Implementation of Secret Key Generation on Mobile Crowdsensing Application to Secure Tracking Location of Motorcyclists

Mobile crowdsensing is a method for collecting many data from sensors on smartphone. In this research, mobile crowdsensing application will be developed to display location of motorcyclits who connected in an Ad-Hoc network along with a security system using the Secret Key Generation (SKG) scheme to generate a secret key that will be used to encrypt and decrypt the data. From the results it can be concluded that the highest measurement correlation is 0.0398 and the lowest is 0.0018 but after randomness extraction proccess, the highest correlation is 0.996 and the lowest is 0.978. After encryption, information of Alice and Bob is stored as random character in database and decrypted as plaintext as shown as in application. In the attacking result, the data after encrypted just shown random character in traffic monitor. When the eavesdroppers manipulate its IP address like Alice's, they can’t connect to Bob.


Secret Key Generation (SKG)
The first step in this secret key generation scheme is randomness the RSS values using the Kalman Filter to increase the similarity of the Alice and Bob RSS values. Then results of randomness extraction will be quantized using Lossy Quantization so that they become binary bits 1 and 0. The binary bits will be error corrected using the BCH Code algorithm to remove different binary bits between Alice and Bob at the same data index. The results of the error correcting will be processed at the hashing stage using Universal Hash to randomize the bits and divide them into random output bits with a length of 256 bits. Several keys generated from this Universal Hash process will be tested by NIST to determine which key will be used with the highest approximate entropy value. This key will then be subjected to the SHA-256 privacy amplification process so that it becomes a random character of 256 bits long. The last stage in this scheme is the encryption and decryption process using AES-256.

Randomness Extraction using Kalman Filter
The Kalman Filter is for expressing an estimate using a predictor-corrector structure. In the next system state update (prediction) it is estimated based on the system state and state transition properties that were previously known [6]. The state equation (xk) and measurement equation (zk) are the basis of the Kalman Filter theory. The state equation is modeled as in equation (1). xk = Axk-1 + Buk-1 + wk-1 (1) zk measurement equation is modeled as in equation (2). zk = Hxk + vk (2) RSS measurement data is sorted based on index data starting from the 0th index and the initial estimate or K is equal to 0. Then the data is processed using a time update using state prediction calculations and error covariance predictions so that the time update results are obtained. After that, a measurement update is carried out using the Kalman Gain equation, the estimated RSS value which has been increased in resemblance to the data in the previous index (zk) along with the error covariance update value (Pk). The result of measurement update will be xk and Pk values in the next data processing and so on until the last index.

Lossy Quantization
Quantization is a signal processing, in which a data is mapped from a large set of input values to a smaller set using rounding and truncation. The quantization method by Michael A. Tope uses two thresholds as in Equation (3) -Equation (4). γl = average of RSS + (0.4*standard deviation) (3) γh = average of RSS + standard deviation (4) If RSS value < γh and > γl then quantization result is 2 and the 2 value will be discarded so that the quantization result has bit values 1 and 0 only.

Error Correcting using BCH Code
BCH (Bose -Chaudhuri -Hocquenghuem) Code is an error correcting method that corrects errors on the receiving side. The main advantage of the BCH code is the ease with which it can be encoded using an elegant algebraic method known as syndrome decoding [7]. The quantized binary bits will be divided into Nbits where each Nbit contains as many data bits as K bits (K=21) and the initial stage in the error correcting process will initialize the initial markdata variable starting from index 0. If the markdata value ≤ Nbit-K then take a K bit value of 21 bits. Then multiplying the K bits with matrix generator so that the BCH code is generated and stored in the array code. Then take the next K bits until the data has been processed. If markdata is not ≤ Nbit-K then error correcting process has been completed so that bit values between Alice and Bob at each index are the same.

