Skip to main content
SpringerLink
Log in

Statistical inference attack against PHY-layer key extraction and countermeasures

  • Original Paper
  • Published:
Wireless Networks Aims and scope Submit manuscript

Abstract

The establishment of secure secret keys ahead of transmissions is one of the key issues in the field of information security. The security of traditional cryptographic secret key establishment mechanisms is seriously challenged by computing-intensive attacks, with the fast growth of high-performance computing. As an alternative, considerable efforts have been made to develop physical (PHY) layer security measures in recent years, such as link-signature-based (LSB) secret key extraction techniques. Those mechanisms have been believed secure, based on the fundamental assumption that wireless signals received at two locations are uncorrelated when separated by more than half a wavelength. However, this assumption does not hold in some circumstances under latest observations, rendering LSB key extraction mechanisms vulnerable to attacks. To address this problem, the formal theoretical analysis on channel correlations in both real indoor and outdoor environments is provided in this paper. Moreover, this paper proposes empirical statistical inference attacks (SIA) against LSB key extraction, whereby an adversary infers the signature of a target link. Consequently, the secret key extracted from that signature has been recovered by observing the surrounding links. In contrast to prior literature that assumes theoretical link-correlation models for the inference, our study does not make any assumption on link correlation. Instead, we employ machine learning (ML) methods for link inference based on empirically measured link signatures. We further propose a countermeasure against the SIAs, called forward-backward cooperative key extraction protocol with helpers (FBCH). In the FBCH, helpers (other trusted wireless nodes) are introduced to provide more randomness in the key extraction. Our experimental results have shown that the proposed inference methods are still quite effective even without making assumptions on link correlation. Furthermore, the effectiveness of the proposed FBCH protocol is validated by our experiment results.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14

Similar content being viewed by others

References

  1. Kyritsi, P., Cox, D., Valenzuela, R., & Wolniansky, P. (2003). Correlation analysis based on mimo channel measurements in an indoor environment. IEEE Journal on Selected Areas in Communications, 21(5), 713–720.

    Article  Google Scholar 

  2. Patwari, N., & Kasera, S. K. (2007). Robust location distinction using temporal link signatures. In Proceedings of the ACM International Conference on Mobile Computing and Networking (MobiCom), 2007, pp. 111–122.

  3. Zhang, J., Kasera, S. K., & Patwari, N. (2010). Mobility assisted secret key generation using wireless link signatures. In Proceedings of the IEEE International Conference on Computer Communications (INFOCOM), 2010, pp. 1–5.

  4. Wilson, R., Tse, D., & Scholtz, R. A. (2007). Channel identification: Secret sharing using reciprocity in ultrawideband channels. IEEE Transactions on Information Forensics and Security, 2(3), 364–375.

    Article  Google Scholar 

  5. Patwari, N., Hero, A., Perkins, M., Correal, N., & O’Dea, R. (2003). Relative location estimation in wireless sensor networks. IEEE Transactions on Signal Processing, 51(8), 2137–2148.

    Article  Google Scholar 

  6. He, X., Dai, H., Shen, W., & Ning, P. (2013). Is link signature dependable for wireless security?” In Proceedings of the IEEE International Conference on Computer Communications (INFOCOM), 2013, pp. 200–204.

  7. He, X., Dai, H., Shen, W., Ning, P., & Dutta, R. (2016). Toward proper guard zones for link signature. IEEE Transactions on Wireless Communications, 15(3), 2104–2117.

    Article  Google Scholar 

  8. Edman, M., Kiayias, A., & Yener, B. (2011). On passive inference attacks against physical-layer key extraction? In Proceedings of the Fourth European Workshop on System Security (EUROSEC), 2011, pp. 1–6.

  9. Patwari, N. (2007). CRAWDAD dataset utah/cir (v. 2007-09-10). [Online]. Available: https://crawdad.org/utah/CIR/20070910

  10. Barral, V. (2020). Pozyx cir and range with los and nlos. [Online]. Available: https://doi.org/10.21227/sr92-6s06.

  11. Mathur, S., Trappe, W., Mandayam, N., Ye, C., & Reznik, A. (2008). Radio-telepathy: Extracting a secret key from an unauthenticated wireless channel. In Proceedings of the ACM International Conference on Mobile Computing and Networking (MobiCom), pp. 128–139.

  12. Zhu, R., Shu, T., & Fu, H. (2017). Empirical statistical inference attack against phy-layer key extraction in real environments. In Proceedings of the IEEE Military Communications Conference (MILCOM), pp. 46–51.

  13. Liu, Y., Draper, S. C., & Sayeed, A. M. (2012). Exploiting channel diversity in secret key generation from multipath fading randomness. IEEE Transactions on Information Forensics and Security, 7(5), 1484–1497.

