Benign False-Data Injection as a Moving-target Defense to Secure Mobile Wireless Communications

Benign False-Data Injection as a Moving-target Defense to Secure Mobile Wireless Communications

Journal Pre-proof

Benign False-Data Injection as a Moving-target Defense to Secure Mobile Wireless Communications Esraa M. Ghourab, Mohamed Azab PII: DOI: Reference:

S1570-8705(19)30630-4 https://doi.org/10.1016/j.adhoc.2019.102064 ADHOC 102064

To appear in:

Ad Hoc Networks

Received date: Revised date: Accepted date:

9 July 2019 18 December 2019 18 December 2019

Please cite this article as: Esraa M. Ghourab, Mohamed Azab, Benign False-Data Injection as a Moving-target Defense to Secure Mobile Wireless Communications, Ad Hoc Networks (2019), doi: https://doi.org/10.1016/j.adhoc.2019.102064

This is a PDF file of an article that has undergone enhancements after acceptance, such as the addition of a cover page and metadata, and formatting for readability, but it is not yet the definitive version of record. This version will undergo additional copyediting, typesetting and review before it is published in its final form, but we are providing this version to give early visibility of the article. Please note that, during the production process, errors may be discovered which could affect the content, and all legal disclaimers that apply to the journal pertain. © 2019 Published by Elsevier B.V.

Benign False-Data Injection as a Moving-target Defense to Secure Mobile Wireless Communications

Preprint submitted to Elsevier

January 22, 2020

Benign False-Data Injection as a Moving-target Defense to Secure Mobile Wireless Communications Esraa M.Ghourab1 , Mohamed Azab2,3

Abstract The latest advances in the Internet of Vehicle (IoV) networks, and Software Defined Radio (SDR) enabled spectrum sharing between anonymous users. Such enablement raised many concerns in regards to the system’s security and privacy. Therefore, there is a desperate need for transformative solutions to ensure wireless communication security against eavesdropping attacks. This paper presents a novel Moving-target Defense (MtD) to enhance the channel secrecy capacity in a Decode-andForward (DF) dual-phase large network containing K relays and source nodes with multi-antennas operating on different frequencies. Our MtD approach enables multidimensional spatiotemporal diversification for the user’s traffic in cooperative wireless transmission, to obfuscate signal transmission-patterns and data, across the entire spectrum available . In time, we obfuscate the transmitted data by employing real-time shuffling between real and fake data. In space, we enforce real-time hopping between multiple frequencies to evade signal tracing. We examine the ergodic channel secrecy capacity considering two behavioral patterns; cooperative and uncooperative untrustworthy-relays. Simulation results showed that, for a powerful malicious user with multiple access points, and no pre-knowledge of the diversification patterns used by the system, it is very hard to eavesdrop a meaningful portion of the signal or the data stream. Keywords: Channel Secrecy, Distributed Beam Forming, Moving-target Defense, Wireless Security, Network Security

1. Introduction Currently, wireless communication technology struggles to cope with the increasing need for reliable and secure signal transmission service. Several concepts were applied to optimize resource utilization and to provide optimized performance for different wireless systems operating in urban environments, and smart cities [1, 2]. To this end, cooperative wireless networks were underscored as one of the most promising and efficient solutions to improve channel spectrum utilization in high mobility applications like Vehicular Ad hoc Networks (VANETs) [3, 4]. VANETs eveloved over the past decade developing what we note as The Internet of Vehicles (IoV). 1 Electrical

Engineering Department, Alexandria University, Alexandria 21544, Egypt. and Information Sciences Department, Virginia Military Institute, Lexington, VA, USA 3 Informatics Research Institute, City of Scientific Research and Technological Applications, Alexandria, Egypt. 4 Authors contributed equally. 5 Emails: [email protected], [email protected] 2 Computer

