DOI QR코드

DOI QR Code

Robust Key Agreement From Received Signal Strength in Stationary Wireless Networks

  • Zhang, Aiqing (The Key Lab of Broadband Wireless Communication and Sensor Network Technology, NJUPT, Ministry of Education) ;
  • Ye, Xinrong (The Key Lab of Broadband Wireless Communication and Sensor Network Technology, NJUPT, Ministry of Education) ;
  • Chen, Jianxin (The Key Lab of Broadband Wireless Communication and Sensor Network Technology, NJUPT, Ministry of Education) ;
  • Zhou, Liang (The Key Lab of Broadband Wireless Communication and Sensor Network Technology, NJUPT, Ministry of Education) ;
  • Lin, Xiaodong (Faulty of Business and Information Technology, University of Ontario Institute of Technology, Canada)
  • Received : 2016.03.17
  • Accepted : 2016.05.08
  • Published : 2016.05.31

Abstract

Key agreement is paramount in secure wireless communications. A promising approach to address key agreement schemes is to extract secure keys from channel characteristics. However, because channels lack randomness, it is difficult for wireless networks with stationary communicating terminals to generate robust keys. In this paper, we propose a Robust Secure Key Agreement (RSKA) scheme from Received Signal Strength (RSS) in stationary wireless networks. In order to mitigate the asymmetry in RSS measurements for communicating parties, the sender and receiver normalize RSS measurements and quantize them into q-bit sequences. They then reshape bit sequences into new l-bit sequences. These bit sequences work as key sources. Rather than extracting the key from the key sources directly, the sender randomly generates a bit sequence as a key and hides it in a promise. This is created from a polynomial constructed on the sender's key source and key. The receiver recovers the key by reconstructing a polynomial from its key source and the promise. Our analysis shows that the shared key generated by our proposed RSKA scheme has features of high randomness and a high bit rate compared to traditional RSS-based key agreement schemes.

Keywords

1. Introduction

Wireless networks are more vulnerable to attacks over contemporary networks due to their broadcast nature. To protect wireless networks, a number of security protocols have been proposed and established [1-3]. Secret keys play a critical role in these security [4,5]. Traditional key generation schemes are based on public key infrastructures and cryptographic algorithms. Recent studies have been proposed to generate the shared secret keys by exploring physical (PHY)-layer information in wireless networks [6-10]. PHY-layer based key agreement schemes are constructed on wireless channel characteristics. These include channel randomness, channel reciprocity and independent channel variation over space [11]. Compared to the traditional schemes, the PHY-layer based key exchange protocols do not rely on computational hardness. Rather, they utilize random channel measurements and can achieve information-theoretical security [12].

Generally, channel measurements may range from Channel State Information (CSI), channel phase to Receive Signal Strength (RSS). CSI information is usually extracted from Orthogonal Frequency-Division Multiplexing (OFDM) sub-carriers for achieving high bit-rate key generation [7]. However, it is only efficient in OFDM systems. Channel phase [8,9] may be extracted for key generation but their implementations require an analog-to-digital converter (ADC) working with the Nyquist frequencies of single-tone carriers [11]. This introduces hardware constraints. RSS is an attractive means for generating secret keys. It is available in most affordable off-the-shelf wireless cards without any modification [7].

A number of RSS-based key agreement schemes generate high bit-rate secret keys through optimal quantization strategies such as ranking for quantization or multi-level quantization [10,13-18]. These schemes enhance information reconciliation efficiency for key robustness [19]. The above approaches require that the RSS has large variations to produce randomly changing measurements for robust key generation. However, there are many wireless application scenarios where channel coherence time is long and where channel have limited variations. These include wireless body area networks, wireless sensor networks or device-to-device communications with stationary nodes or terminals. We define these networks as stationary wireless networks.

To study fluctuations in the channel characteristics of stationary wireless networks, we conducted practical experiments1 and collected the channel measurements from both transmitters and receivers. These are denoted by Alice and Bob, respectively. Fig. 1 shows the RSS measurements. From these figures we observed the following features of RSS measurements in stationary wireless networks:

Fig. 1.Rss measurements of stationary wireless networks.

