Secret Key Establishment via Channel Measurement: Resource Page

This is a list of published papers in the area of using measurements of bi-directional radio channel properties in order to generate a unique and secret shared key. Please email Neal Patwari with comments or suggestions.

  1. [Croft 2010]: J. Croft, N. Patwari and S. K. Kasera, "Robust Uncorrelated Bit Extraction Methodologies for Wireless Sensors," in Proc. of the ACM/IEEE International Conference on Information Processing in Sensor Networks, 14 April, 2010. (pdf) Presents the ARUBE method, several methodologies which allow robust secret key extraction from radio channel measurements which suffer from real-world non-reciprocities and a priori unknown fading statistics. These methodologies have low computational complexity, automatically adapt to differences in transmitter and receiver hardware, fading distribution and temporal correlations of the fading signal to produce secret keys with uncorrelated bits. The method produces secret key bits at a higher rate than previously reported, and is validated using extensive measurements between TelosB wireless sensors.
  2. [Wilhelm 2010] M. Wilhelm, I. Martinovic, and J.B. Schmitt, "Secret keys from entangled sensor motes: implementation and analysis", in WiSec 2010, pp. 139-144. (pdf) Considers encoding RSS measurements to a secret key, but uses multiple frequency, in addition to multiple temporal, measurements, to achieve high entropy even with static transmitter and receiver.
  3. [Jana 2009]:S. Jana, S. P. Nandha, M. Clark, S. K. Kasera, N. Patwari, and S. Krishnamurty, "On the Effectiveness of Secret Key Extraction Using Wireless Signal Strength in Real Environments," in Proc. of the ACM SigMobile International Conference on Mobile Computing and Networking (Mobicom-09), 20-25 September 2009. (pdf) A measurement-based evaluation of RSS-based secret key extraction. Results show that (i) in certain environments, due to lack of variations in the wireless channel, the extracted bits have very low entropy making these bits unsuitable for a secret key, (ii) an adversary can cause predictable key generation in these static environments, and (iii) in dynamic scenarios where the two devices are mobile, and/or where there is a significant movement in the environment, high entropy bits are obtained fairly quickly. Presents an adaptive secret key generation scheme that uses an adaptive lossy quantizer in conjunction with Cascade-based information reconciliation and privacy amplification.
  4. [Chou 2009]: T.-H. Chou, A. Sayeed and S. Draper, "Minimum Energy Per Bit for Secret Key Acquisition Over Multipath Wireless Channels," ISIT 2009, June/July 2009. (pdf).
  5. [Patwari 2009]: N. Patwari, J. Croft, S. Jana, and S. K. Kasera, "High Rate Uncorrelated Bit Extraction for Shared Secret Key Generation from Channel Measurements," IEEE Transactions on Mobile Computing, (appeared online 26 May 2009). (pdf) Addresses bit extraction. Introduces high rate uncorrelated bit extraction (HRUBE), a framework for (1) interpolating, (2) transforming for de-correlation, and (3) encoding channel measurements using a multi-bit adaptive quantization scheme which allows multiple bits per component. Provides analysis of the probability of bit disagreement in generated secret keys using a Gaussian assumption, and experimental data to show generation of 22 bps at a bit disagreement rate of 2.2%, or 10 bps at a bit disagreement rate of 0.54%.
  6. [Wallace 2009b]: Jon W. Wallace, "Secure Physical Layer Key Generation Schemes: Performance and Information Theoretic Limits," in IEEE International Conference on Communications (ICC 2009), 14-18 June 2009, Dresden, Germany. (pdf). Presents mutual information 'secret bit' rate bounds from theory and theoretical channel models. Analyzes (using simulation) two quantization schemes: standard quantization, and quantization with guard bands. Analyzes (using simulation) 'random pre-encryption', the transmission of the (obfuscated) secret key from one node to the other. Contains more details than [Wallace 2009a], but does not include adaptive quantization or random pre-encryption.
