On the Security of Key Extraction From Measuring Physical Quantities

Key extraction via measuring a physical quantity is a class of information theoretic key exchange protocols that rely on the physical characteristics of the communication channel, to enable the computation of a shared key by two parties that share no prior secret information. The key is supposed to be information theoretically hidden to an eavesdropper. Despite the recent surge of research activity in the area, concrete claims about the security of the protocols typically rely on channel abstractions that are not fully experimentally substantiated. In this paper, we propose a novel methodology for the experimental security analysis of these protocols. The crux of our methodology is a falsifiable channel abstraction that is accompanied by an efficient experimental approximation algorithm of the conditional min-entropy available to the parties given the view of the eavesdropper. We focus on the signal strength between two wirelessly communicating transceivers as the measured quantity, and we use an experimental setup to compute the conditional min-entropy of the channel given the view of the attacker which we find to be linearly increasing. Armed with this understanding of the channel, we showcase the methodology by providing a general protocol for key extraction in this setting that is shown to be secure for a concrete parameter selection. In this way, we provide a comprehensively analyzed wireless key extraction protocol that is demonstrably secure against passive adversaries assuming our falsifiable channel abstraction. Our use of hidden Markov models as the channel model and a dynamic programming approach to approximate conditional min-entropy might be of independent interest, while other possible instantiations of our methodology can be feasible and may be motivated by this paper.

[1]  Aggelos Kiayias,et al.  On passive inference attacks against physical-layer key extraction? , 2011, EUROSEC '11.

[2]  Prasant Mohapatra,et al.  Adaptive wireless channel probing for shared key generation , 2011, 2011 Proceedings IEEE INFOCOM.

[3]  Wayne E. Stark,et al.  Cryptographic Key Agreement for Mobile Radio , 1996, Digit. Signal Process..

[4]  David Tse,et al.  Channel Identification: Secret Sharing Using Reciprocity in Ultrawideband Channels , 2007, IEEE Transactions on Information Forensics and Security.

[5]  H. Vincent Poor,et al.  A Unified Framework for Key Agreement Over Wireless Fading Channels , 2009, IEEE Transactions on Information Forensics and Security.

[6]  Ivan Martinovic,et al.  A Practical Man-In-The-Middle Attack on Signal-Based Key Generation Protocols , 2012, ESORICS.

[7]  Lawrence R. Rabiner,et al.  A tutorial on Hidden Markov Models , 1986 .

[8]  Sneha Kumar Kasera,et al.  High-Rate Uncorrelated Bit Extraction for Shared Secret Key Generation from Channel Measurements , 2010, IEEE Transactions on Mobile Computing.

[9]  Gilles Brassard,et al.  Quantum cryptography: Public key distribution and coin tossing , 2014, Theor. Comput. Sci..

[10]  L. Baum,et al.  An inequality with applications to statistical estimation for probabilistic functions of Markov processes and to a model for ecology , 1967 .

[11]  Miguel R. D. Rodrigues,et al.  Secrecy Capacity of Wireless Channels , 2006, 2006 IEEE International Symposium on Information Theory.

[12]  Pravin Varaiya,et al.  Capacity, mutual information, and coding for finite-state Markov channels , 1996, IEEE Trans. Inf. Theory.

[13]  Kavé Salamatian,et al.  Hidden Markov modeling for network communication channels , 2001, SIGMETRICS '01.

[14]  Robert Krauthgamer,et al.  Bounded geometries, fractals, and low-distortion embeddings , 2003, 44th Annual IEEE Symposium on Foundations of Computer Science, 2003. Proceedings..

[15]  A. D. Wyner,et al.  The wire-tap channel , 1975, The Bell System Technical Journal.

[16]  U. Maurer,et al.  Secret key agreement by public discussion from common information , 1993, IEEE Trans. Inf. Theory.

[17]  Hai Su,et al.  Fast and scalable secret key generation exploiting channel phase randomness in wireless networks , 2011, 2011 Proceedings IEEE INFOCOM.

