Secure open-air communication system utilizing multichannel decoyed transmission

Abstract

A secure communication system utilizes multiple decoy data signals to hide one or more true data signals. The true data signal(s) are encrypted, and received at a scrambling unit according to an original set of channel assignments. The channel assignments are optically switched with multiple decoy data signals to form a multi-channel scrambled output signal that is thereafter transmitted across a communication system. The greater the number of decoy signals, the greater the security provided to the open-air system. Further security may be provided by encrypting the decoy signals prior to scrambling and/or by utilizing a spatially diverse set of transmitters and receivers. Without the knowledge of the channel assignment(s) for the true signal(s), an eavesdropper may be able to intercept (and, with time, perhaps descramble) the open-air transmitted signals, will not be able to distinguish the true data from the decoys without also knowing the channel assignment(s).

Claims

1. A method comprising: encrypting, by a processing system including a processor, at least one true data signal resulting in an encrypted at least one true data signal; encrypting, by the processing system, a plurality of decoy data signals resulting in encrypted decoy data signals; scrambling, by the processing system, the encrypted at least one true data signal and the encrypted decoy data signals at a channel scrambler to generate a plurality of scrambled signals, wherein the channel scrambler is controlled by a scrambling key to facilitate hopping an original channel and transmitter assignments for sequential packets of both the at least one true data signal and the plurality of decoy data signals; and transmitting, by the processing system, the plurality of scrambled signals using a plurality of multi-channel secure channel-hopping transmitters positioned at physically disparate locations, wherein the plurality of scrambled signals are received at a plurality of multi-channel secure channel-hopping receivers positioned at physically disparate locations, wherein a channel de-scrambler is coupled to each of the plurality of channel-hopping receivers and is controlled by a de-scrambling key to facilitate recovery of the at least one true data signal from the plurality of scrambled signals.

2. The method of claim 1, wherein the plurality of scrambled signals are transmitted via an open-air communication system.

3. The method of claim 1, wherein the plurality of scrambled signals are transmitted via a fiber-optic communication system.

4. The method of claim 1, wherein the encrypted at least one true data signal and the encrypted decoy data signals are applied as separate parallel inputs to the channel scrambler.

5. The method of claim 1, wherein the processing system operates at least partially in an electrical domain and at least partially in an optical domain.

6. The method of claim 5, wherein the at least one true data signal and the decoy data signals comprise electrical signals and are encrypted in the electrical domain.

7. The method of claim 5, wherein the plurality of scrambled signals are transmitted in the optical domain.

8. The method of claim 1, wherein the plurality of multi-channel secure channel-hopping transmitters comprise an array of optical transmitting devices each operating at a different wavelength.

9. The method of claim 1, wherein at least one of the plurality of multi-channel secure channel-hopping receivers comprises a transceiver.

10. The method of claim 9, wherein the transceiver comprises an optical transceiver and a radio transceiver.

11. A device comprising: a processing system including a processor; and a memory that stores executable instructions that, when executed by the processing system, facilitate performance of operations comprising: encrypting at least one true data signal resulting in an encrypted at least one true data signal; encrypting a plurality of decoy data signals resulting in encrypted decoy data signals; scrambling the encrypted at least one true data signal and the encrypted decoy data signals at a channel scrambler to generate a plurality of scrambled signals, wherein the channel scrambler is controlled by a scrambling key to facilitate hopping an original channel and transmitter assignments for sequential packets of both the at least one true data signal and the plurality of decoy data signals; and transmitting the plurality of scrambled signals using a plurality of multi-channel secure channel-hopping transmitters, wherein the plurality of scrambled signals are received at a plurality of multi-channel secure channel-hopping receivers, wherein a channel de-scrambler is coupled to each of the plurality of channel-hopping receivers and is controlled by a de-scrambling key to facilitate recovery of the at least one true data signal from the plurality of scrambled signals.

12. The device of claim 11, wherein the plurality of multi-channel secure channel-hopping transmitters are positioned at a first set of physically disparate locations, and the plurality of multi-channel secure channel-hopping receivers are positioned at a second set of physically disparate locations.

13. The device of claim 11, wherein the encrypted at least one true data signal and the encrypted decoy data signals are applied as separate parallel inputs to the channel scrambler.