Stationary wireless channel measurements lack variations and randomness. It is thus, difficult to generate high bit-rate and high-entropy secret keys from their channels. Bits extracted by traditional RSS-based key agreement schemes are less suitable for secret keys as their rate and entropy are low [18]. These problems are extensively discussed in [20,21]. Specifically, [20] integrates opportunistic beamforming and frequency diversity for key generation. However, it requires an additional antenna at transmitter to introduce channel fluctuations. [21] introduces iJam to ensure that eavesdroppers are unable to demodulate wireless signals. The scheme is channel-independent but is only effective for an OFDM based systems. Furthermore, secrecy depends on the statistical characteristics of transmitted data.

Despite the aforementioned efforts, secret key agreement from RSS in stationary wireless channel continues to face the following challenges: i) How to improve secret key bit-rates from channel measurements with slow variation in general wireless networks except for specific OFDM systems? and ii) How can we increase the entropy of RSS-based secret keys from stationary wireless channel without additional hardware or system modifications?

To address the above issues, we propose a fuzzy-vault-based key agreement scheme from the RSS of the stationary wireless channels. We refer to this scheme as the Robust Secure Key Agreement (RSKA). In RSKA, the RSS measurements are quantized with normalization through maximal measurements to mitigate the non-reciprocity of the channel characteristics. The normalized quantization bit sequences are then reshaped into sequences with different levels. These methods alter the original repeated sequences into new variations, and can generate high bit-rate keys. The reshaped sequences function as key sources to produce a promise to hide key information. A promise is a fuzzy-vault, which is generated from a polynomial constructed on the key. The key is randomly generated by the transmitter. Upon receiving the promise sent by the transmitter, the receiver is able to reconstruct the polynomial with its key source and recover the secret key. In summary, the main contributions are threefold.

The remainder of the paper is organized as follows. Section 2 presents the proposed RSKA scheme and discusses the parameter settings. This is followed by a performance analysis in Section 3. Section 4 evaluates the performance of the proposed protocol through practical experiments and extensive simulations. Finally, Section 5 concludes this work.

 

2. The Proposed RSKA

In contrast to existing RSS-based key extraction approaches, which focus on error-correcting bits, our proposed RSKA scheme generates shared keys based on a fuzzy-vault, which will be presented in the first subsection. The RSKA scheme is described in detail with the corresponding parameters.

2.1 Preliminary

Fuzzy-vault. The intent of the fuzzy-vault-based key agreement scheme is to hide keys in a construction called vault using a set of key sources [22,23]. As shown in Fig. 2 (a), the transmitter Alice generates an mth order polynomial

over the variable x. Alice keeps key=cm-1|cm-2|...c1|c0 as the shared key. Then Alice projects each real point si in its source Ψa onto the polynomial to generate a set of real points G={(s1,f(s1)),(s2,f(s2)),...(sz,f(sz))} and randomly creates chaff points C={(c1,f1),(c2,f2),...(cv,fv)}, where fi≠f(ci). The fuzzy-vault is constructed by combing G and C in a random order. Upon receiving the vault (G,C), the receiver Bob matches the vault with its key source Ψb, and reconstructs the polynomial using Lagrange theorem, as shown in Fig. 2 (b).

Fig. 2.The traditional fuzzy-vault scheme at (a) transmitter and (b) receiver.

In the proposed RSKA scheme, the RSS measurements perform as the key sources. We modify the fuzzy-vault to improve the performance of key agreement scheme in stationary wireless networks.

2.2 The RSKA Scheme

The proposed RSKA scheme consists of three steps: Normalized quantization, bit reshape, and modified fuzzy-vault based key extraction.

Step 1 RSS Normalization and Quantization. In order to mitigate the asymmetry of RSS measurements, we normalize the RSS with maximal measurements received by the terminal1. The normalized value is then quantized by a predefined level, denoted by q. Without loss of generality, we assume that Alice stores its s RSS measurements in array A=[a]1×s and that the maximal element in A is sm. All the elements of A, denoted by si, are then normalized and quantized as

where is represented by a q-bit binary sequence2, and α∈(0,1) is a modification factor.

