APPARATUS, METHOD AND COMPUTER PROGRAM FOR WIRELESS KEY

GENERATION

Field

The present application relates to a method, apparatus, system and computer program and in particular but not exclusively to physical layer security within 5G wireless communications systems.

Background

A communication system can be seen as a facility that enables communication sessions between two or more entities such as user terminals, base stations and/or other nodes by providing carriers between the various entities involved in the communications path. A communication system can be provided for example by means of a communication network and one or more compatible communication devices (also referred to as station or user equipment) and/or application servers. The communication sessions may comprise, for example, communication of data for carrying communications such as voice, video, electronic mail (email), text message, multimedia, content data, time-sensitive network (TSN) flows and/or data in an industrial application such as critical system messages between an actuator and a controller, critical sensor data (such as measurements, video feed etc.) towards a control system and so on. Non-limiting examples of services provided comprise two-way or multi-way calls, data communication or multimedia services and access to a data network system, such as the Internet.

In a wireless communication system at least a part of a communication session, for example, between at least two stations or between at least one station and at least one application server (e.g. for video), occurs over a wireless link. Examples of wireless systems comprise public land mobile networks (PLMN) operating based on 3GPP radio standards such as E-UTRA, New Radio, satellite based communication systems and different wireless local networks, for example wireless local area networks (WLAN). The wireless systems can typically be divided into cells, and are therefore often referred to as cellular systems.

A user can access the communication system by means of an appropriate communication device or terminal. A communication device of a user may be referred to as user equipment (UE) or user device. A communication device is provided with an appropriate signal receiving and transmitting apparatus for enabling communications, for example enabling access to a communication network or communications directly with other users. The communication device may access one or more carriers provided by the network, for example a base station of a cell, and transmit and/or receive communications on the one or more carriers.

The communication system and associated devices typically operate in accordance with a given standard or specification which sets out what the various entities associated with the system are permitted to do and how that should be achieved. Communication protocols and/or parameters which shall be used for the connection are also typically defined. One example of a communications system is UTRAN (3G radio). Other examples of communication systems are the long-term evolution (LTE) of the Universal Mobile Telecommunications System (UMTS) based on the E-UTRAN radio-access technology, and so-called 5G system (5GS) including the 5G or next generation core (NGC) and the 5G Access network based on the New Radio (NR) radio-access technology. 5GS including NR are being standardized by the 3rd Generation Partnership Project (3GPP).

The field of modern cryptography is divided into two schools: information-theoretic and complexity-based security. Current practical cryptographic implementations are complexity- based. Information-theoretic security is a fundamentally different paradigm based on information insufficiency and does not depend on computational hardness. In other words, it cannot be broken even if the adversary has unlimited computing power available to them. Since the adversary simply does not have enough information to break the encryption, the cryptosystems are considered effectively cryptanalytically-unbreakable when implemented correctly.

Summary

In a first aspect there is provided an apparatus within a communications network comprising a plurality of apparatus and a user equipment, the apparatus comprising means for: determining a channel estimate between the apparatus and the user equipment; receiving at least one further channel estimate between a respective further apparatus and the user equipment; generating a cryptographic key based on the channel estimate between the apparatus and the user equipment and the at least one further channel estimate between a respective further apparatus and the user equipment; and encrypting at least one message to be transmitted to the user equipment using the cryptographic key or decrypting at least one message received from the user equipment using the cryptographic key.

The means may be further for transmitting the encrypted at least one message to the user equipment following encrypting at least one message to be transmitted to the user equipment using the cryptographic key or transmitting the decrypted at least one message to a further network node following decrypting at least one message received from the user equipment using the cryptographic key.

The means may be further for validating the cryptographic key based on the channel estimate prior to encrypting at least one message to be transmitted to the user equipment using the cryptographic key or decrypting at least one message received from the user equipment using the cryptographic key.

The means for validating the cryptographic key based on the channel estimate may be for: generating at least one test message; encrypting the at least one test message using the cryptographic key; transmitting the at least one test message to the user equipment; and receiving at least one acknowledgement that the at least one test message has been correctly received by the user equipment and decrypted based on a cryptographic key generated by the user equipment based on channel estimates between the user equipment and the apparatus and channel estimates between the user equipment and the respective further apparatus as determined by the user equipment.

The means for validating the cryptographic key based on the channel estimate may be for: receiving at least one encrypted test message from the user equipment, the at least one encrypted test message having been encrypted by the user equipment using a cryptographic key generated by the user equipment based on channel estimates between the user equipment and the apparatus and channel estimates between the user equipment and the respective further apparatus as determined by the user equipment; decrypting the at least one encrypted test message based on the cryptographic key based on the channel estimate between the apparatus and the user equipment and the at least one further channel estimate between a respective further apparatus and the user equipment; verifying the decrypted at least one encrypted test message; and acknowledging the correct receipt of the at least one encrypted test message from the user equipment based on the verifying.

The means for receiving at least one further channel estimate between a respective further apparatus and the user equipment may be for at least one of: receiving at least one further channel estimate between a respective further apparatus and the user equipment via a backhaul communications link; receiving a selection of further channel estimates between respective further apparatus and the user equipment via a backhaul communications link; receiving a defined number of most significant bits of at least one further channel estimate between a respective further apparatus and the user equipment via a backhaul communications link; and receiving a defined number of most significant bits from a selection of further channel estimates between respective further apparatus and the user equipment via a backhaul communications link.

The means for may be further for transmitting to at least one further apparatus at least one of: the channel estimate between the apparatus and the user equipment for the at least one further apparatus to generate the cryptographic key; and a defined number of most significant bits of the channel estimate between the apparatus and the user equipment for the at least one further apparatus to generate the cryptographic key.

The means for generating a cryptographic key based on the channel estimate between the apparatus and the user equipment and the at least one further channel estimate between a respective further apparatus and the user equipment is further may be for at least one of: generating the cryptographic key based on a combination or concatenation of the channel estimate between the apparatus and the user equipment and the at least one further channel estimate between a respective further apparatus and the user equipment; generating the cryptographic key based on a combination or concatenation of the channel estimate between the apparatus and the user equipment and a selected sub-set of further channel estimates between further apparatus and the user equipment; generating the cryptographic key based on a combination or concatenation of a defined number of most significant bits of the channel estimate between the apparatus and the user equipment and received defined number of most significant bits of at least one further channel estimate between a respective further apparatus and the user equipment; generating the cryptographic key based on a stacking of the channel estimate between the apparatus and the user equipment and the at least one further channel estimate between a respective further apparatus and the user equipment; generating the cryptographic key based on a summing of the channel estimate between the apparatus and the user equipment and the at least one further channel estimate between a respective further apparatus and the user equipment; generating the cryptographic key based on an element wise product of the channel estimate between the apparatus and the user equipment and the at least one further channel estimate between a respective further apparatus and the user equipment; generating the cryptographic key based on a function applied to a selection of the elements of the channel estimate between the apparatus and the user equipment and the at least one further channel estimate between a respective further apparatus and the user equipment; generating the cryptographic key based on a function applied to channel estimates from a selection of the apparatus and the further apparatus; and generating the cryptographic key based on a function applied to channel estimates from a selection of antenna elements of the apparatus and the further apparatus.

The selection of the elements of the channel estimate between the apparatus and the user equipment and the at least one further channel estimate between a respective further apparatus and the user equipment may be at least one of: a selection of elements of the channel estimates above a determined threshold value; a selection of a determined number of the largest value elements of the channel estimates; a selection of a determined number of the largest value elements of the channel estimate above a determined threshold value; a selection of a defined bit range of the elements of the channel estimates. The at least one message to be transmitted to the user equipment using the cryptographic key may be a part of a message to be transmitted to the user equipment, wherein the part of the message is generated by an application of diversity-deficient low density parity check (LDPC) ensemble and a source splitter to the message to be transmitted to the user equipment, and wherein other parts of the message are generated by the application of diversity-deficient low density parity check (LDPC) ensemble and the source splitter to the message are received by the further apparatus.

The apparatus may be: a base station; evolved Node B; enhanced Node B; or next generation Node B.

According to a second aspect there is provided an apparatus within a communications network comprising the apparatus and a plurality of base stations, the apparatus comprising means for: determining a plurality of channel estimates between the apparatus and the plurality of base stations; generating a cryptographic key based on the channel estimates; and encrypting at least one message to be transmitted to at least one of the plurality of base stations using the cryptographic key or decrypting at least one message received from the at least one of the plurality of base stations using the cryptographic key.

The means may be further for transmitting the encrypted at least one message to the at least one of the plurality of base stations following encrypting the at least one message.

