Login| Sign Up| Help| Contact|

Patent Searching and Data


Title:
AN APPARATUS AND METHOD FOR CONTROLLING THE SECURE TRANSMISSION OF A MESSAGE FROM A TRANSMITTER TO A RECEIVER
Document Type and Number:
WIPO Patent Application WO/2017/167369
Kind Code:
A1
Abstract:
The invention relates to an apparatus (100) for controlling the transmission of a message from a transmitter (110) to a receiver (120a), wherein the apparatus (100) comprises: a generator (101) configured to generate a plurality of message components on the basis of the message such that for reconstructing the message all of the plurality of message components have to be available; and a selector (103) configured to select on the basis of the spatial position of the receiver (120a) a first subset of a plurality of communication relays (115a-e) and to allocate a respective subset of the plurality of message components to each communication relay of the first subset of the plurality of communication relays (115a-e) for transmitting the respective subset of the plurality of message components from the respective communication relay to the receiver (120a).

Inventors:
ROSE, Luca (Riesstr. 25, Munich, 80992, DE)
QUAGLIA, Elizabeth (Riesstr.25, Munich, 80992, DE)
VALENTIN, Stefan (Riesstr.25, Munich, 80992, DE)
Application Number:
EP2016/057035
Publication Date:
October 05, 2017
Filing Date:
March 31, 2016
Export Citation:
Click for automatic bibliography generation   Help
Assignee:
HUAWEI TECHNOLOGIES CO., LTD. (Huawei Administration Building Bantian Longgang District, Shenzhen, Guangdong 9, 518129, CN)
ROSE, Luca (Riesstr. 25, Munich, 80992, DE)
QUAGLIA, Elizabeth (Riesstr.25, Munich, 80992, DE)
VALENTIN, Stefan (Riesstr.25, Munich, 80992, DE)
International Classes:
H04K1/10; H04L9/06; H04L9/08
Foreign References:
EP2173122A22010-04-07
US20090253433A12009-10-08
Other References:
YUANWEI LIU ET AL: "Relay Selection for Security Enhancement in Cognitive Relay Networks", IEEE WIRELESS COMMUNICATIONS LETTERS, vol. 4, no. 1, 1 February 2015 (2015-02-01), Piscataway, NJ, USA, pages 46 - 49, XP055328431, ISSN: 2162-2337, DOI: 10.1109/LWC.2014.2365808
JIMMY JESSEN NIELSEN ET AL: "Location-Based Mobile Relay Selection and Impact of Inaccurate Path Loss Model Parameters", WIRELESS COMMUNICATIONS AND NETWORKING CONFERENCE (WCNC), 2010 IEEE, IEEE, PISCATAWAY, NJ, USA, 18 April 2010 (2010-04-18), pages 1 - 6, XP031706352, ISBN: 978-1-4244-6396-1
JIMMY JESSEN NIELSEN; TATIANA K. MADSEN; HANS-PETER SCHWEFE: "Wireless Communications and Networking Conference (WCNC", 2010, IEEE, article "Location-based Mobile Relay Selection and Impact of Inaccurate Path Loss Model Parameters", pages: 1 - 6
YULONG ZOU; BENOIT CHAMPAGNE; WEI-PING ZHU; LAJOS HANZO: "Relay-Selection Improves the Security-Reliability Trade-off in Cognitive Radio Systems", IEEE TRANSACTIONS ON COMMUNICATIONS, vol. 63, no. 1, 2014, pages 215 - 228, XP011569886, DOI: doi:10.1109/TCOMM.2014.2377239
YUANWEI LIU; LIFENG WANG; TRAN TRUNG DUY; MAGED ELKASHLAN; TRUNG Q. DUONG: "Relay Selection for Security Enhancement in Cognitive Relay Networks", IEEE WIRELESS COMMUNICATIONS LETTERS, vol. 4, no. 1, 2014, pages 46 - 49, XP055328431, DOI: doi:10.1109/LWC.2014.2365808
Attorney, Agent or Firm:
KREUZ, Georg (Huawei Technologies Duesseldorf GmbH, Riesstr. 8, Munich, 80992, DE)
Download PDF:
Claims:
CLAIMS

1. An apparatus (100) for controlling the transmission of a message from a transmitter (1 10) to a receiver (120a), wherein the apparatus (100) comprises: a generator (101 ) configured to generate a plurality of message components on the basis of the message such that for reconstructing the message all of the plurality of message components have to be available; and a selector (103) configured to select on the basis of the spatial position of the receiver (120a) a first subset of a plurality of communication relays (1 15a-e) and to allocate a respective subset of the plurality of message components to each communication relay of the first subset of the plurality of communication relays (1 15a-e) for transmitting the respective subset of the plurality of message components from the respective

communication relay to the receiver (120a).

2. The apparatus (100) of claim 1 , wherein the selector (103) is further configured to select on the basis of the spatial position of the receiver (120a) a second subset of the plurality of communication relays (1 15a-e), wherein each communication relay of the second subset of the plurality of communication relays (1 15a-e) is configured to transmit a noise signal.

3. The apparatus (100) of claim 2, wherein the selector (103) is further configured to allocate a respective transmission power to each communication relay of the first and/or second subset of the plurality of communication relays (1 15a-e) on the basis of the respective spatial position of each communication relay of the first and/or second subset of the plurality of communication relays (1 15a-e) relative to the spatial position of the receiver (120a) and/or a path loss measure along respective paths defined between the spatial positions of the communication relays of the first and/or second subset of the plurality of communication relays (1 15a-e) and the spatial position of the receiver (120a).

4. The apparatus (100) of any one of the preceding claims, wherein the selector (103) is configured to select the first subset of the plurality of communication relays (1 15a-e) further on the basis of the spatial positions of the plurality of communication relays (1 15a- e) and/or a path loss measure along respective paths defined between the spatial positions of the plurality of communication relays (1 15a-e) and the spatial position of the receiver (120).

