Internet-Draft | LTE-D Physical Layer Device Authenticati | October 2023 |
Yang, et al. | Expires 19 April 2024 | [Page] |
This document describes a physical layer device authentication protocol based on the physical layer unclonable fingerpint (PUF) technique for LTE Direct (LTE-D), a subprotocol of LTE V2X (Vehicle-to-Everything), to help the LTE-D message receiver confirm the identity of the LTE-D message sender.¶
PUF utilizes intrinsic nonlinear characters of the transmission signal to identificate the devices and coresponding wireless signal transmitters, and is suitable for critical vehicular communication scenarios by its immunity against traditional cryptographic attacks.¶
The protocol can be seamlessly integrated into the LTE-D communication system, and compatible with the traditional cryptography-based authentication mechanism.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 3 April 2024.¶
Copyright (c) 2023 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
LTE Direct (LTE-D), a subprotocol of LTE V2X (Vehicle-to-Everything), is designed for device-to-device communication within vehicular environments. LTE-D lies in its potential to enable direct, efficient, and low-latency communication between nearby devices, fostering enhanced safety, cooperative driving, and diverse applications in the automotive landscape.¶
To realize the benefits and ensure the integrity and security of communications, authentication mechanisms for high-level security are imperative.¶
A novial technique called physical layer unclonable fingerpint (PUF) is proposed for device authentication, which does not rely on cryptographic algorithms or keys, but utilizes intrinsic nonlinear characters of the transmission signal to identificate devices with coresponding wireless signal transmitters, and is suitable for enhancing the security of critical vehicular communication scenario by tis immunity against traditional cryptographic attacks.¶
A PUF system is composed by two kinds of components, the capturing frontends and the identification backend.¶
A PUF capture frontend is often implemented by a Software Radio Platform (SRP), which captures wireless signals and extracts device characters (device fingerprint) from them.¶
A PUF identification backend is a program with a database of pre-collected device fingerprints of varied devices, which takes device fingerprint as input and outputs the identification result.¶
This document describes an physical layer device authentication protocol based on the PUF technique to help the LTE-D message receiver confirm the identity of the LTE-D message sender. The protocol can be seamlessly integrated into the LTE-D communication system, and compatible with the traditional cryptography-based authentication mechanism.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
[RFC8446] The Transport Layer Security (TLS) Protocol Version 1.3¶
The device authentication protocol contains only two messages and only involves the receiver, equipped with a PUF capture frontend, and the authenticator, equipped with a PUF identification backend. Notice that the sender does not need more interactions than normal LTE-D communication processes, and the traditional first step of authentication, i.e. initiating the authentication, is understood by the action of sending messages.¶
The Receiver initiates the authentication process by sending a request to the Authenticator.¶
Message Type (8 bits)¶
8 bits for fixed message type, i.e., 0x10, for Device Authentication Request.¶
Endian Type (1 bits)¶
0 for little endian, 1 for big endian.¶
Receiver ID (32 bits)¶
Unique identifier for the Receiver.¶
Serial Number (32 bits)¶
A serial number indicating the receive order of the message.¶
Timestamp (64 bits)¶
A timestamp indicating when the request was generated.¶
Nonce (64 bits)¶
A random value generated by the device to prevent replay attacks.¶
Signal Data Length (32 bits)¶
The length of the following signal data, in octets.¶
Signal Data (variable length)¶
Data captured by the SRP of the receiver that contains enough information to authentication.¶
The Authenticator processes the request, comparing the signal data with the pre-collected fingerprints and decoding the data by the PUF Backend, then sends the result back to the Receiver.¶
Message Type (8 bits)¶
8 bits for fixed message type, i.e., 0x20, for Device Authentication Response.¶
Endian Type (1 bits)¶
0 for little endian, 1 for big endian.¶
Confidence Coefficient (7 bits)¶
The confidence coefficient of the following calculated sender ID given by the PUF backend, in percent, from 0 to 100. Any value above 100 is illegal.¶
Sender ID (32 bits)¶
Serial Number (32 bits)¶
A serial number corresponding with the request.¶
Timestamp (64 bits)¶
A timestamp indicating when the response was generated.¶
Nonce (64 bits)¶
A random value generated by the device to prevent replay attacks.¶
Decoded Data Length (32 bits)¶
The length of the following decoded data, in octets.¶
Decoded Data (variable length)¶
Data decoded by the signal data from the coresponding authentication request message.¶
To ensure the confidentiality, integrity, and authenticity of communication within the LTE-D Physical Layer Device Authentication Protocol, it is crucial to employ strong encryption and integrity mechanisms for the exchanged messages among all the parties of the protocol. Leveraging Transport Layer Security (TLS)[RFC8446] is highly recommended for this purpose.¶
This document does not require any actions or registrations with the Internet Assigned Numbers Authority (IANA).¶