The means may be further for validating the cryptographic key based on the channel estimate prior to encrypting at least one message or decrypting at least one message.

The means for validating the cryptographic key based on the channel estimate may be for: generating at least one test message; encrypting the at least one test message using the cryptographic key; transmitting the at least one test message to at least one of the plurality of base stations; and receiving at least one acknowledgement that the at least one test message has been correctly received by the at least one of the plurality of base stations and decrypted based on a cryptographic key generated by the at least one of the plurality of base stations based on channel estimates between the apparatus and the at least one of the plurality of base stations and channel estimates between the apparatus and further apparatus of the plurality of base stations.

The means for validating the cryptographic key based on the channel estimate may be for: receiving at least one encrypted test message from the at least one of the plurality of base stations, the at least one encrypted test message having been encrypted by the at least one of the plurality of base stations using a cryptographic key generated by the at least one of the plurality of base stations based on channel estimates between the apparatus and the at least one of the plurality of base stations and channel estimates between the apparatus and further of the plurality of base stations; decrypting the at least one encrypted test message based on the cryptographic key based on the channel estimate between the apparatus and the at least one of the plurality of base stations and at least one further channel estimate between at least one further of the plurality of base stations and the apparatus; verifying the decrypted at least one encrypted test message; and acknowledging the correct receipt of the at least one encrypted test message from the at least one of the plurality of base stations based on the verifying.

The means for generating a cryptographic key based on the channel estimates may be further for at least one of: generating the cryptographic key based on a combination or concatenation of the channel estimates; generating the cryptographic key based on a combination or concatenation of selected sub-set of the channel estimates; generating the cryptographic key based on a combination or concatenation of a defined number of most significant bits of the channel estimates; generating the cryptographic key based on a stacking of the channel estimates; generating the cryptographic key based on a summing of the channel estimates; generating the cryptographic key based on an element wise product of the channel estimates; generating the cryptographic key based on a function applied to a selection of the elements of the channel estimates; generating the cryptographic key based on a function applied to channel estimates from a selection of the plurality of base stations; and generating the cryptographic key based on a function applied to channel estimates from a selection of antenna elements.

The selection of the elements of the channel estimates may be at least one of: a selection of elements of the channel estimates above a determined threshold value; a selection of a determined number of the largest value elements of the channel estimates; a selection of a determined number of the largest value elements of the channel estimate above a determined threshold value; and a selection of a defined bit range of the elements of the channel estimates.

The at least one message to be transmitted to the plurality of base stations using the cryptographic key may be split by an application of diversity-deficient low density parity check (LDPC) ensemble and a source splitter into a plurality of parts of the message prior to the encrypting, and wherein each encrypted part may be transmitted to a selected one of plurality of base stations.

The apparatus may be: a mobile device; a mobile station; a user equipment; or mobile communications device.

According to a third aspect there is provided a method for an apparatus within a communications network comprising a plurality of apparatus and a user equipment, the method comprising: determining a channel estimate between the apparatus and the user equipment; receiving at least one further channel estimate between a respective further apparatus and the user equipment; generating a cryptographic key based on the channel estimate between the apparatus and the user equipment and the at least one further channel estimate between a respective further apparatus and the user equipment; and encrypting at least one message to be transmitted to the user equipment using the cryptographic key or decrypting at least one message received from the user equipment using the cryptographic key.

The method may further comprise transmitting the encrypted at least one message to the user equipment following encrypting at least one message to be transmitted to the user equipment using the cryptographic key or transmitting the decrypted at least one message to a further network node following decrypting at least one message received from the user equipment using the cryptographic key.

The method may further comprise validating the cryptographic key based on the channel estimate prior to encrypting at least one message to be transmitted to the user equipment using the cryptographic key or decrypting at least one message received from the user equipment using the cryptographic key.

Validating the cryptographic key based on the channel estimate may further comprise: generating at least one test message; encrypting the at least one test message using the cryptographic key; transmitting the at least one test message to the user equipment; and receiving at least one acknowledgement that the at least one test message has been correctly received by the user equipment and decrypted based on a cryptographic key generated by the user equipment based on channel estimates between the user equipment and the apparatus and channel estimates between the user equipment and the respective further apparatus as determined by the user equipment.

Validating the cryptographic key based on the channel estimate may further comprise: receiving at least one encrypted test message from the user equipment, the at least one encrypted test message having been encrypted by the user equipment using a cryptographic key generated by the user equipment based on channel estimates between the user equipment and the apparatus and channel estimates between the user equipment and the respective further apparatus as determined by the user equipment; decrypting the at least one encrypted test message based on the cryptographic key based on the channel estimate between the apparatus and the user equipment and the at least one further channel estimate between a respective further apparatus and the user equipment; verifying the decrypted at least one encrypted test message; and acknowledging the correct receipt of the at least one encrypted test message from the user equipment based on the verifying.

Receiving at least one further channel estimate between a respective further apparatus and the user equipment may further comprise at least one of: receiving at least one further channel estimate between a respective further apparatus and the user equipment via a backhaul communications link; receiving a selection of further channel estimates between respective further apparatus and the user equipment via a backhaul communications link; receiving a defined number of most significant bits of at least one further channel estimate between a respective further apparatus and the user equipment via a backhaul communications link; and receiving a defined number of most significant bits from a selection of further channel estimates between respective further apparatus and the user equipment via a backhaul communications link.

The method may further comprise transmitting to at least one further apparatus at least one of: the channel estimate between the apparatus and the user equipment for the at least one further apparatus to generate the cryptographic key; and a defined number of most significant bits of the channel estimate between the apparatus and the user equipment for the at least one further apparatus to generate the cryptographic key.

Generating a cryptographic key based on the channel estimate between the apparatus and the user equipment and the at least one further channel estimate between a respective further apparatus and the user equipment is further may further comprise at least one of: generating the cryptographic key based on a combination or concatenation of the channel estimate between the apparatus and the user equipment and the at least one further channel estimate between a respective further apparatus and the user equipment; generating the cryptographic key based on a combination or concatenation of the channel estimate between the apparatus and the user equipment and a selected sub-set of further channel estimates between further apparatus and the user equipment; generating the cryptographic key based on a combination or concatenation of a defined number of most significant bits of the channel estimate between the apparatus and the user equipment and received defined number of most significant bits of at least one further channel estimate between a respective further apparatus and the user equipment; generating the cryptographic key based on a stacking of the channel estimate between the apparatus and the user equipment and the at least one further channel estimate between a respective further apparatus and the user equipment; generating the cryptographic key based on a summing of the channel estimate between the apparatus and the user equipment and the at least one further channel estimate between a respective further apparatus and the user equipment; generating the cryptographic key based on an element wise product of the channel estimate between the apparatus and the user equipment and the at least one further channel estimate between a respective further apparatus and the user equipment; generating the cryptographic key based on a function applied to a selection of the elements of the channel estimate between the apparatus and the user equipment and the at least one further channel estimate between a respective further apparatus and the user equipment; generating the cryptographic key based on a function applied to channel estimates from a selection of the apparatus and the further apparatus; and generating the cryptographic key based on a function applied to channel estimates from a selection of antenna elements of the apparatus and the further apparatus. The selection of the elements of the channel estimate between the apparatus and the user equipment and the at least one further channel estimate between a respective further apparatus and the user equipment may be at least one of: a selection of elements of the channel estimates above a determined threshold value; a selection of a determined number of the largest value elements of the channel estimates; a selection of a determined number of the largest value elements of the channel estimate above a determined threshold value; a selection of a defined bit range of the elements of the channel estimates.

The at least one message to be transmitted to the user equipment using the cryptographic key may be a part of a message to be transmitted to the user equipment, wherein the part of the message is generated by an application of diversity-deficient low density parity check (LDPC) ensemble and a source splitter to the message to be transmitted to the user equipment, and wherein other parts of the message are generated by the application of diversity-deficient low density parity check (LDPC) ensemble and the source splitter to the message are received by the further apparatus.

The apparatus may be: a base station; evolved Node B; enhanced Node B; or next generation Node B.

According to a fourth aspect there is provided a method for an apparatus within a communications network comprising the apparatus and a plurality of base stations, the method comprising: determining a plurality of channel estimates between the apparatus and the plurality of base stations; generating a cryptographic key based on the channel estimates; and encrypting at least one message to be transmitted to at least one of the plurality of base stations using the cryptographic key or decrypting at least one message received from the at least one of the plurality of base stations using the cryptographic key.

The method may further comprise transmitting the encrypted at least one message to the at least one of the plurality of base stations following encrypting the at least one message.

