Key Extraction Principles

From Physical Layer Security
Jump to: navigation, search

Physical Layer Security can be used to extract secret keys from random properties of the wireless channel. We primary focus the CRKE The wireless channel provides three valuable properties which are of increased interest for wireless physical layer security. The key extraction is based on several physical principles of the wireless channel. These principles are described in the following part about concrete Key Extraction Principles and there are deeper insights in the chapter Radio Wave Propagation and the Wireless Fading Channel. The following part Related Work on Key Extraction Procedure gives an overview of the CRKE systems of interest. The architecture is a hybrid solution of PLS and cryptography. The encryption is based on classical cryptography while the key extraction is based on PLS.


Key Extraction Principles

The wireless channel provides three valuable properties which are of increased interest for WPLS. Figure 2.1 illustrates these properties, which are: channel reciprocity, spatial diversity, and randomness.

Figure 2.1: A simplified wireless channel model is given. (a) illustrates the three properties: symmetry, spatial diversity, and randomness. The spatial channel (de-)correlation versus distance (e.g., Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://api.formulasearchengine.com/wikimedia.org/v1/":): {\displaystyle d_{BC}} ) is illustrated for each node (shadowing). The coherence region (radius Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://api.formulasearchengine.com/wikimedia.org/v1/":): {\displaystyle l_c} ) close to a node depends on the environment. Randomness can be extracted from the channel, because of wave propagation and multipath effects of the complex and time-varying environment. (b) and (c) shows that the random variable is a substitution of several radio waves. The sum of all components results in a complex channel profile.

Bidirectional Channel-Reciprocity of Radio Wave Propagation

Essentials The first key feature of the wireless channel is its symmetry, which can be exploited and utilized due to common channel sampling by transceiver A and transceiver B. Without taking noise, interference and non-linear components into account the symmetry relies on the principle of antenna reciprocity [1] and channel reciprocity [2]. In other words, the common radio channel from A to B is symmetric to the channel from B to A. While antenna reciprocity is high and constant, a symmetric observation of A and B is only given if both channel measurements are done within the environmental-dependent and movement-dependent coherence time. For most practical channels, this reciprocity properties holds and is easily measurable [3]. In Figure 2.1 we illustrate the symmetry of the wave propagation using ray tracing.

Details. The wireless channel is measured and characterized by the changes a signal takes by traveling through it. The channel is conjugate complex reciprocal if the signal changes on the go and return direction are similar. However, the go and return direction can differ in time and frequency. Due to frequency dependent environments (due to frequency selective materials) as well as time-dependent environments (due to motion), the reciprocity depends on (a) the duration of the bidirectional channel probing in relation to the speed of moving obstacles and (b) on the potential frequency separation of the up and down band. Further details of the corresponding coherence time and coherence bandwidth is given in Section 2.2.3and in Section 2.2.4, respectively.

Spatial Channel Diversity

Essentials. The second property of radio channel, we like to introduce as key feature, is the spacial decorrelation or channel diversity. Channel profiles observed by a third party C correlate to the ones of B. The correlation strength is a function of A’s, B’s, and C’s positions relatively to the environment. This property is essential for the security of key extraction schemes. Based on theoretic models, it has been claimed in most key extraction papers that any eavesdropper located more than one half-wavelength away from either party experiences uncorrelated multipath fading. The related security parameter is the so-called coherence length lc. This parameter defines a minimum distance between an attacker and the legitimate node. The distance is derived by the maximum correlation strength the attacker might achieve in the environment of interest.

Details. A precise model is given where the half-wavelength claim holds. The statistical multipath channel model was introduced by William C. Jakes in 1974 [2] and shows the following. If Jake’s Rayleigh model is applied in a uniform scattering environment, where the number of scatters grows to infinity, and no Line-of-Sight (LoS) path is given, the signal decorrelates over a distance of approximately 0.4 wavelength [4]. For example, if uniformly distributed scatterers are given, and channel variations occur, such as due to moving scatterers, transmitter, and receiver nodes, the spatial decorrelation of the channel amplitude is a zero-order Bessel function, whereby the first zero correlation is given after ~ λ/2 and λ is the wavelength of the carrier [5]. Figure 2.2 shows the zero-order Bessel function of a carrier frequency of 2.4 GHz (and a corresponding wavelength of 12.5 cm). Therefore, the correlation/mutual information between the channel A <--> B and A <--> C has a dBC distance-dependent or proximity-dependent behavior (cf. shading in Figure 2.1). However, a more advanced research question is how the channel (de-)correlation conducts if the requirements for Jake’s Doppler spectrum are not fully given (e.g., scatterers are not uniformly distributed).

