# Difference between revisions of "Channel Parameters"

Since channel measurement mechanisms are always virtually implemented in wireless commu- nication interfaces, PLS primitives are applicable and enable novel security approaches. For example, using channel profiles/parameter — measured by two bidirectionally communicating parties — is an attractive source of joint entropy. Channel profiles provide access to the random source originated by unpredictable character- istics of the channel. Therefore, they are the most essential part of CRKE. Next, we review CSI, RSSI, LQI , and others.

Virtually all wireless interfaces provides RSSI values, including systems modulated by Direct Sequence Spread Spectrum (DSSS) or Frequency Hopping Spread Spectrum (FHSS). The RSSI is currently widely used for key extraction, especially for practice-oriented research and implementations. The average power level of a received signal that is identified as a packet (or part of a packet) is referred as Received Signal Strength (RSS), and the RSSI is an indicator of the RSS. A clear definition of the indication is often not given and, therefore, excludes the corresponding hardware for serious security applications. The instantaneous power of the received signal is usually not reported by the wireless interface. Usually, one RSSI value can be obtained from each received packet. In IEEE 802.15.4 instead of RSSI, a so called LQI is used for the characterization of the strength and/or quality of a received packet. The standard defines two approaches to examine the LQI value [1]. The first is called Energy Detection (ED). It is measuring the received signal power for a time of 8 symbol periods (equivalent to 32µs) within the selected channel. The measured value is an 8 bit integer that is mapped linearly between the receiver sensitivity specification. The second approach considers a SNR estimation and can be used instead of or in combination with the first one. In IEEE 802.11 RSSI was intended to be used as a relative value within the chipset. The standard does not define any particular accuracy or precision. It also does not have to asso- ciated with any particular mW scale. Because of this imprecise definition RSSIs reported by an IEEE 802.11 chip may probably not be consistent between two vendors [2]. Concerning the text[3] they conversion from RSSI to mW is described for the vendors: Atheros, Symbol, and Cisco. It is further demonstrated that the corresponding minimum, maximum, and step size mW-values differ between vendors. The IEEE 802.11 standard defines a second parameter, the Signal Quality (SQ). It is referred to the PN code correlation strength which is a measure of the correlation between the received DSSS signal and an original DSSS signal. Therefore, SQ can be used as a metric of the amount of corruption in the environment between both communicating parties. Of course, the SQ is only provided for sub-standards where DSSS is applied, e.g., 802.22b. Many RSSI-based key extraction systems were introduced in the past. Most are based on IEEE 802.11 systems [4] [5] [6] [7] [8] [9] or IEEE 802.15.4 [10] [11] [12] [13] [14] [15] [16] [17] [18] , systems. Other variants are based on frequency hopping [19]. Jana et al. [5] reported vulnerability of RSSI-based approaches to predictable channel attacks. The drawback of RSSI is that it fails to capture the multipath effects. Mathur et al. Cite error: Invalid <ref> tag; name cannot be a simple integer. Use a descriptive title and Jana et al. [5] included brief thoughts on potential attacks in their proposals. Simple countermeasures against spoofing attacks by active adversaries were introduced by Mathur et al. [4] and Ye et al. [20]. There has also been some work that deals with temporal cor- relation of samples, such as principal component analysis [21], beamforming [22] or linear prediction [23].

## Channel State Information (CSI)

Break-through techniques resort to finer-grained wireless channel measurement than RSSI. Using channel response, the PHY-layer is able to discriminate multipath characteristics, and thus holds the potential for better equalization of the receiver and transmitter filters. This more fine-grade channel parameter is called CSI. In IEEE 802.11 a/g/n it is defined as reflecting channel response. In a conceptual sense, Yang et al. said [The] channel response is to RSSI what a rainbow (color spectrum) is to a sunbeam, where components of different wavelengths are separated. [24]. CSI are mainly referred to CIR and Channel Transfer Function (CTF). Both have attracted many research efforts and some pioneer works have demonstrated a high performance increase for CRKE [25]. Furthermore, CSI-based key extraction has been exper- imentally proved to be immune to predictable channel attacks [26].