14. The device of claim 11, wherein the processing system operates at least partially in an electrical domain and at least partially in an optical domain.

15. The device of claim 11, wherein the plurality of multi-channel secure channel-hopping transmitters comprise an array of optical transmitting devices each operating at a different wavelength.

16. A non-transitory machine-readable storage medium comprising executable instructions that, when executed by a processing system including a processor, facilitate performance of operations comprising: encrypting at least one true data signal resulting in an encrypted at least one true data signal; encrypting a plurality of decoy data signals resulting in encrypted decoy data signals; scrambling the encrypted at least one true data signal and the encrypted decoy data signals at a channel scrambler to generate a plurality of scrambled signals, wherein the channel scrambler is controlled by a scrambling key to facilitate hopping an original channel and transmitter assignments for sequential packets of both the at least one true data signal and the plurality of decoy data signals; and transmitting the plurality of scrambled signals using a plurality of multi-channel secure channel-hopping transmitters positioned at physically disparate locations, wherein the plurality of scrambled signals are received at a plurality of multi-channel secure channel-hopping receivers positioned at physically disparate locations, wherein a channel de-scrambler is coupled to each of the plurality of channel-hopping receivers and is controlled by a de-scrambling key to facilitate recovery of the at least one true data signal from the plurality of scrambled signals, wherein the processing system operates at least partially in an electrical domain and at least partially in an optical domain.

17. The non-transitory machine-readable storage medium of claim 16, wherein the at least one true data signal and the decoy data signals comprise electrical signals and are encrypted in the electrical domain.

18. The non-transitory machine-readable storage medium of claim 16, wherein the plurality of scrambled signals are transmitted in the optical domain.

19. The non-transitory machine-readable storage medium of claim 16, wherein at least one of the plurality of multi-channel secure channel-hopping receivers comprises a transceiver.

20. The non-transitory machine-readable storage medium of claim 19, wherein the transceiver comprises an optical transceiver and a radio transceiver.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

(1) Referring now to the drawings,

(2) FIG. 1 contains a simplified block diagram of an exemplary arrangement for implementing the multi-channel, decoyed open-air transmission system of the present invention;

(3) FIG. 2 illustrates an exemplary architecture that may be used in one embodiment of the present invention; and

(4) FIG. 3 contains a diagram illustrating an alternative embodiment of the present invention employing transmitter/receiver spatial diversity to provide additional security to the open-air transmission.

DETAILED DESCRIPTION OF THE DRAWINGS

(5) As will be discussed in detail below, the present invention is related to an Open-air multi-channel communication link, such dense wavelength-division multiplexed (multi-wavelength DWDM) free-space optic links and multi-channel orthogonal frequency-division multiplexed (multi-channel OFDM) radio links. A significant aspect of the present invention is the transmission of a small number of true data signals along with a plurality of decoy data signals. The true and decoy data signals are processed at an open-air multi-channel transmitter so as to hop channels based on a secret sequence, where in a preferred embodiment both the true and decoy signals are encrypted prior to initiating the hopping function. Thus, instead of a simple encrypted transmission, as in the prior art, the present invention provides true data signal transmission that hops channels, interspersed with similar decoy transmissions that hop in and out of the same channels so as to hide the true data signal(s) among a plurality of decoy data signals. The intent is to increase the difficulty of deciphering the message, as well as to increase the complexity of a receiver configuration (i.e., requiring a wider bandwidth) that would be required by an eavesdropper.

(6) FIG. 1 contains a simplified diagram illustrating, in general terms, the principles of the present invention as can be applied in any type of open air communication systemoptical, radio or a hybrid combination of the two. In the arrangement as illustrated in FIG. 1, it is presumed that the first data signal stream (labeled a) is the true data signal, and the remaining data signal streams (labeled b through n) are decoy data signals (in some cases, more than one true data signal may be transmitted). As shown, the plurality of data signal streams are applied as parallel inputs to a channel scrambler 10, where channel scrambler 10 is controlled by a scrambling key generator 12. Key generators are well-known in the art, and any suitable arrangement may be used for the purposes of the present invention. As illustrated in FIG. 1, the combination of channel scrambler 10 and scrambling key generator 12 functions to hop the packets of each signal stream in a random pattern (controlled by the scrambling key) such that each output channel 1, 2, . . . n from channel scrambler 10 comprises packets of each data signal stream (both true and decoy). The multi-channel, scrambled outputs from channel scrambler 10 are subsequently applied as parallel inputs to multi-channel transmitter 14, where transmitter 14 is an open air transmitter and functions to essentially broadcast the plurality of n signals, as illustrated by open air transmission path 16 in FIG. 1.

