Loading [MathJax]/extensions/TeX/boldsymbol.js
SDR Implementation of a D2D Security Cryptographic Mechanism | IEEE Journals & Magazine | IEEE Xplore

SDR Implementation of a D2D Security Cryptographic Mechanism


Security mechanism for D2D communication involving the usage of physical unclonable functions (PUF) and implemented on a Software Defined Radio (SDR) communication platfo...

Abstract:

Device-to-device (D2D) communication represents a promising technique to enable devices to communicate directly without the interaction of access points or base stations....Show More
Topic: D2D Communications: Security Issues and Resource Allocation

Abstract:

Device-to-device (D2D) communication represents a promising technique to enable devices to communicate directly without the interaction of access points or base stations. The ad hoc and proximity nature of this communication introduce some very important security vulnerabilities. Key management, access control, privacy, secure routing, and transmission need dedicated signaling procedures and optimized implementation mechanisms that are appropriate for the mobile, low-energy, and low-processing power environment. This paper proposes a security mechanism for D2D communication involving the use of physically unclonable functions (PUF) for unique key generation, elliptic-curve cryptography (ECC) and Diffie-Hellman key exchange (DHKE) for key management, and Salsa20/20 as stream cyphering encryption method, suitable for confidentiality of the wireless transmissions. All these methods are implemented and tested on a software defined radio (SDR) communication platform consisting of a Zync-based system-on-chip (SoC), complemented by radio frequency (RF) daughter boards from analog devices-an integration using hardware and software co-design.
Topic: D2D Communications: Security Issues and Resource Allocation
Security mechanism for D2D communication involving the usage of physical unclonable functions (PUF) and implemented on a Software Defined Radio (SDR) communication platfo...
Published in: IEEE Access ( Volume: 7)
Page(s): 38847 - 38855
Date of Publication: 14 March 2019
Electronic ISSN: 2169-3536

SECTION I.

Introduction

D2D enables devices to communicate directly with each other without the involvement of fixed networking infrastructures such as Access Points or Base Stations. Though D2D can be applied using different technologies like Bluetooth, WiFi-Direct and Near Field Communications (NFC), an important standardization effort is represented by the 3GPP Proximity Services (ProSe) function.

D2D brings many advantages (shorter latency, decreased network traffic, power saving and a fallback system in the case of network failure), but it is generally acknowledged that the security of devices and data is a key factor for the success of Device to Device communication technology. No matter the technology used for D2D communications, the security problematic areas that must be considered are the same, including confidentiality, integrity, authentication, privacy, availability and dependability, as well as non-repudiation.

More security schemes were proposed for the D2D security mechanism, classified in the surveys of Wang and Zheng [1] or Hamoud et al. [2] with details on different methods for key management, authentication and access control. More than 40 research papers are mentioned, in these surveys, detailing security related work for D2D communication at different OSI layers. None of these solutions take into consideration the use of physical unclonable functions (PUF) for the unique identification of a device (integrated circuit) or as a method for generating private keys. Our implementation takes benefits of this PUF “circuit fingerprinting ” methodology that is extremely suitable for mobile devices by implementing the mechanism on Static Random-Access Memory (SRAM)-based PUFs, that is achieving widespread adoption in commercial products, as some prototypes are already implemented by major handheld vendors like Intel, Samsung, UMC, Cypress, TSMC, IBM, Renesas. For instance, Samsung has released the “Exynos I” [3] dedicated Internet of Things (IoT) chip series with on-chip ‘Security Sub-Systems’ based on PUF, providing much higher levels of security compared to the conventional one-time-password based solutions [4].

The survey [2] also mentions whether the proposed D2D security mechanism are implemented or simulated and we have observed that many of the proposed solutions are just conceptual. Our algorithm proposal is also implemented in a prototype that will be detailed throughout the paper. There are more security issues needed to be taken into consideration for a D2D security mechanism, like confidentiality, integrity and authentication.