Universal Hash
Universal hash is used to randomize the result bits of the BCH Code so that the values are more varied and meet the requirements. The universal hash process is carried out by randomly generating 1bit and 0bit matrices. The output of the universal hash will be searched for the highest entropy value or level of randomness and will be used as a secret key [8]. Input resulting from error correcting process will be generated into a Universal Hash matrix of 256 bits. In each row 1:256, Universal Hash matrix will be multiplied by input resulting from the error correcting so that we get multiplication Modulo 2 for each row of the matrix. If matrix row ≤ 256 bits then Universal Hash matrix multiplication will be performed using return input. If line is not ≤ 256 then hashing process using Universal Hash has been completed and get some keys as much as 256 bits.

Privacy Amplification using SHA-256
SHA-256 can be used to calculate the message digest value of a message, which has a maximum length of 264 bits [9]. This algorithm uses a message schedule consisting of 64 elements of 32-bit words, eight 32-bit variables, and a hash value storage variable of 8 32-bit words. The end result of the SHA-256 algorithm is a 256-bit message digest.

Cryptosystem using AES-256
AES-256 is a symmetric ciphertext block that can encrypt and decrypt information. In this study, 14 rounds of AES-256 will be used. AES has a block size of 128 bits and a key size of 256 bits [10]. The illustration shown in Figure 2 below.

Figure 2. Encryption Decryption Ilustration
The key that has been obtained from SHA-256 will be used to perform encryption using AES-256 by initializing the input in the form of plaintext first. Then the 256bit key is added to the AddRoundKey process, then processed in the encryption round process which is divided into SubBytes, ShitRows, MixColumns stages and adding AddRoundKey using round keys 1-13 where this process occurs 13 rounds. Furthermore, the results of this process will be processed in the last round process where there are three stages, namely SubBytes, ShiftRows and adding AddRoundKey using the 14th round key so that the final result is in the form of ciphertext.
For the decryption process using AES-256 starts with ciphertext as input and adds AddRoundKey using the same key as the encryption key, then it is processed in the decryption round so that the results are obtained the same plaintext as before being encrypted.

Key Disagreement Rate (KDR)
KDR is the percentage of different bits between the keys generated by Alice and Bob. To find the KDR value can be seen in Equation (5).
Where N is the key length, K1 is the Key in RSS 1 and K2 is the Key in RSS 2.

Key Generation Rate (KGR)
KGR is the key generation rate indicating the number of secret key bits generated per second. The general equation can be seen in Equation (6).
Where K is the average number of bits generated by Alice and Bob, T is the measurement and computation time of the program.

Integrating Application with SKG Scheme
After finishing making the crowdsensing mobile application and the SKG scheme, then the crowdsensing mobile application created will be integrated with the SKG scheme that has been built. System design of the mobile crowdsensing application which integrated with the SKG scheme can be seen in Figure 3.

C. Result and Discussion
This section is show the results of research and discussion from SKG process and integrate it to mobile crowdsensing application.

RSS Measurement and Randomness Extraction
RSS measurement was carried out using 12 test scenarios in the Sub-Urban area when it was quiet (12:00 WIB) and crowded (15:00 WIB) and the Urban area when it was quiet (14:00 WIB) and crowded (17:00 WIB) with a distance of 3 meters, 5 meters and 7 meters. In this test, the correlation between Alice and Bob will be calculated based on the RSS of measurement and after the randomness extraction process using Kalman Filter. The result is as seen as in Table 1. In Table 1 it can be seen, the highest measurement correlation is 0.0398 and the lowest correlation is 0.0018. As for the correlation between the RSS values between Alice and Bob after the randomness extraction process, the highest value is 0.996 and the lowest value is 0.978. From the randomness extraction results, the highest KDR value was 99.905% and the lowest value was 99.396%. The highest KGR value is 9.082 bit/s and the lowest value is 9.0733 bit/s.

Quantization using Lossy Quantization
After processing the RSS data from randomness extraction, the next step is quantization stage using the Lossy Quantization algorithm to convert the RSS values in decimal form to binary bits. The result is shown in Table 2 below. From Table 2, the highest value of the deleted bits is 333 and the lowest is 265 bits. At this stage the highest KDR value produced is 35.5% and the lowest is 3.5%. The highest KGR value is 8,308 bit/s and the lowest value is 8,108 bit/s.