Preprint submitted to Elsevier

January 22, 2020

IoV is a distributed network that supports data generation, processing, and exchange between connected vehicles and the internet. IoV network enables moving vehichles to commuincate with other vehicles, roadside infrastructure, and any other fleet management systems in real-time. Unfortunately, IoV reliance on wireless communication as abase for its infrastructure made it vulnerable to devastating eavesdropping attacks. The heterogeneous nature of the communicating parties, communication technologies, and relying patterns, opened the doors for eavesdroppers to play the role of Man in the Middle and intercept or manipulate the exchanged messages. Researchers investigated wireless communication security issues in cooperative relying environments for years. Wyner’s [5, 6] introduced the critical notion of the secrecy capacity as a way to evaluate security levels in such networks. Wyner defined secrecy capacity as the difference between the main and wiretap channels.The main channel refers to the legitimate users’ channel while the wiretap channel refers to the eavesdropper’s channel. For years, researches investigated innovative mechanisms aiming to improve the channel secrecy capacity of wireless communication networks [7]. They noted the potential of exploiting the diversified nature of such networks and its constructing components, to enhance the attained level of security. Within this context, approaches like Moving-target defense (MtD) was introduced as a game-changer. Researchers noted that successful realization of MtD can be very effective in mitigating sophisticated eavesdropping attacks [8, 1, 2, 9, 10]. MtD acts on manipulating the network characteristics across multiple dimensions to asymmetrically increase attacker uncertainty of the network behavioral patterns. The induced manipulations reduce the attacker’s window of opportunities and increase the costs of probing and attacks [11]. There is no standardized description or a specific metrics that can help evaluating the effectiveness of MtD in securing wireless networks. In this paper, we demonstrated that channel secrecy capacity can be used as an effective metric to evaluate the efficiency of MtD mechanism securing IoV networks. In [12], authors assumes the network encompases both trustworthy and untrustworthy relays. During the analysis , we consider two classes of untrustworthy relays. The first is uncooperative malicious relays, where every relay tries to intercept the message independently. While the second is maliciously cooperative relays, where relays cooperate towards aggregating the received messages to reconstruct as much as possible from the original data. This paper presents a runtime diversification mechanism as an MtD approach for two-hop DF-cooperative relays based on the DBF technique. Our approach efficiently ensures user’s security by dynamically changing the runtime behavior of the system. The proposed mechanism relies on benign employment of false-data injection to confuse the attacker. Such a technique disorients attackers from compromising user’s information. The presented approach senses the whole available antennas/frequencies according to the running channel characteristics.

Therefore, Software Defined Radio (SDR) technology is presented as a paradigm solution to

efficiently re-program/reconfigure the attached SDR-antenna. The Proposed spatiotemporal multidimensional manipulations randomly re-assign legitimate user’s data to the available frequency bands in a dual-hop cooperative network through a dynamic real-time transmission algorithm. In time, we confuse the attacker by utilizing a real-time shuffler to alternate between real and fake data. In space, we diffuse the transmitted data across all the available frequencies. The main contribution of this paper can be summarized as follow:

3

• Presenting a novel spatiotemporal Moving-target Defense (MtD) mechanism against eavesdropping in wireless dual-hop cooperative networks based on the DBF mechanism. • Presenting security evaluation mechanism based on the induced level of confusion, followed by a closed-form derivation with respect to the channel secrecy capacity. • Calculating the channel secrecy capacity and intercept probability in case of location-based multi-casting considering two scenarios: – The existence of independent uncooperative untrustworthy relays. – The existence of cooperative untrustworthy relays aggressively attacking the message. The remaining part of the paper is organized as follows: Section 2 describes the proposed cooperative wireless communication system model. Section 3 presents a detailed mathematical security assessment for both uncooperative and cooperative untrustworthy relays. Section 4 illustrates the security evaluation model using our randomization mechanism procedure. Section 5 illustrates the intercept probability mathematical calculation for both types of relays. Section 6 presents numerical results to confirm the analytical derivations and provide insight into the system performance. Finally, Section 7 presents the conclusion of this work.

Figure 1: DF cooperative wireless communication system model in presence of an eavesdropper

2. SYSTEM MODEL The proposed model illustrates a two-hop cooperative relaying model. The transmission is two phases. The first phase, the source divides its message to fragments and sends every fragment to a distinct directional antenna. The 4

second phase, relays resend the received message towards its desired destination embloying the DBF technique. Figure 1 illustrates a dual-hop DF cooperative wireless system model consisting of K relays, multi-antennas source (S) and single-antenna destination (D). Each relay operates on half-duplex mode with a single antenna. Furthermore, K relays are distributed of many sectors. In the model, assume that there are three sectors as L, M, and G. Each sector denotes the total number of DF-cooperative relays that it encapsulates. The presented scenario studies the infrastructure-less IoV networks with large number of participants communicating over long distances (EX, Highways) in multi-hobs, via relayed messages. Therefore, we decided to neglect the direct link between the source S and the destination D node assuming that all transmissions must be relayed [13]. The source node transmits the message to the legitimate destination node in two hops (broadcasting and relaying phases) as demonstrated in Fig. 2. In the first hop, the source node divides its message to fragments and sends every fragment to a distinct directional antenna, every fragment covers a disjoint space. Figure 2 depicts that the source start to multi-cast fragments xs,l , xs,m and xs,g in the first phase, towards different sectors L, M and G. Where, L, M , G are all the relays within the system, grouped based on the geographical deployment into a set of sectors. L is the total number of relays in sector L, M is the total number of relays in sector M , and G is the total number of relays in sector G. During the second phase, the system follows the normal DBF technique, as the relays resend the received fragments towards its desired destination. Due to the wireless nature, eavesdropper (Eava) may be able to intercept data from some untrustworthy relays L0 , M 0 and G0 , that is a subset of the relays L, M , and G, respectively. Therefore, L0 < L, M 0 < M , and G0 < G. This paper considers two levels of attack sophistication. The 1st assumes only uncooperative untrustworthy relays that are totally uncooperative and independent of each other. The 2nd assumes fully cooperative cooredinated untrustworthy relays.

These relays work together to intercept the transmitted message.

We used the term

cooperative to describe the later and uncooperative to describe the former.