5. The apparatus (100) of claim 4, wherein the selector (103) is further configured to determine the path loss measure along the respective paths defined between the spatial positions of the plurality of communication relays (1 15a-e) and the spatial position of the receiver (120a) on the basis of a radio map, wherein the radio map defines as a function of spatial position relative to the spatial position of the transmitter (1 10) a path loss or an equivalent measure.

6. The apparatus (100) of any one of the preceding claims, wherein the selector (103) is further configured to select the first subset of the plurality of communication relays

(1 15a-e) on the basis of a predefined spatial area (130) around the spatial position of the receiver (120a).

7. The apparatus (100) of claim 6, wherein the selector (103) is further configured to determine a spatial area, where the plurality of message components to be transmitted by the communication relays of the first subset of communication relays (1 15a-e) can be received, and to select the first subset of the plurality of communication relays (1 15a-e) on the basis of a comparison of the spatial area, where the plurality of message components to be transmitted by the communication relays of the first subset of communication relays (1 15a-e) can be received, with the predefined spatial area (130) around the spatial position of the receiver (120a). 8. The apparatus (100) of claim 7, wherein the selector (103) is configured to determine the spatial area, where the plurality of message components to be transmitted by the communication relays of the first subset of communication relays (1 15a-e) can be received, on the basis of a radio map, wherein the radio map defines as a function of spatial position relative to the spatial position of the transmitter (1 10) a path loss or an equivalent measure.

9. The apparatus (100) of any one of the preceding claims, wherein the selector (103) is further configured to reduce the number of communication relays of the first subset of the plurality of communication relays (1 15a-e) by discarding at least one communication relay from the first subset of the plurality of communication relays (1 15a-e), which does not meet a predefined set of requirements.

10. The apparatus (100) of any one of the preceding claims, wherein the selector (103) is further configured to rank the communication relays of the first subset of the plurality of communication relays (1 15a-e), in particular on the basis of a respective measure associated with the respective amount of power each communication relay of the first subset of the plurality of communication relays (1 15a-e) requires for transmitting the respective subset of the plurality of message components to the receiver (120a).

1 1 . The apparatus (100) of any one of the preceding claims, wherein the selector (103) is further configured to select the first subset of the plurality of communication relays (1 15a-e) on the basis of a predefined threshold defining the maximum number of communication relays of the first subset of the plurality of communication relays (1 15a-e).

12. The apparatus (100) of any one of the preceding claims, wherein the generator (101 ) is further configured to generate the plurality of message components on the basis of the number of communication relays of the first subset of the plurality of communication relays (1 15a-e).

13. The apparatus (100) of any one of the preceding claims, wherein the message m is a bit string of length n and wherein the generator (101 ) is configured to generate the plurality of message components by generating a plurality of random bit strings η of length n and by generating an encrypted message using an XOR operation of the message m with the plurality of random bit strings η.

14. The apparatus (100) of claim 13, wherein the receiver (120a) comprises an encryption key and a corresponding decryption key and wherein the generator (101 ) is further configured to encrypt the plurality of message components using the encryption key of the receiver (120a).

15. The apparatus (100) of claim 14, wherein the generator (101 ) is further configured to digitally sign the plurality of message components.

16. A base station (1 10) for transmitting a message to a receiver (120a) via a first subset of a plurality of communication relays (1 15a-e), wherein the base station (1 10) comprises: an apparatus (100) according to any one of the preceding claims; and a distributor (1 1 1 ) configured to distribute the respective subset of the plurality of message components to each communication relay of the first subset of the plurality of

communication relays (1 15a-e). 17. A method (200) for controlling the transmission of a message from a transmitter (1 10) to a receiver (120a), wherein the method (200) comprises: generating (201 ) a plurality of message components on the basis of the message such that for reconstructing the message all of the plurality of message components have to be available; selecting (203) on the basis of the spatial position of the receiver (120a) a first subset of a plurality of communication relays (1 15a-e); and allocating (205) a respective subset of the plurality of message components to each communication relay of the first subset of the plurality of communication relays (1 15a-e) for transmitting the respective subset of the plurality of message components from the respective communication relay to the receiver (120a). 18. A computer program comprising program code for performing the method (200) of claim 17 when executed on a computer.

Description:
DESCRIPTION

An apparatus and method for controlling the secure transmission of a message from a transmitter to a receiver

TECHNICAL FIELD

Generally, the present invention relates to wireless communications. More specifically, the present invention relates to an apparatus and a method for controlling the secure transmission of a message from a transmitter, in particular a base station, to an intended receiver, in particular a user equipment.

BACKGROUND In a world that is increasingly relying on wireless technologies, the need for secure communication through this medium is becoming paramount. Secure transmission is, however, significantly more challenging in wireless communications, where information is broadcast over the air and can be, in principle, received and recorded by everyone in proximity to the transmitter.

Message privacy is a fundamental aspect of secure communication and it is typically achieved by means of encryption, which ensures that no information about the encrypted message can be obtained without the appropriate decryption key. Although in theory there are many secure encryption schemes proposed in the cryptographic literature, practice shows that unexpected vulnerabilities, such as side-channels and implementation errors, can lead to a breach of privacy. While researchers are trying to bridge the gap between cryptographic theory and practice, other methods to enhance the security level of wireless communication are desirable. One such method is to use communication relays, which has been studied in the following publications.