## Channel Impulse Response (CIR)

The wireless propagation channel modeled as a temporal linear filter is known as CIR. The CIR h(τ,t) is capable to fully characterize the individual paths (including the sum of all multipath components according to the tapped-delay-line model) and can be given as

$\displaystyle h(\tau,t) = \sum_{n=1}^{N(t)}\alpha_n(t)e^{-j\phi_n(t)}\delta(t- \tau_n(t))$

Calculation 2.11

and

$\displaystyle \phi_n(t) = 2\pi f_c\tau_n(t) - \delta D_n(t) - \delta_0$

Calculation 2.12

where $\displaystyle \alpha_n(t)$ is the amplitude attenuation, $\displaystyle \phi_n(t)$ the phase shift, and math>\tau_n(t)[/itex] the time delay of the n th tap. N(t) is the total path number $\displaystyle \delta(\cdot)$ the Diract function. CIR as a complex measure, are usually interpreted in its amplitude and phase information. Several schemes for key extraction were introduced using information of the phase shift $\displaystyle \phi_n(t)$ [27]. The proposed schemes differ in usage of wideband systems [28] and narrowband systems [29]. In narrow band systems, the phase is often decreased to a single-dimension parameter. Phase information is UWB settings have not been identified yet. The accumulation of more than one phase information collected in series leads to applications such as group and cooperative key extraction [30]. Except for the work of Mathur et al. [31] no practical system have been reported yet, especially not for wideband-based systems. The reason for this might be the high vulnerability of the phase to noise, carrier frequency offset, asynchronous clocks (or clock shift), an asynchronous clock drifts at the transmitter and receiver. The second approach for CIR-based key extraction is using the amplitude (of course a combination of both amplitude and phase is conceivable). Here the research focuses on UWB settings, where the amplitude can be estimated by sending a narrow approximation of a Dirac function) pulse signal [32]. Such systems are usually based on special hardware setups (far away from practical usage) using network analyzer, waveform generators and oscilloscopes. In narrow band systems, the amplitude of a CIR is often decreased to a single-dimension parameter, which represents the received power [33].

## Channel Transfer Function (CTF)

The CTF is the representation of the CIR in the frequency domain and can be given by its Fourier transform:

$\displaystyle H(f,t) = \int_0^{\tau_{max}}h(\tau, t=)e^{-j2\pi f\tau}\mathrm {d\tau}$

Here $\displaystyle \tau_{max}$ is the maximum channel delay. Measurements of the channel using Orthogonal Frequency-Division Multiplexing (OFDM) provide a noisy CTF $\displaystyle \hat{H}(f,t)$ , which can be written as:

$\displaystyle \hat H(f,t) = H(f,t) + \hat n(f,t)$
Caluclation: (2.14)

where $\displaystyle \hat n(f,t)$ is the noise effect in the frequency domain. Most CTF-based key extraction systems have been implemented on top of IEEE 802.11 OFDM systems [34]. For practical implementations, it is recommended to use only the amplitude, due to the carrier frequency offset, asynchronous clocks (or clock shift), an asynchronous clock drifts at the transmitter and receiver. Unfortunately, the interfaces of most Wi-Fi chips do not provide (documented) CSI. A current exception is the Intel Wi-Fi Link 5300 [35]. Software-Defined Radio (SDR)s are also able to provide CSI, such as the Universal Software Radio Peripheral (USRP) [36] or Wireless open-Access Research Platform (WARP) [37].

