IMPROVED METHOD OF SECRET KEY GENERATION BASED ON VARIATIONS IN

WIRELESS CHANNEL
Abhijit Ambekar, Nandish Kuruvatti*, and Hans D. Schotten
Chair for Wireless Communications and Navigation
University of Kaiserslautern, Germany.
email: {ambekar,schotten}@eit.uni-kl.de, *kuruvatt@rhrk.uni-kl.de
ABSTRACT
We propose an improved method of secret key generation us-
ing the variations in wireless channel. We construct recipro-
cal channel proles at a pair of transceivers and enhance it
using the
1
-norm minimization technique. Thereafter prelim-
inary keys are obtained that are synchronized by a localized
information reconciliation technique. The privacy of the syn-
chronized keys is enhanced by generating secure hashes. We
implement the proposed method on a testbed and validate its
performance to show decreased rates of bit disagreement of
preliminary keys, at an increased key generation rate.
1. INTRODUCTION
The broadcast nature of the wireless channel necessitates
the need for secrecy in wireless communication. The varia-
tions in the received signal are reciprocal only for a pair of
transceivers. However these variations are different for an
eavesdropper. This is due to the principle of channel reci-
procity [1]. Using these reciprocal variations, several key
generation methods have been proposed in the literature[2-6].
These methods in combination with existing computational
cryptographic methods can provide a more robust and secure
cryptographic infrastructure.
To construct good key generation schemes it is necessary
to record accurate channel measurements. To collect precise
channel measurements, a dedicated set of hardware and an-
tenna is necessary, since that alone can record accurate mea-
surements. The channel measurements recorded from general
purpose hardware e.g. wireless cards in laptops, would in no
way reect and match the precise measurements offered by
specialized hardware. However a dedicated hardware will in-
turn increase the cost and complexity of the system. Hence
a tradeoff between cost and complexity to increased perfor-
mance exists. We address this tradeoff and enhance the chan-
nel reciprocity without using any specialized hardware. As a
result of improved reciprocity we use a simple lossless binary
quantization method to generate the preliminary secret keys.
We synchronize the preliminary keys by using a localized in-
formation reconciliation technique.
The rest of the paper is organized as follows. In Section 2
we give a brief introduction to the method of key generation.
We propose our method of key generation and synchroniza-
tion in Section 3. In Section 4 we implement our proposed
method on a testbed and validate its performance. We con-
clude in Section 5 highlighting the main contributions of the
paper.
2. PRELIMINARY WORK
Consider Figure 1 where Alice and Bob want to transmit data
securely through a wireless channel. An adversary Eve taps
into the system and eavesdrops. Let the channel characteris-
tic measured by Bob be

and that by Alice be

. Let

and

be the channel characteristic measured by Eve due

to Alice and Bob respectively. The principle of channel reci-
procity indicates that the channel measurements (

)
when they are conducted during the coherence time of the
channel. Assuming that Eve is (/2) times away from both
Alice and Bob( is the wavelength of the wave being trans-
mitted) then, (

) and (

). Using these similar

channel variations between Alice and Bob, secret keys can be
generated as shown in Figure 2. A brief explanation of each
step is given below.
1. Channel Measurements: The variations of the channel
are measured using various methods to construct the
channel prole. They include, received signal strength
indicator(RSSI) [2], phase estimates [3], and deep fades
[4] of the received signal.
2. Quantization: The constructed channel prole is then
quantized into vector bits to obtain a preliminary key.
The quantization methods include binary quantization
[5], Adaptive Secret Bit Generation(ASBG) [2], and
Radio-telepathy [6] .
3. Information Reconciliation: Due to the errors in chan-
nel measurement, variations in the preliminary keys ex-
ist. These variations are corrected in the information
reconciliation stage by using error correcting codes like
IWSSIP 2012, 11-13 April 2012, Vienna, Austria ISBN 978-3-200-02328-4
Paper 1569528391 60
Alice Bob
Eve
h
h
h
h
A
A
B C
>(y\ >(y\
2)
2)
'
Fig. 1. Need for secrecy.
Received
Signal
Channel
Measurement
Channel
Profile
Quantization
Preliminary
Key
Information
Reconciliation
Synchronised
Key
Privacy
Amplification
Secure
Key
Fig. 2. Standard method of key generation.
Turbo codes, LDPC codes, and Cascade protocol to ob-
tain a synchronized key.
4. Privacy Amplication: During the reconciliation phase
the eavesdropper will also have access to the error cor-
recting bits, hence to reduce possibilities of key predic-
tion privacy amplication of synchronized keys is done.
It includes generating secure hashes[7] and use of fuzzy
extractors.
3. SECRET KEY GENERATION
3.1. Adversary Model
We consider the adversary Eve, who can eavesdrop on all the
communication that happens between Alice and Bob, and is
as resourceful as them. However, we do not consider an active
adversary i.e. the proposed method is not immune to jamming
and man-in-the-middle attacks.
3.2. Key Generation from Enhanced Channel
Reciprocity(KGECR)
The proposed method of secret key generation, KGECR is
as shown in Figure 3 and the key generation process is men-
tioned in Algorithm 1.We begin the key generation process by
Received
Signal
Channel
Profile
Enhanced
Channel
Reciprocity
Preliminary
Key
Synchronised
Key
Secure
Key
RSSI
l norm
Recovery
1 Binary
Quantization
Localized
Information
Reconciliation
SHA-1
Fig. 3. Key generation from enhanced channel reciprocity.
collecting the RSSI proles