The paper "Location-based Mobile Relay Selection and Impact of Inaccurate Path Loss Model Parameters" by Jimmy Jessen Nielsen, Tatiana K. Madsen, Hans-Peter Schwefel, Wireless Communications and Networking Conference (WCNC), pages 1 -6, 2010, IEEE, discloses the usage of a communication relay in order to achieve an improved security transmission. The channel measures are evaluated through the spatial position of the communication relay and a theoretical pathloss model. The paper "Relay-Selection Improves the Security-Reliability Trade-off in Cognitive Radio Systems" by Yulong Zou, Benoit Champagne, Wei-Ping Zhu, Lajos Hanzo, IEEE

Transactions on Communications, Volume 63, Issue 1 , pages 215-228, 2014, describes a system in which a single or multiple communication relays can be used to forward a message to an intended receiver in order to enhance the security. When multiple communication relays are adopted, each communication relay transmits the same message with different level of power reducing the energy consumption and the area in which the message can be successfully decoded. The paper "Relay Selection for Security Enhancement in Cognitive Relay Networks" by

Yuanwei Liu, Lifeng Wang, Tran Trung Duy, Maged Elkashlan, and Trung Q. Duong, IEEE Wireless Communications Letters, Volume 4, issue 1 , pages 46-49, 2014, discloses several different communication relay selection policies in order to achieve an improved security. In particular, it is proposed to select a communication relay to forward the message and a communication relay to jam a malicious user. The selection can be done either randomly or based on the channel gain realization.

Although some of the above attempts using communication relays already can lead to an improved security of wireless communications, there is still a need for devices and methods providing further improvements with respect to the security of wireless communications.

SUMMARY It is an object of the invention to provide devices and methods allowing for an improved transmission security.

The foregoing and other objects are achieved by the subject matter of the independent claims. Further implementation forms are apparent from the dependent claims, the description and the figures.

According to a first aspect, the invention relates to an apparatus for controlling the secure transmission of a message from a transmitter, in particular a base station, to an intended receiver, in particular a user equipment. The apparatus comprises a generator configured to generate a plurality of message components on the basis of the message such that for reconstructing the message all of the plurality of message components have to be available and a selector configured to select on the basis of the spatial position of the receiver a first subset of a plurality of communication relays located within a service area of the transmitter and configured to relay a message from the transmitter to the receiver and to allocate a respective subset of the plurality of message components to each communication relay of the first subset of the plurality of communication relays for transmitting the respective subset of the plurality of message components from the respective communication relay of the first subset of the plurality of communication relays to the intended receiver. By selecting appropriate communication relays to relay respective subsets of the plurality of message components it is possible to define a spatial area (herein also referred to as critical area) around the intended receiver, where it is possible to receive all of the message components of the plurality of message components and, thus, to reconstruct the message for the intended receiver. Thus, an apparatus is provided allowing for an improved security of the wireless communication between the transmitter, in particular a base station, and the intended receiver, in particular a user equipment, using selected communication relays. In principle, the selected communication relays can comprise any device configured to relay a message from the transmitter to the receiver. The selected communication relays can comprise, for instance, further base stations or other fixed infrastructure of a wireless communication networks and/or further user equipments configured to relay a message, such as mobile phones.

In a first possible implementation form of the apparatus according to the first aspect as such, the selector is further configured to select on the basis of the spatial position of the receiver a second subset of the plurality of communication relays, wherein each communication relay of the second subset of the plurality of communication relays is configured to transmit a noise signal.

By selecting appropriate communication relays to transmit respective noise signals it is possible to ensure that the dimension or size of the critical area, i.e. the spatial area, where all of the message components can be received, does not exceed certain predictable or predefined limits even in case of virtually noiseless receivers.

In a second possible implementation form of the apparatus according to the first implementation form of the first aspect, the selector is further configured to allocate a respective transmission power to each communication relay of the first and/or second subset of the plurality of communication relays on the basis of the respective spatial position of each communication relay of the first and/or second subset of the plurality of communication relays relative to the spatial position of the receiver and/or a path loss measure along the respective paths defined between the spatial positions of the communication relays of the first and/or second subset of the plurality of communication relays and the spatial position of the receiver.

In a third possible implementation form of the apparatus according to the first aspect as such or the first or second implementation form thereof, the selector is configured to select the first subset of the plurality of communication relays further on the basis of the spatial positions of the plurality of communication relays and/or a path loss measure along the respective paths defined between the spatial positions of the plurality of communication relays and the spatial position of the receiver. In a fourth possible implementation form of the apparatus according to the third

implementation form of the first aspect, the selector is further configured to determine the path loss measure along respective paths defined between the spatial positions of the plurality of communication relays and the spatial position of the receiver on the basis of a radio map, wherein the radio map defines as a function of spatial position relative to the spatial position of the transmitter a path loss or an equivalent measure.

In a fifth possible implementation form of the apparatus according to the first aspect or any one of the first to fourth implementation form thereof, the selector is further configured to select the first subset of the plurality of communication relays on the basis of a predefined spatial area around the spatial position of the receiver.

In a sixth possible implementation form of the apparatus according to the fifth

implementation form of the first aspect, the selector is further configured to determine a spatial area, where the plurality of message components to be transmitted by the communication relays of the first subset of communication relays can be received, and to select the first subset of the plurality of communication relays on the basis of a

comparison of the spatial area, where the plurality of message components to be transmitted by the communication relays of the first subset of communication relays can be received, with the predefined spatial area around the spatial position of the receiver. In a seventh possible implementation form of the apparatus according to the sixth implementation form of the first aspect, the selector is configured to determine the spatial area, where the plurality of message components to be transmitted by the communication relays of the first subset of communication relays can be received, on the basis of a radio map, wherein the radio map defines as a function of spatial position relative to the spatial position of the transmitter a path loss or an equivalent measure.