Figure 2: DBF mechanism in Half-duplex Dual-hop DF Cooperative relays communication in presence of an eavesdropper.

5

In this paper we assume that the model encompasses three different sectors to transmit the message fragments. Meaning that k is composed of three sectors assisting in the transmission between the source (s) and destination (d). The fading channels are assumed to be frequency-flat fading which denoted by hi,j modeled as a Gaussian 2 random variable with mean µij and a variance σij ; where i and j belong to s, k, d.

Moreover, hs,k and hk,d are representing the fading channels at the first hop (from the source node to the K-relays) and the second hop (from k-relay to destination node), respectively. The channel gains |hs,k |2 and |hk,d |2 are independent and identically distributed (iid) with exponentially random variable distribution. Finally, we have additive white Gaussian noise in both transmission hops (phase 1 and phase 2) with the same variance of No . From Fig. 1 and Fig. 2, the total number of cooperative relays in our system model is K; where K = L + M + G. The transmitted message fragments relayed from L, M, and G relays are xs,l , xs,m , and xs,g , respectively. Without loss of generality, we let the message denoted by xs,r generally as per it will be sent to sector R; where r ∈ {l, m, g}, R ∈ {L, M, G}, and 1 ≤ r ≤ R. From this context, the received signal from the source to the rth relay during phase 1 is expressed as follows

ys,r = hs,r

p

Ps,r xs,r + ns,r

(1)

where, Ps,r is the transmitted power from source to r − th relay. ns,r is additive white Gaussian noise at r − th relay with zero mean and variance No . The received Signal to Interference Noise Ratio (SINR) at r − th relay can be represented as follows γr = ρs,r |hs,r |2

(2)

where, ρs,r is the received Signal to Noise Ratio (SNR) which is denoted by the following equation

ρs,r =

Ps,r No

r ∈ {l, m, g}

(3)

3. SECRECY CAPACITY CALCULATIONS In this paper, we assume that the attacker goal is to eavesdrop/overhear the transmitted communication aiming to acquire a meaningful portion of the transmitted data. The aim of the presented work is to complicate signal traceability and to increase the effort, and the needed resources for the attacker to reach his goals. Quantitative evaluations of security enhancements are usually a hard challenge [14]. To overcome this issue; we rely on the Shannon channel security capacity metric [15] proved by Wyner [5, 6] to evaluate how secure our mechanism can be against the aforementioned attack model. In this section, we will define the detailed mathematical analysis for the security assessment of both uncooperative and cooperative untrustworthy relays using the channel secrecy capacity metric. Uncooperative untrustworthy relays are those independent relays who succeed to attack any portion of the transmitted message. While cooperative relays are cooperative relays from any sector working together to get as much useful information as possible about the transmitted message.

6

3.1. UNCOOPERATIVE UNTRUSTWORTHY RELAY SCENARIO Considering a uncooperative relay scenario, the received SINR at any potential untrusted uncooperative relay would be given by γk = ρs,k |hs,k |2

(4)

Assuming that K is taken to be the optimal relay for re-encoding and forwarding its decoded signal to the receiver. Specifically, in DF relaying protocols, relays first decode the signal sent by the source node then, the decoded outcome is transmitted to the receiving node. From this context, exploiting the Distributed Beam-forming Mechanism (DBF) in phase 2, the retransmitted signal by the r-th relay is xr = yr . The destination can receive data from either a trustworthy or an untrustworthy relay. Therefore, the received signal at the destination via random k-relays can be expressed as follows

yr,d = hr,d ys,r + nr,d

(5)

where, nr,d is the additive white Gaussian noise at destination via r − th relay with zero mean and variance No . From Eq.(1) and Eq.(5), the received SINR at destination via r-th relay is

γr =

ρs,r |hs,r |2 ρr,d |hr,d |2 ρr,d |hr,d |2 + 1

r ∈ l, m, g

(6)

From Wyner’s results [5, 6], the efficient data transmission security defined by the channel secrecy capacity (Cs ) is long been used as a measurable quantity to assess data security. Typically channel secrecy is defined by the difference between main and wiretap channel secrecy capacity. Therefore, the channel secrecy capacity Cs can be evaluated based on Gaussian wiretap channel [5, 6] and Shannon capacity [15], as follows: CS = Cm − Cw

(7)

where, Cm is the secrecy capacity of the main channel (legitimate users channel), while, Cw is the secrecy capacity of the wiretap channel (eavesdropper channel). Given Shannon capacity equation [15] and Eq.(6), the channel secrecy capacity from source node to legitimate destination via k-relays can be given as

Cs,d =

L M G X X X
1
1
1 log 1 + γl + log 1 + γm + log 1 + γg 2 2 2 m=1 g=1

(8)

l=1

Similarly, the wiretap channel describes the relation between the source node and the untrustworthy relays. Which can be written as follow

7


1 log 1 + max γs,k K 2
1 = log 1 + max(ρs,k |hs,k |2 ) K 2 Cs,e =

(9)

The channel secrecy capacity can be written based on Eq.(7), Eq.(8), and Eq.(9) as follows