Remark 1 i) Due to unideal conditions, Alice and Bob may fail to achieve absolutely identical RSS measurements. Yet they may get similar variation trends due to channel reciprocity. By normalization and quantization, the measurements may be translated into more matching bits. ii) The modification factor αis introduced in Eq. 1 to limit the quantized bit sequence at some level which is not predicable for the eavesdroppers.

We denote Alice’s RSS measurements A=[55, 55, 56, 56, 57] and Bob’s RSS measurements B=[56, 56, 56, 57, 58]. By normalization and quantization with level q=8 and α=0.5. For Alice’s measurement 55, receives a normalized value With rounding, the value is quantized into sequence 16510=101001012. In this way, Alice gets sequences

Similarly, for Bob’s measurement 56, it gets normalized value and the value is quantized into sequence 16510=101001012. Thus, Bob receives sequences

As a result, the two different measurements A and B are quantized into two high matching bits. We will discuss the prerequisites of high matching normalization in subsection 2.3.

Step 2 Bit reshaping. As there is only little variations in stationary wireless networks, the entropy of the quantized bits is slow and they are not suitable for extracting keys directly. We propose to reshape the bit sequence Φa and Φb with a different level l, where l≠q. In the above example, with l=10, Φa and Φb may be reshaped as

And

which have noticeable variations. The reshaped bit sequences Ψa and Ψb work as the key sources for the generation of shared keys with modified fuzzy-vault.

Step 3 Modified fuzzy-vault-based key extraction. In the traditional fuzzy-vault schemes, the fuzzy-vault includes the points on the polynomial. This may result information leakage to eavesdropper [22,23]. Additionally, security relies on the computational complexity of constructing polynomial from the fuzzy-vault. Thus it is conditionally secure. We propose to send only partial point information to the receiver. This is inconsequelntial to the eavesdropper, thus reaching higher security level. Specifically, Alice generates a random k-bit sequence key and splits it into the form of a key = cm-1|cm-2|...c1|c0. The mth order polynomial

is constructed. For each element ai ∈ Ψa, Alice computes fi=f(ai) and creates a set N={(a1,f1),(a2,f2),...(an,fn)}, where n denotes the amount of elements in key source Ψa. Instead of sending all the values {f1,f2,...,fn} in order, Alice chooses v, m

where L={l1,l2,...lv+1}specifies the position of al1,al2,...,alv+1 in the set Ψa. If the first v+1 elements are selected, L={1,2,...v+1}. Additionally, Alice selects a secure hash function Hash and calculates Has(RSS)=Hash(al1|al2|...|alv+1) and Hash(key) for the verification of the RSS value and the key. Consequently, Alice formulates the promise in the format T|Hash(RSS)|L|Hash(key) and sends it to Bob.

Remark 2 Eq. 2 is an example of calculating the sequence number ij from the RSS. Other methods may be explored under the condition that Alice and Bob can derive the sequence number without interaction such that Eve gathers no information from it.

After receiving the promise, Bob checks whether Has(RSS)=Hash(bl1|bl2|...|blv+1). If the equation does not hold, Bob will notify Alice to reselect the RSS value until the equation holds. Later, Bob computes the sequence number as follows:

and constructs the set H={(bl1,fl1),(bl2,fl2),...(blv,flv)} with T. By choosing m elements from H, represented by {(x1,y1),(x2,y2),...(xm,ym)}, Bob reconstructs the polynomial using Lagrange theorem. The polynomial is reconstructed as

where Rewrite f'(x) as

Bob gets the shared key key' = c'm-1|c'm-2|...c'1|c'0 and checks

If Eq. 4 holds, the key agreement scheme successes. Otherwise, Bob reselects m elements from H and reconstructs the polynomial until the equation holds. The protocol of the proposed RSKA scheme is shown in Fig. 3.

Fig. 3.The proposed RSKA scheme.

2.3 Discussion

In this subsection, we discuss the prerequisite of high matching normalization in Step 1. We later clarify the relationship between reshaping level l and quantization level q for high variations of key sources in Step 2.

