Ambekar

From Physical Layer Security
Jump to: navigation, search

So far, there are various ways of possible key generation for secure wireless communication. One of them is the so-called Channel-Reciprocity based Key Establishment (CRKE) which makes use of the random variations of the wireless channel. The physical layer, thanks to its randomness, possibly provides much entropy because of the randomness of signals caused by movement, interfering signals, and the general noise. Research has shown that, in general, it is hardly possible to receive the same the data if both receivers (say Bob and Eve) are physically very close (up to 3 cm). The important step for extracting secure keys from the data provided by the wireless channel is the so-called quantization. It describes the process of mapping the measurable energy levels to a binary code, which serves as the secret key later.

Background

The Wirless Channel

The "air" is full of waves which can be measured by certain hardware. A huge variety of technical products uses these waves for different purposes. They are utilized in everyday applications like radio, TV, microwaves or wireless car-keys as well as rather special applications as communication via satellite or in the military.

Scientifically the wireless channel is defined as follows. Every receiver has a different channel H. This channel H is given by an amplitude and a phase per frequency[1] of a car and a corresponding key.

Simplified illustration of the wireless communication
Schematic illustration of the waave-signal produced by the signal

There are several effects that ínfluence the signal's waveforms. Its propagation is characterized by the nature of never having real point-to-point communication and the obstruction by diffraction and reflection of the signals. The properties of the wireless channel can be described as follows:

  1. Reciprocity: "If estimation is done simultaneously, both [measures have] (almost) the same characteristics"
  2. Diversity: "[The channel] decorrelates fast over distance due to [the] overlay of
  3. Randomness: "[The channel] contains [a] high amount of entropy due to [the] overlay of scattering, refraction, and shadowing."

Attacker

The channel model consists of three parties namely Alice and Bob, the legitimate communication partners, as well as Eve, the attacker. While they all use a different channel as depicted below there is still a correlation between measurements described by Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://api.formulasearchengine.com/wikimedia.org/v1/":): {\displaystyle H_{XY} = - H_{YX}} where H is the channel and X and Y. So Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://api.formulasearchengine.com/wikimedia.org/v1/":): {\displaystyle H_{XY}} describes the signal from X to Y and Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://api.formulasearchengine.com/wikimedia.org/v1/":): {\displaystyle H_{YX}} from Y to X.

Schematic illustration of the waave-signal produced by the signal

The attacker Eve can be passive and/or active. A passive attack the situation that the attacker is only able to "listen" in the channel whereas an active attack also allows Eve to intercept signals or even send own ones.

Key Generation

The key generation process consists of several distinct steps which will not be covered in detail here but roughly outlined for better understanding.

Fig.2

The illustration above [Fig. 2][2] shows that the input, after being measured runs through the procedure of "enhancing reciprocity" first. This step ensures, that the data Alice and Bob work with is as similar as possible because if it was not, the keys they calculate were different. There are various methods of enhancing channel reciprocity. The three most important ones are Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://api.formulasearchengine.com/wikimedia.org/v1/":): {\displaystyle l_1-norm} minimization, polynomial regression, and Kalman Filtering. The quantization process is the step where the physical information is calculated to represent a binary code. Although Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://api.formulasearchengine.com/wikimedia.org/v1/":): {\displaystyle H_{AB}} and Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://api.formulasearchengine.com/wikimedia.org/v1/":): {\displaystyle H_{BA}} are very similar and the values are being adjusted through enhancing reciprocity, there is always still a possibility that single bits are different for Alice and Bob after quantization. So the step of information reconciliation ensures that both work with the same bit material for the secret key by applying common bit error correcting codes. The last step before the final key is ready is the so-called "privacy amplification". Here a secure hash with the same hash-algorithm is calculated for Alice's and Bob's bit string which then serves as the key.

Quantization Scheme

The received signal strength indicators (RSSI) whom's reciprocity is already being enhanced are quantized using a variety of different steps.

