ABSTRACT
Securing communications requires the establishment of cryptographic keys, which is challenging in mobile scenarios where a key management infrastructure is not always present. In this paper, we present a protocol that allows two users to establish a common cryptographic key by exploiting special properties of the wireless channel: the underlying channel response between any two parties is unique and decorrelates rapidly in space. The established key can then be used to support security services (such as encryption) between two users. Our algorithm uses level-crossings and quantization to extract bits from correlated stochastic processes. The resulting protocol resists cryptanalysis by an eavesdropping adversary and a spoofing attack by an active adversary without requiring an authenticated channel, as is typically assumed in prior information-theoretic key establishment schemes. We evaluate our algorithm through theoretical and numerical studies, and provide validation through two complementary experimental studies. First, we use an 802.11 development platform with customized logic that extracts raw channel impulse response data from the preamble of a format-compliant 802.11a packet. We show that it is possible to practically achieve key establishment rates of ~ 1 bit/sec in a real, indoor wireless environment. To illustrate the generality of our method, we show that our approach is equally applicable to per-packet coarse signal strength measurements using off-the-shelf 802.11 hardware.
- Method and system for deriving an excryption key using joint randomness not shared by others. InterDigital Communications Corporation, US Patent Application ITC-2-1135.01.WO, 2006.Google Scholar
- U. Maurer, "Secret key agreement by public discussion from common information," IEEE Transactions on Information Theory, vol. 39, no. 4, pp. 733--742, 1993.Google ScholarDigital Library
- R. Ahlswede and I. Csiszar, "Common randomness in information theory and cryptography -- Part I: Secret sharing," IEEE Transactions on Information Theory, vol. 39, no. 4, pp. 1121--1132, 1993.Google ScholarDigital Library
- J. Cardinal and G. V. Assche, "Construction of a shared secret key using continuous variables," Info. Theory Workshop, 2003.Google Scholar
- G. Brassard and L. Salvail, "Secret key reconciliation by public discussion," Advances in Crytology Proc. - Eurocrypt '93, Lecture Notes in Computer Science, vol. 765, pp. 410--423, 1994. Google ScholarDigital Library
- C. Ye, A. Reznik, and Y. Shah, "Extracting secrecy from jointly Gaussian random variables," in Proceedings of IEEE Int. Symp on Info. Theory, Jul 2006, pp. 2593 -- 2597.Google Scholar
- C. Cachin and U. M. Maurer, "Linking information reconciliation and privacy amplification," Journal of Cryptology: the journal of the International Association for Cryptologic Research, vol. 10, no. 2, pp. 97--110, Spring 1997.Google ScholarDigital Library
- T. M. Cover and J. A. Thomas, Elements of Information Theory. John Wiley, 1991. Google ScholarDigital Library
- C. H. Bennett, G. Brassard, and J.-M. Robert, "Privacy amplification by public discussion," SIAM J. Comput., vol. 17, no. 2, pp. 210--229, 1988. Google ScholarDigital Library
- W. T. Buttler, S. K. Lamoreaux, J. R. Torgerson, G. H. Nickel, C. H. Donahue, and C. G. Peterson, "Fast, efficient error reconciliation for quantum cryptography," Phys. Rev. A, vol. 67, p. 052303, 2003.Google ScholarCross Ref
- G. V. Assche, Quantum Cryptography and Secret Key Distillation. Cambridge University Press, 2006. Google ScholarDigital Library
- U. Maurer and S. Wolf, "Secret key agreement over a non-authenticated channel -Part II: The simulatability condition," IEEE Transactions on Information Theory, vol. 49, no. 4, pp. 832--838, Apr. 2003. Google ScholarDigital Library
- Z. Li, W. Xu, R. Miller, and W. Trappe, "Securing wireless systems via lower layer enforcements," in WiSe '06: Proceedings of the 5th ACM workshop on Wireless security, 2006, pp. 33--42. Google ScholarDigital Library
- N. Patwari and S. K. Kasera, "Robust location distinction using temporal link signatures," in MobiCom '07: Proceedings of the 13th annual ACM international conference on Mobile computing and networking, 2007, pp. 111--122. Google ScholarDigital Library
