A Channel State Information-Based Key Generation Scheme for Internet of Things

Usman, Muhammad; Althunibat, Saud; Qaraqe, Marwa

doi:https://doi.org/10.1155/2022/7976319

Security and Communication Networks

On this page

Abstract Introduction Related Work System Model Conclusions Data Availability Conflicts of Interest Acknowledgments References Copyright Related Articles

Research Article | Open Access

Volume 2022 | Article ID 7976319 | https://doi.org/10.1155/2022/7976319

A Channel State Information-Based Key Generation Scheme for Internet of Things

Muhammad Usman,¹Saud Althunibat,²and Marwa Qaraqe¹

Academic Editor: Leandros Maglaras

Received19 Dec 2021

Revised26 Mar 2022

Accepted11 Apr 2022

Published14 May 2022

Abstract

Internet-of-Things (IoT) networks generally contain resource-constrained devices that require an energy-efficient key generation procedure to producing secure keys at a faster rate. The physical characteristics of the wireless channel can be exploited to secure communication within IoT networks. In particular, secret keys can be generated by leveraging on the randomness of the wireless physical channel between two communicating parties. The conventional mechanism of generating keys at the physical layer, i.e., using channel probing, quantization, information reconciliation, and privacy amplification, may not be preferable for IoT devices. In addition, in some cases IoT devices may be deployed in static environments, wherein the channel coherence time is too high to generate keys at a faster rate and with the desired randomness. This study proposes a mapping table-based key distribution scheme for IoT environments, wherein multiple characteristics of the random channel are combined to improve not only the key generation rate (KGR) but also the key agreement rate (KAR) and bit error rate (BER). In the proposed scheme, both the channel magnitude and the phase are exploited in the key generation process. The proposed scheme is immune to channel estimation errors while providing sufficient randomness in the static environment. Additionally, the scheme is thoroughly investigated for different scenarios including the case of a smarter eavesdropper, which attempts to estimate the channel between the legitimate nodes. This case verifies the robustness of the proposed scheme in different settings and attack models.

1. Introduction

The use of Internet-of-Things (IoT) devices has been steadily increasing and is only projected to increase. However, security is a key challenge in IoT, where securing a small sensor node communicating with the gateway node possesses a real challenge. IoT devices are sometimes deployed in critical environments, wherein any leakage of information to eavesdropper or infiltration of the network can become serious, particularly on the internet of military things (IoMT) or the internet of medical things (IoMeT). In computer networks and general wireless networks, cryptographic techniques are mainly used to provide security. One possible way is to share a secret key (common key) with both parties a priori or on a secure channel. This technique is generally known as one-key private cryptography or data encryption standard (DES) [1]. However, when a common key is not shared, a public key cryptography (PKC) can be used, which is too computationally complex and energy hungry to be run on resource-constrained IoT devices [2].

Although the aforementioned digital key-based cryptography schemes have been efficient in protecting computer networks and general wireless networks, their performance in many emerging resource-constrained scenarios, such as IoT networks, is limited. First, the timely sharing of digital keys is becoming a challenge in highly dynamic heterogeneous networks where devices are supposedly different in terms of mobility and computational capabilities. Second, the high computational cost of digital key exchange and management protocols produces large latencies in larger networks, such as massive IoT. In particular, the computational overhead becomes intolerable for IoT devices, which are generally small in size and battery powered.

To overcome these challenges, physical layer security (PLS) has gained serious investigation as it provides means to provide security through the physical layer in resource-constrained networks. In particular, PLS comes with inherited benefits of low energy consumption, low network overhead, and low computational requirements [3–5]. The characteristics of wireless channels depend on the environment layout, such as scatterer materials, their mobility, and their distributions. These characteristics make the channel between legitimate nodes unique, random, and unpredictable to eavesdroppers. Secure key distribution schemes exploiting the physical layer characteristics of the radio channel of communicating devices have been proposed in the literature. These physical layer characteristics generally include received signal strength (RSS) and channel state information (CSI). A combination of the aforementioned attributes can be adopted to enhance security levels.

However, despite the aforementioned benefits, PLS faces several challenges related to the time-varying nature of the physical channel and imperfect estimates at communication parties. Although several works in the literature propose schemes that generate keys from physical layer attributes [6–11], only a few implement methods to mitigate the effects of imperfect channel estimates [12, 13]. In addition, most of the proposed physical layer-based key generation strategies are designed for general wireless environments, which may not be directly applicable to many IoT environments.

In addition to the aforementioned channel asymmetries that significantly impact the performance of secret bit rate, the performance of most of the proposed solutions mainly depends on the current state of the wireless channel. The rate of the generated bits is usually a function of the channel attribute fluctuations, which makes such solutions unusable in flat-fading scenarios.