[18]  Larry Carter,et al.  Universal Classes of Hash Functions , 1979, J. Comput. Syst. Sci..

[19]  Lawrence R. Rabiner,et al.  A tutorial on hidden Markov models and selected applications in speech recognition , 1989, Proc. IEEE.

[20]  Aggelos Kiayias,et al.  Robust key generation from signal envelopes in wireless networks , 2007, CCS '07.

[21]  Rafail Ostrovsky,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, SIAM J. Comput..

[22]  T. Aono,et al.  Wireless secret key generation exploiting reactance-domain scalar response of multipath fading channels , 2005, IEEE Transactions on Antennas and Propagation.

[23]  Matthieu R. Bloch,et al.  Wireless Information-Theoretic Security , 2008, IEEE Transactions on Information Theory.

[24]  Andrew J. Viterbi,et al.  Error bounds for convolutional codes and an asymptotically optimum decoding algorithm , 1967, IEEE Trans. Inf. Theory.

[25]  Oleg I. Sheluhin,et al.  Self-Similar Processes in Telecommunications , 2007 .

[26]  Xiaohua Li,et al.  MIMO transmissions with information-theoretic secrecy for secret-key agreement in wireless networks , 2005, MILCOM 2005 - 2005 IEEE Military Communications Conference.

[27]  Hesham El Gamal,et al.  On the Secrecy Capacity of Fading Channels , 2006, 2007 IEEE International Symposium on Information Theory.

[28]  Sneha Kumar Kasera,et al.  Secret Key Extraction from Wireless Signal Strength in Real Environments , 2009, IEEE Transactions on Mobile Computing.

[29]  Michael Clark Robust wireless channel based secret key extraction , 2012, MILCOM 2012 - 2012 IEEE Military Communications Conference.

[30]  Rudolf Ahlswede,et al.  Common randomness in information theory and cryptography - I: Secret sharing , 1993, IEEE Trans. Inf. Theory.

[31]  Gilles Brassard,et al.  Secret-Key Reconciliation by Public Discussion , 1994, EUROCRYPT.

[32]  Rafail Ostrovsky,et al.  Low distortion embeddings for edit distance , 2005, STOC '05.

[33]  Noam Nisan,et al.  Randomness is Linear in Space , 1996, J. Comput. Syst. Sci..

[34]  Gregory Valiant,et al.  Estimating the unseen: an n/log(n)-sample estimator for entropy and support size, shown optimal via new CLTs , 2011, STOC '11.

[35]  Mudhakar Srivatsa,et al.  Limitations of Generating a Secret Key Using Wireless Fading Under Active Adversary , 2012, IEEE/ACM Transactions on Networking.

[36]  Nico Döttling,et al.  Vulnerabilities of Wireless Key Exchange Based on Channel Reciprocity , 2010, WISA.

[37]  Wade Trappe,et al.  Information-Theoretically Secret Key Generation for Fading Wireless Channels , 2009, IEEE Transactions on Information Forensics and Security.

[38]  Rao Yarlagadda,et al.  Unconventional cryptographic keying variable management , 1995, IEEE Trans. Commun..

[39]  Jonathan Katz,et al.  Robust Fuzzy Extractors and Authenticated Key Agreement from Close Secrets , 2006, CRYPTO.

[40]  Suhas N. Diggavi,et al.  Secret-Key Generation Using Correlated Sources and Channels , 2009, IEEE Transactions on Information Theory.

[41]  Wade Trappe,et al.  Radio-telepathy: extracting a secret key from an unauthenticated wireless channel , 2008, MobiCom '08.

[42]  John McEachen,et al.  Unconditionally secure communications over fading channels , 2001, 2001 MILCOM Proceedings Communications for Network-Centric Operations: Creating the Information Force (Cat. No.01CH37277).

[43]  Gilles Brassard,et al.  Privacy Amplification by Public Discussion , 1988, SIAM J. Comput..