The method may further comprise validating the cryptographic key based on the channel estimate prior to encrypting at least one message or decrypting at least one message.

Validating the cryptographic key based on the channel estimate may further comprise: generating at least one test message; encrypting the at least one test message using the cryptographic key; transmitting the at least one test message to at least one of the plurality of base stations; and receiving at least one acknowledgement that the at least one test message has been correctly received by the at least one of the plurality of base stations and decrypted based on a cryptographic key generated by the at least one of the plurality of base stations based on channel estimates between the apparatus and the at least one of the plurality of base stations and channel estimates between the apparatus and further apparatus of the plurality of base stations. Validating the cryptographic key based on the channel estimate may further comprise: receiving at least one encrypted test message from the at least one of the plurality of base stations, the at least one encrypted test message having been encrypted by the at least one of the plurality of base stations using a cryptographic key generated by the at least one of the plurality of base stations based on channel estimates between the apparatus and the at least one of the plurality of base stations and channel estimates between the apparatus and further of the plurality of base stations; decrypting the at least one encrypted test message based on the cryptographic key based on the channel estimate between the apparatus and the at least one of the plurality of base stations and at least one further channel estimate between at least one further of the plurality of base stations and the apparatus; verifying the decrypted at least one encrypted test message; and acknowledging the correct receipt of the at least one encrypted test message from the at least one of the plurality of base stations based on the verifying.

Generating a cryptographic key based on the channel estimates may further comprise at least one of: generating the cryptographic key based on a combination or concatenation of the channel estimates; generating the cryptographic key based on a combination or concatenation of selected sub-set of the channel estimates; generating the cryptographic key based on a combination or concatenation of a defined number of most significant bits of the channel estimates; generating the cryptographic key based on a stacking of the channel estimates; generating the cryptographic key based on a summing of the channel estimates; generating the cryptographic key based on an element wise product of the channel estimates; generating the cryptographic key based on a function applied to a selection of the elements of the channel estimates; generating the cryptographic key based on a function applied to channel estimates from a selection of the plurality of base stations; and generating the cryptographic key based on a function applied to channel estimates from a selection of antenna elements.

The selection of the elements of the channel estimates may be at least one of: a selection of elements of the channel estimates above a determined threshold value; a selection of a determined number of the largest value elements of the channel estimates; a selection of a determined number of the largest value elements of the channel estimate above a determined threshold value; and a selection of a defined bit range of the elements of the channel estimates.

The at least one message to be transmitted to the plurality of base stations using the cryptographic key may be split by an application of diversity-deficient low density parity check (LDPC) ensemble and a source splitter into a plurality of parts of the message prior to the encrypting, and wherein each encrypted part may be transmitted to a selected one of plurality of base stations. The apparatus may be: a mobile device; a mobile station; a user equipment; or mobile communications device.

According to a fifth aspect there is provided an apparatus within a communications network comprising a plurality of apparatus and a user equipment, the apparatus comprising at least one processor and at least one memory including a computer program code, the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus at least to: determine a channel estimate between the apparatus and the user equipment; receive at least one further channel estimate between a respective further apparatus and the user equipment; generate a cryptographic key based on the channel estimate between the apparatus and the user equipment and the at least one further channel estimate between a respective further apparatus and the user equipment; and encrypt at least one message to be transmitted to the user equipment using the cryptographic key or decrypting at least one message received from the user equipment using the cryptographic key.

The apparatus may be further caused to transmit the encrypted at least one message to the user equipment following encrypting at least one message to be transmitted to the user equipment using the cryptographic key or transmitting the decrypted at least one message to a further network node following decrypting at least one message received from the user equipment using the cryptographic key.

The apparatus may be further caused to validate the cryptographic key based on the channel estimate prior to encrypting at least one message to be transmitted to the user equipment using the cryptographic key or decrypting at least one message received from the user equipment using the cryptographic key.

The apparatus caused to validate the cryptographic key based on the channel estimate may be further caused to: generate at least one test message; encrypt the at least one test message using the cryptographic key; transmit the at least one test message to the user equipment; and receive at least one acknowledgement that the at least one test message has been correctly received by the user equipment and decrypted based on a cryptographic key generated by the user equipment based on channel estimates between the user equipment and the apparatus and channel estimates between the user equipment and the respective further apparatus as determined by the user equipment.

The apparatus caused to validate the cryptographic key based on the channel estimate may further be caused to: receive at least one encrypted test message from the user equipment, the at least one encrypted test message having been encrypted by the user equipment using a cryptographic key generated by the user equipment based on channel estimates between the user equipment and the apparatus and channel estimates between the user equipment and the respective further apparatus as determined by the user equipment; decrypt the at least one encrypted test message based on the cryptographic key based on the channel estimate between the apparatus and the user equipment and the at least one further channel estimate between a respective further apparatus and the user equipment; verify the decrypted at least one encrypted test message; and acknowledge the correct receipt of the at least one encrypted test message from the user equipment based on the verifying.

The apparatus caused to receive at least one further channel estimate between a respective further apparatus and the user equipment may further be caused to perform at least one of: receive at least one further channel estimate between a respective further apparatus and the user equipment via a backhaul communications link; receive a selection of further channel estimates between respective further apparatus and the user equipment via a backhaul communications link; receive a defined number of most significant bits of at least one further channel estimate between a respective further apparatus and the user equipment via a backhaul communications link; and receive a defined number of most significant bits from a selection of further channel estimates between respective further apparatus and the user equipment via a backhaul communications link.

The apparatus may further be caused to transmit to at least one further apparatus at least one of: the channel estimate between the apparatus and the user equipment for the at least one further apparatus to generate the cryptographic key; and a defined number of most significant bits of the channel estimate between the apparatus and the user equipment for the at least one further apparatus to generate the cryptographic key.

The apparatus caused to generate a cryptographic key based on the channel estimate between the apparatus and the user equipment and the at least one further channel estimate between a respective further apparatus and the user equipment is further may further be caused to perform at least one of: generate the cryptographic key based on a combination or concatenation of the channel estimate between the apparatus and the user equipment and the at least one further channel estimate between a respective further apparatus and the user equipment; generate the cryptographic key based on a combination or concatenation of the channel estimate between the apparatus and the user equipment and a selected sub-set of further channel estimates between further apparatus and the user equipment; generate the cryptographic key based on a combination or concatenation of a defined number of most significant bits of the channel estimate between the apparatus and the user equipment and received defined number of most significant bits of at least one further channel estimate between a respective further apparatus and the user equipment; generate the cryptographic key based on a stacking of the channel estimate between the apparatus and the user equipment and the at least one further channel estimate between a respective further apparatus and the user equipment; generate the cryptographic key based on a summing of the channel estimate between the apparatus and the user equipment and the at least one further channel estimate between a respective further apparatus and the user equipment; generate the cryptographic key based on an element wise product of the channel estimate between the apparatus and the user equipment and the at least one further channel estimate between a respective further apparatus and the user equipment; generate the cryptographic key based on a function applied to a selection of the elements of the channel estimate between the apparatus and the user equipment and the at least one further channel estimate between a respective further apparatus and the user equipment; generate the cryptographic key based on a function applied to channel estimates from a selection of the apparatus and the further apparatus; and generate the cryptographic key based on a function applied to channel estimates from a selection of antenna elements of the apparatus and the further apparatus.

The selection of the elements of the channel estimate between the apparatus and the user equipment and the at least one further channel estimate between a respective further apparatus and the user equipment may be at least one of: a selection of elements of the channel estimates above a determined threshold value; a selection of a determined number of the largest value elements of the channel estimates; a selection of a determined number of the largest value elements of the channel estimate above a determined threshold value; a selection of a defined bit range of the elements of the channel estimates.

The at least one message to be transmitted to the user equipment using the cryptographic key may be a part of a message to be transmitted to the user equipment, wherein the part of the message is generated by an application of diversity-deficient low density parity check (LDPC) ensemble and a source splitter to the message to be transmitted to the user equipment, and wherein other parts of the message are generated by the application of diversity-deficient low density parity check (LDPC) ensemble and the source splitter to the message are received by the further apparatus.

The apparatus may be: a base station; evolved Node B; enhanced Node B; or next generation Node B.

According to a sixth aspect there is provided an apparatus within a communications network comprising the apparatus and a plurality of base stations, the apparatus comprising at least one processor and at least one memory including a computer program code, the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus at least to: determine a plurality of channel estimates between the apparatus and the plurality of base stations; generate a cryptographic key based on the channel estimates; and encrypt at least one message to be transmitted to at least one of the plurality of base stations using the cryptographic key or decrypting at least one message received from the at least one of the plurality of base stations using the cryptographic key. The apparatus may be further caused to transmit the encrypted at least one message to the at least one of the plurality of base stations following encrypting the at least one message.

