Alexander Reznik’s scientific contributions

A secret stream of bits begins by receiving a public random stream contained in a wireless communication signal at a transmit/receive unit. The public random stream is sampled and specific bits are extracted according to a shared common secret. These extracted bits are used to create a longer secret stream. The shared common secret may be generated using JRNSO techniques, or provided to the transmit/receive units prior to the communication session. Alternatively, one of the transmit/receive unit is assumed to be more powerful than any potential eavesdropper. In this situation, the powerful transmit/receive unit may broadcast and store a public random stream. The weaker transmit/receive unit selects select random bits of the broadcast for creating a key. The weaker transmit/receive unit sends the powerful transmit/receive unit the selected bit numbers, and powerful transmit/receive unit uses the random numbers to produce the key created by the weaker transmit/receive unit.

A method for secure direct link communications between multiple wireless transmit/receive units (WTRUs). The WTRUs exchange nonces that are used for generating a common nonce. A group identification information element (GIIE) is generated from at least the common nonce and is forwarded to an authentication server. The authentication server generates a group direct link master key (GDLMK) from the GIIE to match WTRUs as part of a key agreement group. Group key encryption key (GKEK) and a group key confirmation key (GKCK) are also generated based on the common nonce and are used to encrypt and sign the GDLMK so that base stations do not have access to the GDLMK. Also disclosed is a method for selecting a key management suite (KMS) to generate temporal keys. A KMS index (KMSI) may be set according to a selected KMS, transmitted to another WTRU and used to establish a direct link.

A method for transmitting an encrypted signal to a wireless transmit/receive unit (WTRU) such that decryption of the encrypted signal depends on a trust zone associated with the WTRU is disclosed. The encryption may be performed using hierarchical modulation, scrambling, authentication, location validation, or a combination thereof. The size of a trust zone may also be adjusted.

A method and apparatus for password management and single sign-on (SSO) access based on trusted computing (TC) technology. The methods implement the Trusted Computing Group (TCG)'s trusted platform module (TPM), which interacts with both proxy SSO unit and web-accessing applications to provide a secure, trusted mechanism to generate, store, and retrieve passwords and SSO credentials. The various embodiments of the present invention allow a user to hop securely and transparently from one site to another that belong to a pre-identified group of sites, after signing on just once to a secured proxy residing at the user's device.

The present invention is related to a method and apparatus for enhancing security of communications. The apparatus comprises a security processing unit, a data processing unit, a cross-layer watermarking unit, and optionally a smart antenna processor. The security processing unit generates a token/key to be used in watermarking and sends a node security policy to other components. The data processing unit generates user data. The cross-layer watermarking unit includes at least one of Layer-2/3, Layer-1 and Layer-0. Each layer performs a different scheme or degree of watermarking. The cross-layer watermarking unit embeds the token/key into the user data transmission on at least one of the layers selectively in accordance with a security policy.

A method and an apparatus for performing physical layer security operation are disclosed. A physical layer performs measurements continuously, and reports the measurements to a medium access control (MAC) layer. The MAC layer processes the measurements, and sends a security alert to a security manager upon detection of an abnormal condition based on the measurements. The security manager implements a counter-measure upon receipt of the security alert. The measurements include channel impulse response (CIR), physical medium power measurement, automatic gain control (AGC) value and status, automatic frequency control (AFC) gain and status, analog-to-digital converter (ADC) gain, Doppler spread estimate, and/or short preamble matched filter output. The security manager may switch a channel, switch a channel hopping policy, change a back-off protocol, or change a beamforming vector upon reception of the security alert.