Recall that in the experiment of section 1, the RSS measurements of stationary wireless networks at Alice and Bob have almost the same variation trends and range despite their asymmetry. Furthermore, they acheive the maximal or minimal values almost at the same probe. In other words, by adjusting Alice’s measurements along the vertical axis in Fig. 1, we can match Bob’s value with minor differences. Thus we have the following assumptions.

Assumption 1 i) We sort Alice and Bob’s measurements according to ascending order, denoted by Xa={a1,a2,...am} and Xb={b1,b2,...bm}, respectively. Without loss of generality, we suppose the measurements at Alice and Bob have the same variation range and the same interval, i.e., and ii) The measurements ai∈Xa and bi∈Xb are normalized by Eq. 1 and transformed into integer by rounding.

Under the Assumption 1, we have the following theorem.

Theorem 1 The prerequisite of Xa and Xb have the same quantization bits is

where d and r are defined in Assumption 1, q is the quantization level, xm denotes the minimal maximal RSS measurements of Alice and Bob, i.e. xm=min{am,bm}.

Proof. According to Eq. 1, for all ai∈Xa and bi∈Xb, they are normalize as respectively. In order to acheive the same quantized bits by rounding, they should satisfy

Without loss of generality, we suppose

Then Eq. 6 turns to

We let It can be further simplified as

Since xm>0, we can have

For all ai∈Xa and bi∈Xb, Substitute ri in Eq. 8 by r, we get the prerequisite of Xa and Xb possessing the same quantization bits, as shown in Eq. 5.

Remark 3 i) Under the condition that Alice and Bob do not have the same RSS variation range, i.e., bm-b1≠am-a1, we define for redundancy. ii) Eq. 8 is the solution of Eq. 7 over variable xm. If another parameter, supposing q, is the variable, the solution of Eq. 7 becomes

By reshaping, the repeated bit sequences may be transformed into varied ones. Next, we provide definitions of repetition and variation characteristics for sequence sets and the relationship between these parameters.

Definition 1 (q,t)-repetition sequence set. A q-bit sequence is repeated by t times and the t repeated sequences consist of a (q,t)-repetition sequence set.

Definition 2 (l,w)-variation sequence set. An (l,w)-variation sequence set is composed by w different sequences with the same length l bits.

The relationship between the quantization level q and the reshaping level l is given in the following theorem.

Theorem2 An RSS measurement’s (q,t)-repetition sequence set may be reshaped into a new sequence set which includes an (l,w)-variation sequence set. The parameters satisfy where z=min{q×t,e}. Here, e is the least common multiple of q and l.

Proof. Please see Appendix A.

From Theorem 2, we learn when l and q are relatively-prime, the reshaped sequence set has the largest size. This theorem provides a guide for selecting a proper l for the variations of the key sources Ψa and Ψb. Whereafter, the determination of l is not only affected by q, but also related with the order of the polynomial m and the security level of the key. Their relationship will be analyzed in Section 3.

 

3. Performance Analysis

In this section, we analyze the secureness of the proposed RSKA scheme. We also show how the scheme achieves high entropy and high bit-rate performance.

3.1 Security Level

The security of RSKA is based on the computational difficulty of polynomial reconstruction. As Alice only sends the function value of the polynomial, an adversary who does not know any information about the variable value has to try out 2l×(2l-1)×(2l-2)×....(2l-m) times to arrive at the correct polynomial. Generally, l is large enough to satisfy 2l>m, then the term 2l×(2l-1)×(2l-2)×....(2l-m)≅2l×m. Further, the adversary may derive the secret key by a brute-force attack, making 2k attempts, where k is the length of the key. Consequently, the security level is determined by min{2l×m,2k}.

In order to protect the key, the parameters (l,m,k) should satisfy l×m≥k. Usually, we set m

Remark 4 Eve may deduce the key by guessing the RSS values instead of directly reconstructing the polynomial with Lagrange theorem. In order to resist this kind of attack, the parameters should satisfy

where G denotes the maximal variability on the range of the RSS measurements. denotes the permutation amounts for choosing m numbers from n numbers. The left side of Eq. 10 denotes that the adversary has to make attempts to guess the values of RSS in order to obtain (x1,x2...xm) such that it can reconstruct the polynomial from {(x1,y1),(x2,y2),...(xm,ym)}. The right side of Eq. 10 denotes that the adversary has to make 2l×m attempts in order to guess the key via a brute-force attack. To resist brute-force attacks the parameters should satisfy Eq. 10. Generally, parameters satisfy Eq. 10 in most cases.