In an eighth possible implementation form of the apparatus according to the first aspect as such or any one of the first to seventh implementation form thereof, the selector is further configured to reduce the number of communication relays of the first subset of the plurality of communication relays by discarding at least one communication relay from the first subset of the plurality of communication relays, which does not meet a predefined set of requirements. In an implementation form the predefined set of requirements can include one or more parameters of a communication relay, such as the minimum transmit power, the remaining battery power, the proximity to known malicious users/receivers and the like.

In a ninth possible implementation form of the apparatus according to the first aspect as such or any one of the first to eighth implementation form thereof, the selector is further configured to rank the communication relays of the first subset of the plurality of communication relays, in particular on the basis of a respective measure associated with the respective amount of power each communication relay of the first subset of the plurality of communication relays requires for transmitting the respective subset of the plurality of message components to the receiver.

In a tenth possible implementation form of the apparatus according to the first aspect as such or any one of the first to ninth implementation form thereof, the selector is further configured to select the first subset of the plurality of communication relays on the basis of a predefined threshold defining the maximum number of communication relays of the first subset of the plurality of communication relays.

In an eleventh possible implementation form of the apparatus according to the first aspect as such or any one of the first to tenth implementation form thereof, the generator is further configured to generate the plurality of message components on the basis of the number of communication relays of the first subset of the plurality of communication relays. In a twelfth possible implementation form of the apparatus according to the first aspect as such or any one of the first to eleventh implementation form thereof, the message m is a bit string of length n and wherein the generator is configured to generate the plurality of message components by generating a plurality of random bit strings η of length n and by generating an encrypted message using an XOR operation of the message m with the plurality of random bit strings η. This implementation form is computationally efficient, as the generator simply needs to generate some randomness.

In a thirteenth possible implementation form of the apparatus according to the twelfth implementation form of the first aspect, the receiver comprises an encryption key and corresponding decryption key and wherein the generator is further configured to encrypt the plurality of message components using the encryption key of the receiver.

By adding encryption, the security of the message communication protocol is

strengthened against passive attacks to hold end-to-end (as opposed to just outside of the critical area). This means that even if an adversary receives all the encrypted message components, i.e., the adversary is in the critical area, the adversary cannot recover the message, since the adversary does not know the secret key needed for decryption. In a fourteenth possible implementation form of the apparatus according to the thirteenth implementation form of the first aspect, the generator is further configured to digitally sign the plurality of message components. By adding a signature to the plurality of (possibly encrypted) message components message authentication is possible, i.e., the intended receiver is guaranteed that, if the signature verifies, the signed material originates from the transmitter. This addition is a security enhancement since the resulting message communication protocol resists passive attacks as well as a class of active attacks, namely pollution attacks. Indeed, failure of a signature to verify allows the intended receiver to detect that an adversary has injected a malicious message component so as to prevent the intended receiver from reconstructing the correct message.

According to a second aspect, the invention relates to a base station for transmitting a message to a receiver via a first subset of a plurality of communication relays located within a service area of the base station, wherein the base station comprises an apparatus according to the first aspect as such or any one of first to fourteenth implementation form thereof and a distributor configured to distribute the respective subset of the plurality of message components to each communication relay of the first subset of the plurality of communication relays.

According to a third aspect, the invention relates to a method for controlling the transmission of a message from a transmitter to a receiver, wherein the method comprises: generating a plurality of message components on the basis of the message such that for reconstructing the message all of the plurality of message components have to be available; selecting on the basis of the spatial position of the receiver a first subset of a plurality of communication relays; and allocating a respective subset of the plurality of message components to each communication relay of the first subset of the plurality of communication relays for transmitting the respective subset of the plurality of message components from the respective communication relay to the receiver.

The method according to the third aspect of the invention can be performed by the apparatus according to the first aspect of the invention. Further features and

implementation forms of the method according to the third aspect of the invention result directly from the functionality of the apparatus according to the first aspect of the invention and its different implementation forms. According to a fourth aspect the invention relates to a computer program comprising program code for performing the method according to the third aspect of the invention when executed on a computer.

The invention can be implemented in hardware and/or software.

BRIEF DESCRIPTION OF THE DRAWINGS

Further embodiments of the invention will be described with respect to the following figures, in which:

Fig. 1 shows a schematic diagram illustrating a wireless communication system including an apparatus according to an embodiment implemented as part of a base station according to an embodiment, a plurality of communication relays and a plurality of user equipments; Fig. 2 shows a schematic diagram illustrating the use of a radio map in embodiments of the invention;

Fig. 3 shows a schematic diagram illustrating the use of a radio map in embodiments of the invention;

Fig. 4 shows a schematic diagram illustrating the use of a radio map in embodiments of the invention; Fig. 5 shows a schematic diagram illustrating the use of a radio map in embodiments of the invention; and

Fig. 6 shows a schematic diagram illustrating steps of a method for controlling the transmission of a message from a transmitter to a receiver.

In the various figures, identical reference signs will be used for identical or at least functionally equivalent features.

DETAILED DESCRIPTION OF EMBODIMENTS

In the following detailed description, reference is made to the accompanying drawings, which form a part of the disclosure, and in which are shown, by way of illustration, specific aspects in which the present invention may be practiced. It is understood that other aspects may be utilized and structural or logical changes may be made without departing from the scope of the present invention. The following detailed description, therefore, is not to be taken in a limiting sense, as the scope of the present invention is defined by the appended claims.

For instance, it is understood that a disclosure in connection with a described method may also hold true for a corresponding device or system configured to perform the method and vice versa. For example, if a specific method step is described, a corresponding device may include a unit to perform the described method step, even if such unit is not explicitly described or illustrated in the figures. Further, it is understood that the features of the various exemplary aspects described herein may be combined with each other, unless specifically noted otherwise. Figure 1 shows a schematic diagram illustrating a wireless communication system including an apparatus 100 according to an embodiment implemented as part of a base station 1 10 according to an embodiment, a plurality of communication relays 1 15a-e and a plurality of user equipments 120a-d.