The apparatus may further be caused to validate the cryptographic key based on the channel estimate prior to encrypting at least one message or decrypting at least one message.

The apparatus caused to validate the cryptographic key based on the channel estimate may further be caused to: generate at least one test message; encrypt the at least one test message using the cryptographic key; transmit the at least one test message to at least one of the plurality of base stations; and receive at least one acknowledgement that the at least one test message has been correctly received by the at least one of the plurality of base stations and decrypted based on a cryptographic key generated by the at least one of the plurality of base stations based on channel estimates between the apparatus and the at least one of the plurality of base stations and channel estimates between the apparatus and further apparatus of the plurality of base stations.

The apparatus caused to validate the cryptographic key based on the channel estimate may further be caused to: receive at least one encrypted test message from the at least one of the plurality of base stations, the at least one encrypted test message having been encrypted by the at least one of the plurality of base stations using a cryptographic key generated by the at least one of the plurality of base stations based on channel estimates between the apparatus and the at least one of the plurality of base stations and channel estimates between the apparatus and further of the plurality of base stations; decrypt the at least one encrypted test message based on the cryptographic key based on the channel estimate between the apparatus and the at least one of the plurality of base stations and at least one further channel estimate between at least one further of the plurality of base stations and the apparatus; verify the decrypted at least one encrypted test message; and acknowledge the correct receipt of the at least one encrypted test message from the at least one of the plurality of base stations based on the verifying.

The apparatus caused to generate a cryptographic key based on the channel estimates may further be caused to perform at least one of: generate the cryptographic key based on a combination or concatenation of the channel estimates; generate the cryptographic key based on a combination or concatenation of selected sub-set of the channel estimates; generate the cryptographic key based on a combination or concatenation of a defined number of most significant bits of the channel estimates; generate the cryptographic key based on a stacking of the channel estimates; generate the cryptographic key based on a summing of the channel estimates; generate the cryptographic key based on an element wise product of the channel estimates; generate the cryptographic key based on a function applied to a selection of the elements of the channel estimates; generate the cryptographic key based on a function applied to channel estimates from a selection of the plurality of base stations; and generate the cryptographic key based on a function applied to channel estimates from a selection of antenna elements.

The selection of the elements of the channel estimates may be at least one of: a selection of elements of the channel estimates above a determined threshold value; a selection of a determined number of the largest value elements of the channel estimates; a selection of a determined number of the largest value elements of the channel estimate above a determined threshold value; and a selection of a defined bit range of the elements of the channel estimates.

The at least one message to be transmitted to the plurality of base stations using the cryptographic key may be split by an application of diversity-deficient low density parity check (LDPC) ensemble and a source splitter into a plurality of parts of the message prior to the encrypting, and wherein each encrypted part may be transmitted to a selected one of plurality of base stations.

The apparatus may be: a mobile device; a mobile station; a user equipment; or mobile communications device.

According to a seventh aspect there is provided an apparatus within a communications network comprising a plurality of apparatus and a user equipment, the apparatus comprising: determining circuitry configured to determine a channel estimate between the apparatus and the user equipment; receiving circuitry configured to receive at least one further channel estimate between a respective further apparatus and the user equipment; key generating circuitry configured to generate a cryptographic key based on the channel estimate between the apparatus and the user equipment and the at least one further channel estimate between a respective further apparatus and the user equipment; and encrypting/decrypting circuitry configured to encrypt at least one message to be transmitted to the user equipment using the cryptographic key or decrypting at least one message received from the user equipment using the cryptographic key.

According to an eighth aspect there is provided an apparatus within a communications network comprising the apparatus and a plurality of base stations, the apparatus comprising: channel determining circuitry configured to determine a plurality of channel estimates between the apparatus and the plurality of base stations; key generating circuitry configured to generate a cryptographic key based on the channel estimates; and encrypting/decrypting circuitry configured to encrypt at least one message to be transmitted to at least one of the plurality of base stations using the cryptographic key or decrypting at least one message received from the at least one of the plurality of base stations using the cryptographic key.

According to a ninth aspect there is provided a computer program comprising instructions [or a computer readable medium comprising program instructions] for causing an apparatus within a communications network comprising a plurality of apparatus and a user equipment to perform at least the following: determining a channel estimate between the apparatus and the user equipment; receiving at least one further channel estimate between a respective further apparatus and the user equipment; generating a cryptographic key based on the channel estimate between the apparatus and the user equipment and the at least one further channel estimate between a respective further apparatus and the user equipment; and encrypting at least one message to be transmitted to the user equipment using the cryptographic key or decrypting at least one message received from the user equipment using the cryptographic key.

According to a tenth aspect there is provided a computer program comprising instructions [or a computer readable medium comprising program instructions] for causing an apparatus within a communications network comprising the apparatus and a plurality of base stations to perform at least the following: determining a plurality of channel estimates between the apparatus and the plurality of base stations; generating a cryptographic key based on the channel estimates; and encrypting at least one message to be transmitted to at least one of the plurality of base stations using the cryptographic key or decrypting at least one message received from the at least one of the plurality of base stations using the cryptographic key.

According to an eleventh aspect there is provided a non-transitory computer readable medium comprising program instructions for causing an apparatus within a communications network comprising a plurality of apparatus and a user equipment to perform at least the following: determining a channel estimate between the apparatus and the user equipment; receiving at least one further channel estimate between a respective further apparatus and the user equipment; generating a cryptographic key based on the channel estimate between the apparatus and the user equipment and the at least one further channel estimate between a respective further apparatus and the user equipment; and encrypting at least one message to be transmitted to the user equipment using the cryptographic key or decrypting at least one message received from the user equipment using the cryptographic key.

According to a twelfth aspect there is provided a non-transitory computer readable medium comprising program instructions for causing an apparatus within a communications network comprising the apparatus and a plurality of base stations to perform at least the following: determining a plurality of channel estimates between the apparatus and the plurality of base stations; generating a cryptographic key based on the channel estimates; and encrypting at least one message to be transmitted to at least one of the plurality of base stations using the cryptographic key or decrypting at least one message received from the at least one of the plurality of base stations using the cryptographic key.

According to a thirteenth aspect there is provided an apparatus within a communications network comprising a plurality of apparatus and a user equipment, the apparatus comprising: means for determining a channel estimate between the apparatus and the user equipment; receiving at least one further channel estimate between a respective further apparatus and the user equipment; means for generating a cryptographic key based on the channel estimate between the apparatus and the user equipment and the at least one further channel estimate between a respective further apparatus and the user equipment; and means for encrypting at least one message to be transmitted to the user equipment using the cryptographic key or means for decrypting at least one message received from the user equipment using the cryptographic key.

According to a fourteenth aspect there is provided an apparatus within a communications network comprising the apparatus and a plurality of base stations, the apparatus comprising: means for determining a plurality of channel estimates between the apparatus and the plurality of base stations; means for generating a cryptographic key based on the channel estimates; and means for encrypting at least one message to be transmitted to at least one of the plurality of base stations using the cryptographic key or means for decrypting at least one message received from the at least one of the plurality of base stations using the cryptographic key.

According to a fifteenth aspect there is provided a computer readable medium comprising program instructions for causing an apparatus within a communications network comprising a plurality of apparatus and a user equipment to perform at least the following: determining a channel estimate between the apparatus and the user equipment; receiving at least one further channel estimate between a respective further apparatus and the user equipment; generating a cryptographic key based on the channel estimate between the apparatus and the user equipment and the at least one further channel estimate between a respective further apparatus and the user equipment; and encrypting at least one message to be transmitted to the user equipment using the cryptographic key or decrypting at least one message received from the user equipment using the cryptographic key.

According to a sixteenth aspect there is provided a computer readable medium comprising program instructions for causing an apparatus within a communications network comprising the apparatus and a plurality of base stations to perform at least the following: determining a plurality of channel estimates between the apparatus and the plurality of base stations; generating a cryptographic key based on the channel estimates; and encrypting at least one message to be transmitted to at least one of the plurality of base stations using the cryptographic key or decrypting at least one message received from the at least one of the plurality of base stations using the cryptographic key.

In the above statements, many different embodiments have been described. It should be appreciated that further embodiments may be provided by the combination of any two or more of the embodiments described above. Description of Figures

Embodiments will now be described, by way of example only, with reference to the accompanying Figures in which:

Figure 1 shows a schematic diagram of an example communication system comprising a base station and a plurality of communication devices;

Figure 2 shows a schematic diagram of an example mobile communication device;

Figure 3 shows a schematic diagram of an example control apparatus;

Figure 4 shows a schematic diagram of backhaul enhanced encryption system according to some embodiments;

Figure 5 shows a flowchart of a method according to an example operation of the system as shown in Figure 4 according to some embodiments; and

Figure 6 shows a flowchart of a method of confirming key symmetry when using the system as shown in Figure 4 according to some embodiments.