3.2 Secure Bit Rate

Secure bit rate is defined as the average number of secret bits extracted per collected measurement [18]. As l×n≅s×q , we have the secure bit rate3

Given the s RSS measurements, the maximal secure bit rate may be obtained by selecting proper parameters q,m,l. Specifically, the problem may be explicitly expressed as:

Constraint (C2) is established to guarantee the security level. Constraint (C3) is the solution of Eq. 6, for guaranteeing the validity of bit reshaping. In constraint (C4), N+ denotes a positive integer set. Additionally, q,l may satisfy gcd(q,l)=1, denoting that q and l are relative-prime. Where gcd(q,l) presents the greatest common divisor of q and l. Consequently, there is a tradeoff between the security level and the key generation rate.

3.3 Key Entropy and First-try-success Probability

In the proposed RSKA scheme, the key is generated randomly by Alice, with a high level of randomness. Provided that the random generator performs well, the entropy of a k-bit key may reach the upper bound. In Section 4, we estimate the entropy of the key generated by RSKA, which shows that the proposed RSKA scheme has the characteristic of high entropy.

First-try-success probability is defined as the probability of successful key agreement for the first turn. We denote h the amount of mismatching elements from Alice and Bob’s key sources. Only when all the m elements are selected from the n-h matching ones, can the reconstructed polynomial correctly extract matching bits. The first-try-success probability Ps is

If Bob fails to recover the shared key in the first turn, he may try again. We define u as the average times that Bob tries befores a successful agreement. We have Next, we draw the relationship between u and n, m, h in Fig. 4. The figure shows that a higher n may increase the probability of key matching while a larger m causes more attempts for obtaining the correct key. Additionally, the higher the key sources mismatching ratio is, the more efforts Bob makes for a key agreement.

Fig. 4.The relationship between u and n, m, h.

 

4. Experimental Evaluation

In this section, we evaluate the performances of the proposed RSKA scheme and compare it with the traditional RSS-based key agreement from wireless channel [18].

4.1 Experimental Settings

We set up a wireless channel using an IRIS wireless sensor motes operating at 2.4GHz. There are three motes located within the communication radius of each other. Two motes, Alice and Bob, function as the communicating parties. The other mote works as a sink and connects to a laptop. Specifically, the initiator Alice sends a probe message to Bob. Upon receiving the packet, Bob conducts two tasks: i) Measuring the RSS and transmitting the value to the sink; and ii) Sending a probe message back to Alice. Alice repeats the processes, i.e., measuring the RSS, transmitting it to the sink, and sending a probe message back to Bob. In this way, the sink obtains all the RSS measures on the channel between Alice and Bob. It is worth noting that Alice may wait τ millisecond in order to fully control the rate and interval between packets.

Alice and Bob are stationary and are located at two corners of the room. They send probe messages to each other at the interval of τ=100ms. We collect the RSS measurements in two scenarios.

After receiving s probe messages, Alice randomly generate an m×l bit sequences for the key and constructs an mth order polynomial. Simultaneously, she produces a promise and sends it to Bob. Based on RSS measurements and promise, Bob can reconstruct the polynomial for the key recovery.

Firstly, we estimate the range of q according to Eq. 9. The receiving sensitivity of IRIS motes is -101dBm, while the RSS measurements vary from -55dBm to -70dBm. Consequently, we set xm=70 in Eq. 9. Additionally, the other parameters are estimated as d=3,r=5,α=0.5. Thus q is estimated by

In our experiments, we set q=7, q=8. Generally, l is larger than q for higher security while m is relatively small for low computational complexity, i.e., m=5,m=6.

In the traditional RSS-based key agreement as described in [18], named TRKA, the upper threshold and the lower threshold are represented by θ+and θ-, respectively. The RSS measurement are quantized as

The values between the lower and the upper threshold are dropped. Cascade protocol [27] is adopted for information reconciliation. For the uniformity of our benchmark, both of the schemes compare the entropy of the keys before privacy amplification.