- L. Xiao, L. Greenstein, N. Mandayam, and W. Trappe, "Fingerprints in the ether: Using the ysical layer for wireless authentication," in Proceedings of the IEEE Int. Conf. on Comm., pp. 4646 -- 4651.Google Scholar
- B. Azimi-Sadjadi, A. Kiayias, A. Mercado, and B. Yener, "Robust key generation from signal envelopes in wireless networks," in CCS '07: Proceedings of the 14th ACM conference on Computer and communications security, 2007, pp. 401--410. Google ScholarDigital Library
- R. Wilson, D. Tse, and R. Scholtz, "Channel identification: Secret sharing using reciprocity in UWB channels," IEEE Transactions on Information Forensics and Security, vol. 2, no. 3, pp. 364--375, 2007. Google ScholarDigital Library
- T. Aono, K. Higuchi, T. Ohira, B. Komiyama, and H. Sasaoka, "Wireless secret key generation exploiting reactance-domain scalar response of multipath fading channels," IEEE Transactions on Antennas and Propagation, vol. 53, no. 11, pp. 3776--3784, Nov 2005.Google ScholarCross Ref
- A. Hassan, W. Stark, J. Hershey, and S. Chennakeshu, "Cryptographic key agreement for mobile radio," Digital Signal Processing, vol. 6, pp. 207--212, 1996.Google ScholarCross Ref
- H. Koorapaty, A. Hassan, and S. Chennakeshu, "Secure information transmission for mobile radio," IEEE Communication Letters, vol. 4, no. 2, Feb 2000.Google ScholarCross Ref
- T. S. Rappaport, Wireless Communications: Principles and Practice. Prentice Hall PTR., 2001. Google ScholarDigital Library
- J. K. Tugnait, L. Tong, and Z. Ding, "Single-user channel estimation and equalization," IEEE Signal Processing Magazine, vol. 17, pp. 16--28, 2000.Google ScholarCross Ref
- W. C. J. Jr., Microwave Mobile Communiations. Wiley, 1974.Google Scholar
- T. Moore, "IEEE 802.11-01/610r02: 802.1x and 802.11 key interactions," Microsoft Research, 2001.Google Scholar
- S. Fortune, D. M. Gay, B. Kernighan, O. Landron, R. A. Valenzuela, and M. Wright, "Wise design of indoor wireless systems: practical computation andoptimization," Computational Science and Engineering, IEEE, vol. 2, no. 1, pp. 58--68, April 1995. Google ScholarDigital Library
- A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone, Handbook of Applied Cryptography. CRC Press, 1996. Google ScholarDigital Library
- U. M. Maurer, "A universal statistical test for random bit generators," Journal of Cryptology, vol. 5, pp. 89--105, 1992. Google ScholarDigital Library
- NIST, "A statistical test suite for the validation of random number generators and pseudo random number generators for cryptographic applications," 2001.Google Scholar
- "IEEE standard 802.11a: Part 11 wireless LAN medium access control (MAC) and ysical layer (PHY) specifications: High-speed ysical layer in the 5 GHz band."Google Scholar
- Q. Wang, S. R. Kulkarni, and S. Verdu, "A nearest-neighbor approach to estimating divergence between continuous random vectors," in Int. Symp. on Inform. Theory, 2006, pp. 242--246.Google Scholar
Index Terms
- Radio-telepathy: extracting a secret key from an unauthenticated wireless channel
Recommendations
Anonymous and provably secure certificateless multireceiver encryption without bilinear pairing
Recently, numerous multireceiver identity-based encryption or identity-based broadcast encryption schemes have been introduced with bilinear pairing and probabilistic map-to-point MTP function. As the bilinear pairing and MTP functions are expensive ...
New bounds on RAKE structures for DS-CDMA over frequency-selective Rayleigh fading channels
SSAP '96: Proceedings of the 8th IEEE Signal Processing Workshop on Statistical Signal and Array Processing (SSAP '96)An upper bound is derived for the probability of error in an asynchronous binary direct-sequence spread-spectrum multiple-access communications system operating over frequency selective Rayleigh fading channels. A coherent RAKE receiver with ...
Security Pitfalls of the Certificateless Signature and Multi-Receiver Signcryption Schemes
Recently, Xiong et al. and Selvi et al. proposed a certificateless signature scheme secure in the standard model and a certificateless multi-receiver signcryption scheme secure in the random oracle model, respectively. In this paper, we show that they ...
Comments