelberg, Germany, 1985; pp. 411–431. [Google Scholar]
- Maurer, U.M. Authentication theory and hypothesis testing. IEEE Trans. Inf. Theory.
**2000**, 46, 1350–1356. [Google Scholar] - Rosenbaum, U. A lower bound on authentication after having observed a sequence of messages. J. Cryptol.
**1993**, 6, 135–156. [Google Scholar] - Zeng, K.; Govindan, K.; Mohapatra, P. Non-cryptographic authentication and identification in wireless networks. IEEE Trans. Wirel. Commun.
**2010**, 17, 56–62. [Google Scholar] - Lai, L.; El Gamal, H.; Poor, H.V. Authentication over noisy channels. IEEE Trans. Inf. Theory.
**2009**, 55, 906–916. [Google Scholar] - Zheng, F.; Xiao, Z.; Zhou, S.; Wang, J.; Huang, L. Message authentication over noisy channels. Entropy
**2015**, 17, 368–383. [Google Scholar] - Bellare, M. Course Notes: Modern Cryptography. Available online: http://cseweb.ucsd.edu/~mihir/cse207/w-mac.pdf accessed on 10 July 2015.
- Koç, Ç.K. Course Notes: Explorations in Cryptography. Available online: http://cs.ucsb.edu/~koc/ccs130h/notes/mac2.pdf accessed on 10 July 2015.
- Wyner, A.D. The wire-tap channel. Bell Syst. Tech. J
**1975**, 54, 1355–1387. [Google Scholar] - Ren, K.; Su, H.; Wang, Q. Secret key generation exploiting channel characteristics in wireless communications. IEEE Trans. Wirel. Commun.
**2011**, 18, 6–12. [Google Scholar] - Chen, C.; Jensen, M.A. Improved channel quantization for secret key establishment in wireless systems, Proceedings of 2010 IEEE International Conference on Wireless Information Technology and Systems (ICWITS), Honolulu, HI, USA, 28 August–3 September 2010; pp. 1–4.
- Csiszár, I.; Korner, J. Broadcast channels with confidential messages. IEEE Trans. Inf. Theory.
**1978**, 24, 339–348. [Google Scholar] - Ozel, O.; Ulukus, S. Wiretap channels: Roles of rate splitting and channel prefixing, Proceedings of 2011 IEEE International Symposium on Information Theory Proceedings (ISIT), St. Petersburg, Russia, 31 July–5 August 2011; pp. 628–632.
- Bloch, M.; Barros, J. Physical-Layer Security; Cambridge University Press: Cambridge, UK, 2011. [Google Scholar]
- Qin, H.; Chen, X.; Sun, Y.; Zhao, M.; Wang, J. Optimal power allocation for joint beamforming and artificial noise design in secure wireless communications, Proceedings of 2011 IEEE International Conference on Communications Workshops (ICC), Kyoto, Japan, 5–9 June 2011; pp. 1–5.
- Liao, W.C.; Chang, T.H.; Ma, W.K.; Chi, C.Y. Joint transmit beamforming and artificial noise design for QoS discrimination inwireless downlink, Proceedings of 2010 IEEE International Conference on Acoustics Speech and Signal Processing (ICASSP), Dallas, TX, USA, 14–19 March 2010; pp. 2562–2565.
- Goel, S.; Negi, R. Guaranteeing secrecy using artificial noise. IEEE Trans. Wirel. Commun.
**2008**, 7, 2180–2189. [Google Scholar] - Thangaraj, A.; Dihidar, S.; Calderbank, A.R.; McLaughlin, S.W.; Merolla, J.M. Applications of LDPC codes to the wiretap channel. IEEE Trans. Inf. Theory.
**2007**, 53, 2933–2945. [Google Scholar] - Klinc, D.; Ha, J.; McLaughlin, S.W.; Barros, J.A.; Kwak, B.J. LDPC codes for the Gaussian wiretap channel. IEEE Trans. Inf. Forensics Secur.
**2011**, 6, 532–540. [Google Scholar] - Richardson, T.J.; Shokrollahi, M.A.; Urbanke, R.L. Design of capacity-approaching irregular low-density parity-check codes. IEEE Trans. Inf. Theory.
**2001**, 47, 619–637. [Google Scholar] - Subramanian, A.; Thangaraj, A.; Bloch, M.; McLaughlin, S.W. Strong secrecy on the binary erasure wiretap channel using large-girth LDPC codes. IEEE Trans. Inf. Forensics Secur.
**2011**, 6, 585–594. [Google Scholar] - Ding, C.; Helleseth, T.; Klove, T.; Wang, X. A generic construction of Cartesian authentication codes. IEEE Trans. Inf. Theory.
**2007**, 53, 2229–2235. [Google Scholar] - Li, Z.; Gao, S.; Wang, Z.; Thuraisingham, B.M.; Wu, W. A construction of Cartesian authentication code from orthogonal spaces over a finite field of odd characteristic. Discrete Math., Alg. Appl.
**2009**, 1, 105–114. [Google Scholar] - Sze, T.; Chanson, S.; Ding, C.; Helleseth, T.; Parker, M. Logarithm cartesian authentication codes. Inf. Compu.
**2003**, 184, 93–108. [Google Scholar] - Chanson, S.; Ding, C.; Salomaa, A. Cartesian authentication codes from functions with optimal nonlinearity. Theor. Comput. Sci.
**2003**, 290, 1737–1752. [Google Scholar] - Chen, G.; Zhang, Y.; Luan, F.; Xiao, L. Optimization of AP placement in indoor fingerprint positioning, Proceedings of 2013 International Conference on ICT Convergence (ICTC), Jeju, South Korea, 14–16 October 2013; pp. 98–100.
- Luan, F.; Zhang, Y.; Xiao, L.; Zhou, C.; Zhou, S. Fading characteristics of wireless channel on high-speed railway in hilly terrain scenario. Int. J. Antennas Propag.
**2013**, 12, 188–192. [Google Scholar] - Zhang, Y.; Li, Z.; Luan, F.; Xiao, L.; Zhou, S.; Wang, J. Measurement-based analysis of transmit antenna selection for in-cabin distributed MIMO system. Int. J. Antennas Propag.
**2012**, 16, 104–107. [Google Scholar]