A user equipment of the plurality of user equipments 120a-d could be, for instance, a mobile phone, a smart phone, a tablet computer, a communication module of a vehicle, a M2M module or any other type of mobile wireless communication device configured to receiver a message over a wireless communication network. Such a user equipment can include hardware components, such as an antenna, a transceiver, a LTE module, a WiFi module, a processor and/or the like to communicate over the wireless communication network. The wireless communication network used for communication between the base station 1 10 and the plurality of communication relays 1 15a-e and the plurality of user equipments 120a-d could be a cellular wireless communication network, for instance, a LTE network, a LTE-A network or a future evolution thereof, such as 5G, or a WiFi network.

Embodiments of the invention are based on the following theoretical considerations. In an exemplary scenario, a message is transmitted by a transmitter with a power P T , a bandwidth W and a rate R. Generally, a receiver r at a spatial position p is able to decode the message only if the received power P R (p, r) is above a detection threshold, which is implicitly defined by the following relation: wherein a r 2 denotes the thermal noise of the receiver r. The minimum value of which equation (1 ) is verified is called SINR threshold and it is referred to as Γ:

R

Γ = 2w - 1. (2)

According to the Shannon-Hartley theorem, if a receiver r has an SINR below the threshold it cannot decode the message with 0 probability of error, no matter what decoding technique it adopts. Hence, Γ defines a decoding threshold. The value of P R p, r) depends on many factors such as distance from the transmitter, presence of objects between the transmitter and the receiver, fading, antenna gain and the like. In general, the ratio between the transmit power P T and the received power is the so called link budget

G R (P, r) = ^r y (3) which can also be expressed as a path loss. In the embodiment shown in figure 1 , the apparatus 100 is implemented as part of the base station 1 10. However, the present invention also covers embodiments, where the apparatus 100 is implemented as a separate unit from the base station 1 10. The apparatus 100 could be implemented, for instance, as a component of the backend system of the wireless communication system comprising the base station 1 10. In the case of a stand-alone implementation of the apparatus 100 it could be configured to communicate by means of a wired and/or a wireless connection with the base station.

In the embodiment shown in figure 1 , the apparatus 100 is configured to control the transmission of a message from the base station 1 10 to an intended receiver in the form of a specific user equipment 120a.

The apparatus 100 comprises a generator 101 configured to generate a plurality of message components on the basis of the message such that for reconstructing the message all of the plurality of message components have to be available. In an embodiment, the generator 101 can be configured to generate the plurality of message components by dividing the message into several parts, i.e. message components. Other cryptographically secured embodiments of the generator 101 will be described further below. The apparatus 100 further comprises a selector 103 configured to select on the basis of the spatial position of the intended receiver in the form of the user equipment 120a a first subset of a plurality of communication relays 1 15a-e and to allocate a respective subset of the plurality of message components to each communication relay of the first subset of the plurality of communication relays 1 15a-e for transmitting the respective subset of the plurality of message components from the respective communication relay to the intended receiver in the form of the user equipment 120a. In the exemplary embodiment shown in figure 1 , the communication relay 1 15a and the communication relay 1 15b have been selected by the selector 103 on the basis of the spatial position of the intended receiver in the form of the user equipment 120a, i.e.

belong to the first subset of the plurality of communication relays 1 15a-e. By selecting appropriate communication relays to relay respective subsets of the plurality of message components, for instance, the communication relays 1 15a and 1 15b in the exemplary embodiment shown in figure 1 , it is possible to define a spatial area (herein also referred to as critical area) around the intended receiver 120a, where it is possible to receive all of the message components of the plurality of message components and, thus, to reconstruct the message.

In an embodiment, the base station 1 10 is configured to determine the spatial positions of the intended receiver 120a and additionally of the plurality of communication relays 1 15a- e. In an embodiment, at least some of the communication relays 1 15a-e can be infrastructure communication relays so that their respective spatial position is fixed and known. The position of the intended receiver 120a can be acquired by means of GPS or similar location sensors and signaled to the base station 1 10 by the intended receiver 120a. In an embodiment, the generator 101 and/or the selector 103 can be implemented as hardware modules and/or as software modules being executed on a processor of the apparatus 100.

As shown in the embodiment of figure 1 , the base station 1 10 can comprise in addition to the apparatus 100 a distributor 1 1 1 configured to distribute the respective subset of the plurality of message components to each communication relay of the first subset of the plurality of communication relays 1 15a-e.

In an embodiment, the selector 103 is further configured to select on the basis of the spatial position of the intended receiver in the form of the user equipment 120a a second subset of the plurality of communication relays 1 15a-e, wherein each communication relay of the second subset of the plurality of communication relays 1 15a-e is configured to transmit a noise signal. In the exemplary embodiment shown in figure 1 , the

communication relay 1 15c has been selected by the selector 103 for emitting a noise signal (as indicated in figure 1 ), i.e. to belong to the second subset of the plurality of communication relays 1 15a-e. By selecting appropriate communication relays to transmit respective noise signals, for instance, the communication relay 1 15c of the exemplary embodiment shown in figure 1 , it is possible to further restrict the size of the spatial area, where all of the message components of the plurality of message components can be received, thereby further improving the security.

The additive noise created by the communication relays of the second subset of the plurality of communication relays 1 15a-e disturbs the intended receiver 120a in a controlled way. Since the noise is controlled, its negative effect can be compensated by a higher transmission power. For an adversary, on the other hand, the extra interference will drastically reduce the reception capability. In an embodiment each communication relay of the second subset of the plurality of communication relays 1 15a-e can transmits a noise signal in the form of a pseudo-random noise sequence of variance σ .