4.2 Performance Evaluation

First-try-success probability Ps of RSKA. Fig. 5 shows the affecting factors of first-try-success probability in RSKA. With l increasing from 9 to 13, Ps may decrease slightly both at q=7 and q=8. However as an exception, the probabilty increases at l=13 and q=8. This is due to q=8 and l=13 being relatively-prime for more various key sources. Generally, Bob has a high probability for a successful key agreement when q increases from 7 to 8. The result is encouraging because the secure bit rate is higher when q is larger according to Eq. 11. Note that q should not exceed the solution of Eq. 9. Whereafter, Bob has to try more times for key agreement when m increases, as shown in both Fig. 5 (a) and (b). Consequently, it is better to set m at a low level for fast key agreement. However, m should satisfy (C2) for the optimization problem in Eq. 12 for security guarantee.

Fig. 5.First-try-success probability varies with l,q,m (s=60)

In Scenario 2, as there are mobile objects between the communicating parties causing asymmetrical channel characteristics, there may be a larger disparity of bits in the key sources comparing to Scenario 1. As a result, the receiver has low probability of success in the first attempt of the key agreement implementation, as demonstrated in Fig. 5 (b).

Secure bit rate. As shown in Fig. 6, the secure bit rate of RSKA decreases with increasing s in both Scenario 1 and Scenario 2. This is not surprising, the secure bit rate is an inverse ratio to sample amounts while proportional to reshaping level as analyzed in Section 3. In this figure, the secure bit rate of TRKA does not change distinctly with increasing s. The figure also demonstrates that RSKA has higher key generation bit-rate than TRKA in most cases. However, it is predicable; the bit rate of RSKA may fall below TRKA if s continues increasing. Therefore, it is not necessary to collect too many RSS measurements in RSKA. Nonetheless, it is required that s satisfies constraint (C2) of the optimization problem Eq. 12. Furthermore, s is proportional to n and higher n may increase the first-try-success probability as shown in Fig. 4. Thereby, optimal s is a tradeoff between security level and secure bit rate.

Fig. 6.Comparisons of secure bit rate varying with s (m=5, q=8).

Entropy. In order to compare the key entropy of the proposed scheme with the benckmark, we use NIST test suit [28] to estimate the approximate entropy of the key. From Fig. 7 we found that the key generated by RSKA has much higher randomness than that of TRKA. Bear in mind that the key is randomly generated by the transmitter in RSKA. Thus the entropy may almost reach as high as 1, which is the upper bound of the entropy in NIST test suit. The figure also depicts that the entropy is not related with s and l in both Scenario 1 and Scenario 2. It is worthy noting that TRKA extracts keys with higher randomness in Scenario 2 than in Scenario 1 due to the fact that mobility increases uncertainty of channel characteristics. The result shows that our proposed protocol has much higher entropy and is immune to the parameter variations.

Fig. 7.Comparisons of entropy varying with s (m=5, q=8).

 

5. Conclusion

In this paper, a novel RSS-based robust key agreement scheme is proposed for stationary wireless networks. By introducing normalized quantization and bit reshaping, the channel measurements are transformed into matching bits with high variations. Transmitter and receivers achieve key agreement by using a modified fuzzy-vault. As the key is randomly generated by the transmitter, it produces high entropy, almost reaching the upper bound of a sequence according to the NIST test. Furthermore, when the parameters are properly selected, RSKA has the characteristic of higher key generation rate compared to traditional RSS-based key agreements. Additionally, the proposed approach does not require any modification to hardware and is applicable in both stationary and mobile environments.

Note that in this study, we mainly focus on resisting passive attacks, i.e., eavesdropping. In our future work, we will consider other attacks such as predicable channel attacks and stalking attacks [7].

