Key Generation Technique Based on Channel Characteristics for MIMO-OFDM Wireless Communication Systems

Dynamic secret key generation from wireless channel characteristics is a promising technique for physical layer security. One of the important issues in this field is extending the secret key’s length while preserving its uniformity and randomness. This paper proposes a key generation method based on time-varying and the reciprocity of wireless channels for Multiple-Input Multiple-Output Orthogonal Frequency Division Multiplexing (MIMO-OFDM) wireless communication systems. In the proposed technique, the complex impulse response (CIR) of the estimated channel state information (CSI) is extracted, and a quantization algorithm is designed to convert the maximum peaks of the CIR into secret key bits. The effectiveness of the proposed key generation technique is assessed in terms of the randomness of the produced key bits with different key lengths by using a statistical test suite of the National Institute of Standards and Technology (NIST). The proposed technique is employed in the MIMO-OFDM systems with different modulation schemes through Additive White Gaussian Noise (AWGN) and Rayleigh channels. The simulation results show that the secret keys with various key lengths generated from the proposed technique for the MIMO-OFDM systems guarantee randomness. Moreover, the proposed CSI-based key generation technique provides better effectiveness in terms of security when compared to some existing techniques.


I. INTRODUCTION
Due to open-air communication, wireless communication is vulnerable to passive attacks, such as eavesdropping, supervising, etc, or active attacks including spoofing, jamming, etc [1]. The traditional cryptosystem can be used against the attacks above at higher layers, but it may not be effective in heterogeneous wireless communication systems due to the limited resources, key generation, management, and sharing of the secret keys between the different legitimate users.
To address such problems, physical layer security techniques can be used to distribute secret keys between legitimate users for implementing the encryption and decryption processes.
The associate editor coordinating the review of this manuscript and approving it for publication was Wei Feng .
In cryptography, the randomness of a key sequence is the most important aspect [2]. The cryptographic key must be generated from a random source and key lengths are easily extended according to the size of the encrypted data. The theoretical basis of the key generation techniques from the physical layer is based on a common source of randomness. In general, wireless channel characteristics are demonstrated to provide an unlimited source of the randomness required for secret key generation, which has recently attracted a lot of attention [2]. Especially, randomness and reciprocity are the two crucial features of the wireless channel that are necessary for the generation of secret keys [3]. Wireless channel has natural randomness due to the time-varying of the channel parameters. According to the reciprocity, the wireless channel is symmetrical, meaning that the channels used by legitimate parties will always be the same [4]. VOLUME 11, 2023 This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/ Key generation methods can use a variety of wireless channel features, such as received signal strength (RSS), and channel state information (CSI) [5]. These key generation techniques are lightweight and don't need assistance from other users, so they provide a low complexity [2]. The authors in [6], [7], [8], and [9] applied the RSS for key extraction. In time division duplexing (TDD) mode, the variation of wireless channel amongst measurements has an impact on RSS-based key extraction, but it can be mitigated by using a fractional interpolation filter [4]. However, due to RSS is a parameter with a single dimension and each packet may only provide one RSS measurement, which causes a low key generation rate in RSS-based techniques. Moreover, because of the potential for predicted channel attacks, RSS-based methods can not always ensure complete security.
In recent years, CSI-based key generation methods have been investigated. Key generation techniques based on the channel phase have been proposed in [10] and [11], they can achieve a substantially faster speed compared to the RSSbased methods. However, synchronization and hardware fingerprint interference can seriously compromise the channel phase. Even though dynamic synchronization algorithms can be used to compensate for the synchronization error, the residual synchronization errors in the frequency and time domain have an impact on the channel phase changes. In [12], only the phase of the estimated CSI is used for secret key generation. This proposed technique combines with a special guard band scheme to achieve a better secret key disagreement ratio performance. In [13], the authors suggested extracting the secret key for Internet-of-Things (IoT) devices in a static environment. In this method, both the channel phase and amplitude are utilized in the key generation procedure. This study also suggests a mapping table-based key distribution strategy for IoT environments to improve the key agreement rate, the key generation rate, and the bit error rate. However, it will increase the complexity of IoT devices' deployment.
Multiple-Input Multiple-Output Orthogonal Frequency Division Multiplexing (MIMO-OFDM) technology provides a crucial role in the advancement of wireless communication systems. The MIMO-OFDM systems provide many benefits such as increased diversity, capacity, throughput, data rate, etc. However, the security of the MIMO-OFDM systems is a challenge, because the traditional security methods at the upper layers have high computational which is not suitable for real-time communication. Therefore, physical layer security has become more popular since it ensures reliable and secure communication for both present and future wireless systems. In recent years, key generation based on the MIMO channel characteristics is one of the physical layer security methods that is being focused on research. The authors in [14] proposed to generate secret keys for the MIMO systems from the received signal strength indicator (RSSI). This method indicates that Eve is impossible to obtain the secret keys from legitimate parties even increasing the number of receive antennas. In [15], the authors demonstrated that the secret key length is proportional to the number of antennas in the MIMO systems.
In this paper, we proposed a secret key generation technique based on the CSI for the MIMO-OFDM wireless communication systems. To do this purpose, the legitimate parties collect the highest peaks of the complex impulse response (CIR) during the channel probing. In the quantization stage, the average value of the maximum peaks is computed. Then, the secret key bits are generated by comparing the maximum peaks to the obtained average value. The secret keys are generated with different key lengths and checked by the National Institute of Standards and Technology (NIST) statistical test suite to evaluate the security.
The main contributions of this work are shown as follows: • The CIR of the MIMO-OFDM wireless channels, which is an unlimited source of randomness, is proposed as a seed to generate the dynamic secret key.
• The quantization algorithm is suggested to convert the estimated CIR into the key bit sequence.
• The key length can be easily changed while ensuring the security of the key.
• The CIR-based key generation algorithm has low complexity and it is suitable for secure MIMO-OFDM wireless communication systems. The paper is organized as follows, Section II describes the system model. Then, the proposed CSI-based secret key generation for the MIMO-OFDM wireless communication systems is presented in Section III. Simulation results are shown in Section IV and finally, Section IV concludes this paper.