Detailed description

Before explaining in detail the examples, certain general principles of a wireless communication system and mobile communication devices are briefly explained with reference to Figures 1 to 3 to assist in understanding the technology underlying the described examples.

In a wireless communication system 100, such as that shown in figure 1 , mobile communication devices or user equipment (UE) 102, 104, 105 are provided wireless access via at least one base station (e.g. next generation NB, gNB) or similar wireless transmitting and/or receiving node or point. Base stations may be controlled or assisted by at least one appropriate controller apparatus, so as to enable operation thereof and management of mobile communication devices in communication with the base stations. The controller apparatus may be located in a radio access network (e.g. wireless communication system 100) or in a core network (CN) (not shown) and may be implemented as one central apparatus or its functionality may be distributed over several apparatuses. The controller apparatus may be part of the base station and/or provided by a separate entity such as a Radio Network Controller. In Figure 1 control apparatus 108 and 109 are shown to control the respective macro level base stations 106 and 107. The control apparatus of a base station can be interconnected with other control entities. The control apparatus is typically provided with memory capacity and at least one data processor. The control apparatus and functions may be distributed between a plurality of control units. In some systems, the control apparatus may additionally or alternatively be provided in a radio network controller. In Figure 1 base stations 106 and 107 are shown as connected to a wider communications network 1 13 via gateway 1 12. A further gateway function may be provided to connect to another network.

The smaller base stations 1 16, 1 18 and 120 may also be connected to the network 1 13, for example by a separate gateway function and/or via the controllers of the macro level stations. The base stations 1 16, 1 18 and 120 may be pico or femto level base stations or the like. In the example, stations 1 16 and 1 18 are connected via a gateway 1 1 1 whilst station 120 connects via the controller apparatus 108. In some embodiments, the smaller stations may not be provided. Smaller base stations 1 16, 1 18 and 120 may be part of a second network, for example WLAN and may be WLAN APs.

The communication devices 102, 104, 105 may access the communication system based on various access techniques, such as code division multiple access (CDMA), or wideband CDMA (WCDMA). Other non-limiting examples comprise time division multiple access (TDMA), frequency division multiple access (FDMA) and various schemes thereof such as the interleaved frequency division multiple access (IFDMA), single carrier frequency division multiple access (SC-FDMA) and orthogonal frequency division multiple access (OFDMA), space division multiple access (SDMA) and so on.

An example of wireless communication systems are architectures standardized by the 3rd Generation Partnership Project (3GPP). One3GPP based development is often referred to as the long term evolution (LTE) of the Universal Mobile Telecommunications System (UMTS) radio-access technology. The various development stages of the 3GPP specifications are referred to as releases. More recent developments of the LTE are often referred to as LTE Advanced (LTE-A). The LTE (LTE-A) employs a radio mobile architecture known as the Evolved Universal Terrestrial Radio Access Network (E-UTRAN) and a core network known as the Evolved Packet Core (EPC). Base stations of such systems are known as evolved or enhanced Node Bs (eNBs) and provide E-UTRAN features such as user plane Packet Data Convergence/Radio Link Control/Medium Access Control/Physical layer protocol (PDCP/RLC/MAC/PHY) and control plane Radio Resource Control (RRC) protocol terminations towards the communication devices. Other examples of radio access system comprise those provided by base stations of systems that are based on technologies such as wireless local area network (WLAN) and/or WiMax (Worldwide Interoperability for Microwave Access). A base station can provide coverage for an entire cell or similar radio service area. Core network elements include Mobility Management Entity (MME), Serving Gateway (S-GW) and Packet Gateway (P-GW).

An example of a suitable communications system is the 5G or NR concept. Network architecture in NR may be similar to that of LTE-advanced. Base stations of NR systems may be known as next generation Node Bs (gNBs). Changes to the network architecture may depend on the need to support various radio technologies and finer QoS support, and some on-demand requirements for e.g. QoS levels to support QoE of user point of view. New functions are defined in the 5G system architecture, including an Access Management Function (AMF), Session Management Function (SMF), User Plane Function (UPF), among other network functions in the Next Generation Core (NGC). The 5G System supports new capabilities, including network slicing which may better tailor networks to application requirements and provide virtual networks for tenants. It also uses a services-based architecture the provides greaterflexibility for introducing new services and features compared to the EPC which relied on fixed, peer-peer reference points. NR may use multiple input - multiple output (MIMO) antennas, many more base stations or nodes than the LTE (a so- called small cell concept), including macro sites operating in co-operation with smaller stations and perhaps also employing a variety of radio technologies for better coverage and enhanced data rates. MR may also support lower latency for air-interface transmission due to revisions in physical and MAC layer protocols.

Future networks may utilise network functions virtualization (NFV) which is a network architecture concept that proposes virtualizing network node functions into“building blocks” or entities that may be operationally connected or linked together to provide services. A virtualized network function (VNF) may comprise one or more virtual machines running computer program codes using standard or general type servers instead of customized hardware. Cloud computing or data storage may also be utilized. In radio communications this may mean node operations to be carried out, by a Centralized Unit (CU) at least partly, in a server, host or node operationally coupled to Distributed Unit (DU), which may connect to a remote radio head (RRH). It is also possible that node operations will be distributed among a plurality of servers, nodes or hosts. It should also be understood that the distribution of labour between core network operations and base station operations may differ from that of the LTE or even be non-existent.

An example 5G core network (CN) comprises functional entities. The CN is connected to a UE via the radio access network (RAN). An UPF (User Plane Function) which may be a PSA (PDU Session Anchor) providing an anchor point for user IP, Ethernet or Unstructured user data sessions. The UPF may be responsible for forwarding frames back and forth between the DN (data network) and the gNBs through tunnels established over transport networks towards the UE(s) that want to exchange traffic with the DN.

The UPF is controlled by an SMF (Session Management Function) that receives policies from a PCF (Policy Control Function). The CN may also include an AMF (Access & Mobility Function) which terminates the control plane interface with the RAN and manages UE registrations and mobility. A possible mobile communication device will now be described in more detail with reference to Figure 2 showing a schematic, partially sectioned view of a communication device 200. Such a communication device is often referred to as user equipment (UE) or terminal. An appropriate mobile communication device may be provided by any device capable of sending and receiving radio signals. Non-limiting examples comprise a mobile station (MS) or mobile device such as a mobile phone or what is known as a’smart phone’, a computer provided with a wireless interface card or other wireless interface facility (e.g., USB dongle), personal data assistant (PDA) or a tablet provided with wireless communication capabilities, or any combinations of these or the like. A mobile communication device may provide, for example, communication of data for carrying communications such as voice, electronic mail (email), text message, multimedia and so on. Users may thus be offered and provided numerous services via their communication devices. Non-limiting examples of these services comprise two-way or multi-way calls, data communication or multimedia services or simply an access to a data communications network system, such as the Internet. Users may also be provided broadcast or multicast data. Non-limiting examples of the content comprise downloads, television and radio programs, videos, advertisements, various alerts and other information.

In an industrial application a communication device may be a modem integrated into an industrial actuator (e.g. a robot arm) and/or a modem acting as an Ethernet-hub that will act as a connection point for one or several connected Ethernet devices (which connection may be wired or unwired).

A mobile device is typically provided with at least one data processing entity 201 , at least one memory 202 and other possible components 203 for use in software and hardware aided execution of tasks it is designed to perform, including control of access to and communications with access systems and other communication devices. The data processing, storage and other relevant control apparatus can be provided on an appropriate circuit board and/or in chipsets. This feature is denoted by reference 204. The user may control the operation of the mobile device by means of a suitable user interface such as key pad 205, voice commands, touch sensitive screen or pad, combinations thereof or the like. A display 208, a speaker and a microphone can be also provided. Furthermore, a mobile communication device may comprise appropriate connectors (either wired or wireless) to other devices and/or for connecting external accessories, for example hands-free equipment, thereto.