Cs = Cs,d − Cs,e =

L M G X X X
1
1
1
1 log 1 + γl + log 1 + γm + log 1 + γg − log 1 + max(ρs,k |hs,k |2 ) K 2 2 2 2 m=1 g=1

(10)

l=1

From the above-mentioned equations, we can easily calculate the channel secrecy capacity, whereas the ergodic channel secrecy capacity is :

Cs = mean(max(Cs ), 0) = E{[Cs,d − Cs,e ]+ }

(11)

Assuming the worst-case scenario where attackers are able to intercept the maximum amount of the meaningful message fragments. That represents the scenario of the maximum wiretap channel capacity. In other words, from Eq.(9) we obtain the maximum of Cs,e at the maximum SINR at eavesdropper (maxk (γs,k )). By substituting Eq.(10) into Eq.(18), and follow Jensen’s inequality, the ergodic channel secrecy capacity can be written as following

C = E{[Cs,d − Cs,e ]+ } ≥(a) [E{Cs,d } − E{Cs,e }]+ (12) (a) following from Jensen’s inequality, E{max(X1, X2)} ≥ max(E{X1}, E{X2}). When R → ∞, γr in Eq.(6) following the Kolmogorov conditions; and from the theorem in [16] (Theorem 1.8.D) with the convergence and probability 1, it can be presented as follows R X γr r=1

R

−

R X E{γr } r=1

R

−→w.p.1 0

(13)

Therefore, γr −→w.p.1 Rµr

8

(14)

and R   X 1 1 E{ log 1 + γr } ≈ log(R) 2 2 r=1

(15)

From [17] as per in Lemma 4 for K → ∞ and limited ρ; maximum value of Eq.(4) will behave as follows   max ρs,k |hs,k |2 ⇒ ρs,k log(k) + O(log log(k)), K   max ρs,k |hs,k |2 ≈ ρs,k log(k) K

(16)

therefore, Eq.(9) can be rewritten as follows Cw ≈

1 log log(k) 2

(17)

Consequently, depending on all the available relays in all sectors, the ergodic channel secrecy capacity can be written as follows:

C≥

1 1 1 1 log(L) + log(M ) + log(G) − log log(k) 2 2 2 2 1 C ≥≈ log(LM G) 2

(18)

3.2. COOPERATIVE UNTRUSTWORTHY RELAYS SCENARIO As mentioned in section 2, cooperative untrustworthy relays are defined as the relays that cooperate with each other by retransmitting their received message fragments to one eavesdropper to group these message fragments to a meaningful message. This eavesdropper may be an insider i.e. a compromised cooperative relay , or external RoadSide Units (RSUs). In our system model, we suppose that this eavesdropper E is external, as illustrated in Fig.1. The total number of all the untrustworthy cooperative relays in the cooperative wireless network denoted by U . For simplicity, we suppose that all untrustworthy cooperative relays are distributed evenly between all sections, L, M , and G. In Fig.1, L0 , M 0 , and G0 are the total number of the untrusted cooperative relays in L, M , and G , respectively. The transmitted signals from every cooperative relay symbolized by yr0 ; where r0 ∈ {l0 , m0 , g 0 }. Therefore, the received signal at eavesdropper E from each relay is represented by

ye = hr0 ,e ys,r0 + nr0 ,e

(19)

where, hr0 ,e is the channel fading coefficient from every untrustworthy relay to the eavesdropper E. nr0 ,e is the additive white Gaussian noise at an eavesdropper with zero mean and variance No . From this context, the received SINR at the eavesdropper is expressed as follows

9

γr0 =

ρs,r0 |hs,r0 |2 ρr0 ,e |hr0 ,e |2 ρr0 ,e |hr0 ,e |2 + 1

r0 ∈ l0 , m0 , g 0

(20)

The channel secrecy capacity from the source node to eavesdropper via U-relays can be given as

0

Cs,e

0

0

L M G X X X
1
1
1 = log 1 + γl 0 + log 1 + γm 0 + log 1 + γg 0 2 2 2 0 0 0 m =1

l =1

(21)

g =1

The ergodic channel secrecy capacity in the presence of this kind of cooperative untrustworthy relays can be written as

CA = E{[Cs,d − Cs,e ]+ } ≥(a) [E{Cs,d } − E{Cs,e }]+ (22) Similarly, following the same steps at Eq.(15), thereof the channel secrecy capacity in Eq.(22) can be rewritten by CA =

1 1 1 1 1 1 log(L) + log(M ) + log(G) − log(L0 ) + log(M 0 ) + log(G0 ) 2 2 2 2 2 2 1 1 CA = log(LM G) − log(L0 M 0 G0 ) 2 2   LM G 1 CA = log 2 L0 M 0 G0

(23)

For simplicity, we assumes that K L M G = 0 = 0 = 0 =T U L M G

(24)

From this context, we can rewrite Eq.(23) as the follows CA =

1 log(T 3 ) 2

(25)

Without loss the generality, if we have W messages sent as a multi-cast towards various W sectors, the previous equation would be expressed as follows :

1 log(T W ) 2 W log(T ) = 2 K  W CA = log 2 U CA =

where, W is number of the available sectors.