II. SYSTEM MODEL
We consider a wireless communication system in the TDD mode with three parties shown in Fig. 1. Alice and Bob are the legitimate entities that need to protect the transmission data, while Eve is a passive eavesdropper on Alice and Bob's channel. Assuming that the three parties have the same hardware structure of the MIMO-OFDM transceiver devices with M antennas. In addition, the complex impulse response (CIR) between Alice and Bob is denoted h a (t 1 ) ∈ C M ×M , the Bob and Alice's CIR is denoted as h a ′ (t 2 ) ∈ C M ×M .
Taking these assumptions, Alice sends Bob a signal x a (t 1 ) ∈ C M ×1 first for channel estimation. The received signal y b (t 1 ) ∈ C M ×1 at Bob's side is given by: Bob responds by sending Alice a signal x b (t 2 ). The received signal y a (t 2 ) ∈ C M ×1 at Alice's side is shown as follows: In (1) and (2), η a (t 2 ) and η b (t 1 ) are the noise components in the received signals of Alice and Bob, respectively.
The process of transmitting signals to each other is done in two time slots of the TDD mode. When the difference  time between t 1 and t 2 is smaller than the channel coherence time τ (|t 1 − t 2 | < τ ), according to the short-time reciprocity of wireless channel characteristics, the wireless channels observed by both are the same between h a (t 1 ) and h a ′ (t 2 ), Additionally, in our system model, Eve can listen in on every conversation between Alice and Bob and also has the same key generation algorithm. We also suppose that Eve stands far enough away from two legitimate users (more than half of wavelength) so that the propagation channel between Alice and Bob is independent of Eve's observation [16]. This indicates that no information about h a and h a ′ is contained in the data Eve obtained. Fig. 2 depicts the CSI-based key generation procedure. The secret key is generated in two stages including channel probing, and quantization of the Complex Impulse Response (CIR).