This work, for the first time in the literature, solves the aforementioned challenges by presenting a mapping table-based solution, where instead of directly translating the received signal attributes to bits using quantization, bit mapping tables are constructed for the magnitude and the phase of the received signal. The solution is suitable for both channel conditions, namely, fast and flat fading. To this aim, a span of magnitude and phase of the received signal is assigned a unique bit sequence. This provides some flexibility to combat channel variations and estimation errors. The aim behind this bit mapping is (i) to provide robustness against channel estimation error and (ii) to make the key distribution process faster. In addition, the proposed scheme is equally suitable for the static environments since randomness is deliberately induced at the transmitter in terms of randomly selecting a bit sequence from the mapping table. The proposed secrete generation scheme results in higher values of key generation rate (KGR) and key agreement rate (KAR) while keeping the bit error rate (BER) under a desired range.

The remainder of this study is organized as follows. Section 2 summarizes the state of the art in this field. The system model is presented in Section 3. Section 4 discusses the proposed scheme and its working details. The performance analysis in terms of simulation results is presented in Section 5. Finally, Section 6 provides some concluding remarks.

Figure 1 presents the general key generation process exploiting physical layer attributes of the wireless channel. The key is generated into four different stages using (i) channel probing, (ii) quantization, (iii) information reconciliation, and (iv) privacy amplification [14]. From the physical layer perspective, most of the work is focused on improving the channel probing [6–8] or quantization stages [9–11]. Channel probing is the key element of key generation protocols that captures the randomness of the channel by measuring the channel parameters, such as CSI or RSS. The legitimate nodes at both ends transmit probing signals with a time difference less than the coherence time of the channel such that the channel response measured at each end of the link remains ideally the same and symmetric. This property of the wireless channel is generally known as channel reciprocity. However, the actual measurements are generally nonsymmetric mainly due to asynchronous measurements and independent noise at both ends. To this end, some works in the literature focus on mitigating the noise and nonsimultaneous measurement effects using filtering [7, 8, 15] and interpolation techniques [6, 11].

The second important element of key generation protocols is the quantization stage, wherein the received signal is converted into binary values. In this regard, the signal sensed through channel probing is converted to binary values using different quantization techniques. The performance here is the number of bits generated from a single measurement. The quantization thresholds are defined in order to reduce the KDR. For instance, the work presented in [14] measures the performance of two different quantizers, absolute value-based quantizer and differential value-based quantizer, on an RSS-based channel probing key generation system. Absolute value-based quantizer works on the principle of an analog-to-digital converter, while absolute value-based quantizer compares the difference between consecutive measurements to translate the received signal into digital bits. Another work exploits multibit quantization to improve the KGR [11], while authors in [9] propose to drop all the bits that are on the same side of the quantization threshold to decrease the KDR.

A common aspect of all the related work is the channel estimation and exploitation of various channel characteristics, such as CSI (amplitude, phase, mulitpath, etc.) and RSS to generate a secret key. In this regard, most of the works in the literature focus on one of the aforementioned characteristics of the channel. For instance, a key generation protocol from multipath features of the wireless channel is presented in [16, 17]. While the RSS-based key generation protocol is presented in [14, 18–22], the works in [12, 23–27] consider the phase randomness to generate a secret key. In particular, the work in [18] proposes a key distribution scheme exploiting the magnitude of the estimated channel. Indeed, a unique demodulation scheme is selected at the receiver based on the channel magnitude. Similarly, the authors in [19] propose a RSS-based key generation scheme for the moving nodes in the context of body area networks, whereas the authors in [23] propose a phase-based adaptive modulation scheme to secure the communication between legitimate parties. In particular, based on the channel phase a unique modulation type is selected. Although the proposed scheme provides sufficient robustness against channel estimation errors, its performance is unclear in the static environments. This is a major downside of most of the works proposed in the literature [12, 18–20, 23–26]. A relevant work for the static environments is presented in [28], wherein the authors propose to induce a local randomness at the legitimate nodes. However, the proposed scheme requires a postprocessing stage, which makes their solution impractical for IoT networks. Moreover, other than the induced randomness, their scheme follows the conventional key generation steps, i.e., channel probing, quantization, reconciliation, and privacy amplification, which makes their solution less efficient for the environments characterized by fast fading.

The work presented in this study expands on the state of the art in the following ways.(i)First of all, multiple attributes of the wireless channel are considered to make the system more robust against eavesdropper.(ii)The proposed scheme is immune to imperfect channel estimations. Hence, small variations in the channel do not affect the key generation process.(iii)The self-induced randomness at the transmitter makes the proposed solution suitable for static environments.(iv)The KGR in the proposed scheme is higher due to the feature of exploiting multiple attributes of the channel, which makes our system ideal for IoT environments.(v)The robustness of the proposed scheme is verified by considering different attack models including the one when the eavesdropper can intelligently sense the channel between legitimate nodes.