10

(26)

4. The SECURITY EVALUATION MODEL A real-time spatiotemporal diversification of transmitted signals is achieved by giving the legitimate user direct access to a group of channels. The proposed model chooses which user can transmit their data on the available antenna at each time slot. Spatial diversity is induced by manipulating the selection priority of the available channels in each time instant. Temporal diversity is induced by the assist of a dynamically generated Look-Up Table (LUT). The proposed security model uses a dynamic time-based LUT to fill the available frequencies with a unique transmitted shuffling data sequence. This shuffling sequence dynamically assigns different data patterns Real or Fake (R/F) to the availables antenna according to a Real/Fake data shuffler.

Figure 3: Flowchart of Real Fake Data Shuffler

Figure 3 presents the Real/Fake data shuffler algorithm used in the proposed model. At the first time instant (ti = 1) the first sequence of traditional Linear Feedback Shift Register (LFSR) will be XORed with a random number.Unique random sequence for each available frequency. The generated sequence will be entered into the LFSR algorithm to generate the first bit of our R/F data shuffler sequence (xi ). Then a new pattern is generated by XORing the previous sequence with a new random sequence to be used for the next time instants according to the active frequency. Figure 4 shows a flowchart for the proposed model that is applied to build the dynamic LUT values. Firstly, we will check the availability of each existed antenna, if at least there is an available antenna, then the transmission process can proceed. Secondly, the transmitter will check the R/F data shuffler sequence, if the first bit (xi = 1), 11

then real data will be transmitted, while if (xi = 0), the transmitter will send a fake data instead. If there were multiple antennas active, then we will use a priority selection procedure as mentioned in Fig. 4.

Figure 4: Flowchart of data shuffling

4.1. The Randomization Procedure The shuffling sequence guides the manipulation of the transmission behaviour in time and space. In time, we obfuscate the transmitted data by utilizing real-time shuffling between real and fake data. In space, we execute real-time hopping between various frequencies to evade signal tracing. To better understand the proposed shuffling model, Table 1 and Fig. 5 show an illustrative example of the different antenna/ frequency availability and how they are filled to the LUT table according to the generated data traffic sequence at each time instant. Assuming that we have 5 channels available for manipulation, table 1 presents an example of channel priorities ( selection order) for sending the real and fake data over the five available channels. Figure 5 shows the dynamic relationship between channel availability and shuffling data rates. In the proposed approach, assuming a tamper-proof device at the very beginning of any transmission, the LFSR is filled with a static stream of bits known to source and destination based on the manufacturer’s specification. 12

Periodically, the sender synchronizes with the receiver with a sync beacon signal to reset the content to the default or to a specifically suggested bit vector, then they start the transmission. Table 1: Example of channel priorities for sending the real and fake-data

Time Instant t1 t2 t3 .. tN

Data Sequence Real-data Fake-data Real-data .. Real-data

Priority f1 ,f3 ,f4 f1 ,f3 f5 .. fN

Based on the available number of channels at each time slot, the dynamic LUT is generated to determine whether the system will send real or fake data, or both (in case there is more than one available antenna). This LUT is filled using a shift for LFSR contents at each time instant. The channel priority assignment is based on the LFSR contents. The LUT entries are generated by the process described in Fig. 4. This process is to be synchronized all the time between the source and destination. Figure 4, Fig. 5, and table (1) shows our novel spatial and temporal diversification process.

Figure 5: Illustration example for runtime dynamic band shuffling

We use Confusion Factor (CF) to indicate how much harder for an eavesdropper to synchronize his pattern and attack-window to eavesdrop/intercept the transmitted data. As per the number of manipulations induced over time and space increase, cracking this pattern becomes almost impossible for anyone with no pre-knowledge of the system’s real-time configuration. Therefore, based on the DBF technique and the illustrated MtD security model, we presented multiple-security manipulations making the interception process almost tends to zero. The next section presents the intercept probability calculations for the proposed system model assuming transmissions are allowed over different frequencies. The analysis relies on channel secrecy capacity calculations for the two aforementioned scenarios. 5. INTERCEPT PROBABILITY CALCULATIONS In this section, we extract a closed-form for the intercept probability of the proposed system model. From Wyner’s results in [6] and Shanon capacity equation [15], when the channel secrecy capacity falls below zero 13

(Cm < Cme −→ Cs < 0), the transmission becomes insecure, and the eavesdropper may succeeds in intercepting the transmitted signal. 5.1. Uncooperative Untrustworthy Relays Based on the definition of the intercept event occurrence [6], the intercept probability of the proposed relay selection is calculated based on Eq.(10) as follows U ncooperative = Pr {Cs < 0} Pintercept   L M G X X X
1
1
1
1 2 = Pr log 1 + γl + log 1 + γm + log 1 + γg < log 1 + max(ρs,k |hs,k | ) K 2 2 2 2 m=1 g=1 l=1