Our proposed security scheme offers solutions for the following problems:

  • key management using RO-PUF for the unique secret key generation, Elliptic Curve Cryptography for generating the public key corresponding to the secret key, Diffie Hellmann for generating the shared secret key and key exchange;

  • data encryption using stream cyphering method based on Salsa20-20 algorithm, suitable for real-time communications encryption;

All these implementations are performed on a Software Defined Radio (SDR) [5] communication platform consisting of a Zync based System on Chip (SoC) on a Digilent “ZedBoard” [6] complemented by radio frequency (RF) daughter-boards from Analog Devices (FMCOMMS3 and FMCOMMS4) [7], an integration solution using hardware and software co-design. The SDR platform represents an excellent prototyping system, allowing the possibility to implement in hardware the complex security algorithms. It offers the flexibility to apply the designed modules (Intellectual Property – IP cores) in different radio communication solutions, from WiFi to LTE – either a custom approach or one that includes industry proven sub-systems based on MATLAB, Xilinx Vivado or GNU-Radio.

The paper is organized as follows: The first section describes the D2D security issues and the mechanisms that should be implemented relative to the 3GPP description of the ProSe function. We will mention the solutions and motivation for the selection of the algorithms to be part of our prototype, compared to other related work implementations. The 2^{\mathrm {nd}} section details the proposed security algorithms and their FPGA hardware implementation using Xilinx Vivado and the own written IP cores. The 3^{\mathrm {rd}} section is detailing our demonstrator setup for the security scheme using the implemented elements and the integration between the cryptographic and communication modules, respectively the ARM and FPGA co-existence. Next, results of the implemented algorithms are presented, as well as the possibility to use the presented security methodology in order to enhance the existing key exchange mechanism of the ProSe 3GPP standard. The last paragraph presents our conclusions.

SECTION II.

Security Considerations for D2D Communications and Related Work

The D2D communication can occur either on operator’s licensed spectrum (underlying 3GPP LTE-A networks) or in the unlicensed spectrum (Bluetooth, WiFi-Direct).

While the D2D communication is mostly using the Industrial, Scientific and Medical (ISM) spectra and works in a pure autonomous way, the 3GPP specifications ProSe (Proximity Services) have some well-established signaling procedures, as well as an own key management method [8]. First introduced in Release 12 of the 3GPP specifications, the LTE-A ProSe relies on multiple enhancements to existing LTE standards including new functional elements and a “sidelink” air interface for direct connectivity between devices. There are three main scenarios for D2D communications (Fig. 1):

  • the In-Coverage scenario in which the devices are in the coverage area of a base station (BS) / access point (AP), traffic offloading being the most common use-case

  • the Relay Coverage in which part of the devices are out of base station coverage (Partial Coverage), but they can communicate through relaying their communication data via other covered devices

  • the Out-of-Coverage case when the network coverage is absent. A typical use-case is the Public Safety communication. Devices can autonomously set up connections and start D2D communications with each other in their proximity, without the assistance of any operators.

Each of the scenarios above have their own security schemes, some of them better established via the 3GPP ProSe standardization. One of the most challenging D2D scenario is the out of coverage scenario, when the communication is done autonomously – in this situation the ProSe scenario is similar to the unlicensed ISM case, and the same security methods can be applied.
FIGURE 1. - D2D communication scenarios.
FIGURE 1.

D2D communication scenarios.

Most of the existing literature refers to this 3rd scenario, detailing methods for key management, authentication, access control for spontaneous and non-assisted D2D communication.

Several D2D key management solutions are detailed in other research papers, taking benefit of Diffie Hellman Key Exchange (DHKE): Shen et al. [9] detail a method for establishing a shared secret key between two D2D devices based on DHKE, Zhang et al. [10] present a method to realize a session key agreement between two D2D devices under the control of BS, while Ekberg et al. [11] detail the usage of DHKE for setting a security association, followed by mutual authentication via home core network certificates. We have also used the Diffie-Hellman algorithm, but we have complemented it with Elliptic Curve Cryptography (ECC) for generating the public key corresponding to the secret key. ECC is a public key encryption technique based on elliptic curves theory that can be used to create faster, smaller, and more efficient cryptographic keys than other first-generation encryption public key algorithms such as RSA and Diffie-Hellman, so it is recommended for mobile and wireless devices [12]. Another method proposed by related research papers is the key management based on Attribute-Based Encryption (ABE), a type of public-key encryption in which the secret key of a user and the cipher-text are dependent upon attributes [13].