3. System Model

A wireless communication system-based IoT network involving three entities, (alice), (bob), and (eve). and are considered to be the legitimate nodes, while is an illegitimate node trying to guess the key distributes to . Both and are assumed to be resource-constrained devices who cannot resort to a standard crypto-based key establishment protocol, such as Diffie-Hellman or public key encryption. Considering a Raleigh fading channel between and , the received signal at , , can be modeled by the following expression:where is the input signal, is transmitted electrical power at , is the path loss between and , is the additive white Gaussian noise (AWGN) at with 0 mean and variance , and is the channel fading coefficient between and . Similarly, the received signal at , , can be modeled by the following expression:where is the path loss between and , is the AWGN at , and is the channel fading coefficient between and . Both and are complex Gaussian random variables in the form of whose magnitude can be calculated by , and the phase ( ) is given by the following arg function

The probability density function (PDF) of the Rayleigh fading channel denoted by is given as

The average path loss between - and - in dB is given by and , respectively, where is the reference distance, is the path loss at the reference distance , and are the distances between - and -, respectively, and is the path loss factor, which depends on several environmental factors such as indoor, outdoor, and obstructing entities [29]. The distribution of and is represented in Figure 2.

4. Proposed CSI-Based Key Generation Scheme

In order to generate a secret key from the RSS and the phase of the received signal at , generates two tables, namely, (i) RSS-lookup table and (ii) -lookup table. RSS-lookup table contains an expected range of signal strength received at , while -lookup table represents a range of expected at . It is worth mentioning that RSS represents the magnitude of the received signal.

4.1. RSS-Lookup Table Generation

Let there be number of entries in the RSS-lookup table denoted by . Depending on the initial value of RSS , the rest of the entries in the RSS-lookup table can be generated by the following relationwhere is the RSS interval length, which is the difference between any two consecutive entries in the RSS-lookup table, and is the initial value of RSS lookup table. The value of decides the number of entries in the lookup table. Here, a binary sequence is assigned to each entry of the table in a way that the span between any two consecutive entries is assigned a single sequence with two extra assignments, one if RSS and the second if RSS . An example of the RSS-lookup table is shown in Figure 3, where the function represents the Gray code representation of the integer .

4.2. -Lookup Table Generation

Let represent the maximum number of entries in the -lookup table denoted by . The -lookup table can be generated by the following relationwhere represents the interval length, i.e., the difference between any two consecutive entries in the -lookup table, and is the initial value of the -lookup table. Similar to the RSS table, the -lookup table can be generated by assigning a unique binary sequence to the range between two consecutive entries. An example of the -lookup table is shown in Figure 4. The difference between the RSS and -lookup tables lies in the fact that RSS can take values between and , while varies from 0 to 360 degrees. Hence without loss of generality, is considered in this case.

To generate the key, is assumed to have knowledge of the same lookup table at their end. In this regard, having values of , , , and , can generate the same lookup tables (RSS and ) using equations (5) and (6). It is important to note that the value of is universal (i.e., ) and does not need to be shared. Similarly, can be calculated by the known value of using , where . It is assumed that can also generate the same tables while listening to the communication between and over the nonsecure wireless channel.

The randomly selects a sequence from both lookup tables and marks the corresponding RSS and range that would be desired at . Now, to make sure that the received signal at , has the same RSS and , has to estimate the channel between and , . This channel estimation is necessary at in order to calculate the magnitude and the phase of the channel, which is then used to compute the desired transmit power and phase to allow generate the same sequence as . In particular, the channel estimation at can be given bywhere is the estimated channel at , and is a complex Gaussian random variable with 0 mean and variance , representing the channel estimation error at .

The transmitted signal power is generated in terms of magnitude, , and the phase as follows:where is the desired RSS at , and is the estimated channel at . It is important to note that is chosen in such a way that it exactly represents the middle value of the RSS range. For instance, in Figure 3, if a desired sequence of is selected, the corresponding is computed as . Similarly, the desired transmitted phase can be computed aswhere is desired phase at , which in principle should be same as once receives the signal, and is the phase of the estimated channel . Similar to RSS-table, the value of is chosen in a way that it represents the mean of the -table entry. For instance, in Figure 4, if a desired sequence of is selected, the corresponding is computed as . The details of the proposed scheme are presented in Figure 5. Three different key generation scenarios are considered in this work. The first scenario investigates key generation using only RSS only, the second scenario investigates generating a secret key using only the of the channel, and the last scenario generates a secret key by leveraging on both RSS and .

For the RSS-only scenario, the key sequences at and can be represented by the following expressions (using Figure 3):where is the selected binary sequence (key) at , is the generated binary sequences at , is a random variable following the discrete uniform distribution over the set , and the function is the Gray code representation of the integer . It is important to note that is randomly selected at , while is generated from the RSS-lookup table (Figure 3) at using the magnitude of the received signal, i.e., .

Similarly, for the -only scenario, the selected and generated sequences are represented by the following expressions:where function is the Gray code representation of integer , and is the phase of the received signal at .

Similarly, for the combined scenario (RSS and ), the selected and generated sequences are presented bywhere is a concatenation operator to combine the bits from RSS and . The size of the sequences and for all the aforementioned scenarios is very small as compared to the key sizes used in actual communication. For instance, for the -only scenario, an interval length of produces 32 entries in the -lookup tables , which can be covered by a sequence length of 5 bits only. Similarly, an equivalent size of RSS-lookup table produces bits as well. Combining both RSS and scenarios produces a key length of bits only. Thus, to extend the key length, the key transmission process is repeated multiple times and the generated sequences are concatenated to form the final secret key. For instance, repeating the simulations 13 times can produce a key length of bits. The details of the proposed protocol are presented in Algorithm 1.