= Pr

X L l=1

 M G X ρs,m |hs,m |2 ρm,d |hm,d |2 X ρs,g |hs,g |2 ρg,d |hg,d |2 ρs,l |hs,l | ρl,d |hl,d | 2 + + < max ρ |h | s,k s,k k ρl,d |hl,d |2 + 1 ρm,d |hm,d |2 + 1 ρg,d |hg,d |2 + 1 m=1 g=1 2

2

  X R  |hs,r |2 |hr,d |2 v 2 < max ρ |h | = Pr ρ s,k s,k k |hr,d |2 + 1 r=1

(27)

Generally, we assume that all channels suffer from the same SNR, thereof ρs,r = ρr,d = ρ where r ∈ {l, m, g}. Moreover, the channel gain is the same in all sectors. From this context, the attacker will be able to attack the transmitted data if the channel gain of all sectors is less than the channel gain of the eavesdropper. The total number of the used sector to multi-cast the transmitted message fragments is denoted by v. PR  |hs,r |2 |hr,d |2 v For simplicity, we define x = ρ r=1 , and y = maxk ρs,k |hs,k |2 . The expectations of x and y |hr,d |2 + 1 can be expressed as follow, respectively.  X  R  |hs,r |2 |hr,d |2 v E{x} = E ρ |hr,d |2 + 1 r=1 E{x} =

R X 2 v (σs,r )

(28)

r=1

and 

2

E{y} = E max ρs,k |hs,k | k



2 = max(σs,k ) k

(29)

Therefore, Eq.(27) can be rewritten as in Eq.(30) U ncooperative Pintercept = Pr {x < y} ZZ  x 1 y = exp − − dxdy AB A B x
=

R X r=1

where, A =

PR

2 v r=1 (σs,r )

max k

2 σs,k 2 + (σ 2 )v σs,k s,r

(30)

2 and B = maxk σs,k . From Eq.(30) it is clear that as the number of used sectors

increase, (v → ∞), the attacker probability to intercept a meaningful portion of the message becomes harder, 14

U ncooperative (Pintercept → 0).

5.2. Cooperative Untrustworthy Relays Based on the definition of the intercept event occurrence [6], the intercept probability of the cooperative relay selection is calculated as follows Cooperative = Pr {Cs < 0}, Pintercept  L M G X X X
1
1
1 = Pr log 1 + γl + log 1 + γm + log 1 + γg 2 2 2 m=1 g=1 l=1

 L M G X X X
1
1
1 log 1 + γl0 + log 1 + γm0 + log 1 + γg 0 2 2 2 0 0 0 0

<

0

l =1

= Pr

X L l=1

<

L0 X

l0 =1

m =1

M X

0

g =1

G X

ρs,m |hs,m |2 ρm,d |hm,d |2 ρs,g |hs,g |2 ρg,d |hg,d |2 ρs,l |hs,l |2 ρl,d |hl,d |2 + + 2 2 ρl,d |hl,d | + 1 ρm,d |hm,d | + 1 ρg,d |hg,d |2 + 1 m=1 g=1

 M G X X ρs,l0 |hs,l0 |2 ρl0 ,e |hl0 ,e |2 ρs,m0 |hs,m0 |2 ρm0 ,e |hm0 ,e |2 ρs,g0 |hs,g0 |2 ρg0 ,e |hg0 ,e |2 + + ρl0 ,e |hl0 ,e |2 + 1 ρm0 ,e |hm0 ,e |2 + 1 ρg0 ,e |hg0 ,e |2 + 1 0 0 0

0

m =1

g =1

  X R0  R  X |hs,r0 |2 |hr0 ,d |2 w |hs,r |2 |hr,d |2 v < ρ = Pr ρ |hr,d |2 + 1 |hr0 ,d |2 + 1 0 r=1

(31)

r =1

Generally, we assumes that all channel suffer from the same SNR, therefore ρs,r = ρs,r0 = ρr,d = ρr0 ,e = ρ where r ∈ {l, m, g} and r0 ∈ {l0 , m0 , g 0 }. Moreover, the channel gain is the same in all sectors. From this context, the attacker will be able to attack the transmitted data if the channel gain of all sectors is less than the channel gain of the eavesdropper. The total number of the successful cooperated cooperative relays trying to attack the transmitted messages is denoted by w.

PR  |hs,r |2 |hr,d |2 v PR0  |hs,r0 |2 |hr0 ,e |2 w , and y = ρ . The expectations of r=1 r 0 =1 |hr,d |2 + 1 |hr0 ,e |2 + 1 x and y can be expressed as follow, respectively For simplicity, we define x = ρ

 X  X R  R |hs,r |2 |hr,d |2 v 2 v E{x} = E ρ = (σs,r ) 2+1 |h | r,d r=1 r=1

(32)

 X  X R0  R0 |hs,r0 |2 |hr0 ,e |2 w 2 w E{y} = E ρ = (σs,r 0) 0 ,e |2 + 1 |h r 0 0

(33)

and

r =1

r =1

Therefore, Eq.(31) can be rewritten as in Eq.(34) P Cooperative = Pr {x < y} Z Z intercept  x 1 y = exp − − dxdy AB A B x
=

R X R X

r=1 r 0 =1

2 w (σs,r 0) 2 )w + (σ 2 )v (σs,r 0 s,r

15

(34)

where, A =

PR

2 v r=1 (σs,r )

and B =

PR0

2 w r 0 =1 (σs,r 0 ) .