  7. [Wallace 2009a]: Jon W. Wallace, Chan Chen, and Michael A. Jensen. "Key Generation Exploiting MIMO Channel Evolution: Algorithms and Theoretical Limits," in 3rd European Conference on Antennas and Propagation (EuCAP 2009), 23 - 27 March 2009, Berlin, Germany. (pdf). Presents mutual information 'secret bit' rate bounds from theory and theoretical channel models. Analyzes (using simulation) quantization schemes such as standard quantization, quantization with guard bands, and adaptive quantization and compares them to the bounds. Analyzes (using simulation) 'random pre-encryption', the transmission of the (obfuscated) secret key from one node to the other.
  8. [Bloch 2008]: Matthieu Bloch, João Barros, Miguel R. D. Rodrigues, and Steven W. McLaughlin, "Wireless Information-Theoretic Security," in IEEE Transactions on Information Theory, Vol. 54, No. 6, June 2008, pp. 2515-2534. (pdf 1), (pdf 2).
  9. [Mathur 2008]: Suhas Mathur, Wade Trappe, Narayan Mandayam, Chunxuan Ye, and Alex Reznik, "Radio-telepathy: Extracting a Secret Keyfrom an Unauthenticated Wireless Channel," to appear in ACM Mobicom 2008, Sept 2008, (pdf). This paper extracts 1 secret bit per second using measurements from 802.11a packets. It uses the amplitude of the maximum peak of the CIR, recorded over time, as the channel measurement.
  10. [Ghoreishi 2008]: Masoud Ghoreishi Madiseh, Michael L. McGuire, Stephen W. Neville, and Ali Asghar Beheshti Shirazi, "Secret Key Extraction in Ultra Wideband Channels for Unsynchronized Radios," in Proc. of the 6th Annual Conference on Communication Networks and Services Research (CNSR2008), Halifax, Nova Scotia, Canada, May 5-8, 2008, pp. 88-95. (pdf). This work uses models for UWB channels to analytically compute mutual information, i.e., bounds on the size in bits of a shared secret based on a single reciprocal UWB channel measurement.
  11. [Sayeed 2008]: Akbar Sayeed and Adrian Perrig, "Secure wireless communications: Secret keys through multipath", in IEEE ICASSP 2008, March 31-April 3, 2008, pp. 3013-3016, (pdf). The authors consider quantized-phase keys for the multiple carriers in OFDM. They analyze probability of key disagreement given an AWGN channel. When keys do not agree, they analyze the energy cost of retransmission vs. the energy cost of increasing transmit power s.t. higher SINR can be achieved.
  12. [Nitinawarat 2007]: Sirin Nitinawarat, "Secret key generation for correlated Gaussian sources," in Proceedings of the 45th Annual Allerton Conference on Communication, Control, and Computing, Monticello, IL, 2007, p. 1054. (pdf). An information theoretic paper considering the generation of shared bits from a correlated Gaussian random source. Uses nested lattice codes and vector quantization. Requires communication of the bits from one terminal to the other. Proofs show that the scheme achieves the mutual information limit as the rate of the quantizer goes high.
  13. [Azimi-Sadjadi 2007]: Babak Azimi-Sadjadi, Aggelos Kiayias, Alejandra Mercado, Bulent Yener, "Robust Key Generation from Signal Envelopes in Wireless Networks," In Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS’07), October 29–November 2, 2007, Alexandria, Virginia, pp. 401-410. (ACM Portal). This paper addresses key agreement via signal envelope (channel gain), and in particular, via the deep fades which periodically occur in mobile channels. The authors provide a model for deep fades, and quantify the entropy in the deep fading process based on a channel model and probabilistic analysis. They also provide an algorithm for secure fuzzy information reconciliators, which allows for a noisy measurement (in one direction) to be reconciled to be the same as the noisy measurement in the other direction, as long as they are relatively similar. Simulation results are presented.
  14. [C. Ye 2007]: Chunxuan Ye, Alex Reznik, Gregory Sternberg and Yogendra Shah, "On the Secrecy Capabilities of ITU Channels," in IEEE Vehicular Technology Conference, (VTC-2007 Fall), Sept. 30 2007-Oct. 3 2007, pp. 2030-2034 (pdf). These authors from InterDigital Communications discuss and simulate using a measured impulse response as a shared secret. They use an iterative deconvolution technique to find and encode the multipath which exist in the measurement. They send a coded version of the message over the channel in order to aid in the agreement between the secret keys at the two ends of the link. Simulations use three standard multipath channels specified by the ITU. Link to their US patent.
