Profs. Horace Yuen and Prem Kumar of Northwestern University developed a novel scheme for hiding binary data behind optical quantum noise that exists in all laser outputs. They also demonstrated the feasibility of their scheme on a 250Mbps communication channel over 25km of telecommunication fiber. Their encryption scheme has two noteworthy advantages: (1) the mesoscopic coherent-state signals used in their scheme can travel in ordinary single or multi-mode optical fibers, and be amplified or switched by opto-electronic devices; hence, the encryption scheme can be readily integrated into existing DWDM optical networks; (2) the cryptographic mechanism is based on quantum phenomenon rather than digital computation; thus, data encryption can be performed at modulation speed without the need for high-speed processors.

Continuing the work I started as the technical leader of BBN collaboration, I will perform the following tasks in the fiscal years of 2004 and 2005:

1. Devise optical polarization compensation algorithms for quantum cryptographic modulation. Since optical fibers may change the polarization of coherent light as it propagates through the media, the change must be compensated at the receiver so that the de-modulator can be tuned to the data modulation.  During the compensation process, the transmitter will emit repetitive “training sequences” of data symbols while the receiver will drive the demodulator to sweep through the Poincaré sphere of polarization following a two-dimensional search pattern in order to find the polarization states that maximize the differential outputs at the detector in response to each transmitted data symbol. Because the transmitter uses a simple polarization modulation scheme, the locus of received data symbols should lie along a great circle on the Poincaré sphere that best fits the detected polarization states, and the required compensation should equal to the average difference between the transmitted and the received polarization states.

2. Develop clock recovery and bit synchronization mechanisms for quantum cryptographic receivers. Beside of searching for the locus of data symbols, the receiver must also find the best moments to examine these symbols. Since the locus is one dimensional, a tracking loop such as an early/late-gating clock recovery loop may be used to produce a bit-clock signal locked to the optimal sampling moments. Since the clock recovery loop will work only in the presence of frequent bit transitions,  different test patterns shall be fed through the demodulator and the clock recovery loop in order to study the receiver behavior.

3.  Adapt quantum cryptographic modulation to 1000BASE-X PHY and MAC specification. Before introducing quantum encryption to the gigabit Ethernet, we must make sure that the mechanism can satisfy the 1000BASE-X optical link model under worst operating conditions.  Since the encryption schemes work best in relatively low signal power, we shall try to satisfy the link (safety) margin by reducing the receiver noise and shortening the mean distance between signal amplifiers.  In addition to the link model adaptation, we shall examine the effect of using 8B10B block encoding for maintaining bit synchronization, and embedding the polarization compensation in the auto-negotiation process.

Low-power integrated circuit and miniature senor/actuator technologies make it possible to pack data acquisition, communication, computation and actuation capability on monolithic substrates. Amorphous collections of these devices can be organized into Networks of Embedded Systems (NES) and used to support distributed sensing and ubiquitous computing paradigms.  A new genre of embedded software known as data-centric networking or ah-hoc collaboration has also been studied.  Motivated by these new developments, the necessity and feasibility of protecting NES operation with lightweight cryptographic and security firmware are being investigated in both government and industrial research programs.

This project is an extension of my work in DARPA SecLite project. In that project, we used a computation efficient public-key cryptosystem NTRU and a family of energy-efficient key management protocols to provide communication security (COMSEC) services to Berkeley smart sensors MOTEs running TinyOS real-time operating system. In this project, we plan to develop two information security (INFOSEC) services authorization and access control so that the MOTEs can defend themselves against adversaries but also organize into security hierarchies so as to support secure concurrent processing.

The InfoSecLite middleware will be tailored to support an “information-wavefront” model of distributed concurrent processing. Within NES coverage, legitimate users may issue queries or instructions by contacting neighboring MOTEs. Each distinct query/instruction will initiate a cascaded sequence of concurrent processes within a MOTE community. The MOTEs may join or leave a community depending on their resource availability and health status while the processes will exchange commands and requests asynchronous among active MOTEs. As a result, data and events will propagate through the ad-hoc networks like ripples traveling across the surface of a water pond. In order to enforce access control on real-time processes and fit the resident code into small program memory, InfoSecLite must resolve authorization decisions in a pre-processing phase. The system will consist of an off-line Policy Compiler and two on-line modules, Group Manager and Reference Monitor. The Policy Compiler will convert a role-based access control (RBAC) schema into a Security Group Specification that governs the formation of functional groups and an Access Control List (ACL) that controls resource use by the concurrent processes. The Group Manager will use the Security Group Specification to manage group keys while the Reference Monitor will use the ACL to launch concurrent processes. The system will rely on the expressive power of RBAC schema to map the subject-role assignments into Security Group Specification and the role-privilege relations into ACL. Both Group Manager and Reference Monitor will be implemented as TinyOS components while Policy Compiler will be written as platform-independent modules ready to produce cross-compiled outputs for other NES platforms.

Ultra-wideband (UWB) radios received a lot of attention recently due to its high spatial capacity, obstacle penetrating ability, multi-path fading immunity, low power operation and low cost system-on-chip implementation. Although the spectral power constraints imposed by FCC in February 2002 has slowed down its consumer market push, the technology will still find widespread applications in RF tagging, high-resolution radars and robust communication.

This project derives from my work with Prof. Dennis Goeckel at the University of Massachusetts, Amherst. Prof. Goeckel and I have looked into the tradeoffs among transmission security (TRANSEC) protection, power/bandwidth consumption and clock/code sync acquisition for multiple access UWB digital networks. The introduction of TRANSEC protection, i.e. the use of cryptographically strong pseudo-random code sequences derived from secrets shared among the communicators, is a novel attempt in UWB communication, especially for civilian appli­cations; nevertheless, a successful attempt will enable transceivers in the same radio coverage areas to organize themselves into “crypto-nets” and prevent intruders from locking onto their waveforms. TRANSEC protection and robust sync acquisition may form a symbiotic relationship because both of them can be achieved by adopting a hierarchy of pseudo-random codes with increasing cycles. Successive handoffs between the sync codes will support the formation of nested crypto-nets as well as the graceful improvement and degradation of signal synchronization.  The codes may be designed to foster parallelism in the sync acquisition process. Multi-hypothesis detection schemes may also be used to shorten the acquisition time. While tradeoffs among throughput, complexity and power consumption are inevitable, clever design of codes and algorithms may enhance both robustness and security of UWB communication.

The project will be divided into two phases. In the first phase, the code hierarchy will be designed through iterative exercises, preceded by performance estimation and verified by computer simulation. In the second phase, actual use of the code will be seek by implementing a code receiver/detector using Prof. Goeckel’s Minimum-Complexity Sequential Multi-hypothesis Detection scheme. The implementation will begin with software simulation, and a possible SIP design may follow.