A. STAGE 1: CHANNEL PROBING
In the channel probing stage, Alice and Bob use the pilot, which is known as a probing signal to estimate channels, and then obtain their channel vectors h a and h a ′ , respectively. Due to the reciprocity of the wireless channel, we have h a = h a ′ , which are known as forward and reverse channels for legal users [16]. On the other hand, Eve estimates Alice and Bob by h b and h c channels, respectively.
Due to the channel noise, the parties obtain inaccurate estimations of the channels, which are shown in the following equations: In (3)- (6), Alice, Bob, and Eve obtain estimation errors ε 1 , ε 2 , ε 3 , ε 4 during estimating their channels.
The CIRs h a and h a ′ estimated at each node of the transmission link should ideally stay the same and symmetric. As a result, we can achieve: However, some real cases are non-reciprocity due to the asynchronous errors and different noises at both parties. To address this issue, the authors in [17], [18], and [19] proposed techniques to mitigate the noise and asynchronous error effects.

B. STAGE 2: QUANTIZATION
In the quantization stage, we propose a quantization algorithm to convert the obtained CIRs into binary values. Fig. 3 shows an example of the CIR with the maximum peaks. The quantization algorithm can be expressed as follows: • Based on the obtained CIR h, Alice and Bob find the highest peaks of CIR Q. VOLUME 11, 2023 • Then, they calculate the average value q of the highest peaks of CIR Q.
• Alice and Bob compare each excursion of CIR's peak Q with q. If the excursion's value is greater than the average value q, we obtain bit 1. Otherwise, bit 0 is achieved if the excursion's value is lower than q.
By applying this quantization algorithm, Alice and Bob will receive two bit sequences, K A and K B .
By applying our proposed method, the number of maximum CIR peaks can be easily expanded, thus the key generation system can generate keys of different lengths.
The key generation technique aims to generate secret keys for data encryption and authentication. The randomness and refresh rate of the key must fulfill specific specifications for the applications. As a result, the key generation algorithms may be assessed by using three metrics: randomness, key generation rate, and key disagreement rate, in which randomness is the most essential feature [2].