In the exemplary embodiment shown in figure 1 , the communication relays 1 15a and 1 15b belong to the fist subset of the plurality of communication relays 1 15a-e and the communication relay 1 15c belongs to the second subset of the plurality of communication relays 1 15a-e. Consequently, the transmission powers of the communication relays 1 15a and 1 15b as well as the noise transmission power of the communication relay 1 15c can be adjusted in such a way that the intended receiver 120a is able to receive all of the message components, whereas the user equipment 120b due to the noise generating communication relay 1 15c is not able to receive all of the message components. In the exemplary embodiment shown in figure 1 , the communication relays 1 15d and 1 15e being too far away from the intended receiver 120a have not been selected by the selector 103 to belong to the first or the second subset of the plurality of communication relays 1 15a-e.

In an embodiment, the selector 103 is configured to select the second subset of the plurality of communication relays 1 15a-e, i.e. the noise generating relays, in the following way. The total number of noise generating relays N NGR can be predefined. The selector 103 can be configured to set a noise threshold η such that η≤ σ^. The selector 103 can be configured to rank the noise generating communication relays based on one of the following criteria: (a) distance to the intended receiver 120a (higher distance first) and/or (b) channel gain (inversely proportional to the path loss) to the intended receiver 120a (lower gain first). In an embodiment, the selector 103 can be configured to select the first N NGR noise generating communication relays and to set the power I r such that the total generated interference to the intended receiver 120a is equal to η, for instance, on the basis of the following equation:

wherein G r R denotes the power gain between the noise generating relay (NGR) r and the intended receiver.

In an embodiment, the detection of all the message components by the intended receiver 120a is ensured by increasing the power of the communication relays of the first subset of the plurality of communication relays 1 15a-e on the basis of the following equation:

For instance, if η = σ^, the selector 103 can be configured to double the power with respect to the case with no noise generating communication relays in the system.

In an embodiment, the selector 103 of the apparatus 100 is further configured to allocate a respective transmission power to each communication relay of the first and/or second subset of the plurality of communication relays 1 15a-e. As indicated by the circles of different radii around the communication relays 1 15a, 1 15b and 1 15c, in the exemplary embodiment shown in figure 1 the selector 103 has allocated the largest transmission power to the communication relay 1 15a belonging to the first subset of the plurality of communication relays 1 15a-e and the smallest transmission power to the communication relay 1 15c belonging to the second subset of the plurality of communication relays 1 15a- e. In an embodiment, the selector 103 is configured to allocate the respective

transmission powers on the basis of the respective spatial position of each communication relay of the first and/or second subset of the plurality of communication relays 1 15a-e relative to the spatial position of the intended receiver 120a and/or a path loss measure along respective paths defined between the spatial positions of the communication relays of the first and/or second subset of the plurality of communication relays 1 15a-e and the spatial position of the intended receiver 120a.

In an embodiment, the selector 103 is configured to select the first subset of the plurality of communication relays 1 15a-e further on the basis of the spatial positions of the plurality of communication relays 1 15a-e and/or a path loss measure along respective paths defined between the spatial positions of the plurality of communication relays 1 15a-e and the spatial position of the intended receiver 120a.

In an embodiment, the selector 103 can be configured to determine the path loss measure along the respective paths defined between the spatial positions of the plurality of communication relays 1 15a-e and the spatial position of the indented receiver 120a on the basis of a radio map. Generally, a radio map defines a path loss or an equivalent measure as a function of spatial position relative to the spatial position of the base station 1 10. In an embodiment, the selector 103 can be configured to select the first subset of the plurality of communication relays 1 15a-d and/or adjust the respective transmission powers thereof on the basis of a predefined spatial area 130 around the spatial position of the intended receiver 120a. In the exemplary embodiment shown in figure 1 , the selector 103 can be configured to select the first subset of the plurality of communication relays 1 15a-d and/or adjust the respective transmission powers thereof on the basis of the predefined circular area 130 around the intended receiver 120a shown in figure 1.

In an embodiment, the selector 103 is configured to determine a spatial area, where the plurality of message components to be transmitted by the communication relays of the first subset of communication relays 1 15a-e can be received, and to select the first subset of the plurality of communication relays 1 15a-c and/or adjust the respective transmission powers thereof on the basis of a comparison of the spatial area, where the plurality of message components to be transmitted by the communication relays of the first subset of communication relays 1 1 15a-e can be received, with the predefined spatial area 130 around the spatial position of the intended receiver 120a. For instance, in the exemplary embodiment shown in figure 1 , the selector 103 can be configured adjust the respective transmission powers of the communication relays 1 15a and 1 15b such that the circular area 130 around the intended receiver 120a just fits into the spatial area, where the plurality of message components to be transmitted by the communication relays 1 15a abd 1 15b can be received.

The spatial area, where the plurality of message components to be transmitted by the communication relays of the first subset of communication relays 1 15a-e can be received, can be determined two different approaches, namely geometrical (GB) and radio-map- based (RMB). In an embodiment, the selector 103 is configured to determine the spatial area, where the plurality of message components to be transmitted by the communication relays of the first subset of communication relays 1 15a-e can be received, using conventional path loss equations and assuming an isotropic in all directions from a respective communication relay 1 15a-e. An exemplary scenario for determining the critical area, i.e. the spatial area, where the plurality of message components to be transmitted by the communication relays of the first subset of communication relays 1 15a-e can be received, according to this embodiment is shown in figure 2. In an embodiment, the selector 103 is configured to determine the spatial area, where the plurality of message components to be transmitted by the communication relays of the first subset of communication relays 1 15a-e can be received, on the basis of a radio map, wherein the radio map defines a path loss or an equivalent measure as a function of spatial position relative to the spatial position of the base station 1 10. More specifically, the critical area, i.e. the spatial area, where the plurality of message components to be transmitted by the communication relays of the first subset of communication relays 1 15a- e can be received, can be determined by the selector 103 on the basis of a radio map by using a gradient approach explained in more detail further below. In this way it is possible to determine the critical area more accurately taking into account the area-variant attenuation of radio waves. For instance, buildings blocking the radio wave propagation can be captured by this approach, which allows designing smaller critical areas. An exemplary scenario for determining the critical area, i.e. the spatial area, where the plurality of message components to be transmitted by the communication relays of the first subset of communication relays 1 15a-e can be received, according to this

embodiment is shown in figure 3.