For authentication purpose, several methods were detailed in research papers dedicated to D2D implementations: Hash Message Authentication Code – HMAC [10], sharing pin authentication [13] or certificate authentication [11], [14].

We have observed that there are no D2D security schemes taking benefit of the device uniqueness model based on physical unclonable functions (PUF). There are several methods for authentication or key management using the PUF [15], but not applied on D2D key management schemes. Considering that the chip manufacturers – including mobile devices vendors – started including PUF security in their chips, we hereby propose the usage of PUFs in D2D security schemes.

When it comes to data encryption for real data streaming, it is known that stream cyphering is more suitable compared to block cyphering, as it was also used in GSM networks (GEA methods based on the KASUMI algorithm), many of the available solutions being based on block Cyphering. The 3GPP ProSe function uses the EEA (extended Euclidean algorithm) cryptography – while the version EEA-2 uses the 128-bit AES (Advanced Encryption Standard), more recently, EEA-3 has become available, based on the ZUC [16] stream cipher [17].

We are proposing the usage of Salsa20/20 in our implementation, a stream cyphering method very efficient and considered secure, as it was not yet compromised so far.

The surveys in [1], [2], and [18] describe – besides some other work related to D2D security – some types of attacks that can be performed on D2D communication. A single compromised node can be turned into a malicious one that brings down a complete system or can cause disasters.

SECTION III.

Proposed D2D Key Management and Encryption Mechanism

The algorithms used for D2D security are presented in Figure 2. RO PUF (Ring Oscillator Physical Unclonable Functions) implemented on Zynq are used to generate a secret key for one device involved in D2D communications. Each device involved in the communication gets a secret key generated with RO PUF circuits. Elliptic Curve Cryptography operations are used for the generation of a public key corresponding to the secret key generated with RO PUF. The next step is to generate a shared secret key for each device using: i) the secret key generated with RO PUF; ii) the ECC cryptographic operations and iii) the public key of other device involved in the D2D communication. It has been used the Diffie-Hellman anonymous key agreement protocol that allows two parties, each having an elliptic curve public-private key pair, to establish a shared secret key over an insecure channel. The shared secret key is used as a seed into Salsa20/20 pseudo-random generator in order to have a stream of secret keys to be used in a symmetric encryption.

FIGURE 2. - Security mechanism implemented for devices involved in D2D communication.
FIGURE 2.

Security mechanism implemented for devices involved in D2D communication.

The encryption scheme for the D2D communication between Device A and Device B has the following phases:

  1. Generate a secret key with RO PUF circuits for each device. Due to the process variations, each secret key will be unique for each device;

  2. Generate the public key for each device using the corresponding RO PUF secret key and ECC operations;

  3. Switch the public keys between device A and Device B (Device A sends his Public Key A and receives the Public Key B);

  4. Compute the shared secret key for Device A and Device B (in case of Device A there are used: the corresponding RO PUF secret key, the Public key from Device B and the ECC operations);

  5. Use the shared secret key as a seed for Salsa20/20 algorithm and generate pseudo random keys;

  6. Use the XOR operation between the Salsa20/20 PRNG (pseudorandom number generator) output and the plain text message in order to encrypt the information

SECTION IV.

Implementation

A. RO PUF Circuits Implemented on ZYNQ

Inspired by biometrics, PUFs provide a unique way to identify integrated circuits. Comparable in a simplistic way with a “unique fingerprint” of an IC – that differentiates one IC from another (though apparently identical) – PUFs exploit the inherent variability in IC manufacturing to implement challenge-response functions whose outputs depend on the inputs and on the physical micro-structure of the devices.

The secret key is generated using 128 RO PUF circuits which exploits IC manufacturing process natural variations in attributes of the transistors (length, width, oxide thickness).

One RO PUF is composed of 5 inverter gates connected in a loop as may be seen in Figure 3.

FIGURE 3. - Five inverters connected in a loop.
FIGURE 3.