(1)	let be estimated channel between and .
(2)	let is the transmitted signal with power, , and phase, .
(3)	let is the received signal with power, , and phase, .
(4)	for each transmission do
(5)	selects a sequence from RSS and lookup tables.
(6)	estimates the channel .
(7)	Using (8) and (9), calculates and of and transmits the signal.
(8)	extracts the phase, , and magnitude, , of the received signal, .
(9)	selects the sequences from RSS and lookup tables based on and .
(10)	end

5. Performance Analysis

In this section, the performance of the proposed scheme in Figure 2 is analyzed through simulation and discussed in detail. In particular, the performance of the proposed scheme is investigated in terms of KGR, BER, and KAR for different simulation scenarios and environments. The simulations were performed in MATLAB, where each experiment was run for 100 K times to achieve reliable results. The section is divided into three subsections, where subsection A considers the case of perfect channel estimation, subsection B analyzes the case of imperfect channel estimation at , and subsection C investigates the performance of the proposed scheme against a smart , which attempts to estimate the channel between and . Finally, a detailed assessment of RSS-only, -only, and the combined scheme is presented for all the scenarios.

Before discussing the performance of the proposed scheme in the abovementioned scenarios, it seems logical to investigate the BER at while moving between and . To this aim, Figure 6 represents the BER performance of at different distances from and when considering the scenario of RSS only. The distance between and is kept as 50 m, and moves between them. It can be noted from the figure that experiences the worst performance while they are very close to ( = 1 m, = 49 m). The BER performance of improves as they move closer to and becomes the best when they are very near to ( = 49 m, = 1 m). This is due to the reason that while is very close to the channel state information (CSI) of - channel and - channel becomes closer to each other. For the remainder of the results and simulations, is considered to be in the immediate proximity of , which is the best-case scenario for . The simulation results verify the robustness of the proposed algorithm against the at their best location.

Figure 7 illustrates the KGR for the three considered scenarios of RSS-only, -only, and combined scenarios. It can be observed that smaller interval lengths in all cases produce a larger number of bits in a single transmission. For instance, for RSS-only scenario (Figure 7(a)), an interval length of 1 dBm, produces seven bits in a single transmission. While for the same scenario, an interval length of 8 dBm produces only four bits. Similarly, for the -only scenario (Figure 7(b)), an interval length of 1.40625 produces eight bits in a single transmission, while an interval length of 22.5 produces four bits only. Collectively, the combined scenario (Figure 7(c)) produces double bits in a single transmission as compared to their corresponding intervals in RSS-only and -only scenarios. In particular, in the combined scenario, the interval lengths of 1 dBm and 2.81 25 produce fourteen bits in a single transmission, providing a KGR double of that to the RSS-only and -only scenarios.

(a)

(b)

(c)

5.1. Perfect Channel Estimation

In what follows, the BER performance at and under perfect channel estimation is presented. In the perfect channel estimation case, estimates the - channel without any errors, i.e., = 0 in equation (7); thus, the source of error in the perfect channel estimation case is the noise present at . Figure 8 depicts the BER performance at and for all the considered scenarios, i.e., RSS-only, -only, and combined. Particularly, Figure 8(a) illustrates the effect of different RSS interval lengths on the BER at and . It is observed from the figure that BER at both and decrease as increases. For instance, the BER at for = 1 dBm becomes at SNR value of 38 dB, while the same BER is achieved at a lower SNR of 27 dB once an interval length of 8 dBm is considered. This gives around 92% improvement in terms of the required SNR at to achieve the same BER. However, increasing does not bring the BER at to an acceptable point. For instance, ’s best BER is around 0.06 for = 8 dBm at an SNR value of 48 dB. With this performance, it becomes practically impossible for to get the same key as . Hence, the RSS-only scenario provides sufficient resilience against the for the perfect channel estimation case.

(a)

(b)

(c)

(d)

Figure 8(b) presents the BER at and for -only scenario. Similar to the RSS-only scenario, the BER in -only scenario is inversely proportional to . The BER at and improves with the interval length . Having said that, in the -only scenario a BER of is achieved at an SNR value of 33 dB when , which is possible only at an SNR of 48 dBm when becomes . However, for -only scenario, experiences the worst performance. Although the ’s performance improves with increasing (see zoomed in-plot of Figure 8(b)), the best BER value is 0.49 for , which is nowhere near to an acceptable performance. To this end, almost half the data received by are inaccurate. Hence, -only scenario provides a significant resilience against .