IV. SIMULATION RESULTS
This section illustrates the simulation results obtained from MATLAB and investigates the performance of the proposed CSI-based key generation technique for the MIMO-OFDM wireless communication systems. The key bits are generated from the highest peaks of the CIR by applying our proposed key generation technique. The performance of the proposed technique is evaluated by the randomness of the generated key with different key lengths. The randomness of the generated key is examined by the National Institute of Standards and Technology (NIST) statistical test suite. There are a total of 15 tests, each of which can be used in a sequence. For instance, the monobit test concentrates on the ratio of ones to zeros; the frequency test within a block is utilized to assess whether the percentage of 1 in one block is approximately half a block; the run test is employed to check whether a key sequence's oscillations of 1 and 0 are quick or slow in comparison to a random sequence; the length of the 1 from the test key is matched to the anticipated length of 1 from the random sequence using the longest run of ones in a block test; the discrete Fourier transform (DFT) test finds the periodic pattern of the sequence; the approximate entropy test is applied to estimate the frequency of all potential overlapping data bits in a key sequence; the cumulative sums test is performed to assess whether the cumulative amount of elements of the sequence is large or small for the desired cumulative amount of a random sequence; etc. Each test is dependent on a determined test statistic value that is a function of the data and it produces a p-value. The p-value is related to the size of the tested sequence, the quantity and the arrangement of the 0s and 1s in the block of the tested sequence, thus it will vary in the range from 0 to 1 [20]. To assess randomness in each test, the p-value is compared to a significant level α, which  typically has a value between [0.001, 0.01]. If p-value > α, the sequence is considered random. As in other research, we decide on α being 0.01. Therefore, the key sequence passes the test when the p-value test result is greater than 0.01.
The proposed technique is applied in both Additive White Gaussian Noise (AWGN) and Rayleigh channels for the MIMO-OFDM systems. Assuming that Alice is a transmitter, and Bob is a receiver. Two legitimate parties use the MIMO-OFDM systems with the same number of antennas. In this work, we simulate the MIMO-OFDM systems configured with 2Tx-2Rx, 4Tx-4Rx, and 16Tx-16Rx for the BPSK and QPSK modulation schemes. Some parameters of the MIMO-OFDM systems are referenced from [14] and [15] and shown in Table 1. Meanwhile, the parameters of the NIST tests are listed in Table 2 and referenced from [21].
Case study 1: We consider that the channel is impacted by AWGN. Firstly, we simulate the MIMO-OFDM 2 × 2, 4 × 4, and 16 × 16 systems for the BPSK modulation scheme. The secret keys are generated with different key lengths of 256 bits, 1024 bits, 102400 bits, and 1024000. Table 3 shows the NIST test results for the generated secret keys.
According to the NIST standard [20], an input length of at least 100 bits, 38912 bits, and 1000000 bits need to be evaluated through 8 NIST tests, 9 NIST tests, and 15 NIST tests, respectively. Therefore, we choose 8 NIST tests for the generated key length of 256 bits and 1024 bits, including monobit, block frequency, runs, longest run of ones, DFT, serial (this test generates two p-values including serial-1 and serial-2), approximate entropy, cumulative sums test. For 102400 bits, we also need to conduct 8 NIST tests like 256 bits and 1024 bits scenarios, and one additional binary matrix rank test. We do all 15 NIST tests for the key length of 1024000 bits. It can be observed from Table 3  Secondly, we simulate the MIMO-OFDM systems for the QPSK modulation scheme and the simulation results are shown in Table 4. It can be observed that the p-values of the QPSK modulation scheme are different from the BPSK modulation scheme in all required tests, but there are still greater than 0.01. As a result, the generated secret keys satisfy the requirements for randomness. Specific details are described below: -For the monobit test, all p-values are 1, so the secret keys of the MIMO-OFDM systems provide the same proportion of 1 and 0. -In the block frequency test, the 1024-bit key of the MIMO-OFDM 16 × 16 system obtains the highest p-value. -The runs test indicates that the 256-bit key of the MIMO-OFDM 4 × 4 system oscillates more quickly than other keys. -The test overcome of the longest run of ones test reveals that the 256-bit key generated by the CIR of the MIMO-OFDM 16 × 16 system has a length of 1, which is more consistent with the desired length of 1 from the random key sequence. -The binary matrix rank test displays that most p-values of the 102400-bit key are higher than those of the 1024000-bit key.      Overall, the results of the NIST tests in both case studies give p-values that surpass 0.01. It can be concluded that the keys generated by our proposed technique satisfy the randomness requirements and can be utilized to encrypt information in wireless communications. Table 7 compares our proposed approach to the previous techniques reported in [4] and [5] with an input key length of at least 100 bits. This table illustrates that our proposed method passes all 8 required NIST tests. The method in [5] only passes 5 NIST tests. In [4], the authors evaluated the NIST test for different downsample factors (D) for simulation data. The method in [4] passes 4 NIST tests for D = 32 and 7 NIST tests for D = 64, respectively. When D is greater than 128, the key generated from the method reported in [4] will pass all required NIST tests. However, the number of generated key bits will be directly decreased by a large downsample factor since fewer subcarriers are preserved for the key distillation. Therefore, the method in [4] could not generate a long key length. Meanwhile, our method can generate any key sequences ensured by the NIST statistical test suite. Consequently, the secret key generated by our proposed method outperforms the methods shown in [4] and [5] in terms of randomness.

V. CONCLUSION
This research proposes a physical layer key generation method based on the CSI for the MIMO-OFDM wireless communication systems to enhance the key randomness. According to the time-varying and reciprocity of the wireless channel, two legitimate communicators use the same CIR to distill the key in coherence time. Our proposed key generation is applied for the MIMO-OFDM systems configured 2Tx-2Rx, 4Tx-4Rx, and 16Tx-16Rx with the BPSK and QPSK modulation schemes through AWGN channel and Rayleigh fading. The generated keys are checked by the NIST statistical test suite. The achieved results show that the generated keys from the proposed technique pass 8 obligate NIST tests for at least 100 key bits, 9 obligate NIST tests for at least 38912 bits, and 15 obligate NIST tests for 1000000 bits, respectively. Therefore, the proposed method ensures the randomness of the extracted keys. In addition, our method performs better effectiveness when compared to previous works in the field of key generation. Our proposed technique could be widely used in secure MIMO-OFDM wireless communication systems. Especially, it is appropriate for military wireless communication systems. In future work, we will focus on evaluating other performance metrics of the proposed key generation method, such as key generation rate and key disagreement rate.