现有基于OFDM调制的物理层加密算法的安全性普遍依赖于较大的子载波个数,且不能抵抗明文密文攻击,当子载波个数比较少时,其密钥空间快速变小,安全性急剧下降,因此,很难适应资源受限终端的安全通信需求.针对这一共性问题,文中利用LTE上行链路采用的DFT-S-OFDM传输方式以及资源块划分方式,提出了一种基于双矩阵变换的物理层加密算法.该算法主要包含两个步骤:一是通过AES计数器模式控制产生两个对角密钥矩阵;二是通过密钥矩阵控制N点DFT变换前后的数据,使得密文、明文和密钥之间形成非线性方程组关系.通过这个加密过程,实现两个目的,一是利用DFT-S-OFDM传输方式的特点,实现对输入的明文和输出的密文分别加密的目的,保证算法具备抵抗明文密文攻击能力;二是实现明文、密文和密钥三者之间的非线性关系,保证算法的安全.算法设置了两种密钥工作模式,第一种为每加密N-1组明文就改变一次子密钥,第二种为每加密大于等于N组明文才改变一次子密钥.在无噪的理想情况和有噪的非理想情况下,详细分析了两种密钥工作模式的安全性.理论分析结果表明,在子载波数大于等于12的情况下,第一种密钥工作模式无论在理想条件还是有扰信道条件下,均可以抵抗穷举攻击和明文密文攻击,保证算法的安全性,第二种密钥工作模式只有在有扰信道条件下才可以抵抗穷举攻击和明文密文攻击,保证算法安全;在两种密钥工作模式下,算法均不会改变DFT-S-OFDM系统中的峰均功率比.分别仿真分析了加密前后系统的峰均比、误码率等参数的变化,仿真数据证实了理论分析所得的结论,表明算法对系统的峰均比、功率以及误码特性等固有性能影响较小,能够在子载波数比较小的情况下,很好的保证通信数据的安全性,满足资源受限终端的安全通信需求.%The security of the existing physical layer encryption algorithm based on OFDM (Orthogonal Frequency Division Multiplexing) modulation is generally dependent on the large number of subcarriers,and can not resist the plaintext ciphertext attack.When the number of subcarriers is relatively small,the key space becomes smaller and the security is abruptly decreased,so it can not adapt to the secure communication demand of the resource limited terminal.Aiming at solving this common problem,a physical layer encryption algorithm is proposed in this paper based on double matrix transformation using DFT-S-OFDM (Discrete Fourier Transform-Spread-Orthogonal Frequency Division Multiplexing) transmission scheme and resource block partitioning method adopted by LTE (Long Term Evolution) uplink.The algorithm mainly consists of two steps.:one is to generate two diagonal key matrices by AES (Advanced Encryption Standard)counter mode;the other is to control the data before and after the N-point DFT(Discrete Fourier Transform) transform by the key matrix,so that the ciphertext,plaintext and key are formed Nonlinear equations.Through the encryption process,we can achieve two purposes that one is using the features of DFT-S-OFDM transmission mode to achieve that the input of the plaintext and output ciphertext were encrypted to ensure that the algorithm has resistance to clear plaintext ciphertext attack;the other is to achieve the three non-linear relationship among the plaintext,ciphertext and the key to ensure the security of the algorithm.The algorithm sets two operation modes of the key.The first one is to change the sub-key once for each encrypted N—1 group,and the second one is to change the sub-key for each encryption greater than or equal to the N group.In the case of non-noise ideal situation and noisy non-ideal situation,the security of the two key modes of operation is analyzed in detail.The results of theoretical analysis show that under the condition of the number of subcarriers is greater than or equal to 12,the first kind of key operation mode can resist the exhaustive attack and the plaintext ciphertext attack both in the ideal and the disturbed channel condition to ensure the security of the algorithm,the second kind of key operation mode can only resist the exhaustive attack and the plaintext ciphertext attack under the condition of disturbing channel to ensure the security of the algorithm.In both key operation modes proposed in the paper,the algorithm does not change the PAPR (Peak-to-Average Power Ratio) in DFT-S-OFDM systems.The changes of the parameters such as peak to average ratio and bit error rate are analyzed in simulation,the simulation data confirm the conclusions of the theoretical analysis.It is shown that the algorithm has little influence on the inherent performance of the system,such as PAPR,power and error characteristics,and can ensure the security of communication data and satisfy to meet the safe communication demand of resourcelimited terminal in the case of small number of subcarriers.
展开▼