For estimating the path loss or link budget along a path defined between a respective communication relay of the first subset of the plurality of communication relays 1 15a-e and the intended receiver 120a embodiments of the invention can implement one of the following approaches.

In an embodiment, a respective communication relay of the first subset of the plurality of communication relays 1 15a-e uses pilot signals to determine the path loss along the path defined between the respective communication relay and the intended receiver and feeds this information back to the base station 1 10. In an embodiment, the intended receiver 120a can be configured to broadcast a request- to-relay (RTR). The communication relays that are able to hear the request, estimate the path loss towards the intended receiver 120a and feed the information back to the bases station 1 10.

In an embodiment, radio map estimation for a fixed infrastructure is used. This approach could be used by communication relays that belong to the network infrastructure. An average value of the path loss can be estimated (e.g., through occasional pilot signals or field measurements) and stored in form of a radio map. This radio map can be explicitly computed once and then updated through other occasional channel estimations.

In an embodiment, radio map estimation for a non-fixed infrastructure is used. In case the communication relays do not belong to the fixed network infrastructure, such as UEs allowing for D2D communication, an estimation of the path loss can be obtained from a radio map as shown in figure 4, which shows the path or line of sight (LoS) between the spatial positon of a communication relay and the spatial position of the intended receiver. The pixels traversed by the path are enumerated. For example, if the path traverses 10 pixels, they are enumerated as pixel-1 , pixel-2, ... pixel-N. Based on the path loss vector over this path, a numerical gradient can be computed as illustrated in figure 5. The discrete gradient is computed on the set of path loss values for the pixels identified on the LoS (referred to as virtual trajectory in figure 5) on the basis of the following equation:

G R (p, r) = K∑» =2 \p(n) - p(n - (6) wherein p(n) represent the intensity of the power reported on the radio map at pixel n on the LoS, and the constant K represents a constant that converts the radio map pixel intensity to an actual power level.

In an embodiment, the selector 103 is configured to reduce the number of communication relays of the first subset of the plurality of communication relays 1 15a-e by discarding at least one communication relay from the first subset of the plurality of communication relays 1 15a-e, which does not meet a predefined set of requirements. In an embodiment, the predefined set of requirements can include, for instance, one or more parameters of a communication relay 1 15a-e, such as its minimum transmit power, its remaining battery power, its proximity to known malicious users/receivers and the like. In an embodiment, the selector 103 is further configured to rank the communication relays of the first subset of the plurality of communication relays 1 15a-e, in particular on the basis of a respective measure associated with the respective amount of transmission power each communication relay of the first subset of the plurality of communication relays 1 15a-e requires for transmitting the respective subset of the plurality of message components to the intended receiver 120a. In an embodiment, the selector 103 is further configured to select the first subset of the plurality of communication relays 1 15a-e on the basis of a predefined threshold defining the maximum number of communication relays of the first subset of the plurality of communication relays 1 15a-e. For instance, in an embodiment, the selector 103 can be configured to select the three communication relays from the plurality of communication relays 1 15a-e requiring the least transmission power for transmitting the respective subset of the plurality of message components to the intended receiver 120a. In another embodiment, the selector 103 can be configured to run an exhaustive search through the plurality of communication relays 1 15a-e in order to minimize the size of the critical area. This has the advantageous effect that the spatial areas, where an adversary can receive all message components necessary for reconstructing the original message, is minimized for a predefined number of communication relays. Alternatively, the selector 103 can be configured to run exhaustive search through the plurality of communication relays 1 15a-e on the basis of a fixed threshold size of the critical area minimizing the number of selected communication relays under the constraint the actual size of the critical area is smaller than the fixed threshold size or on the basis of a fixed threshold size of the critical area minimizing the total power of all selected communication relays required to relay all message components to the intended receiver 120a.

In an embodiment, the generator 101 is further configured to generate the plurality of message components on the basis of the number of communication relays of the first subset of the plurality of communication relays 1 15a-c. For instance, in the exemplary embodiment shown in figure 1 , where the first subset of the plurality of communication relays 1 15a-e comprises two communication relays, namely the communication relays 1 15a and 1 15b, the generator 101 can be configured to divide the message into two message components, which are necessary for reconstructing the message.

As already mentioned above, in embodiments of the invention the generator 101 can be further configured to secure the message components also by using cryptographic primitives. Let m be the message the base station 1 10 wishes to deliver to the intended receiver 120a. Let us assume that the message space consists of bit-strings of length n, i.e., m e {0,1 }". If that is not the case, a mapping can be found from the message space to bit-strings of a fixed length. Let £ be the number of communication relays of the first subset of the plurality of communication relays 1 15a-e. The nature of the message m is not limited in any way, for instance, it could be raw content as well as cryptographic key material exchanged for further purposes.

In an embodiment, the message m is a bit string of length n and the generator 101 is configured to generate the plurality of message components by generating a plurality of random bit strings η of respective length n and by generating an encrypted message using an XOR operation of the message m with the plurality of random bit strings η. More specifically, in an embodiment, the generator 101 generates £ -1 random bit-strings of length n, namely r r 2 , r-e ^. The generator 101 of the apparatus 100 then computes η = m ® r-i ® r 2 ® ... Θ r- .-i, wherein the symbol Θ denotes the XOR operation, and the distributor 1 1 1 of the base station sends for all / ' from 1 to i the respective message component η to the respective communication relay of the first set of the plurality of communication relays 1 15a-e. Thus, each communication relay of the first set of the plurality of communication relays 1 15a-e can transmit the received message component to the intended receiver 120a, which can then compute m = r-i ® r 2 ® ... ® r-e .-i ® r-e and recover the message.