## References

1. IEEE Computer Society. IEEE Standard for Information technology - Telecommunicationsand information exchange between systems - Local and metropolitan area networks- Specific requirements. Part 15.4: Wireless Medium Access Control (MAC) and PhysicalLayer (PHY) Specifications for Low-Rate Wireless Personal Area Networks (WPANs),2006.
2. IEEE. Ieee standard for information technology–telecommunications and information exchange between systems local and metropolitan area networks–specific requirements part 11: Wireless lan medium access control (mac) and physical layer (phy) specifications. IEEE Std 802.11-2012 (Revision of IEEE Std 802.11-2007), pages 1–2793, March 2012.
3. Joshua Bardwell. You believe you understand what you think i said - the truth about 802.11 signal and noise metrics. Technical report, Connect802 Corporation, 2004.
4. Suhas Mathur, Wade Trappe, Narayan B. Mandayam, Chunxuan Ye, and Alex Reznik. Radio-telepathy: extracting a secret key from an unauthenticated wireless channel. In J. J. Garcia-Luna-Aceves, Raghupathy Sivakumar, and Peter Steenkiste, editors, Proceedings of the 14th Annual International Conference on Mobile Computing and Networking, MOBICOM 2008, San Francisco, California, USA, September 14-19, 2008, pages 128–139. ACM, 2008. formerly known as: mathur2008radio.
5. Suman Jana, Sriram Nandha Premnath, Mike Clark, Sneha Kumar Kasera, Neal Patwari, and Srikanth V. Krishnamurthy. On the effectiveness of secret key extraction from wireless signal strength in real environments. In Kang G. Shin, Yongguang Zhang, Rajive Bagrodia, and Ramesh Govindan, editors, Proceedings of the 15th Annual International Conference on Mobile Computing and Networking, MOBICOM 2009, Beijing, China, September 20-25, 2009, pages 321–332. ACM, 2009.
6. Christian T. Zenger, Markus-Julian Chur, Jan-Felix Posielek, Christof Paar, and Gerhard Wunder. A novel key generating architecture for wireless low-resource devices. In Gabriel Ghinita, Razvan Rughinis, and Ahmad-Reza Sadeghi, editors, 2014 International Workshop on Secure Internet of Things, SIoT 2014, Wroclaw, Poland, September 10, 2014, pages 26–34. IEEE, 2014.
7. Kai Zeng, Kannan Govindan, and Prasant Mohapatra. Non-cryptographic authentication and identification in wireless networks. IEEE Wireless Commun., 17(5):56–62, 2010.
8. Sriram Nandha Premnath, Suman Jana, Jessica Croft, Prarthana Lakshmane Gowda, Mike Clark, Sneha Kumar Kasera, Neal Patwari, and Srikanth V. Krishnamurthy. Secret key extraction from wireless signal strength in real environments. IEEE Trans. Mob.Comput., 12(5):917–930, 2013.
9. Rene Guillaume, Fredrik Winzer, Andreas Czylwik, Christian T. Zenger, and Christof Paar. Bringing phy-based key generation into the field: An evaluation for practical scenarios. In IEEE 82nd Vehicular Technology Conference, VTC Fall 2015, Boston, MA,USA, September 6-9, 2015, pages 1–5. IEEE, 2015.
10. T. Aono, K. Higuchi, T. Ohira, B. Komiyama, and H. Sasaoka. Wireless secret key generation exploiting reactance-domain scalar response of multipath fading channels. Antennas and Propagation, IEEE Transactions on, 53(11):3776–3784, Nov 2005.
11. Cite error: Invalid <ref> tag; no text was provided for refs named c148
12. Syed Taha Ali, Vijay Sivaraman, and Diethelm Ostry. Secret key generation rate vs. reconciliation cost using wireless channel characteristics in body area networks. In IEEE/IFIP 8th International Conference on Embedded and Ubiquitous Computing, EUC 2010, Hong Kong, China, 11-13 December 2010, pages 644–650. IEEE Computer Society, 2010.