References

  1. H. Nguyen Thi Thanh, J. Minho, N. Tien-Dung, and H. Eui-Nam, “A Beneficial Analysis of Deployment Knowledge for Key Distribution in Wireless Sensor Networks,” Security and Communication Networks, vol. 5, no. 5, pp. 485-495, May 2012. Article (CrossRef Link) https://doi.org/10.1002/sec.337
  2. L. Guo, C. Zhang, J. Sun, and Y. Fang, “A privacy-preserving attribute-based authentication system for mobile health networks,” IEEE Transactions on Mobile Computing, vol. 13, no. 9, pp. 1927-1941, September, 2014. Article (CrossRef Link) https://doi.org/10.1109/TMC.2013.84
  3. L. Zhou, D.Wu, B. Zheng, and M. Guizani, “Joint physical-application layer security for wireless multimedia delivery,” IEEE Communications Magazine, vol. 52, no. 3, pp. 66-72, March 2014. Article (CrossRef Link) https://doi.org/10.1109/MCOM.2014.6766087
  4. C. Yu, C. Lu, and S. Kuo, “Non-interactive pairwise key establishment for sensor networks,” IEEE Transactions on Information Forensics and Security, vol. 5, no. 3, pp. 556-569, May 2010. Article (CrossRef Link) https://doi.org/10.1109/TIFS.2010.2050140
  5. Y. Hao, Y. Cheng, C. Zhou, and W. Song, “A distributed key management framework with cooperative message authentication in VANETs,” IEEE Journal on Selected Areas in Communications, vol. 29, no. 3, pp. 616-629, March 2011. Article (CrossRef Link) https://doi.org/10.1109/JSAC.2011.110311
  6. N.Wang, N. Zhang, and T. Aaron Gulliver, “Cooperative key agreement for wireless networking: Key rates and practical protocol design,” IEEE Transactions on Information Forensics and Security, vol. 9, no. 2, pp. 272-284, February 2014. Article (CrossRef Link) https://doi.org/10.1109/TIFS.2013.2293113
  7. H. Liu, Y. Wang, J. Yang, and Y. Chen, "Fast and practical secret key extraction by exploiting channel response," in Proc. of IEEE International Conference on Computer Communications (INFOCOM), Turin, Italy, pp. 3048-3056, April 14-19, 2013. Article (CrossRef Link)
  8. A. Sayeed and A. Perrig, "Secure wireless communications: Secret keys through multipath," in Proc. of IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), Las Vegas, Nevada, USA, pp. 3013-3016, March 31-April 4, 2008. Article (CrossRef Link)
  9. Q. Wang, H. Su, K. Ren, and K. Kim, "Fast and scalable secret key generation exploiting channel phase randomness in wireless networks," in Proc. of IEEE International Conference on Computer Communications (INFOCOM), Shanghai, China, pp. 1422-1430, April 10-15, 2011. Article (CrossRef Link)
  10. N. Patwari, J. Croft, S. Jana, and S. Kasera, “High bit-rate uncorrelated bit extraction for shared secret key generation from channel measurements,” IEEE Transactions on Mobile Computing, vol. 9, no. 1, pp. 17-30, January 2010. Article (CrossRef Link) https://doi.org/10.1109/TMC.2009.88
  11. K. Ren, H. Su, and Q.Wang, “Secret Key Generation exploiting channel characteristics in wireless communications,” IEEE Wireless Communications, vol. 18, no. 8, pp. 6-12, August 2011. Article (CrossRef Link) https://doi.org/10.1109/MWC.2011.5999759
  12. C. E. Shannon, “Communication theory of secrecy systems,” Bell System Technical Journal, no. 28, pp. 656-715, 1949. Article (CrossRef Link) https://doi.org/10.1002/j.1538-7305.1949.tb00928.x
  13. K. Zeng, D. Wu, A. Chan, and P. Mohapatra, "Exploiting multiple-antenna diversity for shared secret key generation in wireless networks," in Proc. of IEEE International Conference on Computer Communications (INFOCOM), San Diego, USA, pp. 1-9, March 15-19, 2010. Article (CrossRef Link)