Figure 8(c) demonstrates the BER results at and for the combined scenario. The figure is a three-dimensional (3D) plot where one axis represents the RSS interval in dBm and the second represents interval in degrees, and the z-axis represents the BER. All combinations of and are considered, wherein the best performance is achieved for larger interval lengths. Figure 8(c) is plotted for an SNR value of 32 dBm. It is observed that BER reaches to for the intervals’ combinations of = 4 dBm and , = 8 dBm and , and = 8 dBm and . The BER at will further improve the graph plotted for higher values of SNR. However, the best BER performance at is 0.25, which is nowhere near to the performance of for any interval combination.

Figure 8(d) presents the comparison between all of the aforementioned scenarios, i.e., RSS-only, -only, and combined scenarios. In order to have a fair comparison, the selection of interval lengths in all scenarios is based on the number of bits they generate in a single transmission. For instance, = 1 dBm, , and = 8 dBm, are chosen for RSS-only, -only, and combined scenarios, respectively. All these values produce seven bits in a single transmission (refer Figure 7) and a key length of 140 bits for 20 repetitive transmissions. It can be noted from the figure that the combined scenario performs better than others (RSS only and only) for BER at . However, comparing RSS-only and -only scenarios, RSS-only scenario performs better than -only scenario for BER at while providing the lowest BER at . Having said that, the combined scenario is the best for BER at and is slightly better than RSS-only scenario at . Although the -only scenario is the best to keep BER at the worst, the combined scenario is also sufficient to keep well away from BER at for any value of the required SNR. Comparing the RSS-only and combined scenarios, at an SNR value of 32 dB combined scenario performs 5% better than RSS-only scenario at ( performs worse for the combined scenario) while improving the BER at by 99.95%. This is due to the reason that for the combined scenario interval lengths of and are bigger than RSS-only and -only scenarios, giving a privilege to accommodate more errors (source is only noise here). Although the same is true for the as well, but has two sources of errors, that is, one is the channel, and the second is the noise at . Due to this reason, the BER at for the combined scenario is lower than -only scenario and a bit higher than RSS-only scenario. This makes the combined scenario a perfect choice both from the perspective of and .

Figure 9 demonstrates the KAR between - and -. It can be noted from the figure that larger values of and generate better KAR at . For instance, for RSS-only scenario (Figure 9(a)), a KAR of 1 is achieved at an SNR value of 42 dBm when = = 1 dBm, while the same rate of 1 can be achieved at an SNR of 32 dBm when = 8 dBm. This means that = 8 dBm is 2.16 times more power efficient than = 1 dB. It is important to note that the combined scenario produces the best results for KAR at (see Figure 9(c)) as compared to separate scenarios. The results in Figure 9 are promising in a sense that the KAR at for all the considered scenarios remains very poor even for high SNR values.

(a)

(b)

(c)

5.2. Imperfect Channel Estimation

A more realistic case is now assumed when ’s estimation of the - channel is not perfect. The imperfection in the channel estimation is modeled by in equation (7) of Section 3, where is a complex Gaussian random variable with 0 mean and variance . In particular, two different values of are considered, (i) 25 and (ii) 50 , where is considered as 5 . The performance of imperfect channel estimation for the scenarios of RSS only, only, and combined is investigated.

Figure 10 compares the BER performance at for different values of , when does not perfectly estimate the channel. In particular, Figure 10(a) illustrates the case of = 1 dBm. It can be noted from the figure that the more imperfectly estimates the channel , and the worse performance experiences in terms of BER. In particular, produces the worst result. For instance, at an SNR of 38 dBm experiences 10 times more BER when channel estimation error is . This is due to the reason that the interval length = 1 dBm has to accommodate two kinds of errors, that is, one is the noise at , and the second is channel estimation error .

(a)

(b)

Similarly, Figure 10(b) demonstrates the BER performance at for = 8 dBm. It is observed from the figure that BER at increases with channel estimation error. However, this increase is almost negligible due to higher value of , which gives an ability to accommodate more errors in the channel estimation. For instance, at an SNR value of 24 dBm only 1.24% BER degradation is observed for compared with the perfect channel estimation. This justifies the claim of our algorithm’s superiority over the state of the art.

Figure 11 illustrates the effect of channel estimation error at for different values of . It can be observed from the figures that while starts increasing, BER at improves irrespective of value of . Similar to RSS-only scenario, larger intervals in -only scenario provide more resilience against channel estimation error while keeping the BER at in a controlled range. For instance compared with the perfect channel estimation, at an SNR value of 32 dBm, experiences only 66% BER degradation when . This BER degradation is around 177.2% when for the same value of SNR.

(a)

(b)

(c)

Figure 12 highlights the effect of channel estimation error on the combined scenario. All combinations of and are considered in Figure 12(a), plotting on one axis, second axis, and BER on the third axis for an SNR of 32 dBm. It is observed from Figure 12(a) that higher interval lengths have the ability to accommodate more channel estimation error. For instance in case of , the BER at was still as low as for two different combinations of and ( = 4 dBm, , = 8 dBm, and ).