From Eq.(30) its clear that as the number of used sectors

increase, the attacker probability to intercept meaningful portion of the message becomes harder. Whenever, as the number of the cooperative relays increase the intercept probability increase. On other words, when v → ∞ ⇒ Cooperative U ncooperative → 1. → 0. While, when w → ∞ ⇒ Pintercept Pintercept

6. NUMERICAL RESULTS In this section, we present the simulation results to demonstrate the performance of the presented model using Matlab Monte Carlo simulation. In our simulations, we assume a ρ = ρs,k = ρk,d = ρk,e = 5dB, |hs,k |2 = |hk,d |2 = |hk,e |2 = 1 and U = 13 K.

Figure 6: Ergodic Channel Secrecy Capacity Comparison between our proposed system model and traditional on illustrated in [12]

Figure 6 depicts the performance evaluation for the proposed original system model based on DBF verses the proposed enhanced model that employees runtime diversification and randomization via the MtD technique as presented on Eq. (18) and Eq. (26), with the illustrated system model in [12]. The simulated results show the improvement within the channel secrecy capacity for our proposed model compared to the reference.

16

Figure 7: Intercept probability Comparison between our proposed system model and traditional on illustrated in [12]

As shown in, Fig. 6 The proposed mechanism managed to massively enhance the overall transmission security. In the first scenario (i.e ’the uncooperative untrustworthy relays’), considering that the transmitted signal is separated into fragments shuffled using the proposed shuffling technique, the secrecy capacity calculated were higher than the traditional scenario mentioned in [12]. The reason behind that goes to the fact that the eavesdroppers is struggling to intercept to the required fragments to construct a meaningful message. On the other hand, the second scenario (i.e ’cooperative untrustworthy relays’), eavesdroppers used collaborative relays. This cooperation facilitates assembling the message’s fragments. Therefore, even with the channel secrecy capacity is a significant increase over the traditional technique (without MtD) it is higher than the channel capacity in the first scenario. From this context, the channel secrecy capacity of our proposed model is significantly higher than the traditional scenario with no MtD. Figure 7 presents the intercept probability improvement in the proposed model based on Eq. (30) and Eq. (34) versus the illustrated model in [12]. It’s obvious from Fig. 7 that there is a significant enhancement to the physical layer security when using MtD with DBF instead of any tradition cooperative technique. In case there are uncooperative untrusted relays, the eavesdropper’s capability to intercept data is lower than the case that all eavesdroppers cooperate with each other to collect the transmitted message fragments to an outsource eavesdropper. The impact of this is the increase of the overall security of the entire dual-hop cooperative system Figure 8 illustrates the intercept probability variation with respect to increasing the number of exploited sectors. As concluded from Eq. (30), Fig. 8 showed that when the number of exploited sectors increases, the message fragments will be distributed towards variant sectors increase, then the security assessment becomes much better. 17

Figure 8: Intercept probability with different number of used sectors to separate the transmitted data.

Therefore, as the number of used sectors increased in the case of the uncooperative untrustworthy relays, the intercept probability will decrease. This reduction in intercept probability is a result of increasing the complexity by using variant sectors. As the number of sectors increase, the opportunity for the attacker to track the transmitted message fragments and collect meaningful message in the presence of the MtD technique will be very limited. Therefore, based on Fig. 8 and Eq.(30) it’s clear that as the number of used sectors increases, the attacker probability to intercept meaningful message becomes more difficult. In Figure 9, we present the simulation result for the intercept probability in presence of untrusted cooperative relays, when w (which defined at Eq.(34)) changes, varying from 4 to 32. As depicted in Fig. 9, with the increase of the number of cooperative relays (w) from 4 to 32, the security of th system degrades significantly. This deterioration is the result of the increase of the eavesdropper’s opportunity to attack more messages. In conclusion, From Eq.(30) and Eq.(34) its obvious that as the number of used sectors increase, the attacker probability to intercept meaningful message becomes harder. Further, as the number of the cooperative relays increase the intercept probability will increase. From that we can say that, when v → ∞ ⇒ Pintercept → 0. While, when w → ∞ ⇒ Pintercept → 1. based on the aforementioned results we demonstrated that the presented algorithm managed to massively reduce the attacker’s intercept probability in all studied cases. 7. Conclusion In this paper, we managed to present novel exploitation of the False-data Injection attack to implement a Moving-target Defense to secure DF cooperative wireless communication. Spatial Diversity is induced by using 18

Figure 9: Intercept probability with different number of an cooperative untrustworthy relays.

cooperative relays to obfuscate signal transmission patterns by changing the relay selection order overtime. Temporal diversity is induced by alternating the transmission source selection between an actual source, and a fake data generator. Numerical results showed the effectiveness and efficiency of the proposed spatiotemporal diversification mechanism in enhancing the system’s security and performance. Future work includes exploiting complex machine learning mechanisms to better guide the diversification process for enhanced defense provisioning.