Error Correcting using BCH Code
The bit error correction process is carried out with BCH (31.6), which means that the data will be checked per block with the size of each block totaling 6 bits. The bit error limit that can be corrected in this method is as much as 5 bits with an overall codeword length of 31 bits. If the bit error between Alice and Bob is more than 5 bits, 1 block will be deleted. The results are as seen in Table 3. From Table 3 it can be seen that the highest bit error is deleted as much as 10 bits so that it deletes 1 block and the smallest is 1 bit so it doesn't delete a block. The highest KGR value is 8.282 bit/s while the smallest value is 8.065 bit/s. The result of error correcting is that there are no different bits so the KDR value is 0%.

Hashing using Universal Hash
The resulting bits from the error correcting process will then be processed at the hashing stage using Universal Hash. The hashing process will form a matrix or hash table which will be multiplied by bits of the appropriate size according to the key length so as to produce bits with a high level of entropy. The key length used is 256 bits. In Table 4 it can be seen that the highest key generated is 11 keys with 2816 bits in each key while the lowest is 10 keys with 2560 bits in each key.

NIST Testing
NIST testing is carried out to determine the key to be used in the encryption process based on the Approximate Entropy which will be seen with a threshold in the form of a p value that must be above 0.01. The results are as in Table 5. The key that will be used is the key with the first key priority.

Privacy Amplification using SHA-256
In this privacy amplification test, the remaining bit length is grouped into keys with multiples of 256 bits in each key. The result of the hash will be sent by Alice to Bob. If the hash sent by Alice is valid with Bob's, then the encryption and decryption process can be continued using that key. The key that used is the first priority key from Universal Hash result in Table 5. The verification results for all scenarios are shown in Table 6.

Encryption and Decryption using AES-256
The encryption process using AES-256 is done by sending a position and location information between Alice and Bob in the form of plaintext which is encrypted with the generated key. The result of this ciphertext will be sent along with the hash result of SHA-256. Successfully encrypted data will be sent to the mobile crowdsensing server as shown in Figure 4.

Figure 4. Encryption Result
In the SKG scheme, the processed key is the result of 32 bytes of 256-bit bytes. The message that will be decrypted in this application is information about the position and location of motorists who are connected in one Ad-Hoc network and have the same symmetric key so that motorists who are connected to each other in the Ad-Hoc network can know each other's position and location so that This information can be displayed on the Maps menu page of the crowdsensing mobile application that has been made. The results of the decryption test can be seen in Figure 5.

Key Disagreement Rate (KDR)
KDR testing is carried out in the randomness extraction and quantization process because after going through the error correcting process, the different bits between Alice and Bob will be deleted so that the KDR result in the error correcting process is 0. From Table 7 can be seen that the highest KDR value in the randomness extraction process is 100 % while the lowest value is 99.52%. The highest KDR value in the quantization process is 35.5% while the smallest is 3.5%.

System Success of Application
Testing the success of the system is carried out to test whether the application system created can be used properly and to test whether the menus contained in the application can be accessed and display data correctly. In this crowdsensing mobile application, there are three menus including the Server Menu, Client Menu, and Maps Menu. The Server menu in this application functions to display the IP address and port of the smartphone belonging to the motorbike rider which will later be connected by other motorbike riders who act as clients by doing channel probing or PING. It looks like Figure 7 below.  The Client menu functions to display the column used to enter the IP address of the motorist you want to connect to through the channel probing or PING process. It looks like Figure 8 below.

Figure 8. Client Menu
The Map menu functions to display maps and pin points which contain location information for each motorbike rider connected in one Ad-Hoc network and has the same symmetric key so that motorbike riders can find out the position and location updates of each motorbike rider to each other as shown in Figure 9.