(a)

(b)

Figure 12(b) illustrates the comparison between RSS-only, -only, and combined scenarios in terms of their resiliency against channel estimation errors. Again, similar to perfect channel estimation case, for a fair comparison same key length (140 bits) is considered for all three scenarios. It can be observed from the figure that combined scenario performs better than individual scenarios (RSS only and only).

5.3. Smart Eavesdropper ()

This subsection highlights the performance when considering a more intelligent or smarter of by allowing the ability to estimate the channel between and . In this scenario, the channel estimation at can be represented bywhere is a complex Gaussian random variable representing the channel estimation error at . Two different values of are considered for simulations, (i) = 0.1 and (ii) = 0.01. The BER performance at a smarter for RSS-only, -only, and combined scenarios is investigated.

In particular, Figure 13 represents the BER at against different values of for an RSS-only scenario. It is evident from Figure 13(a) that = 1 dBm keeps the BER at under the control range (away from ) even if she tries to estimate - channel with lesser error ( = 0.01). This is due to the reason that a smaller interval length does not accommodate more errors and hence keeps the BER of apart from . On the other hand, in the case of larger intervals ( = 8 dBm), starts getting better results when = 0.01, but the improvement is not comparable to . For instance, for = 8 dBm and SNR = 32 dBm, the BER at the smarter is 20 times more than what is at even though the = 0.01. In addition, = 0.01 is itself a very small value, which makes the - channel comparable with - channel. In order to realize such a small value of , has to be very smart and somehow sit over , which is not practically possible. A very small interval value is chosen for the sole purpose of evaluating the robustness of the proposed approach against .

(a)

(b)

Figure 14 illustrates the BER at for -only scenario. Similar to RSS-only scenario, here as well both the smaller and larger intervals provide resilience against smarter . Although smaller intervals are more resilient as compared to larger intervals, the larger intervals still keep BER at smarter well apart from what has at the same SNR value. For instance, for and SNR = 32 dBm, a smart (with = 0.01) experiences 40 times higher BER than .

(a)

(b)

(c)

Figure 15(a) represents the BER at and for different combinations of and . The figure is plotted at an SNR of 32 dBm. It can be observed from the figure that ’s BER never becomes comparable with the BER at even when is assumed as a smarter node ( = 0.01), and does not perfectly estimate the - channel ( = 50 ). In the case of smarter ( = 0.01), the lowest BER is 0.008 when = 8 dbm and , while for the same combination of interval length experiences a BER of 2.07 . Hence, BER is 375 times lower than BER of even when is a smarter device.

(a)

(b)

Figure 15(b) compares the BER at and for all the three scenarios. It can be noted from the figure that -only scenario performs better in order to keep BER at well above the BER at even though the becomes a smarter node. The lowest BER at is observed for the combined scenario. However, for this scenario the BER at is also very low as compared to the other two scenarios. Keeping in view the ability of combined scenario to provide resilience against channel estimation error and noise, and given a low value of (0.01) in the case of smarter , the choice of combing RSS and seems logical.

Lastly, a comparison between BER at and the length of generated secret against the no. of transmissions is presented in Figure 16. It can be observed from the figure that for each scenario (RSS only ( = 1 dBm), only , and combined), the BER remains unaffected by the number of transmissions. However, the RSS-only scenario gives the lowest BER, followed by the combined and then the -only scenario with the highest BER. At the same time, the RSS-only scenario gives the lowest KGR, followed by the -only and then the combined scenarios, which produce a key of the length of as mush bits as produced by RSS-only and -only scenarios together. For instance, 20 transmissions generate 140 bits for the RSS-only scenario, 160 bits for the -only scenario, and 300 bits for the combined scenario.

In short, given the ability of the combined scenario of producing more bits in a single transmission and at the same time giving promising results in terms of BER at , it seems logical to exploit both RSS and of the channel. Furthermore, in order to control the BER at , the values of and should be chosen in a way that it accommodates more errors stemming from imperfect channel estimation and the receiver’s noise , while keeping the BER at under control range even if tries to estimate the channel between and .

5.4. NIST Test Suite Evaluations

Finally, the generated keys are evaluated using the widely used randomness statistical test suite designed by the National Institute of Standards and Technology (NIST) [30]. The randomness evaluation results of all 100 K generated sequences, with a key length of 140 bits, are presented in Table 1. It is evident from the table that the secret keys, , generated through the proposed scheme passed all the tests. Hence, the keys are hard to forge as P-values returned from all tests are well greater than the significance level of 0.01.

6. Conclusions

This study presents an efficient key distribution scheme that is ideal for resource-constrained networks, such as IoT networks, where conventional security methods are not applicable. Instead of implementing the conventional method of generating keys using channel probing, quantization, information reconciliation, and privacy amplification, this work proposes a mapping table-based secret key generation scheme wherein a span of channel characteristics produces a shared secret key between legitimate users. This span-based approach provides the proposed scheme with enough robustness against channel estimation errors. In addition, apart from channel randomness, the induced randomness at in selecting a key from the table makes the proposed scheme ideal for static environments where channel randomness is not significant. Furthermore, the proposed scheme combines channel phase and magnitude to generate faster keys and improve KAR and reduce BER performances. The protection against a smarter with capabilities of estimating the channel between and further verifies the superiority of the proposed approach against many state-of-the-art schemes.