(7) Inasmuch as the broadcasted signals are scrambled across the plurality of n separate channels (wavelengths/frequencies) and include a number of decoy signals, the ability of an eavesdropper to recover any relevant data is minimal. While an eavesdropper may be able to physically recover the plurality of n broadcasted signals, his ability to de-scramble the signals is extremely limited. Moreover, the inclusion of a number of decoy signals makes the process even more difficult in that an eavesdropper would not be able to tell the difference between the true data and the decoy data without knowing the identity of the true data channel assignments. Obviously, as the number of channels and/or the number of decoy signals increases, the robustness of the security system increases as well. Moreover, as mentioned above, realistic signals may be used as the decoy streams (live/recorded video, music, etc.) such that these signals will generate encoded bit patterns difficult to distinguish from the true data. Alternatively, random number generators may be used to provide the decoy data streams (considered to be a less expensive alternative). In either case, without the knowledge of the particular channel assignments, an eavesdropper will in most cases be unable to ascertain which channel(s) are carrying true data.

(8) Referring again to FIG. 1, the plurality of n scrambled signals is intercepted by an open-air receiver 18, where receiver 18 is the intended receiving device and comprises a multi-channel receiver capable of separately recovering each one of the plurality of n signals. The plurality of n recovered signals is then applied as a set of parallel inputs to a channel descrambler 20, where channel descrambler 20 is controlled by a descrambling key 22. It is to be understood that in accordance with the principles of the present invention, both scrambling key 12 and descrambling key 22 are known by each end of the communication path, with the particulars of descrambling key 22 being defined so as to unscramble the particular hopping sequence applied by channel scrambler 10. Thus, the various packets generated as an output from channel descrambler 20 will be re-assembled into a plurality of separate signals, each in its original data signal stream (both true and decoy), as shown in FIG. 1.

(9) In accordance with the present invention, the receiver of the information must also possess the knowledge regarding the identity of which channel(s) contain true data signal(s). Thus, at the output of channel descrambler 20, the re-assembled versions of decoy data signal streams b-n can simply be ignored (hence, these data signal streams are illustrated in phantom in the output from channel descrambler 20), and the recovered true data signal a is put in the hands of its intended recipient.

(10) The encryption of both a large number of false decoy signals and a single (or few) true data signal(s), in accordance with the present invention, is not considered to compromise the desired transmission between each link. in an open air transmission system, but does add to the check sum strength of the true signal transmission protection and, conversely, to the processing complexity required for an intercepting receiver who is blind to the key controller algorithm.

(11) In terms of functionality, a free-space optics link with multiple wavelengths is similar to a multi-channel point-to-point (PTP) radio link that employs directional antennas at each end. In addition, there are point-to-multipoint (PMP) and peer-to-peer radio systems that use omnidirectional antennas to communicate with units in an unspecified/unknown direction. The application of the present invention to free-space radio transmission systems is best illustrated by a PTP OFDM (orthogonal frequency division multiplexing) radio link. OFDM is a specific means of conveniently transmitting radio signals on multiple frequency carriers. In this technique, the multiple carriers overlap in the spectrum domain. Transmission and reception involves the use of inverse Fast Fourier Transforms (IFFT) and FFT, respectively, to be able to insert and extract information on frequency carriers. In association with the present invention, the true data signal bit stream is channeled to different OFDM carriers at different times, as shown in FIG. 1. At the receiver, the true data signal is extracted by selecting different channels based on the descrambler key and stitching back (re-assembling) the data stream, ignoring the decoy signals.