Five inverters connected in a loop.

The inverters are manually placed and routed on the hardware resources using constraints like the ones described in Figure 4.

FIGURE 4. - RO PUF constraints for manually place and route.
FIGURE 4.

RO PUF constraints for manually place and route.

Those inverters connected in a loop generate a periodical signal. Due to process variations the frequencies of two generated signals are slightly different. The periodical signal is used as a clock signal for a 13-bit width counter. Considering two counters each with a clock signal generated by 5 inverters connected in a loop, one of the counters will reach first the maximum value – due to the above-mentioned process variations that occur during the manufacturing process. Using a comparator for the output of the two counters, the comparator output will be unpredictable (0 or 1), representing the RO PUF response, 1 bit from the total 128 bits used as a secret key.

One RO PUF instance used in our implementation is composed of the digital circuits mentioned in Figure 5.

FIGURE 5. - RO PUF instance no. 50 – hardware resources.
FIGURE 5.

RO PUF instance no. 50 – hardware resources.

At first, 64 bits are generated using clock signals produced by the ro_puf_inst and ro_puf_inst1 and then the clock signals are switched with the ones generated with ro_puf_inst0 and ro_puf_inst10. In this manner, the number of 13-bit width binary counters is decreased twice – 64 instead of 128. Figure 5 shows an instance of RO PUF which generates the 50 bit and 100 bit from 128 bits. There are a total of 64 instances of RO PUFs as the one presented in Figure 5.

The statistical analysis of RO PUF circuits regarding their unicity and reproducibility is beyond the scope of this paper and has been extensively analyzed in [19]–​[21].

Because of the FPGA routing complexity and limitations, few existing PUF circuits can be implemented on FPGA. After many attempts of PUF implementations we concluded that the well-known ring oscillator PUF and the Latch based PUF are appropriate for an FPGA application. However, in case of an ASIC integrated circuit, the SRAM PUF is a suitable choice.

B. Elliptic Curve Cryptography

Symmetric key cryptosystems use the same key for encryption and decryption. Having the disadvantage of needing a secret key known by all the participants (a secret shared key) they have, nevertheless, the advantage of a reduced computing time [22]. Therefore, we will use symmetric key cryptosystems for encryption/decryption and we will generate a secret shared key.

Compared to other encryption technologies, ECC is helpful for use in low-memory and low-computing environments such as mobile devices and wireless devices. For example, a 160-bit ECC encryption key provides the same security as a 1024-bit RSA (Rivest-Shamir-Adleman) encryption key and can be up to 15 times faster, depending on the platform on which it is implemented [23], [24].

In this section there are illustrated details and results of the Elliptic Curve Cryptography implemented in hardware using HDL (Hardware Description Languages). For fast and accurate arithmetic in hardware implementations, elliptic curves over binary field {\boldsymbol F}_{2^{m}} (where m is a positive integer) are used. An elliptic curve E over the finite field {\boldsymbol F}_{2^{m}} is given through the following equation.\begin{equation*} y^{2}+xy= x^{3}+ax^{2}+b,\quad \mathrm {where}~ x,y,a,b \in F_{2^{m}}\end{equation*} View SourceRight-click on figure for MathML and additional features. The points on E are denoted as:\begin{equation*} E(F_{2^{m}}{)\!=\!\left \{{\left ({x,y }\right)\!\!:x,y\in F_{2^{m}} ~\mathrm {satisfy}~ y^{2}\!+\!xy\!==\!x^{3}\!+\!ax^{2}\!+\!b }\right \}}_{}\end{equation*} View SourceRight-click on figure for MathML and additional features.

The public key of each entity is computed as elliptic curve scalar multiplication. We will produce a “trapdoor function” where the special information or “trapdoor” is the ID value generated using PUF circuits. In order to implement the elliptic curve scalar multiplication, the following information is required [25]:

Given a curve E defined along an equation in a finite field (such as: y^{2}=x^{3}+ax+b ), point multiplication is defined as the repeated addition of a point along that curve.

Let nP=P+P+\ldots P for a scalar (integer) n and a point P = (x,y) that lies on the curve E . The security of modern ECC depends on the intractability of determining n from Q = nP given the known values of Q and P . This is known as the elliptic curve discrete logarithm problem.