  14. S. Mathur, W. Trappe, N. Mandayam, C. Ye, and A. Reznik, "Radiotelepathy: extracting a secret key from an unauthenticated wireless channel," in Proc. of ACM International Conference on Mobile Computing and Networking (MobiCom), San Francisco, CA, USA, pp. 128-139, September 14-19, 2008. Article (CrossRef Link)
  15. X. Zhu, F. Xu, E. Novak, C. C. Tan, Q. Li, and G. Chen, "Extracting Secret Key from Wireless Link Dynamics in Vehicular Environments," in Proc. of IEEE International Conference on Computer Communications (INFOCOM), Turin, Italy, pp. 2283-2291, April 14-19, 2013. Article (CrossRef Link)
  16. H. Liu, J. Yang, Y. Wang, and Y. Chen, "Collaborative Secret Key Extraction Leveraging Received Signal Strength in Mobile Wireless Networks," in Proc. of IEEE International Conference on Computer Communications (INFOCOM), Orlando, Florida, USA, pp. 927-935, March 25-30, 2012. Article (CrossRef Link)
  17. B. Zan, M. Gruteser, and F. Hu, "Improving Robustness of Key Extraction from Wireless Channels with Differential Techniques," in Proc. of International Conference on Computing, Networking and Communications, Wireless Ad Hoc and Sensor Networks Symposium (WiMob), Barcelona, Spain, October 8-10, pp. 980-984, 2012. Article (CrossRef Link)
  18. S. N. Premnath, S. Jana, J. Croft, P. L. Gowda, M. Clark, S. K.r Kasera, N. Patwari, and S. V. Krishnamurthy, “Secret key extraction from wireless signal strength in real environments,” IEEE Transactions on Mobile Computing, pp. 917-930, vol. 12, no. 5, May 2013. Article (CrossRef Link) https://doi.org/10.1109/TMC.2012.63
  19. B. Azimi-Sadjadi, A. Kiayias, A.Mercado, et al., "Robust key generation from signal envelopes in wireless networks," in Proc. of ACM Conference on Computer and Communications Security (CCS), Alexandria, Virginia, USA, pp. 401-410, October 28-31, 2007. Article (CrossRef Link)
  20. P. Huang, and X. Wang, "Fast Secret Key Generation in Stationary Wireless Networks: A Virtual Channel Approach," in Proc. of IEEE International Conference on Computer Communications (INFOCOM), Turin, Italy, pp. 2292-2300, April 14-19, 2013. Article (CrossRef Link)
  21. S. Gollakota and D. Katabi, "Physical layer wireless security made fast and channel independent," in Proc. of IEEE International Conference on Computer Communications (INFOCOM), Shanghai, China, pp. 1125-1133, April 10-15, 2011. Article (CrossRef Link)
  22. A. Juels, M. Sudan, “A fuzzy-vault scheme,” Design Codes and Cryptography, vol. 38, no. 6, pp. 237-257, June 2006. Article (CrossRef Link) https://doi.org/10.1007/s10623-005-6343-z
  23. F. Miao, S. Bao, and Y. Li, "A Modified fuzzy vault scheme for biometrics-based body sensor networks security," in Proc. of IEEE Global Communications Conference (GLOBCOM), Miami, Florida, USA, pp. 1-5, December 6-10, 2010. Article (CrossRef Link)
  24. M. Zafer, D. Agrawal, and M. Srivatsa, “Limitations of generating a secret key using wireless fading under active adversary,” IEEE/ACM Transactions on Networking, vol. 20, no. 5, pp. 1440-1451, May 2012. Article (CrossRef Link) https://doi.org/10.1109/TNET.2012.2183146
  25. G. D. Durgin, "Space-time wireless channels," Prentice Hall PTR, 2002. http://dl.acm.org/citation.cfm?id=1405684.
  26. K. Lee, S. Hong, S. Kim, et al., "SLAW: A mobility model for human walks," in Proc. of IEEE International Conference on Computer Communications (INFOCOM), Rio de, Janeiro, Brazil, pp. 855-863, April 20-25, 2009. Article (CrossRef Link)
  27. G. Brassard, and L. Salvail, "Secret key reconciliation by public discussion," in Workshop on the Theory and Application of Cryptographic Techniques on Advances in Cryptology, pp. 410-423, 1994. Article (CrossRef Link)
  28. NIST, "A statistical test suite for random and pseudorandom number generators for cryptographic applications," Article (CrossRef Link).