13. Syed Taha Ali, Vijay Sivaraman, and Diethelm Ostry. Zero reconciliation secret key generation for body-worn health monitoring devices. In Marwan Krunz, Loukas Lazos, Roberto Di Pietro, and Wade Trappe, editors, Proceedings of the Fifth ACM Conference on Security and Privacy in Wireless and Mobile Networks, WISEC 2012, Tucson, AZ, USA, April 16-18, 2012, pages 39–50. ACM, 2012.
14. Hongbo Liu, Jie Yang, YanWang, and Yingying Chen. Collaborative secret key extraction leveraging received signal strength in mobile wireless networks. In Albert G. Greenberg and Kazem Sohraby, editors, Proceedings of the IEEE INFOCOM 2012, Orlando, FL, USA, March 25-30, 2012, pages 927–935. IEEE, 2012.
15. Matthias Wilhelm, Ivan Martinovic, and Jens B. Schmitt. Secure key generation in sensor networks based on frequency-selective channels. IEEE Journal on Selected Areas in Communications, 31(9):1779–1790, 2013.
16. Lu Shi, Ming Li, Shucheng Yu, and Jiawei Yuan. BANA: body area network authentication exploiting channel characteristics. IEEE Journal on Selected Areas in Communications, 31(9):1803–1816, 2013.
17. Hongbo Liu, Jie Yang, Yan Wang, Yingying Jennifer Chen, and Can Emre Koksal. Group secret key generation via received signal strength: Protocols, achievable rates, and implementation. IEEE Trans. Mob. Comput., 13(12):2820–2835, 2014.
18. Syed Taha Ali, Vijay Sivaraman, and Diethelm Ostry. Eliminating reconciliation cost in secret key generation for body-worn health monitoring devices. IEEE Trans. Mob. Comput., 13(12):2763–2776, 2014.
19. Matthias Wilhelm, Ivan Martinovic, and Jens B. Schmitt. Secret keys from entangled sensor motes: implementation and analysis. In Wetzel et al. [211], pages 139–144.
20. Chunxuan Ye, Suhas Mathur, Alex Reznik, Yogendra Shah,Wade Trappe, and Narayan B.Mandayam. Information-theoretically secret key generation for fading wireless channels.IEEE Transactions on Information Forensics and Security, 5(2):240–254, 2010.
21. Chan Chen and Michael A. Jensen. Secret key establishment using temporally and spatially correlated wireless channel coefficients. IEEE Trans. Mob. Comput., 10(2):205–215, 2011.
22. M.G. Madiseh, S.W. Neville, and M.L. McGuire. Applying Beamforming to Address Temporal Correlation in Wireless Channel Characterization-Based Secret Key Generation. IEEE J IFS, 7(4):1278–1287, 2012.
23. Michael McGuire and Alireza Movahedian. Bounds on secret key rates in fading channels under practical channel estimation schemes. In IEEE International Conference on Communications, ICC 2014, Sydney, Australia, June 10-14, 2014, pages 737–742. IEEE, 2014.
24. Zheng Yang, Zimu Zhou, and Yunhao Liu. From RSSI to CSI: indoor localization via channel response. ACM Comput. Surv., 46(2):25, 2013.
25. Yanpei Liu, Stark C. Draper, and Akbar M. Sayeed. Exploiting channel diversity in secret key generation from multipath fading randomness. IEEE Transactions on Information Forensics and Security, 7(5):1484–1497, 2012.
26. Hongbo Liu, Yang Wang, Jie Yang, and Yingying Chen. Fast and practical secret key extraction by exploiting channel response. In Proceedings of the IEEE INFOCOM 2013, Turin, Italy, April 14-19, 2013 [2], pages 3048–3056.
27. [110, 170, 174, 173, 131, 205, 206]
28. [110, 170, 174, 173]
29. [131, 205, 206]
30. [205, 206]
31. [131]
32. [215, 127, 128, 81, 82, 80, 93]
33. [131]
34. [204, 123, 218, 236, 238]
35. [78]
36. [64]
37. [207]