We decomposed the problem in three layers as it can be seen in Figure 6.

FIGURE 6. - Elliptic curve cryptography – layers.
FIGURE 6.

Elliptic curve cryptography – layers.

The first layer implements the operation over the Galois Field (GF): addition, subtraction, multiplication and multiplicative inverse. The field GF (2^{n} ) is defined by a set of 2^{n} unique elements that is closed under both addition and multiplication, in which every non-zero element has a multiplicative inverse and every element has an additive inverse. As with any field, addition and multiplication are associative, distributive and commutative. The field GF (2^{n} ) is defined over an irreducible polynomial of degree n with coefficients in GF (2^{n} ). The primitive polynomial has a root \alpha , named primitive root where \alpha ^{2^{n}-1}=1 and \alpha ^{i} , where i < 2^{n}-1 generates a different element from GF (2^{n} ). The Galois field GF (2^{n} ) may be represented by the set of all polynomials of degree at most n-1 , with binary coefficients, as can be seen in Table 2.

TABLE 1 Elliptic Curve Cryptography Parameters
Table 1- 
Elliptic Curve Cryptography Parameters
TABLE 2 Galois Elements – Different Representations
Table 2- 
Galois Elements – Different Representations

In our implementation, the Galois Field elements are considered in binary vector representation. The addition and subtraction operations in hardware over {\boldsymbol F}_{2^{m}} are simple bitwise XOR operations. Multiplication in a finite field is multiplication modulo an irreducible reducing polynomial used to define the finite field.

We implement the multiplication as a multiplication followed by division using the reducing polynomials as the divisor.

First, we consider a general algorithm for division of two binary polynomials. In the second attempt for multiplication we consider a multiplication followed by a particular division using a fix (known) value of the reducing polynomial as the divisor. For the multiplicative inverse we implement the extended Euclidian algorithm (EEA) which is based on polynomial division and multiplication over Galois Field. In order to optimize the extended Euclidian algorithm in terms of area we optimized the polynomial division algorithm. In our implementation we considered the representation of the Galois Field as binary vectors. Table 3 shows an example of operations in Galois Fields over F_{2^{163}} with the generator polynomial \begin{equation*} {\boldsymbol p\left ({{\boldsymbol t} }\right)}={\boldsymbol t}^{163}+{\boldsymbol t}^{7}+{\boldsymbol t}^{6}+{\boldsymbol t}^{3}+{\boldsymbol 1}\end{equation*} View SourceRight-click on figure for MathML and additional features.

TABLE 3 Galois Field Operations
Table 3- 
Galois Field Operations
TABLE 4 Point Addition and Point Doubling
Table 4- 
Point Addition and Point Doubling

The second layer contains the operations of elliptic curve cryptography: point addition and point doubling, which are based on the operations from the first layer. The equations for point addition and point multiplication are given below: \begin{align*} \begin{array}{|c|c|} \hline R=P+Q& R=2P \\[5pt] x_{R}=\lambda ^{2}+\lambda +x_{p}+x_{q}+a\quad ~&~\quad x_{R}=\lambda ^{2}+\lambda +a\\[5pt] y_{R}=\lambda \left ({x_{p}+x_{R} }\right)+x_{R}+y_{p}\quad ~&~\quad y_{R}=x_{P}^{2}+\lambda x_{R}+x_{R}\\[4pt] \lambda =\dfrac {y_{Q}+y_{P}}{x_{Q}+x_{P}}\quad ~&~\quad \lambda =x_{P}+\dfrac {y_{P}}{x_{P}}\\[-8.9pt] \hline\end{array} \end{align*} View SourceRight-click on figure for MathML and additional features. where \lambda, x_{p},x_{q}, y_{p}, y_{q},x_{R,}y_{R} are elements of finite field F_{2^{163 }} . In order to obtain an optimal implementation, in terms of area and speed, for these operations we must have an optimal implementation of operations in finite fields F_{2^{163}} .