The mobile device 200 may receive signals over an air or radio interface 207 via appropriate apparatus for receiving and may transmit signals via appropriate apparatus for transmitting radio signals. In Figure 2 transceiver apparatus is designated schematically by block 206. The transceiver apparatus 206 may be provided for example by means of a radio part and associated antenna arrangement. The antenna arrangement may be arranged internally or externally to the mobile device. Figure 3 shows an example embodiment of a control apparatus for a communication system, for example to be coupled to and/or for controlling a station of an access system, such as a RAN node, e.g. a base station, eNB or gNB, a relay node or a core network node such as an MME or S-GW or P-GW, or a core network function such as AMF/SMF, or a server or host. The method may be implanted in a single control apparatus or across more than one control apparatus. The control apparatus may be integrated with or external to a node or module of a core network or RAN. In some embodiments, base stations comprise a separate control apparatus unit or module. In other embodiments, the control apparatus can be another network element such as a radio network controller or a spectrum controller. In some embodiments, each base station may have such a control apparatus, such as a CU Control Plane (CU-CP) as well as a control apparatus being provided in a radio network controller. The control apparatus 250 can be arranged to provide control on communications in the service area of the system. The control apparatus 250 comprises at least one memory 251 , at least one data processing unit 252, 253 and an input/output interface 254. Via the interface the control apparatus can be coupled to a receiver and a transmitter of the base station. The receiver and/or the transmitter may be implemented as a radio front end or a remote radio head.

The concept as discussed in the embodiments hereafter is a scheme which enables Physical-Layer Security (PLS) - that is, security based on information theory - to complement and improve the communication security of wireless networks. This scheme is particularly useful in networks as described above.

In particular the concept is one in which a secret key is established that exploits the uniqueness of the wireless channel between two nodes, such as interference, and the time- varying nature of fading channels. The embodiments furthermore guarantee secrecy of wireless communication based on established secret conventions (i.e., the use of a shared cryptographic key to encrypt and decrypt messages between nodes).

Physical layer security (PLS) exploits the intrinsic randomness of the transmission channel (i.e. the uniqueness of the channel model) between two physical positions in space and time (physical parameters randomly evolve on a less-than-a-second basis) to guarantee the security.

PLS is a good alternative to conventional security protocols at higher levels in the sense that there is no requirement for a priori key-distribution (i.e. no extra information exchange is needed which is itself subject to potential eavesdropping) to ensure secrecy of a wireless communication link. PLS systems can be advantageous over conventional symmetric-key cryptosystems in that although the symmetric key implementations are generally computationally efficient, PLS systems do not introduce a delay in the transmission (e.g. usually because of block enciphering in symmetric-key systems), and PLS systems as discussed in the embodiments hereafter do not experience a decrease in the throughput of the communications link.

Embodiments implementing the PLS methods as discussed hereafter furthermore are not generally as computationally expensive as conventional Public-key algorithms. Additionally, the embodiments implemented the PLS methods may experience shorter delays or latency and furthermore have an increased throughput when compared to Public-key algorithms.

Additionally, PLS methods may in some embodiments be more efficiently implemented than conventional encryption on small embedded nodes as they require lower computational and power requirements. PLS methods are thus particularly promising when implemented in Internet-of-Things (loT) nodes. Currently loT system security has not been prioritized and has only recently progressed from a nice-to-have option (this holds for embedded solutions as well as for communication standards) to a must-have because of numerous attacks, e.g., against networked cars or medical devices.

One of the most promising potential 5G technologies under consideration is the use of high-frequency signals in the millimetre-wave (mm-wave) frequency band that could allocate more bandwidth to deliver faster, higher-quality video and multimedia content. Comparing mm-wave networks to conventional micro-wave networks, mm-wave networks have various new characteristics such as larger numbers of antennas, short range and highly directional transmissions, different sensitivity to blockage effects, etc. These mm-wave communications characteristics can be seen as new means which can be used to secure a communication link. For example by using the ultra-narrow beams this can reduce the possibility of eavesdropping.

Security protocols currently implemented at higher levels for wireless communication secrecy are vulnerable to interception attacks, also known as man-in-the-middle attacks. Attacks of this kind have been demonstrated on previously implemented wireless networks versions up to 4G, and, currently there have been no specific 5G mechanisms in the authentication protocol of 5G releases (i.e. 5G AKA) proposed which provide a satisfactory yet elegant solution.

Although PLS is not by design resilient to such attacks, utilizing the principles of PLS and mm-wave technologies appropriately may provide a secure system that can guarantee secrecy of wireless communication.

The embodiments herein describe new and robust security protocols based on PLS. These embodiments may improve the application level implemented protocols in terms of efficiency and security for wireless communications implementing 5G protocols. The embodiments enable physical layer security to be implemented as an additional level of protection on top of the existing security schemes. As such, these embodiments can form part of an integrated security solution that efficiently safeguards the confidentiality and privacy of communication data in 5G wireless networks.

With respect to Figure 4 is shown a schematic view of an example configuration for the implementation of proposed PLS implementation embodiments. In these embodiments a sender (transmitter) of a message is called Bob 303, a legitimate receiver is called Alice 301 and a potential eavesdropper is called Eve 305. In this example Alice 301 is using a suitable user equipment or may be an application or program or instance implemented on a suitable user equipment (UE) as described previously.

The embodiments implement a scheme which enables Physical-Layer Security (PLS), security based on information theory, to complement and improve communication security of wireless networks.

Furthermore the embodiments describe a scheme for seamlessly establishing a secret-key by exploiting the uniqueness of the wireless channel between two nodes. This uniqueness may be expressed by parameters such as interference, and time-varying fading channels.

In Figure 4 Alice 301 and Bob 303 want to communicate through a secure and secret channel of communication. Alice 301 is configured to receive information from N base stations (BS) in her neighbourhood/vicinity. In the example shown in Figure 4 there are 3 base stations BS1 31 1 , BS2 313 and BS3 315, however in some embodiments N may be more than or less than 3. In this example N is the number of transmission points involved in the communication. As an example, N can also be the number of serving cells in a multi-connectivity configuration or multi-connectivity communication. In these embodiments there are communication links between the base stations. Thus for example with respect to Figure 4 there is shown a first communication link 321 between BS1 31 1 and BS2 313, a second communication link 323 between BS2 313 and BS3 315, and a third communication link 325 between BS3 315 and BS1 31 1 . Furthermore there is shown wireless communication links 351 and 353 between Alice (UE) 301 and BS1 31 1 and which can be characterised from the BS1 31 1 by channel characteristic and from Alice (UE) 301 by channel characteristic ¾. There is also shown wireless communication links 341 and 343 between Alice (UE) 301 and BS2 313 and which can be characterised from the BS2 313 by channel characteristic//^ and from Alice (UE) 301 by characteristic Furthermore is shown wireless communication links 331 and 333 between Alice (UE) 301 and BS3 315 and which can be characterised from the BS3 315 by characteristic //^ and from Alice (UE) 301 by characteristic Additionally is shown the potential eavesdropper Eve 305 who is attempting to receive signals in the neighbourhood of Alice 301. The embodiments as described herein offers three steps or operations which may be implemented in an attempt to secure the communications between Bob 303 and Alice 301.

1. Data is generated which is to be sent to Alice using mmWave communications, in other words the BS are configured to send data to Alice using ultra-narrow beams;

2. Channel estimations are determined by Alice 301 and the N base stations (BS1 311 , BS2 313, BS3 315). The channel estimations can then be used as the basis for an encryption key;

3. An encryption key can be generated based on a concatenation of the (different) channel estimations. In these embodiments the BSs (BS1 31 1 , BS2 313, BS3 315) are exchanging through the backhaul communication links 321 (between BS1 311 and BS2 313), 323 (between BS2 313 and BS3 315), and 325 (between BS3 315 and BS1 311 ) their own channel estimations in order to generate a secure key via concatenation. The data is then encrypted and sent using the mmWave communication beams.

In some embodiments an optional operation (or step) may be employing a distribution code to split the information to be transmitted to Alice 301 among the N base stations. This may further secure the link by each BS only transmitting a part of the data which are then combined by Alice 301. In some embodiments this may be implemented using diversity- deficient low density parity check (LDPC) ensembles and a source splitter.

As discussed previously the embodiments have many advantages. The main advantage may be that it offers a physical layer security without generating any additional overhead (e.g. for key exchange), which makes this solution loT friendly. Furthermore, such solutions do not exclude being adopted in parallel to any other conventional cryptographic technique (such as point to point encryption, e.g. HTTPS or IPSec) for an extra layer of security.

In the following examples the channel estimations determined by the UE (Alice) 301 and the N base stations (BS1 31 1 , BS2 313, BS3 315) are generated during the communications process of sending the message and/or transmitting reference signals. However in some embodiments the channel estimations can be determined as part of a configuration process or operation and separate from the message transmission operations.