  1. Alice and Bob divide the RSSI profile into blocks of size 10.
  2. Each of the blocks is quantized based of the following scheme:
    1. Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://api.formulasearchengine.com/wikimedia.org/v1/":): {\displaystyle Level 1 = [-\infty, \hat m -\frac {\sigma}2] \rightarrow 00}
    2. Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://api.formulasearchengine.com/wikimedia.org/v1/":): {\displaystyle Level 2 = [\hat m -\frac {\sigma} 2, \hat m] \rightarrow 01}
    3. Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://api.formulasearchengine.com/wikimedia.org/v1/":): {\displaystyle Level 3 = [\hat m, \hat m +\frac \sigma 2, \hat m] \rightarrow 11}
    4. Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://api.formulasearchengine.com/wikimedia.org/v1/":): {\displaystyle Level 4 = [\hat m +\frac {\sigma}2, \infty ]\rightarrow 10}
      where Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://api.formulasearchengine.com/wikimedia.org/v1/":): {\displaystyle \hat m=\sum_{i=1}^{n}x_i} and Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://api.formulasearchengine.com/wikimedia.org/v1/":): {\displaystyle \sigma} as the variance of each RSSI block, which calculates to Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://api.formulasearchengine.com/wikimedia.org/v1/":): {\displaystyle \sigma =\frac 1n \sum_{i=1}^n (xi-\hat m)^2} , with xi as the values of the RSSI block and blocksize Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://api.formulasearchengine.com/wikimedia.org/v1/":): {\displaystyle n=10} . To visualize this procedure see the following graphic [Fig.3].
      Fig. 3
  3. Alice and Bob Graycode each quantization level. Graycoding is a common technique to transform decimal values to a binary codeword.
  4. Alice transmits samples with their corresponding quantization level to Bob. Thus, Bob can compare this information to his quantization results.
  5. If the samples from Alice lay in the same quantization levels, Bob sends an acknowledgment. This ensures that both parties work with the same values.

Although, there have already been several steps to match Alice's and Bob's values there always still a change that single bits are different. So one of the last steps proposed in the scheme is the one of Information Reconciliation. Making use of so-called "Turbo codes" the keys are synchronized. Lastly Privacy Amplification, which ensures that key prediction attacks are not possible is applied to the two key strings by using a secure hash function (note that the scientists Ambekar et al. proposed SHA-1 for privacy amplification but recent research has shown that SHA-1 is vulnerable to several attacks [3], so it would be more desirable to apply e.g. SHA-3, which is until now, invulnerable).

Adversary Model

The adversary model considers two attackers, Eve and Janet. They are capable of the following:

  1. As resourceful as Alice and Bob.
  2. Can eavesdrop the entire communication between Alice and Bob.
  3. Position is arbitrary.

Eve and Janet are on the other hand not able to execute active attacks. The scheme is not immune to jamming and man-in-middle-attacks, whereat one needs to consider that these are not necessarily threads to the quantization scheme itself but rather to the key generation concept in general.

Results

Scientists Ambekar et al. undertook several tests for their scheme, simulating the channel conditions of a mobile ad-hoc network (for which the key generation scheme could be applied) and compared the "real" key which Alice and Bob calculated with the adaptive quantization scheme to those Eve and Janet were able to calculate. Therefore it was possible to estimate the security of the algorithm. They validated the scheme by means of several metrics:

  1. Bit disagreement rate (BDR): percentage of bits in disagreement in the preliminary keys
    ⇒between 3.02% and 6.21% depending on the reciprocity enhancement method
  2. Key generation rate (KGR): number of bits generated per second
    ⇒between 3.2 and 3.39 depending on the reciprocity enhancement method
  3. Test of Randomness: a NIST (National Institute of Standard and Technology) tool is used to validate the randomness of the generated key
    ⇒all methods pass the NIST test and are therefore certified for key usage
  4. Eavesdropper Test: the BDR of the key Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://api.formulasearchengine.com/wikimedia.org/v1/":): {\displaystyle Alice\leftrightarrow Eve} (here: ≈42.72%) and Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://api.formulasearchengine.com/wikimedia.org/v1/":): {\displaystyle Alice\leftrightarrow Janet} (here: ≈51.72%) is compared to Alice's and Bob's BDR
    ⇒ these values of a bit disagreement of around 50% make it impossible for Eve and Janet to reconstruct the real key

References

  1. https://moodle.ruhr-uni-bochum.de/m/pluginfile.php/666235/mod_journal/entry/431/physec.zip
  2. https://moodle.ruhr-uni-bochum.de/m/pluginfile.php/666235/mod_journal/entry/431/adaptive%20quantization.zip
  3. https://shattered.io/static/shattered.pdf