C. Diffie Hellman Key Exchange

Elliptic curve Diffie-Hellman is an anonymous key agreement protocol that allows two parties, each having an elliptic curve public-private key pair, to establish a shared “secret” over an insecure channel [26]. A schematic description of the Diffie Hellman key agreement protocol is presented in Figure 7.

FIGURE 7. - Diffie Hellman key agreement protocol based on elliptic curve cryptography.
FIGURE 7.

Diffie Hellman key agreement protocol based on elliptic curve cryptography.

The Diffie Hellman key agreement protocol has the following steps: i) Each device generates his own secret based on RO PUF circuit responses; ii) Using the generated secret key and the elliptic curve cryptography described in Section A the public cryptographic key is produced; iii) the public keys are exchanged between devices; iv) the shared secret key is computed using: public key, secret key generated with RO PUF and ECC operations.

SECTION V.

Experimental Setup

As experimental setup we have used the SDR prototyping environment offered by the Digilent “Zedboard”, combining the Xilinx Zynq®-7000 All-Programmable SoC (ARM® dual-core Cortex™-A9+28 nm programmable logic) with the Analog Devices AD-FMCOMMS3-EBZ FMC (FPGA Mezzanine Card) module featuring the AD9361 integrated RF Agile Transceiver.

The Zynq-7000 SoC (System on Chip) offers the possibility to combine the software programmability of an ARM-based processor with the hardware reconfigurability of a FPGA, enabling hardware acceleration while integrating CPU, DSP and mixed signal functionality on a single device. The features listed above make the Zynq7000 a good platform for Software Defined Radio (SDR) implementations of a broad range of transceiver applications for wireless communications. We recommend it as very suitable for experimenting Device-to-Device communication and integration with complex security implemented functions. For our demonstrator we have used a back-to-back configuration (Figure 8) with direct coupled radio interfaces, without any limitations and interferences with the public spectrum.

FIGURE 8. - Experimental setup – Back-to-back “Zedboards” with FMCOMMSx AD daughterboards.
FIGURE 8.

Experimental setup – Back-to-back “Zedboards” with FMCOMMSx AD daughterboards.

A description of the environment setup on Zedboard and the usage of the ARM core using a Linux operating system was presented by Dustinta and Stanciu [27].

In order to set-up the SDR work environment we have used the Linux ARM co-processor and the SoC implementation using Xilinx Vivado software [28] at FPGA level, connected with the Analog Devices AD-FMCOMMS3-EBZ board as radio interface. The communication sub-system was implemented using the AD IP Core for wireless communication.

Development for combining the communication modules with our implemented security modules can be performed in different ways:

  • Software implementation – running on the ARM core Linux implementation provided by Analog Devices – that also instantiates the communication with the AD Communication IP Core (see Figure 9). On top of this operating system, other communication software packages can be used (for example those from the open source GNU Radio).

  • Software and hardware co-design using MATLAB – particularly the MATLAB Communication module and the belonging LTE Advanced D2D communication modules [29]

  • Custom using the AD IP Core via Xilinx Vivado and running C code on top of this IP Core

When it comes to implementation of the complex cryptographic modules, because of the increased processing power needed, these will run in the FPGA part, as we have also implemented them on the Zync platform. We have implemented different IP cores with the cryptographic functions mentioned above – as depicted in Figure 9. The encryption mechanism is implemented in hardware alongside the AD communication IP core FMCOMMSx. Due to the fact that we have chosen symmetric encryption based on XOR operation, the performance of the transmission is not affected. Instead of sending plain-text data from the FMCOMMs HDL interface, an XOR between data and a pseudo random key resulting in encrypted data is transmitted.
FIGURE 9. - Encryption mechanism alongside the Zynq programmable SoC.
FIGURE 9.

Encryption mechanism alongside the Zynq programmable SoC.

SECTION VI.

Implementation Results

A. RO PUF Circuits

The 128 bits secret key generation with RO PUF circuits is presented in Figure 10. Results are visualized with the ChipScope Logic Analyzer provided by Xilinx Vivado. Firstly, there are generated 64 bits representing the LBSs of the secret key and the other half of it by changing the ring oscillators composed of 5 inverters connected in a loop.

