On the Security of Spectrum Sharing and the Privacy of Data Retrieval

Abstract

In the era of big data, large volumes of data are collected, communicated, processed, stored, and retrieved to enable a wealth of new applications in all facets of everyday life. The fine-grained collection of information and ever-increasing reliance on computing and networking systems comes with grave security and privacy risks at every stage of the data lifecycle. At the system level, such risks include data exposure, denial-of-service, and reduced network performance, to name a few. At the user level, security and privacy risks include the leakage of sensitive personal information to unauthorized parties, digital identity theft, user tracking, loss of financial assets, and others. In this dissertation, we focus on the security of two stages of the data lifecycle. In the first part, we study the implications of allowing multiple wireless technologies to coexist in unlicensed bands. In the second part, we study the potential leakage of sensitive information when users retrieve stored data from public databases. The unprecedented increase in the demand for wireless services has led to a severe shortage in radio spectrum resources. The regulatory solution for the scarcity of the available resources is to allow the coexistence of competing wireless technologies in common bands (e.g., the coexistence of Wi-Fi/Zigbee and LTE/Wi-Fi). This shared spectrum paradigm introduces novel challenges for the secure, efficient, and fair resource access. Many of these challenges arise from the heterogeneity of the coexisting systems, the system scale, and the lack of explicit coordination mechanisms between them. In this dissertation, we study the LTE/Wi-Fi coexistence in unlicensed bands as an example of heterogeneous coexistence. We develop methods that ensure fair and efficient coexistence. In the first objective, we consider the problem of fair coexistence between LTE and Wi-Fi systems in the unlicensed 5 GHz U-NII bands. We develop implicit sensing techniques that can accurately estimate the operational parameters of LTE transmissions under various topological scenarios and {\em without decoding.} These techniques apply correlation-based signal detection to infer the required information. The estimated parameters are vital in evaluating the behavior of coexistent terminals. Our techniques are validated through experiments on a USRP testbed. In the second objective, we focus on the misbehavior opportunities due to the heterogeneity in the channel access mechanism and the lack of a common control plane. We define selfish misbehavior strategies for the LTE that yield an unfair share of the spectrum resources. Such strategies are based on manipulating the operational parameters of the LTE-LAA standard. Prior methods for detecting misbehavior in homogeneous settings are not applicable in a spectrum sharing scenario because the devices of one system cannot decode the transmissions of another. We further apply a statistical inference framework for determining deviations of the LTE behavior from the coexistence etiquette. By characterizing the detection and false alarm probabilities, we show that our framework yields high detection accuracy at a very low false alarm rate. Although our methods focus on detecting misbehavior of the LTE system, they can be generalized to other coexistence scenarios. We further exploit the quick change detection framework to provide a method that detects any change in LTE behavior immediately after it happens. This method enables the Wi-Fi system not only to detect any LTE misbehavior but also to identify the exact misbehavior strategy adopted by the LTE. We further propose response strategies for the Wi-Fi system that equalize the channel access opportunities. These include a reflection strategy in which the Wi-Fi mimics the LTE misbehavior and a fair response strategy in which the Wi-Fi selects parameters that restore fairness. We study mechanisms for improving the coexistence efficiency in the third objective. We first study conserving energy when the wireless channel is occupied. In a Wi-Fi only system, the network allocation vector (NAV) included in the header of IEEE 802.11 frames advertises the duration of an imminent transmission. Nearby Wi-Fi terminals decode the frame header and transition to sleep mode to conserve energy. However, when heterogeneous systems coexist (e.g., LTE and Wi-Fi), frames that belong to other systems are not decodable. This leads to continuous channel sensing even when the channel is to be occupied for a long duration. We design two implicit mechanisms to play the role of the NAV. Our mechanisms predict the duration of an imminent LTE transmission by predicting the frame's traffic class. The prediction is based on the elapsed idle slots between successive transmissions and the transmission history. We show that our methods achieve significant energy savings without stifling transmission opportunities. Second, we investigate how the traffic class selection affects the delay for completing the transmission of a fixed number of bits. We develop an analytical framework that characterizes the average delay under Wi-Fi/LTE coexistence. Our framework allows us to optimize the class selection for a Wi-Fi or LTE station based on the traffic class selected by the surrounding stations and minimize the average delay. We show that operating at a high priority class does not always minimize delay. Under certain contention and class selection conditions, a low priority class reduces the collision probability while increasing the airtime once the channel is captured. This leads to a lower overall delay. In the second part of the dissertation, we study the process of privately retrieving data from one or more public databases, known as private information retrieval (PIR). Information-theoretic formulations of the PIR problem have been investigated under a variety of scenarios. Symmetric private information retrieval (SPIR) is a variant where a user is able to privately retrieve one out of $K$ messages from $N$ non-colluding replicated databases without learning anything about the remaining $K-1$ messages. However, the goal of perfect privacy can be too taxing for certain applications. We investigate if the information-theoretic capacity of SPIR (equivalently, the inverse of the minimum download cost) can be increased by relaxing both user and DB privacy definitions. Such relaxation is relevant in applications where privacy can be traded for communication efficiency. In the fourth objective, we introduce and investigate the Asymmetric Leaky PIR (AL-PIR) model with different privacy leakage budgets in each direction. For user privacy leakage, we bound the probability ratios between all possible realizations of database queries by a function of a non-negative constant $\epsilon$. For database privacy, we bound the mutual information between the undesired messages, the queries, and the answers, by a function of a non-negative constant $\delta$. We propose a general AL-PIR scheme that achieves an upper bound on the optimal download cost for arbitrary $\epsilon$ and $\delta$. Second, we obtain an information-theoretic lower bound on the download cost. The gap analysis between the two bounds shows that our AL-PIR scheme is optimal when $\epsilon =0$, i.e., under perfect user privacy and it is optimal within a maximum multiplicative gap for any $\epsilon>0$ and $\delta>0$. Finally, we study the Latent-variable PIR (LV-PIR) in the fifth objective. In LV-PIR, a user wishes to retrieve one out of $K$ messages (indexed by $\theta$) without revealing any information about a sensitive \textit{latent} attribute (modeled by a latent variable $S$ correlated with $\theta$). We characterize the capacity (equivalently, the optimal download cost) of LV-PIR as a function of the distribution $P_{S|\theta}$. We present a converse proof that yields a lower bound on the optimal download cost and a matching achievable scheme. The optimal scheme, however, involves an exhaustive search over subset queries and over all messages, which can be computationally prohibitive for large databases. We further present two low-complexity, albeit sub-optimal, schemes that outperform the conventional PIR solution.