Figure 2.2. Zero-order Bessel function versus distance.

Radio waves are affected by large-scale fading and small-scale fading [6]. Large-scale fading is coming from path loss and shadowing. Small-scale variations of the channel are coming from constructive and destructive additions of multipath radio wave components. Small-scale variations are precipitated by multipath propagation, speed of the mobile, speed of surrounding objects, and the transmission bandwidth of the signal. Figure 2.3 illustrates a potential signal power dependency over distance for a rich multipath environment. More theoretical details of the spatial channel diversity are given in Section 2.2.1, Section 2.2.2. Some experiments have also shown these properties [7][8][9][10]. However, not all environments provide the circumstances of fast spatial decorrelation [11]. That the channel is more correlated over a larger distance is especially true when large-scale fading is dominant. We tackle this question within our research and introduce our recent results in Chapter 4.

Randomness from Temporal Variation

Essentials. The third key-feature is the randomness of the radio channel. A complex and dynamic environment leads to an unpredictable evolution of wave propagation effects, such as diffraction, scattering, and reflection (cf. Figure 2.3).

Figure 2.3: For a rich multipath environment, the signal power versus distance is illustrated. We show how path lost, large-scale propagation effects, and small-scale propagation effects can afflict a radio signal.

The degree of freedom depends on the effective channel bandwidth both parties can exploit. The amount of randomness — or degree of freedom — is dependent on several factors of several domains:

  1. Frequency domain:
    • Bandwidth
  2. Spatial domain:
    • Number of antennas and its separation distance
    • Characters of the environment
  3. Doppler domain: entropy rate (origins by the amount of movement in relation to the sampling rate)

If a single channel profile does not provide sufficient entropy to fulfill the required security level, multiple measurements are required. Note that temporal independence in subsequential channel measurements is given if the sampling interval large compared to the coherence time of the channel. The wireless channel for key extraction, represented by location-specific, reciprocal, and time- varying channel measurements, has to be considered as an RNG for cryptography. In particular this includes a secure modus operandi for the potential case of a breakdown of the entropy source as well as a thorough evaluation of the physical source of randomness with respect to:

  • Bias (unequal distribution, leaked information),
  • Correlation (temporal dependency),
  • Agility (spectrum), and
  • Manipulability.

Details. As we demonstrate later in Chapter 6, that online statistical testing is essentially relevant to security by considering non-stationary and memory-afflicted processes for RNGs.

References

  1. Glenn S. Smith. A direct derivation of a single-antenna reciprocity relation for the time domain. Antennas and Propagation, IEEE Transactions on, 52(6):1568–1577, June 2004.
  2. 2.0 2.1 William C. Jakes. Microwave Mobile Communications. John Wiley and Sons Inc., 1994
  3. Syed Taha Ali, Vijay Sivaraman, and Diethelm Ostry. Zero reconciliation secret key generation for body-worn health monitoring devices. In Marwan Krunz, Loukas Lazos, Roberto Di Pietro, and Wade Trappe, editors, Proceedings of the Fifth ACM Conference on Security and Privacy in Wireless and Mobile Networks, WISEC 2012, Tucson, AZ, USA, April 16-18, 2012, pages 39–50. ACM, 2012.
  4. Andrea Goldsmith. Wireless Communications. Cambridge university press, 2005.
  5. Ezio Biglieri, A. Robert Calderbank, Anthony G. Constantinides, Andrea Goldsmith, and Arogyaswami Paulraj. MIMO Wireless Communications. Cambridge University Press, 2010.
  6. v.s.[5]
  7. Sana Tmar Ben Hamida, Jean-Benoˆıt Pierrot, and Claude Castelluccia. Empirical analysis of UWB channel characteristics for secret key generation in indoor environments.
  8. Masoud Ghoreishi Madiseh, Shuai He, Michael L. McGuire, Stephen W. Neville, and Xiaodai Dong. Verification of secret key generation from UWB channel observations.
  9. Christian T. Zenger, Jan Zimmer, and Christof Paar. Security analysis of quantization schemes for channel-based key extraction. ICST Trans. Security Safety, 2(6):e5, 2015.
  10. Christian T. Zenger, Mario Pietersz, Jan Zimmer, Jan-Felix Posielek, Thorben Lenze, and Christof Paar. Authenticated Key Establishment for Low-Resource Devices Exploiting Correlated Random Channels. Computer Networks Journal, 2016.
  11. Xiaofan He, Huaiyu Dai, Wenbo Shen, Peng Ning, and Rudra Dutta. Toward proper guard zones for link signature. IEEE Trans. Wireless Communications, 15(3):2104–2117, 2016.