Data Availability

The performance evaluation of the proposed scheme can be obtained by simulation via MATLAB. There are no data that can be shared. However, readers can replicate the simulation in MATLAB by following the paper details.

Conflicts of Interest

The authors declare that they have no conflicts of interest.

Acknowledgments

This research was sponsored in part by the NATO Science for Peace and Security Programme under grant SPS G5797.

References

Federal Information Processing Standards, Standard data encryption, National Bureau of Standards, US Department of Commerce, Mary land, USA, vol. 23, 1977.
R. L. Rivest, A. Shamir, and L. Adleman, “A method for obtaining digital signatures and public-key cryptosystems,” Communications of the ACM, vol. 21, no. 2, pp. 120–126, 1978.
View at: Publisher Site | Google Scholar
P. Baracca, N. Laurenti, and S. Tomasin, “Physical layer authentication over MIMO fading wiretap channels,” IEEE Transactions on Wireless Communications, vol. 11, no. 7, pp. 2564–2573, 2012.
View at: Publisher Site | Google Scholar
K. Zeng, K. Govindan, and P. Mohapatra, “Non-cryptographic authentication and identification in wireless networks [security and privacy in emerging wireless networks,” IEEE Wireless Communications, vol. 17, no. 5, pp. 56–62, 2010.
View at: Publisher Site | Google Scholar
A. Ferrante, N. Laurenti, C. Masiero, M. Pavon, and S. Tomasin, “On the error region for channel estimation-based physical layer authentication over Rayleigh fading,” IEEE Transactions on Information Forensics and Security, vol. 10, no. 5, pp. 941–952, 2015.
View at: Publisher Site | Google Scholar
H. Liu, J. Yang, Y. Wang, and Y. Chen, “Collaborative secret key extraction leveraging received signal strength in mobile wireless networks,” in Proceedings of the 2012 Proceedings - IEEE INFOCOM, pp. 927–935, Orlando, FL, March, 2012.
View at: Publisher Site | Google Scholar
S. T. Ali, V. Sivaraman, and D. Ostry, “Eliminating reconciliation cost in secret key generation for body-worn health monitoring devices,” IEEE Transactions on Mobile Computing, vol. 13, no. 12, pp. 2763–2776, 2014.
View at: Publisher Site | Google Scholar
H. Liu, Y. Wang, J. Yang, and Y. Chen, “Fast and practical secret key extraction by exploiting channel response,” in Proceedings of the IEEE INFOCOM, pp. 3048–3056, Turin, Italy, April, 2013.
View at: Publisher Site | Google Scholar
S. Mathur, W. Trappe, N. Mandayam, C. Ye, and A. Reznik, “Radio-telepathy: extracting a secret key from an unauthenticated wireless channel,” in Proceedings of the 14th ACM International Conference on Mobile Computing and Networking, pp. 128–139, Association for Computing Machinery, New York, NY, USA, September, 2008.
View at: Publisher Site | Google Scholar
S. Jana, S. N. Premnath, M. Clark, S. K. Kasera, N. Patwari, and S. V. Krishnamurthy, “On the effectiveness of secret key extraction from wireless signal strength in real environments,” in Proceedings of the 15th Annual International Conference on Mobile Computing and Networking, pp. 321–332, Association for Computing Machinery, New York, NY, USA, September, 2009.
View at: Publisher Site | Google Scholar
N. Patwari, J. Croft, S. Jana, and S. K. Kasera, “High-rate uncorrelated bit extraction for shared secret key generation from channel measurements,” IEEE Transactions on Mobile Computing, vol. 9, no. 1, pp. 17–30, 2010.
View at: Publisher Site | Google Scholar
S. Althunibat, V. Sucasas, and J. Rodriguez, “A physical-layer security scheme by phase-based adaptive modulation,” IEEE Transactions on Vehicular Technology, vol. 66, no. 11, pp. 9931–9942, 2017.
View at: Publisher Site | Google Scholar
H. Fang, X. Wang, and L. Hanzo, “Learning-aided physical layer authentication as an intelligent process,” IEEE Transactions on Communications, vol. 67, no. 3, pp. 2260–2273, 2019.
View at: Publisher Site | Google Scholar
J. Zhang, S. Rajendran, Z. Sun, R. Woods, and L. Hanzo, “Physical layer security for the Internet of things: authentication and key generation,” IEEE Wireless Communications, vol. 26, no. 5, pp. 92–98, 2019.
View at: Publisher Site | Google Scholar
X. Zhu, F. Xu, E. Novak, C. C. Tan, Q. Li, and G. Chen, “Extracting secret key from wireless link dynamics in vehicular environments,” 2013 Proceedings IEEE INFOCOM, pp. 2283–2291, 2013.
View at: Publisher Site | Google Scholar
A. Sayeed and A. Perrig, “Secure wireless communications: secret keys through multipath,” in Proceedings of the 2008 IEEE International Conference on Acoustics, Speech and Signal Processing, pp. 3013–3016, Las Vegas, NV, USA, March, 2008.