FIGURE 10. - RO PUF circuits results implemented on Zynq.
FIGURE 10.

RO PUF circuits results implemented on Zynq.

B. Hardware Implementation of ECC

This section is summarizing the results of elliptic curve cryptography implemented in Verilog and synthesized, placed and routed with Xilinx Vivado.

Table 5 presents the implementation results of elliptic curve cryptography over F_{2^{163}} , in terms of hardware resource usage and frequency. Table 6 presents the results with the parameters given in Table 1.

TABLE 5 Hardware Resource Usage for ECC Over F_{2^{163}}
Table 5- 
Hardware Resource Usage for ECC Over 
$F_{2^{163}}$
TABLE 6 ECC – Number of Clock Cycles
Table 6- 
ECC – Number of Clock Cycles

C. Experimental Setup – Back-to-Back “Zedboards”

In Figure 8 it was presented the connection between two devices: i) Device A represented by a “Zedboard” development platform and FMCOMMS4 [30] and ii) Device B which is implemented on a Zedboard platform and FMCOMMS3 [31]. Device A is running a GNU application over a Linaro operating system that receives the encrypted data from Device B. Details regarding this implementation are presented in [27]. Device B is using the HDL reference design presented in [32], the version with ARM microprocessor which runs a C code in order to transmit encrypted data. The C code is available on [33] and the encryption of data was done with the above-detailed chosen algorithms.

D. Proposal for 3GPP ProSe Key Management Function Enhancement for an “Out-of-Coverage Scenario”

As part of the key management signaling in LTE-A, security parameters are provided by a network node called the ProSe Key Management Function. This node may physically be part of the ProSe Function included in the LTE-A core network. Central to the security is the ProSe Group Key (PGK) parameter. It is used as a basis to derive input parameters for the security algorithm. Each PGK is provided with an expiry time. By providing the UE (User Equipment) with PGKs valid for different times, the UE may operate for a longer time without further parameter provisioning from the core network – like, for example in the out-of-coverage – always taking a PGK valid for the actual time [34]. However, this method of operation has some disadvantages mainly for devices that were out of coverage for a long time, so a possible solution would be for the device to generate locally some parameters using the PUF generated secret key.

SECTION VII.

Conclusion

This paper proposed a D2D security mechanism for key management and data encryption, implemented and tested on two Digilent “Zedboard” FPGA based systems. The security mechanism is generic, can be applied to any type of communication (Wifi Direct, Bluetooth) but it can improve also the standardized 3GPP ProSe Key Management Function in the out-of-coverage scenario.

Although most of the papers approaching D2D cryptographical methods are focused on describing the algorithms and their advantages in a theoretical or simulated manner, we have implemented the proposed security algorithms in the Verilog HDL.

Important results of the research work include:

  • A proposed security mechanism for D2D communication involving some novel solutions like PUF-based key generation, efficiency of ECC as public key generation and a stream cyphering encryption method using Salsa20/20, suitable for confidentiality of the wireless transmissions.

  • Actual implementation of the algorithms, not only in software, but also hardware-accelerated on the Zync SoC platform with the Analog Devices RF daughter-boards.

  • A method for implementing a prototyping environment of the D2D communication and security by usage of dedicated SDR platforms, with a HW-SW codesign that can be used for future research and development.

The implementation of the RO PUF circuit on the Zync SoC for unique secret key generation can prevent impersonation attacks or other unsecure methods for nonce or seed generation in cryptographic functions. We consider that dedicated circuits including PUFs are perfect identifiers for any hardware element and will become very popular, so the proposed methods are valuable for many future areas of applicability in embedded systems, from mobile devices to IoT and Vehicle-to-anything V2X communications.

The paper was focused on the security related implementation and the integration of the SDR configurations, but the methods we have accomplished for communications can be adapted and enhanced by deployment on different radio technologies (some of them facilitated, for instance, by pre-defined LTE-A MATLAB routines, integrated with Simulink and Analog Devices specific drivers).

Further research can extend the presented approach on the integration of signaling related to device discovery procedures or on the side-link channels and transmissions.

References

References is not available for this document.