    Article  Google Scholar 

  14. Chen, K., Natarajan, B. B., & Shattil, S. (2015). Secret key generation rate with power allocation in relay-based lte-a networks. IEEE Transactions on Information Forensics and Security, 10(11), 2424–2434.

    Article  Google Scholar 

  15. Im, S., Choi, J., & Ha, J. (2015). Secret key agreement for massive mimo systems with two-way training under pilot contamination attack. In IEEE GLOBECOM Workshops, pp. 1–6.

  16. Zeng, K. (2015). Physical layer key generation in wireless networks: Challenges and opportunities. IEEE Communications Magazine, 53(6), 33–39.

    Article  Google Scholar 

  17. Truyen Thai, C. D., Lee, J., & Quek, T. Q. S. (2015). Secret group key generation in physical layer for mesh topology. In Proceedings of the IEEE Global Communications Conference (GLOBECOM), pp. 1–6.

  18. Moara-Nkwe, K., Shi, Q., Lee, G. M., & Eiza, M. H. (2018). A novel physical layer secure key generation and refreshment scheme for wireless sensor networks. IEEE Access, 6, 11374–11387.

    Article  Google Scholar 

  19. Shimizu, T., Iwai, H., & Sasaoka, H. (2011). Physical-layer secret key agreement in two-way wireless relaying systems. IEEE Transactions on Information Forensics and Security, 6(3), 650–660.

    Article  Google Scholar 

  20. Thai, C. D. T., Lee, J., Prakash, J., & Quek, T. Q. S. (2019). Secret group-key generation at physical layer for multi-antenna mesh topology. IEEE Transactions on Information Forensics and Security, 14(1), 18–33.

    Article  Google Scholar 

  21. Jin, R., Du, X., Zeng, K., Huang, L., Xiao, L., & Xu, J. (2017). Delay analysis of physical-layer key generation in dynamic roadside-to-vehicle networks. IEEE Transactions on Vehicular Technology, 66(3), 2526–2535.

    Article  Google Scholar 

  22. Fang, H., Wang, X., & Hanzo, L. (2019). Learning-aided physical layer authentication as an intelligent process. IEEE Transactions on Communications, 67(3), 2260–2273.

    Article  Google Scholar 

  23. Kong, Y., Lyu, B., Chen, F., & Yang, Z. (2018). The security network coding system with physical layer key generation in two-way relay networks. IEEE Access, 6, 40673–40681.

    Article  Google Scholar 

  24. Fang, H., Xu, L., Zou, Y., Wang, X., & Choo, K.-K.R. (2018). Three-stage stackelberg game for defending against full-duplex active eavesdropping attacks in cooperative communication. IEEE Transactions on Vehicular Technology, 67(11), 10788–10799.

    Article  Google Scholar 

  25. Li, G., Hu, A., Sun, C., & Zhang, J. (2018). Constructing reciprocal channel coefficients for secret key generation in fdd systems. IEEE Communications Letters, 22(12), 2487–2490.

    Article  Google Scholar 

  26. Zhao, H., Zhang, Y., Huang, X., & Xiang, Y. (2019). An adaptive secret key establishment scheme in smart home environments. In Proceedings of the IEEE International Conference on Communications (ICC), pp. 1–6.

  27. Hajomer, A. A. E., Zhang, L., Yang, X., & Hu, W. (2020). Post-processing protocol for physical-layer key generation and distribution in fiber networks. IEEE Photonics Technology Letters, 32(15), 901–904.

    Article  Google Scholar 

  28. Henkel, W., Turjman, A. M., Kim, H., & Qanadilo, H. K. H. (2020). Common randomness for physical-layer key generation in power-line transmission. In Proceedings of the IEEE International Conference on Communications (ICC), pp. 1–6.

  29. Aldaghri, N., & Mahdavifar, H. (2020). Physical layer secret key generation in static environments. IEEE Transactions on Information Forensics and Security, 15, 2692–2705.

    Article  Google Scholar 

  30. Ribouh, S., Phan, K., Malawade, A. V., Elhillali, Y., Rivenq, A., & Faruque, M. A. A. (2020). Channel state information-based cryptographic key generation for intelligent transportation systems. IEEE Transactions on Intelligent Transportation Systems, pp. 1–12.

  31. Lin, R., Xu, L., Fang, H., & Huang, C. (2020). Efficient physical layer key generation technique in wireless communications. EURASIP Journal on Wireless Communications and Networking, 2020,

  32. Jakes, W. C., & Cox, D. C. (Eds.). (1994). Microwave Mobile Communications. New York: Wiley.

    Google Scholar 

  33. Fang, H., Wang, X., & Tomasin, S. (2019). Machine learning for intelligent authentication in 5g and beyond wireless networks. IEEE Wireless Communications, 26(5), 55–61.

    Article  Google Scholar 

  34. Qiu, X., Dai, J., & Hayes, M. (2020). A learning approach for physical layer authentication using adaptive neural network. IEEE Access, 8, 26139–26149.