**Figure 4.**(

**a**) Example of the secret key agreement from wireless channels. (

**b**) The secret key agreement is protected by the challenge-response authentication. (

**c**) The secret key agreement is improved by our proposed authentication model.

Alice → (Bob, Eve) | Bob → (Alice, Eve) | Eve’s success probability | The promoted performance |
---|---|---|---|

C_{s} > 0 | C_{s} > 0 | ${\overline{P}}_{i}({\widehat{X}}^{i},{\widehat{Y}}^{i-1})$ | $\mathrm{\Delta}{\overline{P}}_{i}({\widehat{X}}^{i},{\widehat{Y}}^{i-1})$ |

C_{s} > 0 | C_{s} = 0 | ${\overline{P}}_{i}({\widehat{X}}^{i},{Y}^{i-1})$ | $\mathrm{\Delta}{\overline{P}}_{i}({\widehat{X}}^{i},{Y}^{i-1})$ |

C_{s} = 0 | C_{s} > 0 | ${\overline{P}}_{i}({X}^{i},{\widehat{Y}}^{i-1})$ | $\mathrm{\Delta}{\overline{P}}_{i}({X}^{i},{\widehat{Y}}^{i-1})$ |

© 2015 by the authors; licensee MDPI, Basel, Switzerland This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution license (http://creativecommons.org/licenses/by/4.0/).

## Share and Cite

**MDPI and ACS Style**

Zheng, F.; Xiao, Z.; Zhou, S.; Wang, J.; Huang, L.
Identity Authentication over Noisy Channels. *Entropy* **2015**, *17*, 4940-4958.
https://doi.org/10.3390/e17074940

**AMA Style**

Zheng F, Xiao Z, Zhou S, Wang J, Huang L.
Identity Authentication over Noisy Channels. *Entropy*. 2015; 17(7):4940-4958.
https://doi.org/10.3390/e17074940

**Chicago/Turabian Style**

Zheng, Fanfan, Zhiqing Xiao, Shidong Zhou, Jing Wang, and Lianfen Huang.
2015. "Identity Authentication over Noisy Channels" *Entropy* 17, no. 7: 4940-4958.
https://doi.org/10.3390/e17074940