  15. [Wilson 2007]: Robert Wilson, David Tse, and Robert A. Scholtz, "Channel Identification: Secret Sharing Using Reciprocity in Ultrawideband Channels," IEEE Transactions on Information Forensics and Security, Sept. 2007, Vol. 2, No. 3, pp. 364-375, (pdf). Appeared at the same time in IEEE International Conference on Ultra-Wideband, 2007 (ICUWB 2007).
  16. [Z. Li 2006]: Zang Li, Wenyuan Xu, Rob Miller, and Wade Trappe, "Securing wireless systems via lower layer enforcements," In Proc. 5th ACM Workshop on Wireless Security (WiSe’06), pages 33–42, Sept. 2006, (pdf). The authors discuss both channel-based authentication and channel-based secret key exchange using the channel impulse response, either in the time domain or in the frequency domain. In the key exchange section, a 'probabilistic encoding' approach is taken to allow two legitimate users to agree on a key while excluding an eavesdropper who presumably knows little about the channel. The authors implement a 3-channel channel measurement in GNU radio and use an 8-bit quantization of the amplitude gain in each channel to generate a 24-bit signature and show that it is unique to each of the measured receiver locations.
  17. [C. Ye 2006]: Chunxuan Ye, Alex Reznik and Yogendra Shah, "Extracting Secrecy from Jointly Gaussian Random Variables," in 2006 IEEE International Symposium on Information Theory (ISIT'06), July 2006, pp. 2593-2597. (IEEExplore). Uses multiple realizations of the complex channel gain in order to generate a shared secret key. Uses transmission of a coded string in order to ensure agreement of the secret.
  18. [Aono 2005]: Tomoyuki Aono, Keisuke Higuchi, Takashi Ohira, Bokuji Komiyama, and Hideichi Sasaoka, "Wireless Secret Key Generation Exploiting Reactance-Domain Scalar Response of Multipath Fading Channels," IEEE Transactions on Antennas and Propagation, Nov. 2005, Vol. 53, No. 11, pp. 3776-3784. (IEEExplore). Proposes using statistics of the angle-of-arrival as a signature. Different beam patterns are used sequentially in this method, and RSS is measured for each beam pattern. Uses Chipcon CC2420 at both ends; an access point has a programmable phased array antenna. Uses block-code based syndrome to correct errors.
  19. [Tope 2001]: Michael A. Tope and John C. McEachen, "Unconditionally secure communications over fading channels," in Military Communications Conference (MILCOM 2001), vol. 1, Oct. 2001, pp. 54-58, (IEEExplore). Authors propose encoding the change in envelope during a transmission to encode and decode transmitted messages. Bits are encoded by selecting samples with envelope in (gamma_l, gamma_k) where 0 < gamma_l < gamma_2 < infinity. Then each such sample is encoded as a 0 or 1 based on the sign of the change in envelope. Uses Gaussian noise assumptions to analyze the probabilities of getting enough bits, and secret agreement.
  20. [Maurer 1999]: Ueli Maurer and Stefan Wolf, "Unconditionally secure key agreement and the intrinsic conditional information", IEEE Transactions on Information Theory, vol. 45, no. 2, pp. 499-514, 1999, (ps). An information theoretic bound for secrecy rate between two nodes in the presence of an eavesdropper node when each node has access to one of correlated random variables. It does not assume that these correlated random variables are channel-related, but does assume that the two nodes can exchange messages over some public channel.
  21. [Hassan 1996]: Amer A. Hassan, Wayne E. Stark, John E. Hershey, and Sandeep Chennakeshu, "Cryptographic Key Agreement for Mobile Radio," Elsevier Digital Signal Processing, Vol. 6, pp. 207–212, 1996, (pdf). This article reviews the work of [Hershey 1995] and applies it to multiple measurements over time. The article also discusses using coding to establish more reliable keys.
  22. [Hershey 1995]: John E. Hershey, Amer A. Hassan, and Rao Yarlagadda, "Unconventional cryptographic keying variable management," IEEE Transaction on Communications, Vol. 43, No. 1, pp. 3-6, Jan. 1995. (IEEExplore). This letter suggests the use of a two-tone signal in order to measure and encode the phase difference for use as a shared secret key.