8. Acknowledgment Authors would like to express their appreciation for the ”IoT and Cyber Security lab”, SmartCI, Alexandria, Egypt, and CIS , VMI , USA, for supporting and hosting the activities related to this manuscript.

References References [1] Y. Zou, J. Zhu, L. Yang, Y.-C. Liang, and Y.-D. Yao, “Securing physical-layer communications for cognitive radio networks,” IEEE Communications Magazine, vol. 53, no. 9, pp. 48–54, 2015. [2] Z. Shu, Y. Qian, and S. Ci, “On physical layer security for cognitive radio networks,” IEEE Network, vol. 27, no. 3, pp. 28–33, 2013.

19

[3] A. S. Akki and F. Haber, “A statistical model of mobile-to-mobile land communication channel,” IEEE transactions on vehicular technology, vol. 35, no. 1, pp. 2–7, 1986. [4] C. S. Patel, G. L. Stuber, and T. G. Pratt, “Simulation of rayleigh-faded mobile-to-mobile communication channels,” IEEE Transactions on Communications, vol. 53, no. 11, pp. 1876–1884, 2005. [5] A. D. Wyner, “The wire-tap channel,” The bell system technical journal, vol. 54, no. 8, pp. 1355–1387, 1975. [6] S. Leung-Yan-Cheong and M. Hellman, “The gaussian wire-tap channel,” IEEE transactions on information theory, vol. 24, no. 4, pp. 451–456, 1978. [7] L. Atzori, A. Iera, and G. Morabito, “The internet of things: A survey,” Computer networks, vol. 54, no. 15, pp. 2787–2805, 2010. [8] Y. Zou, B. Champagne, W.-P. Zhu, and L. Hanzo, “Relay-selection improves the security-reliability trade-off in cognitive radio systems,” IEEE Transactions on Communications, vol. 63, no. 1, pp. 215–228, 2015. [9] P. N. Son and H. Y. Kong, “Exact outage probability of two-way decode-and-forward scheme with opportunistic relay selection under physical layer security,” Wireless personal communications, vol. 77, no. 4, pp. 2889–2917, 2014. [10] Y. Zou, J. Zhu, X. Wang, and V. C. Leung, “Improving physical-layer security in wireless communications using diversity techniques,” IEEE Network, vol. 29, no. 1, pp. 42–48, 2015. [11] R. Zhuang, S. A. DeLoach, and X. Ou, “Towards a theory of moving target defense,” in Proceedings of the First ACM Workshop on Moving Target Defense.

ACM, 2014, pp. 31–40.

[12] M. Atallah and G. Kaddoum, “Secrecy analysis of cooperative network with untrustworthy relays using location-based multicasting technique,” in 2017 IEEE 5th International Conference on Future Internet of Things and Cloud: Workshops (W-FiCloud).

IEEE, 2017, pp. 206–210.

[13] E. Ahmed and H. Gharavi, “Cooperative vehicular networking: A survey,” IEEE Transactions on Intelligent Transportation Systems, vol. 19, no. 3, pp. 996–1014, 2018. [14] A. Stango, N. R. Prasad, and D. M. Kyriazanos, “A threat analysis methodology for security evaluation and enhancement planning,” in 2009 Third International Conference on Emerging Security Information, Systems and Technologies.

IEEE, 2009, pp. 262–267.

[15] C. E. Shannon, “A mathematical theory of communication,” ACM SIGMOBILE Mobile Computing and Communications Review, vol. 5, no. 1, pp. 3–55, 2001. [16] R. J. Serfling, Approximation theorems of mathematical statistics. John Wiley & Sons, 2009, vol. 162. [17] M. Sharif and B. Hassibi, “On the capacity of mimo broadcast channels with partial side information,” IEEE Transactions on information Theory, vol. 51, no. 2, pp. 506–522, 2005.

20

Declaration of interests ☐ The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper. ☐The authors declare the following financial interests/personal relationships which may be considered as potential competing interests:

Esraa Mohamed is an assistant researcher for Faculty of Engineering. She received her M.Sc in Communication Engineering, at Faculty of Engineering in 2018 and B.S in Electrical Communication Engineering Major with, GPA 3.85 in 2014, from Alexandria University. Currently, she is a researcher working on techniques to improve the wireless, Vehicular, CR, and cellular system’s security as a part of her master’s degree. Her research aims at enhancing vehicle network security using real-time diversity as a moving target defense against eavesdropping and signal manipulation.

Esraa is one of the founders and the researcher in the IoT Cyber Security Lab, Alexandria Egypt. She worked with the lab team members towards a set of innovative research and business-oriented Small-business Innovation Research Funding projects related to Cyber Security, Smart IoT systems, Software Defined Secure wireless communication. They were granted funding from multiple local and international agencies. As a senior researcher, she supervised young researchers working on their 1st papers.

22