Computation Time
The SKG computation time test is used to test how long it takes to carry out each process to successfully decrypt it as shown in Figure 10.

Figure 10. SKG Computation Time
From the results of the SKG computation time test above it can be seen that the process that requires the shortest computation time is the randomness extraction process using Kalman Filter with an average computation time in all test scenarios is 0.494 seconds. While the longest computation time occurs in the hashing process using Universal Hash with an average computation time of all test scenarios carried out for 10.46 seconds. This is because the input bits for hashing are divided into 256-bit parts so that the Universal Hash multiplication process with a 256x256 table will take a long time.
Testing the application access computing time is used to test the time required when accessing the menu contained in the application starting from the first opening of the application and entering the selected menu. The results can be seen in Table 8. From Table 8 it can be seen that the test results with the shortest computing time to access the application menu are the Client menu, this is because when you open the application the first display that appears is the Client menu. While accessing the application menu that requires the longest computing time is the Maps menu because this menu needs to display data maps containing the location of motorists connected to the Ad-Hoc network.

Attacking Test
In testing system security, several types of tests are carried out to test and find out whether the system is made vulnerable to existing security attacks so that encrypted information can be intercepted and known by parties who do not have the secret key or not. There are three types of testing in this stage, namely passive attack, active attack and denial of service attack.
Passive attack testing is done by doing packet sniffing to see activity when Alice and Bob access the application and exchange information about each of them. In this passive attack test, when Alice and Bob send their location information, the information shown is random characters because the information is encrypted. The results of testing the passive attack using the packet sniffing method can be seen in Figure 11. From the results of the passive attack test, it can be seen that when Alice sends location and position information to Bob, what appears in network traffic is encrypted information so that it only appears as random characters.
Active attack testing on this system is carried out by using the IP Spoofing method to manipulate the communication between Alice and Bob by falsifying the IP address as if it were Alice's IP address so that communication between Alice and Bob is lost. Testing is done by changing Eve's IP address (192.168.0.103) to be the same as Alice's IP address (192.168.0.104). The monitoring results of this test via Wireshark can be seen in Figure 12.

Figure 12. Active Attack Result
From the results it can be seen that after Eve changed her IP address to be the same as Alice, there were two connections with the same IP address as Alice but could not communicate with Bob because the port used by Eve was different from Alice's port.
The las test is denial of service test. The purpose from denial of service testing is to test system resilience that is made by sending attacks aimed at crippling devices or networks by continuously reducing system performance to repeat requests (requests) to the server. In this test, 65500 bytes of PING packets were sent to Alice with a waiting time of 0.00001 ms for each PING with a buffer size of 9999 bytes sent. The test results can be seen in Figure 13. From the test results above, it can be seen that Alice's IP address cannot be accessed after the Ping of Death attack.

D. Conclusion
From the analysis in the results and discussion section it can be concluded that the highest measurement correlation is 0.0398 and the lowest correlation is 0.0018. As for the correlation between the RSS values between Alice and Bob after the randomness extraction process using Kalman Filter, the highest value is 0.996 and the lowest value is 0.978. From the quantization results, the highest value of the bits removed is 333 and the lowest value of the deleted bits is 265 bits. The highest deleted error bit is 10 bits and the smallest is 1 bit. The highest key that has been generated is 11 keys with 2816 bits in each key while the lowest is 10 keys with 2560 bits in each key. After encryption, information of Alice and Bob location is stored as random character in database and decrypted correctly as shown as in maps menu. When do attacking test, the data after encrypted just shown random character in traffic monitor. The eavesdroppers when manipulate its IP address like Alice's also can't connected to Bob because the port that Alice and Bob used were spesific port which just Alice and Bob knew it. When attack using denial of service attak that it can be seen that Alice's IP address cannot be accessed after the Ping of Death attack.

E. Acknowledgment
The author would like to thank the supervisor from Politeknik Eektronika Negeri Surabaya who has helped provide advice during the course of this research.