With respect to Figure 5 is shown a flow diagram showing the operation of the system shown in Figure 4 according to some embodiments. In this example Bob 303 and Alice 301 would like to communicate through a secure and secret channel and Eve 305 is a potential eavesdropper. Additionally although this example (without loss of generality) shows 3 base stations which are sending the message to Alice more than or fewer than 3 base stations can be implement some embodiments. Additionally although the communication is from Bob to Alice it would be understood that a similar cryptographic process may be implemented on the uplink. As shown in Figure 5 an initial step (or steps) can be performed to control and determine if a message is about to be sent or be received. Thus in some embodiments, in the uplink, a check can be performed whether there is one or more protected message waiting to be transmitted. In some embodiments this check can be implemented by a suitable“hello” or “polling” protocol message exchange. Additionally in some embodiments, extra information can be embedded in the control data within the downlink, to warn the device (NR/UE) that it will receive a protected message.

Thus, as shown in Figure 5, there is downlink“private msg to be sent” message 402 sent from the node 401 (representing Bob 303) to the NR 407 (representing Alice 401 ) indicating a private message is to be sent. This may be a notification or indication that a private message is to be sent.

The acceptance of this message (in other words a response indicating that the NR/UE is ready to ready to accept the secure message) may be signalled back to the node (which in some embodiments is the original message node) by the“private msg accepted” message 404 shown in Figure 5.

The message to be transmitted to the NR (Alice) 407 may then be transmitted from the node 401 to the base stations (shown in Figure 5 by BS1 403 and BSN 405) as shown by the message 406 from node 401 to BS1 403 and message 408 from node 401 to BSN 405. In some embodiments an additional layer of security is implemented wherein before transmitting the message from the node to the base stations the message is coded via an anti-root LDPC at the central controller. The N parts of the coded message are then distributed among the N base stations. In such a manner none of the Base stations receive a full copy of the message to be transmitted to Alice.

The next sequence of steps enable the securing of the channels between the base stations and the NR.

Channel estimations are performed between UE/NR (Alice) 407 and all of the base stations involved in the transmission.

They are configured to determine their own channel estimations ¾^and ¾, where i is index of the base station. The channel estimations at the NR (Alice) 407 side and at the BS 403, 405 side should correspond. The estimation of the channels is shown in Figure 5 by step 410 which shows the estimation of the channel between NR (Alice 407) and BS1 403 and step 412 which shows the estimation of the channel between NR (Alice 407) and BSN 405.

In some embodiments these estimations are optionally validated to determine whether the estimates are symmetrical. In some embodiments in order to assure that the estimations are symmetric, a test message with ACK/NACK validation mechanism can be implemented (and is described with reference to Figure 5 later). In some embodiments to avoid any mismatch between the channel estimations only the B most significant bits of the M most reliable estimations are used. In other words a subset is used. In some embodiments the reliability of a measured channel estimate can be expressed as the average power of the value between N successive estimations. In some embodiments, PLS reliability can be improved and/or the number of channel estimations that need to be exchanged can be reduced by selecting a subset M of the N channel estimations to be exchanged. In other words in some embodiments the exchange of channel estimates is limited to the subset M of the N base stations. In some embodiments the selected subset M is selected based on a reliability determination of the channel estimate.

The BSs 403, 405 furthermore in some embodiments are configured to exchange/share their estimations via the backhaul as shown by the message 414. The sharing of the estimates may be performed according to any suitable exchange mechanism or protocol.

The BSs/NR can then be configured to generate the key KH based on a concatenation of a part of, all of, or a subgroup of the estimations this is shown by the blocks 416. For example in some embodiments the PLS reliability is improved and/or the size of the channel estimations that need to be exchanged is reduced by generating the key based on combining/concatenating only the B most significant bits (MSBs) of the channel estimations.

The message received at each of the BS 403, 405 can then be encrypted by the key H as shown by block 417. In some embodiments a conventional algorithm based on symmetric key is used such as advanced encryption standard (AES).

Finally, one or more encrypted messages (or the N parts of the message in the optional example) are sent to the NR (Alice) 407 as shown in Figure 5 by the messages 418 from the BS1 403 to the NR 407 and the message 420 from the BSN 405 to the NR 407.

The NR 407 having received the message (or parts of the message) can be configured to use the generated key KH to decrypt the message (or parts of the message) as shown in Figure 5 by step 421. In the optional situation the parts of the message are furthermore combined.

The encryption key KH, as discussed above, may be derived from the channel estimation process by Alice and the base stations BS.

In a narrowband flat-fading channel with multiple transmit and receive antennas (MIMO), the system can be modeled as follow: y = Hx + n, where y and x are the receive and transmit vectors, respectively, n is the noise vector, and H is the channel matrix of dimension N _T N _r , where N _T is the number of transmit antennas and N _R is the number of receive antennas.

As the channel conditions vary, the channel state information (CSI) needs to be estimated on a short-term basis (i.e. each 500 ps to 10 ms). A popular approach to CSI estimation is the use of a pilot sequence, where a known signal is transmitted and the channel matrix H is estimated using the combined knowledge of the transmitted and received signal. Each BS-NR communication is characterized by a different channel matrix H _{ which is assumed estimated with enough precision by both the BS and the NR. This relies on a condition of reciprocity in the wireless channel that for clarity reasons are not discussed further.

Each matrix is composed of complex numbers (one complex number per antenna pair). The estimate of the channels H _l , i = l, .. , N, are shared among all the BSs through the backhaul. Therefore, all the BSs and Alice have the knowledge of all the estimates. A concatenation/combination of the estimated is used as a secret convention which acts as an encryption key between them.

The rationale behind this being considered a secret convention is that the channel matrix is strongly location-dependent. In other words in order for Eve to be able to generate the very same channel estimate the NR associated with or representing Eve needs to be in the exact position as Alice as otherwise it is very difficult to predict and the channel estimate is rapidly time varying. Additionally, to estimate the same channel matrix, Eve would need to be at the same position as Alice in the same instant and also guess the subgroup or function used to derive the secret key.

As explained above in some embodiments a combination/concatenation of the N estimations is made to generate the key. Thus, there are N\ possibilities to generate the key. In some embodiments in order to reduce the backhaul requirements for the exchange of all the estimations (and the risk of overloading traffic in the backhaul) a reduction of the amount of data having to be exchanged in the backhaul is implemented by only exchanging the channel estimates of a subgroup of BSs and using the estimations from this subgroup to generate the key. In some embodiments metrics such as distance, delay, or traffic load analysis can be used to choose the subgroup composition. In some embodiments the number of estimates involved in the subgroup can be reduced or increased based on the level of sensibility/security of the application.

In some embodiments a combination of the N channel estimations can be used instead of a concatenation. In this case, a function, /, known by both the NR/UE (Alice) and the N BSs is used to combine the N or a subset of the N channel estimates.

Key K _H = f (H _S1 . / ),

where, H _S1 , ... , H _SN are the estimates or part of the estimates chosen to be part of the key.

In some embodiments the function / could be invertible (or not), given the fact that Alice and the BSs have the knowledge of the channel estimates, they are able to (re)construct the key to retrieve the data. Examples for t where KH = f(Hi,H2,...,HN) include

1 ) Stacking

K _H = [KHI | KH2 | . . . | KHN]

2) Summing

3) Element-wise product

In order to add another layer of security, the co-domain of / has to be sufficiently large since the co-domain of / gives an upper bound on the key’s dimension. The co-domain of a function is the set into which all the output of the function is constrained to fall. Respectively, the domain is the set of input for which the function is defined.

The security in the backhaul is ensure by security protocols at higher level. A solution at the physical layer based on quantum key distribution can be implemented if optical fibres are used to connect BSs.

In some embodiments in order to maximise the probability of the same cryptographic key being generated by the sender and the receiver one or more of the following approaches can be taken:

Using only a subgroup of the base stations. In this case the function used to select the subgroup of BS has to be known by Alice and all the BSs;

Using only the antenna pair showing a sufficient level of power (in other words selecting the antenna pair with a power level above a determined threshold);

Choosing only the most significant bit of the estimation.

There are several methods which may be implemented to determine the reliability of the channel estimate.

For example in some embodiments a fixed threshold, T, may be defined. Then all the elements of the estimation matrices above this threshold are used to define the key.

In some embodiments a certain amount of M is defined, only the M strongest elements of the estimation matrices are then used to create the key.

In some embodiments a mixture of the threshold and the amount methods is implemented. In such embodiments the M strongest elements above the threshold T are used to create the key.

Furthermore in some embodiments on top of any of the above method implementations only the k most relevant bits of the strongest elements (defined by the embodiments above) can be used to generate the key.