and

, at Alice and Bob re-

spectively. The collected RSSI proles are then enhanced by
using a
1
-norm minimization technique.
1
-norm minimiza-
tion technique is mainly used in solving underdetermined sys-
tem of linear equations. We consider

and

to be obtained
from the unknown vectors

and

such that:

where, M is a K x N orthogonal Toeplitz random sensing

matrix( < )[8]. To recover

, an initial approximation
vector
0
is obtained such that

0
=

Where

is the transpose of . Finally the vector

is
recovered from
0
by applying a
1
-norm minimization[9, 10]
on it such that

The recovered vector

is the enhanced prole of the chan-

nel. Similarly the reciprocity of Bobs RSSI prole is en-
hanced by recovering

from

. The enhanced channel pro-

les

and

are further quantized into vector bits to obtain

the preliminary keys. The lossless binary quantizer consists
of a threshold that is the mean of all the values of the en-
hanced channel prole. Values above the threshold are quan-
tized as 1 and those below the threshold are quantized as 0.
The preliminary keys are synchronized by using a localized
reconciliation method as indicated in Algorithm 1. Their pri-
vacy is amplied by generating hashes using the secure hash
algorithm 1 [7]. Thus the RSSI proles collected using gen-
eral purpose hardware like wireless cards, are enhanced using
the
1
-norm minimization technique and secret keys are even-
tually derived. In the next section we validate this method by
implementing it on a testbed.
4. PERFORMANCE EVALUATION
4.1. Testbed
The testbed consists of two Dell laptops named Alice and Bob
with an Ubuntu Linux operating system. To induce hetero-
geneity in wireless cards, the Alice laptop is equipped with
61
Algorithm 1: Key Generation from Enhanced Channel Reciprocity(KGECR)
1. The variations in the wireless channel are recorded by measuring RSSI at both Alice and Bob, to obtain the channel
prole.
2. The channel reciprocity is enhanced by performing
1
-norm minimization on the channel prole.
3. A binary quantization of the enhanced channel prole yields the preliminary key.
4. The disagreeing bits of the preliminary key are reconciled by using the localized information reconciliation technique.
This method consists of;
(a) The entire keyword is divided into sub-blocks of size .
(b) Cyclic Redundancy Check(CRC) bits for each sub-block is transmitted by Alice to Bob.
(c) Bob acknowledges back mentioning the sub-blocks that are in disagreement with Alice.
(d) Alice reconciliates only on the disagreeing sub-blocks, by transmitting the parity bits(and tail bits) of a turbo
encoder.
(e) Bob receives the parity bits(and tail bits) for the disagreeing sub-blocks, corrects the erroneous bits and
synchronizes the entire secret key.
5. The privacy of the synchronized keys is amplied by using a secure hash algorithm 1 [7], to obtain the nal secure key.
an Atheros wireless card while the Bob laptop is equipped
with an Intel Pro wireless card. An open source conguration
tool iw is used to fetch the RSSI values during the channel
measurement. To conduct the trials we congure Alice in the
base station mode and Bob in client mode.
Alice always initiates the communication with Bob. Upon
acknowledgement, Alice starts transmitting pilot symbols.
Bob in turn sends its pilot symbols. On receiving the pilot
symbols, Alice and Bob both measure the RSSI variations of
the channel.
To record the channel variations of a mobile ad-hoc net-
work, Bob is moved around Alice while Alice is kept station-
ary. The distance between Alice and Bob while measuring the
RSSI is maintained up to 200 meters. This ensures sufcient
variations in the received signal due to the multi-path nature
of the channel. The channel measurements of the mobile ad-
hoc network are recorded in different environments including
indoor lab, University campus, Cafeteria, City center, and for-
est. We also record channel variations of a vehicular ad-hoc
network by placing the laptops in two cars. The Alice laptop
is kept in the front car and the Bob laptop in the rear car. Both
the cars are driven simultaneously around the city and RSSI
variations of the vehicular channel are collected.
The collected RSSI proles are then processed in MAT-
LAB according to Algorithm 1, and secure keys are gener-
ated.
4.2. Metrics
We validate the proposed key generation scheme for the met-
rics given below:
1. Bit Disagreement Rate(BDR): BDR indicates the per-
centage of bits that are in disagreement between the
preliminary keywords of Alice and Bob.
2. Rate of key generation: The key generation rate indi-
cates the number of secret key bits generated per second
after quantization. A higher bit rate indicates a longer
key can be generated in a shorter period of time.
3. Randomness test: This indicates the randomness of the
key. The keys can be tested for their randomness using
the NIST tool [11] by calculating, a value for different
parameters as indicated in Table 1. According to NIST,
if (p 0.01) for every parameter, then the key passes
the randomness test.
4.3. Results
The average BDR is 4.5 % with a constant key generation of
3.41 bits per second. The results of the NIST randomness
test are as shown in Table 1. For all the keys and for all the
parameters, ( 0.01) hence it passes the randomness test.
We have also implemented different quantization schemes
namely the radio-telepathy [6] and ASBG [2] on the collected
RSSI proles to analyze the BDR and key generation rates
as shown in Table 2. We observe that due to the enhanced
channel reciprocity the proposed method KGECR has much
lower BDR of 4.5% as compared to the other two methods.
Due to the lossless quantization it is also much faster with a
constant key generation rate of 3.41 bits per second.
62
Table 1. Evaluation of the randomness test by the NIST tool.
Criteria Indoor lab University Campus Cafeteria City Center Forest Vehicular Channel
Frequency 1.0 0.27 0.53 0.87 0.52 1.0
Runs 0.64 0.69 0.85 0.15 0.25 0.21
Serial 0.99 0.08 0.86 0.94 0.48 0.52
Entropy 0.96 0.06 0.82 0.71 0.37 0.49
Cumulative Sums 0.82 0.47 0.75 0.89 0.60 0.99
DFT 0.47 0.47 0.47 0.47 0.47 0.47
Table 2. Performance evaluation of different key generation
schemes.
Algorithm type BDR% Key gen. rate (bps)
Radio-Telepathy 11.98 1.936
ASBG 50.54 1.275
KGECR 4.5 3.41
5. CONCLUSION
The principle of channel reciprocity is the basis for generat-
ing secret keys using variations in wireless channels. Better
key generation schemes can be developed if efcient channel
measurements are collected between Alice and Bob. We im-
prove the channel reciprocity by performing a
1
-norm min-
imization on the collected RSSI proles. A preliminary key
is thereafter generated at a BDR of 4.5 % and key genera-
tion rate of 3.41 bits per second. The preliminary keys are
synchronized using a localized reconciliation technique and
their privacy is amplied by generating secure hashes. All
the keys pass the randomness test. Hence we conclude that
by adopting
1
-norm minimization on the channel proles, it
is possible to record channel measurements from devices like
wireless cards and yet be able to generate, efcient and secure
secret keys.
6. REFERENCES
[1] William C. Jakes. Microwave Mobile Communications.
John Wiley and Sons Inc., 1974.
[2] S. Jana, S. Premnath, M. Clark, S. Kasera, N. Patwari,
and S. Krishnamurthy. On the effectiveness of secret
key extraction from wireless signal strength in real en-
vironments. In Proc. of MobiCom 09, Beijing, China,
2009.
[3] A. Hassan, W. Stark, J. Hershey, and S. Chennakeshu.
Cryptographic key agreement for mobile radio. Digital
Signal Processing, 1996.
[4] B. Sadjadi, A. Kiayias, A. Mercado, and B. Yener. Ro-
bust key generation from signal envelopes in wireless
networks. In Proc. of CCS 07, 2007.
[5] T. Aono, K. Higuchi, T. Ohira, B. Komiyama, and
H. Sasaoka. Wireless secret key generation exploiting
reactance-domain scalar response of multipath fading
channels. IEEE Trans. on Antennas and Propagation.,
November 2005.
[6] S. Mathur, M. Narayan, Y. Chunxuan, and A. Reznik.
Radio-telepathy: Extracting a secret key from an unau-
thenticated wireless channel. In Proc. of MobiCom 08,
San Fransico, USA., 2008.
[7] NIST. Secure Hash Standard. Federal information pro-
cessing standards, 2002.
[8] J. Haupt, W. Bajwa, G. Raz, and R. Nowak. Toeplitz
compressed sensing matrices with applications to sparse
channel estimation. In Annual Conference on Informa-
tion Sciences and Systems, 2008.
[9] E. Candes. Compressive sampling. In International
Congress of Mathematicians, Madrid, Spain., 2006.
[10] E. Candes and J. Romberg. l1-magic: Recovery of
Sparse Signals via Convex Programming, October 2005.
[11] NIST. A statistical test suite for random and pseudoran-
dom number generators for cryptographic applications,
2001.
63