It should be noted that only by receiving all message components r 1t r 2 , ... , r-e . r-e can the message m be reconstructed. Since this can only happen inside the critical area, if an adversary is outside of the critical area, this method is secure against passive attacks, i.e., eavesdropping. Furthermore, advantageously, the adversary recovers no partial information of the message even if the adversary is able to recover some of the message components. In particular, r 1t r 2 ,... , rt .-i are random bit-strings and therefore do not contain any information on the message m, and r-e is a one-time pad for the message m and therefore information-theoretically hides the message.

Furthermore, in an embodiment, the intended receiver 120a comprises an encryption key and a corresponding decryption key and the generator 101 is configured to encrypt the plurality of message components using the encryption key of the receiver 120a. More specifically, embodiments of the invention make use of a public-key encryption scheme Π comprising algorithms for key generation, encryption and decryption (herein referred to as GenKey, Enc and Dec). In an embodiment, each possible receiver can be equipped with a public key pk and a corresponding secret key sk, obtained by running the key generation algorithm GenKey. In an embodiment, the generator 101 is configured for all / ' from 1 to encrypt the message components r, with pk, and to forward c,=Enc(p/ ,/^ to the respective communication relays of the first set of the plurality of communication relays 1 15a-e. Each communication relay transmits the received ciphertext to the intended receiver 120a, who runs Dec using s/ on each received ciphertext and reconstructs the message. In this case only the intended receiver 120a can decrypt the message components using its secret key sk, and the message m can be reconstructed only upon receiving all ciphertexts encrypting the message components. By adding encryption, the security of the message communication protocol is strengthened against passive attacks to hold end-to-end (as opposed to just outside of the critical area). This means that even if an adversary receives all the encrypted message components, i.e., the adversary is in the critical area, the adversary cannot recover the message m, since the adversary does not know the secret key needed for decryption.

Furthermore, in an embodiment, the generator 101 is configured to digitally sign the plurality of message components. More specifically, embodiments of the invention make use of a digital signature scheme∑ consisting of algorithms for signature key generation, digitally signing and verifying the signature (herein referred to as Gen, Sign and Ver). Let {sigk, vk) denote, respectively, the signature and verification keys the generator 101 is equipped with by running Gen. The generator 101 is configured to sign each possibly encrypted message component of the plurality of message components using sigk before these are distributed by the distributor 1 1 1 to the to the first subset of the plurality of communication relays 1 15a-e, which forward each received signed message component to the intended receiver 120a. The intended receiver 120a can verify with the verification key vk each of the plurality of message components it receives from the first set of the plurality of communication relays 1 15a-e. By adding a signature to the plurality of

(possibly encrypted) message components message authentication is possible, i.e., the intended receiver 120a is guaranteed that, if the signature verifies, the signed material originates from the base station 1 10. This addition is a security enhancement since the resulting message communication protocol resists passive attacks as well as a class of active attacks, namely pollution attacks. Indeed, failure of a signature to verify allows the intended receiver 120a to detect that an adversary has injected a malicious message component so as to prevent the intended receiver 120a from reconstructing the correct message. Figure 6 shows a schematic diagram illustrating steps of a method 600 for controlling the transmission of a message from the transmitter 1 10 to the intended receiver 120a. The method 600 comprises the steps of generating 201 a plurality of message components on the basis of the message such that for reconstructing the message all of the plurality of message components have to be available; selecting 203 on the basis of the spatial position of the intended receiver 120a a first subset of a plurality of communication relays 1 15a-e, and allocating 205 a respective subset of the plurality of message components to each communication relay of the first subset of the plurality of communication relays 1 15a- e for transmitting the respective subset of the plurality of message components from the respective communication relay to the intended receiver 120a.

While a particular feature or aspect of the disclosure may have been disclosed with respect to only one of several implementations or embodiments, such feature or aspect may be combined with one or more other features or aspects of the other implementations or embodiments as may be desired and advantageous for any given or particular application. Furthermore, to the extent that the terms "include", "have", "with", or other variants thereof are used in either the detailed description or the claims, such terms are intended to be inclusive in a manner similar to the term "comprise". Also, the terms "exemplary", "for example" and "e.g." are merely meant as an example, rather than the best or optimal. The terms "coupled" and "connected", along with derivatives may have been used. It should be understood that these terms may have been used to indicate that two elements cooperate or interact with each other regardless whether they are in direct physical or electrical contact, or they are not in direct contact with each other. Although specific aspects have been illustrated and described herein, it will be

appreciated by those of ordinary skill in the art that a variety of alternate and/or equivalent implementations may be substituted for the specific aspects shown and described without departing from the scope of the present disclosure. This application is intended to cover any adaptations or variations of the specific aspects discussed herein.

Although the elements in the following claims are recited in a particular sequence with corresponding labeling, unless the claim recitations otherwise imply a particular sequence for implementing some or all of those elements, those elements are not necessarily intended to be limited to being implemented in that particular sequence. Many alternatives, modifications, and variations will be apparent to those skilled in the art in light of the above teachings. Of course, those skilled in the art readily recognize that there are numerous applications of the invention beyond those described herein. While the present invention has been described with reference to one or more particular embodiments, those skilled in the art recognize that many changes may be made thereto without departing from the scope of the present invention. It is therefore to be understood that within the scope of the appended claims and their equivalents, the invention may be practiced otherwise than as specifically described herein.