(12) In principle, the multi-channel communication system as used in the present invention can be any multi-frequency system, and need not be based on OFDM. For example, multiple channels of an 802.11 wireless LAN may be used. In this case, besides hiding the true signal among decoy signals, a transmitter with enough power and resources can effectively jam an area by using the decoy signals to suppress other uses of the radio spectrum. This may be particularly relevant in semi-military situations in an area with other unlicensed radios.

(13) While the diagram of FIG. 1 (as well as the remaining figures) illustrate the principles of the present invention as applied in a half-duplex arrangement, it is to be understood that the present invention is equally applicable to a full duplex arrangement utilizing operational transceivers at various link locations, each transceiver equipped with the necessary scrambling and descrambling keys.

(14) In a further embodiment of the present invention, an encryption technique may be applied to both the true and decoy data prior to scrambling, thus adding another level of security to the open air transmission. FIG. 2 illustrates an exemplary arrangement employing both encryption and channel hopping/scrambling in accordance with the present invention. In this particular embodiment, a plurality of X true data signals are desired to be transmitted through an open air communication system in as secure an arrangement as possible. A plurality of N decoy data signals are employed to supplement the plurality of X true signals such that a total of N+X data signals will be transmitted through the open-air communication system. As shown in FIG. 2, data from a data source 30 is used as the input for the plurality of X data signals 32 and a signal generator 34 is used to supply the plurality of N decoy signals. A data encryption system 36 is then used to separately encode each one of the plurality of N+X signals. The encrypted signals are then applied as separate, parallel inputs to a key-controlled dynamic cross-connect element 38, where element 38 is configured in accordance with the output from a key controller 40. In an alternative arrangement (not shown), the data may be encrypted elsewhere, and arrive at the transmitter in its encrypted form. In this case, the already-encrypted data is combined with the decoy information and transmitted in the manner discussed above.

(15) As mentioned above, the decoyed, frequency-hopped secure transmission system of the present invention is equally applicable to open-air, radio-signal based transmission systems as well as open-air, optical-signal based transmission systems and multi-wavelength DWDM and CWDM fiber optics links. The particular arrangement as shown in FIG. 2 illustrates a hybrid system, where the input signals (true data and decoy data) are electrical and the encryption occurs in the electrical domain. Similarly, the channel hopping key is applied, using dynamic cross-connect element 38, in the electrical domain. Thus, the output from dynamic cross-connect element 38 is a plurality of N+X encrypted, channel-hopped electrical data signals. These electrical signals are then used as an input to an array of N+X optical transmitting devices 42, where each device in the array operates at a different wavelength 1n (n=N+X) and thus produces a plurality of N+X optical, scrambled signals.

(16) The plurality of N+X optical signals are thereafter applied as separate inputs to a DWDM multiplexer 44 so as to form an optical output signal comprising a multiplexed version of the various signals. It is to be understood that the multiplexing function is merely used to form the optical output signal and does not enhance the encryption/scrambling characteristics of the present invention. The multiplexed signal may be amplified (for example, using an optical amplifier 46) and then applied as an input to a free space optical transmitter 48. The multiplexed optical signal then propagates through free space (represented by the numeral 50 in FIG. 2) and is thereafter received by a free space optical receiver module 52. Inasmuch as the signal propagates through free space, various hostile receivers may also intercept the transmitted signal. However, in accordance with the present invention, it will be virtually impossible for a hostile receiver to: (1) descramble the multiplexed signal stream; (2) decrypt the descrambled signals; and (3) determine that one or more channels are associated with decoy data. Thus, the use of scrambled, decoy signals (with encryption in this embodiment) is thought to form a secure method for implementing open air transmission.

(17) Referring back to FIG. 2, the recovery of the plurality of X true data signals by the intended receiver begins with amplifying (if necessary, using an optical amplifier 54, for example) the received optical signal and demultiplexing the received signal into a plurality of N+X separate optical signals. A conventional demultiplexer 56 is used for this function, where the plurality of N+X optical output signals from demultiplexer 56 is applied as an input to a plurality of photodiodes 58, used to perform an optical-to-electrical conversion on the plurality of N+X signals. As shown, the plurality of N+X electrical signals (which are still scrambled and encrypted) are applied as an input to a channel switching matrix 60, where a dynamic key controller 62 is applied as the second input to switching matrix 60. As with the arrangement described above, the keys used at the transmitter and receiver are identical (and known only to the bona fide transmitter and bona fide receiver) so that the scrambling performed within cross-connect 38 at the transmitter may be undone at switching matrix 60, and the original (still encrypted) signals re-assembled into a plurality of N decoy signals and X true signals, as shown. Inasmuch as the intended receiver will know the identity of the channel(s) assigned to the true data, the N decoy signals may be ignored and the known decryption algorithm applied to a data decryption module 64 so as to recover the X separate true data signals.