View at: Publisher Site | Google Scholar
Y. E. H. Shehadeh and D. Hogrefe, “An optimal guard-intervals based mechanism for key generation from multipath wireless channels,” in Proceedings of the 2011 4th IFIP International Conference on New Technologies, pp. 1–5, Mobility and Security, Paris, France, February, 2011.
View at: Publisher Site | Google Scholar
M. Alhasanat, S. Althunibat, K. A. Darabkh, A. Alhasanat, and M. Alsafasfeh, “A physical-layer key distribution mechanism for IoT networks,” Mobile Networks and Applications, vol. 25, no. 1, pp. 173–178, 2020.
View at: Publisher Site | Google Scholar
T. Castel, P. Van Torre, and H. Rogier, “RSS-based secret key generation for indoor and outdoor WBANs using on-body sensor nodes,” in Proceedings of the 2016 International Conference on Military Communications and Information Systems (ICMCIS), pp. 1–5, Brussels, Belgium, May, 2016.
View at: Publisher Site | Google Scholar
M. F. Awan, K. Kansanen, S. Perez-Simbor, C. Garcia-Pardo, S. Castelló-Palacios, and N. Cardona, “RSS-based secret key generation in wireless in-body networks,” in Proceedings of the 2019 13th International Symposium on Medical Information and Communication Technology (ISMICT), pp. 1–6, Oslo, Norway, May, 2019.
View at: Publisher Site | Google Scholar
Z. Li, Q. Pei, I. Markwood, Y. Liu, and H. Zhu, “Secret key establishment via RSS trajectory matching between wearable devices,” IEEE Transactions on Information Forensics and Security, vol. 13, no. 3, pp. 802–817, 2018.
View at: Publisher Site | Google Scholar
V. Sumathi, G. Nageswara Rao, M. Parimala Devi, and R. Malladi, “A novel RSS based light weight digital certificate and key generation scheme for coherent communication of IoT devices,” 2021, https://www.sciencedirect.com/science/article/pii/S2214785320396127.
View at: Publisher Site | Google Scholar
H. Koorapaty, A. A. Hassan, and S. Chennakeshu, “Secure information transmission for mobile radio,” IEEE Communications Letters, vol. 4, no. 2, pp. 52–55, 2000.
View at: Publisher Site | Google Scholar
Q. Wang, K. Xu, and K. Ren, “Cooperative secret key generation from phase estimation in narrowband fading channels,” IEEE Journal on Selected Areas in Communications, vol. 30, no. 9, pp. 1666–1674, 2012.
View at: Publisher Site | Google Scholar
S. Mathur, R. Miller, A. Varshavsky, W. Trappe, and N. Mandayam, “ProxiMate: proximity-based secure pairing using ambient wireless signals,” in Proceedings of the 9th International Conference on Mobile Systems, Applications, and Services, pp. 211–224, Association for Computing Machinery, New York, NY, USA, June, 2011.
View at: Publisher Site | Google Scholar
Q. Wang, H. Su, K. Ren, and K. Kim, “Fast and scalable secret key generation exploiting channel phase randomness in wireless networks,” in Proceedings of the 2011 Proceedings IEEE INFOCOM, pp. 1422–1430, Shanghai, China, April, 2011.
View at: Publisher Site | Google Scholar
Y. Peng, P. Wang, W. Xiang, and Y. Li, “Secret key generation based on estimated channel state information for TDD-OFDM systems over fading channels,” IEEE Transactions on Wireless Communications, vol. 16, no. 8, pp. 5176–5186, 2017.
View at: Publisher Site | Google Scholar
N. Aldaghri and H. Mahdavifar, “Physical layer secret key generation in static environments,” IEEE Transactions on Information Forensics and Security, vol. 15, pp. 2692–2705, 2020.
View at: Publisher Site | Google Scholar
T. Rappaport, Wireless Communications: Principles and Practice, Prentice Hall PTR, Haboken, NJ, USA, 2001.
A. Rukhin, J. Soto, J. Nechvatal, M. Smid, and E. Barker, “A statistical test suite for random and pseudorandom number generators for cryptographic applications,” Booz-allen and Hamilton inc mclean va, 2001.
View at: Google Scholar

Copyright

Copyright © 2022 Muhammad Usman et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Security and Communication Networks

A Channel State Information-Based Key Generation Scheme for Internet of Things

Abstract

1. Introduction

2. Related Work

3. System Model

4. Proposed CSI-Based Key Generation Scheme

4.1. RSS-Lookup Table Generation

4.2. -Lookup Table Generation

5. Performance Analysis

5.1. Perfect Channel Estimation

5.2. Imperfect Channel Estimation

5.3. Smart Eavesdropper ()

5.4. NIST Test Suite Evaluations

6. Conclusions

Data Availability

Conflicts of Interest

Acknowledgments

References

Copyright