    Article  Google Scholar 

  35. Steinmetzer, D., Schulz, M., & M. Hollick, (2015). Lockpicking physical layer key exchange: Weak adversary models invite the thief. In Proceedings of the ACM Conference on Security & Privacy in Wireless and Mobile Networks (WiSec), pp. 1–11.

  36. Liu, Y., & Ning, P. (2012). Enhanced wireless channel authentication using time-synched link signature. In Proceedings of the IEEE International Conference on Computer Communications (INFOCOM), pp. 2636–2640.

  37. Dautov, R., & Tsouri, G. R. (2019). Effects of passive negative correlation attack on sensors utilizing physical key extraction in indoor wireless body area networks. IEEE Sensors Letters, 3(7), 1–4.

    Article  Google Scholar 

  38. Zafer, M., Agrawal, D., & Srivatsa, M. (2012). Limitations of generating a secret key using wireless fading under active adversary. IEEE/ACM Transactions on Networking, 20(5), 1440–1451.

    Article  Google Scholar 

  39. Law, Y. W., Palaniswami, M., Hoesel, L. V., Doumen, J., Hartel, P., & Havinga, P. (2009). Energy-efficient link-layer jamming attacks against wireless sensor network mac protocols. ACM Transactions on Sensor Networks, 5(1), 1–38.

    Article  Google Scholar 

  40. Zhou, H., Huie, L. M., & Lai, L. (2014). Secret key generation in the two-way relay channel with active attackers. IEEE Transactions on Information Forensics and Security, 9(3), 476–488.

    Article  Google Scholar 

  41. Clark, M. (2012). Robust wireless channel based secret key extraction. In Proceedings of the IEEE Military Communications Conference (MILCOM), pp. 1–6.

  42. Jin, R., & Zeng, K. (2015). Physical layer key agreement under signal injection attacks. In Proceedings of the IEEE Conference on Communications and Network Security (CNS), pp. 254–262.

  43. Hu, Q., & Hancke, G. P. (2017). A session hijacking attack on physical layer key generation agreement. In Proceedings of the IEEE International Conference on Industrial Technology (ICIT), pp. 1418–1423.

  44. MirhoseiniNejad, S. M., Rahmanpour, A., & Razavizadeh, S. M. (2018). Phase jamming attack: A practical attack on physical layer-based key derivation. In Proceedings of the International ISC Conference on Information Security and Cryptology (ISCISC), pp. 1–4.

  45. Rottenberg, F., Nguyen, T.-H., Dricot, J.-M., Horlin, F., & Louveaux, J. (2021). Csi-based versus rss-based secret-key generation under correlated eavesdropping. IEEE Transactions on Communications, 69(3), 1868–1881.

    Article  Google Scholar 

  46. Harshan, J., Chang, S.-Y., & Hu, Y.-C. (2017). Insider-attacks on physical-layer group secret-key generation in wireless networks. In Proceedings of the IEEE Wireless Communications and Networking Conference (WCNC), pp. 1–6.

  47. Malmirchegini, M., & Mostofi, Y. (2012). On the spatial predictability of communication channels. IEEE Transactions on Wireless Communications, 11(3), 964–978.

    Article  Google Scholar 

  48. Shiu, D.-S., Foschini, G., Gans, M., & Kahn, J. (2000). Fading correlation and its effect on the capacity of multielement antenna systems. IEEE Transactions on Communications, 48(3), 502–513.

    Article  Google Scholar 

  49. Abdi, A., & Kaveh, M. (2002). A space-time correlation model for multielement antenna systems in mobile fading channels. IEEE Journal on Selected Areas in Communications, 20(3), 550–560.

    Article  Google Scholar 

  50. Chen, P.-Y., & Li, H.-J. (2007). Modeling and applications of space-time correlation for mimo fading signals. IEEE Transactions on Vehicular Technology, 56(4), 1580–1590.

    Article  Google Scholar 

Download references

Acknowledgements

This research work is partially supported by the National Science Foundation under Grants CNS-1837034, CNS-1745254, CNS-2006998, CNS-1460897 and DGE-1623713. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the National Science Foundation. The authors would like to thank Mr. James F. Huber for proofreading and editing the language of this paper.

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, Oakland University, Rochester, MI, 48309, USA

    Rui Zhu & Huirong Fu

  2. Department of Computer Science and Software Engineering, Auburn University, Auburn, AL, 36849, USA

    Tao Shu

Authors
  1. Rui Zhu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Tao Shu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Huirong Fu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Rui Zhu.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Zhu, R., Shu, T. & Fu, H. Statistical inference attack against PHY-layer key extraction and countermeasures. Wireless Netw 27, 4853–4873 (2021). https://doi.org/10.1007/s11276-021-02769-x

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11276-021-02769-x

Keywords

Search

Navigation