(18) It is to be understood that in the concept of decoyed multi-wavelength tree-space optical applications in accordance with the above-described embodiment of FIG. 2, the electrical-to-optical conversion and utilization of an electrical channel switching matrix can be equally implemented by using all-optical switching mechanisms that require no conversions. Such optical switching devices are available in many forms, such as through the utilization of photonic crystals and/or MEMS-arrayed steering mirrors. Additionally, this arrangement (as with that of FIG. 1) can also be implemented in a full-duplex mode.

(19) Further, the multiple wavelength source for this particular embodiment of the present invention does not, by its nature, exclude a broad range of suitable wavelength sources and modulation techniques that alternatively may be used in accordance with the present invention. The multiple wavelength transmission source can be provided, for example, from a number of existing sources such as existing fiber optic network DWDM sources, or local multiple laser arrays that are directly modulated or multiple wavelength specific CW laser or LED/vixel arrays that utilize externally controlled modulators. In fact, a suitable white light source and wavelength/channel generating diffraction grating or narrow channel optical filters coupled to a wavelength/channel specific external high speed optical modulators and amplifiers may equally be employed to generate a spectrally broad range of wavelengths/modulated channels of interest. It is assumed that standard optical amplification techniques may be employed, where appropriate, to make up for system losses.

(20) In a further variation of the teachings of the present invention, a plurality of spatially disparate transmitters and a similar plurality of spatially disparate receivers may be utilized to further improve the security of open-air communication through the use of spatial diversity. Referring to FIG. 3, a relatively simple embodiment of this variation is shown, using a set of three spatially disparate transmitters 14-1, 14-2 and 14-3 and a set of three spatially disparate receivers 18-1, 18-2 and 18-3. In this particular embodiment, the transmitters and receivers are illustrated as transceivers (i.e., capable of transmission in both directions, as indicated by the arrows). Further, the transceivers are illustrated (in the enlarged portions of the figure) as including both an optical transceiver and a radio transceiver, thus being able to provide optical/radio diversity in association with the spatial diversity.

(21) In accordance with the present invention, channel scrambler 10 is configured to provide continuous channel hopping between the separate outputs of each transmitter, as controlled by a single scrambling key 12. The same set of true data signals (denoted by input data stream a), and the same plurality of decoy signals (denoted by streams b through n) are applied as inputs to scrambler 10. The scrambled outputs are subsequently applied as inputs to associated open-air multi-channel transmitters 14-1, 14-2 and 14-3.

(22) As shown in FIG. 3, the outputs from transmitters 14-1, 14-2 and 14-3 are thereafter broadcast through free space and received by multi-channel receivers 18-1, 18-2 and 18-3. Since descrambler 20 is controlled by the same channel hopping key (through descrambling key 22), only the desired receiving party will be able to identify the true data packets and re-stitch the aggregated and temporally unsynchronized packets back together in the proper order. In this case, switching of the channels between the spatially diverse transmitters effectively creates wavelength and transmitter-specific data packets that are routed based on the key known only by scrambling key 12 and descrambling key 22, with the spatial diversity of using multiple transmitters and receivers allowing for the true and decoy data to be broken up into disjointed and uncorrelated packets of data that would be meaningless to an observer that is not in possession of the proper receiver stitching key. As with the arrangement described above in association with FIG. 2, a decryption unit 64 may be utilized to recover the true data from its encrypted version once it has been restored in its proper time sequence.

(23) While the foregoing has described what are considered to be the best mode and/or other preferred embodiments of the invention, it is to be understood that various modifications may be made therein and that the invention may be implemented in various forms and embodiments, and that it may be applied in numerous applications, only some of which have been described herein. It is intended by the following claims to claim any and all modifications and variations that fall within the true scope of the invention.