In some embodiments in order to verify that the cryptography key is symmetric, a test message with ACK/NACK validation mechanism is implemented such as shown in Figure 6. For example as shown in Figure 6 by step 501 initially the channel matrix H estimate is determined for each NR(UE)-to-BS link.

Then the transmitter is configured to send a test message which is encrypted using the key KH determined in any suitable manner as described above. The test message can be received and decrypted and then checked to determine whether the test message was received correctly. This test message operation is shown in Figure 6 by step 503.

Where the test message is not received correctly then the operation passes back to the step 501 where the channel matrix H is estimated (again) and the verification process effectively loops back.

Where the test message is received correctly then the transmitter is configured to adopt the key KH to encrypt the private messages and also use the same key to decrypt the private messages at the receiver as shown in Figure 6 by step 505.

As discussed previously there are some embodiments where an anti-root LDPC is implemented. However in some Indeed, as the key is a concatenation/combination is may be considered to obtain a similar level of security. Anti-root LDPC methods such as discussed in patent application: 18197685.3 filed on 28 September 2018 can be implemented in some embodiments to ensure that the eavesdropper is unable to decode the message without intercepting all of the N packets sent by the N base stations (this is known as the anti-diversity concept). Thus from Eve’s perspective, it means that the communication between Alice and the N BSs should be intercepted.

Implementing the embodiments as discussed herein and considering that a message to be transmitted can be split into as many pieces as the number of BSs involved on the secret communication with Alice, it may be possible to summarize a security analysis of these examples as follows. In other words, here are the reasons which justify why Eve is unable to receive and reveal a message sent to Alice over the air or wireless interface:

To hack the system as discussed herein, an eavesdropper must listen to all base stations. The message to be sent is distributed/split among all the base stations involved in the wireless communication with Alice (and the use of a diversity-deficient coding scheme is further optional), meaning that guessing the encryption key between Alice and one base station is not enough to reveal the message. The multipoint wireless configuration or multipoint wireless communication, which uses a concatenation/combination of all the estimations and transmits a part of the message, then offers security in the sense that Eve would have to guess the channel estimation between all the points.

Additionally although the eavesdropper may guess the statistical CSI, the statistical characterization of the channel, they are not likely to determine the instantaneous CSI, which is specifically used in our invention to establish the encryption keys. To do this and to guess a key would be very costly in terms of processing power (and manpower) considering the estimated key space as explained in the following paragraph.

According to the 5G standard, one base station can support 512 antennas. A UE supports up to 4 antennas. There are therefore 512 ^* 4 complex numbers to be guessed, i.e. 512 ^* 4 ^* 2 components.

Considering a scenario where N base stations are sending the message to Alice, there are 512 ^* 4 ^* 2 ^* N possibilities. The components can further be quantified using 4bits therefore resulting in 2 ^L 4 ^* 512 ^* 4 ^* 2 ^* N possibilities.

Additionally a first authentication step is performed prior to the implementation of the encryption method proposed. In mobile communication networks, authentication refers to the process of determining whether a user is an authorized subscriber to the network that they are trying to access. Among various authentication procedures available in such networks, EPS AKA (Authentication and Key Agreement) procedure is used in LTE networks for mutual authentication between users and networks. At least as strong an authentication mechanism is to be used in the upcoming 5G standard. In such schemes, the authentication key is not shared through the channel, but rather derived from the SIM cards of the user’s devices and those from the base stations.

Performing this step as a preliminary step to the encryption method described herein allows the system to ensure that the base stations are sending the protected information to Alice and not to an eavesdropper.

Moreover, even if an attacker was able to circumvent the authentication mechanisms and perform a Man in The Middle (i.e. MITM) attack, the methods as discussed herein where the message is decomposed into N parts and transmitted by N base stations, provides a significant complexity to the system which would require the eavesdropper to employ significant resources to be able to intercept the message. In fact, an attacker would have to perform N different MITM attacks to hope to circumvent the system and methods described herein.

For example a practical attack would require the potential eavesdropper to steal the IMSI and the secret parameter K of a SIM card, and impersonate Alice. This would require that the mobile of Alice is not connected to the network, be it legally (e.g. mobile shutdown) or not (i.e. DoS attack).

In some embodiments in order to avoid the authentication step the position of Alice should be known apriori.

Although these examples have been described with respect to the mm-wave frequency bands a similar scenario can also been implemented for centimetre Wave (cm-wave) communications (MIMO) by exploiting the multipaths due to scattering. In some embodiments the methods may be employed for loT communication. In an loT communication system, just a few packets are sent. This reduces the possibility of an eavesdropper of determining the position of the victim. Additionally within an loT environment the apparatus may not comprise an embedded SIM card (and thus the usual authentication protocol is not possible). This is because SIM cards add expense for such small devices, and all the communication process, as for example precoding, is too heavy and complex.

Therefore in employing the embodiments as discussed herein it may be possible to secure communication even when authentication is not performed.

In summary, to hack the sensitive information Eve has to:

1 - Guess the encryption keys of all (or at least a subset) base stations and Alice based on the channel estimations.

2- Be close to Alice. If Eve is not in close to Alice, then, they should not be able to manage advance rate adapting to be at the same power than Alice.

3- In the optional splitting embodiments, Eve has to intercept all N packets sent by the N base stations to decode and reconstruct the whole message. Note that even if Eve possesses the whole message the encryption key is required to read it.

In such a manner a modular security solution can be provided. It allows a security that can be tailored depending on the sensitivity of the application. If the data in a message is extremely sensitive, the number of antennas used to send the data can be increased (i.e. more channel state information, CSI, parameters, which means more bits are considered for the encryption key). It is noted that whilst embodiments have been described in relation to 5G NR, similar principles can be applied in relation to other networks and communication systems. Therefore, although certain embodiments were described above by way of example with reference to certain example architectures for wireless networks, technologies and standards, embodiments may be applied to any other suitable forms of communication systems than those illustrated and described herein.

It is also noted herein that while the above describes example embodiments, there are several variations and modifications which may be made to the disclosed solution without departing from the scope of the present invention.

In general, the various example embodiments may be implemented in hardware or special purpose circuits, software, logic or any combination thereof. Some aspects of the invention may be implemented in hardware, while other aspects may be implemented in firmware or software which may be executed by a controller, microprocessor or other computing device, although the invention is not limited thereto. While various aspects of the invention may be illustrated and described as block diagrams, flow charts, or using some other pictorial representation, it is well understood that these blocks, apparatus, systems, techniques or methods described herein may be implemented in, as non-limiting examples, hardware, software, firmware, special purpose circuits or logic, general purpose hardware or controller or other computing devices, or some combination thereof.

Example embodiments of this invention may be implemented by computer software executable by a data processor of the mobile device, such as in the processor entity, or by hardware, or by a combination of software and hardware. Computer software or program, also called program product, including software routines, applets and/or macros, may be stored in any apparatus-readable data storage medium and they comprise program instructions to perform particular tasks. A computer program product may comprise one or more computer- executable components which, when the program is run, are configured to carry out embodiments. The one or more computer-executable components may be at least one software code or portions of it.

Further in this regard it should be noted that any blocks of the logic flow as in the Figures may represent program steps, or interconnected logic circuits, blocks and functions, or a combination of program steps and logic circuits, blocks and functions. The software may be stored on such physical media as memory chips, or memory blocks implemented within the processor, magnetic media such as hard disk or floppy disks, and optical media such as for example DVD and the data variants thereof, CD. The physical media is a non-transitory media.

The memory may be of any type suitable to the local technical environment and may be implemented using any suitable data storage technology, such as semiconductor based memory devices, magnetic memory devices and systems, optical memory devices and systems, fixed memory and removable memory. The data processors may be of any type suitable to the local technical environment, and may comprise one or more of general purpose computers, special purpose computers, microprocessors, digital signal processors (DSPs), application specific integrated circuits (ASIC), FPGA, gate level circuits and processors based on multi core processor architecture, as non-limiting examples.

Example embodiments of the inventions may be practiced in various components such as integrated circuit modules. The design of integrated circuits is by and large a highly automated process. Complex and powerful software tools are available for converting a logic level design into a semiconductor circuit design ready to be etched and formed on a semiconductor substrate.

The foregoing description has provided by way of non-limiting examples a full and informative description of the exemplary embodiment of this invention. However, various modifications and adaptations may become apparent to those skilled in the relevant arts in view of the foregoing description, when read in conjunction with the accompanying drawings and the appended claims. However, all such and similar modifications of the teachings of this invention will still fall within the scope of this invention as defined in the appended claims. Indeed, there is a further embodiment comprising a combination of one or more embodiments with any of the other embodiments previously discussed.