An Efficient Key Generation for the Internet of Things Based Synchronized Quantization

One solution to ensure secrecy in the Internet of Things (IoT) is cryptography. However, classical cryptographic systems require high computational complexity that is not appropriate for IoT devices with restricted computing resources, energy, and memory. Physical layer security that utilizes channel characteristics is an often used solution because it is simpler and more efficient than classical cryptographic systems. In this paper, we propose a signal strength exchange (SSE) system as an efficient key generation system and a synchronized quantization (SQ) method as a part of the SSE system that synchronizes data blocks in the quantization phase. The SQ method eliminates the signal pre-processing phase by performing a multi-bit conversion directly from the channel characteristics of the measurement results. Synchronization is carried out between the two authorized nodes to ensure sameness of the produced keys so it can eliminate the error-correcting phase. The test results at the IoT devices equipped with IEEE 802.11 radio show that SSE system is more efficient in terms of computing time and communication overhead than existing systems.


Introduction
Today the Internet of Things (IoT) has become a part of our activities with many interconnected things that can be controlled by the internet [1][2][3][4][5]. This condition results in the emergence of new security threats that opens opportunities for third parties to access and obtain confidential information. Most of these things are connected using radio technology which creates communication become susceptible to tapping [6][7][8][9]. Many classic security services are realized in the upper Open System Interconnection (OSI) layers, for example, encryption schemes based on key distribution and computational complexity [10,11]. The scheme requires high computational complexity so it is not suitable for IoT devices that have limited computing resources, energy, and memory.
Several studies have focused on security systems from devices with restricted resources and lightweight cryptographic to resolve this issue. One solution is to propose chaotic cryptosystem by optimizing and designing complementary metal-oxide-semiconductor (CMOS) that is connected with chaotic oscillators so that it can be developed in various communication security applications of IoT devices [12,13]. The other interesting solution of lightweight cryptographic is a key generation system that generates an encryption key by using the channel characteristics of the measurement results [14][15][16][17][18]. The system utilizes the principle of reciprocity from electromagnetic propagation which shows that the channel characteristics obtained by the sender and receiver will be the same if the measurement is carried out within coherence time. Some studies use the received signal strength or 3. In this paper, we synchronize key bits between the two users by sending the wasted index of blocks. The synchronization system is able to produce the same key bits without going through the signal pre-processing and error-correcting phases. Compared to the previous system, the performance evaluations of the proposed system show faster computing time and lower communication overhead. Secondly, we validate the performance of the SSE system in two real indoor environment scenarios, i.e., unobstructed and obstacles scenarios. Performance validation is conducted by using several performance parameters, i.e., key synchronized rate (KSR), key discrepancy rate (KDIR), irregularity, computing time, and communication overhead.
The rest of this paper is arranged as follows. Section 2 describes in detail about the introduction of key generation models and principle. Section 3 provides an overview of existing key generation system. Section 4 explains in detail about the proposed key generation system, i.e., the SSE System. Section 5 discusses the implementation and performance evaluation of the SSE key generation system. Section 6 summarizes the performance of the built key generation system.

Key Generation Model and Principle
In this section, we explain the key generation model and principle. The key generation model is used to indicate the involved node/user and the type of attack from the attacker. The principle key generation explains the three principles used in key generation systems.

Key Generation Model
There are three nodes involved in this paper Alice (A), Bob (B) and Eve (E) as seen in Figure 1. Authorized nodes are A and B, while an unauthorized node is E. A and B conduct the measurement process to get the channel characteristics y A dan y B . Based on the principle of channel reciprocity, authorized nodes will get almost the same or identical channel characteristics measurement results (y A ≈ y B ) if the measurement were performed within coherence time [35]. E as an unauthorized node listens to all the probing processes so it will get the channel characteristics from A and B such as y E and y E . In this paper, there are three assumptions that will be used for the node E. The first assumption E can listen to all communications made by authorized nodes. In addition, the distance of E is also more than 1 2 wavelength from the authorized nodes so the received channel characteristics will not correlate with the produced channel characteristics from the authorized nodes (y E y A , y E y B ). The second assumption E is a passive tapper, so it will not attack the communications made by authorized nodes. The third assumption E knows all the algorithms used by authorized nodes. without going through the signal pre-processing and error-correcting phases. Compared to the previous system, the performance evaluations of the proposed system show faster computing time and lower communication overhead. Secondly, we validate the performance of the SSE system in two real indoor environment scenarios, i.e. unobstructed and obstacles scenarios. Performance validation is conducted by using several performance parameters, i.e. key synchronized rate (KSR), key discrepancy rate (KDIR), irregularity, computing time, and communication overhead. The rest of this paper is arranged as follows. Section 2 describes in detail about the introduction of key generation models and principle. Section 3 provides an overview of existing key generation system. Section 4 explains in detail about the proposed key generation system, i.e. the SSE System. Section 5 discusses the implementation and performance evaluation of the SSE key generation system. Section 6 summarizes the performance of the built key generation system.

Key Generation Model and Principle
In this section, we explain the key generation model and principle. The key generation model is used to indicate the involved node/user and the type of attack from the attacker. The principle key generation explains the three principles used in key generation systems.

Key Generation Model
There are three nodes involved in this paper Alice ( ) A , Bob ( ) B and Eve ( ) E as seen in Figure 1.
Authorized nodes are A and B , while an unauthorized node is E . A and B conduct the measurement process to get the channel characteristics A y dan B y . Based on the principle of channel reciprocity, authorized nodes will get almost the same or identical channel characteristics measurement results ( ) if the measurement were performed within coherence time [35]. E as an unauthorized node listens to all the probing processes so it will get the channel characteristics from A and B such as E y and ' E y . In this paper, there are three assumptions that will be used for the node E . The first assumption E can listen to all communications made by authorized nodes. In addition, the distance of E is also more than ½ wavelength from the authorized nodes so the received channel characteristics will not correlate with the produced channel characteristics from the authorized nodes The second assumption E is a passive tapper, so it will not attack the communications made by authorized nodes. The third assumption E knows all the algorithms used by authorized nodes. Figure 1. Key generation model.

Key Generation Principle
The three principles used in key generation systems include channel reciprocity, temporal variation, and spatial decorrelation [36]. The principle of channel reciprocity shows that channel characteristics are measured by authorized nodes and they will be the same if measured simultaneously. However, most wireless devices have limited capabilities so they are not able to take measurements simultaneously. This condition results in the nonidentical channel characteristics

Key Generation Principle
The three principles used in key generation systems include channel reciprocity, temporal variation, and spatial decorrelation [36]. The principle of channel reciprocity shows that channel characteristics are measured by authorized nodes and they will be the same if measured simultaneously. However, most wireless devices have limited capabilities so they are not able to take measurements simultaneously. This condition results in the nonidentical channel characteristics between the two authorized nodes. The value of the channel reciprocity of both authorized nodes can be measured by Equation (1). The principle of temporal variation can be obtained if there is a movement of the sender or recipient node and other things in the observation area. The movement of objects and nodes can affect the level of randomness of the produced channel characteristics. The higher the level of randomization, the more difficult it is for tappers to get the same key as the authorized nodes. The last principle the spatial decorrelation is very important to determine the security of the built key generation system. In this principle, the distance of the unauthorized node that is more than 1 2 wavelengths will get uncorrelated channel characteristics with the authorized nodes [37].
where r y A y B is the correlation coefficient of characteristics of the channel measurement results between the two authorized nodes, n states the number of channel characteristics, whereas µ A and µ B is the average of the channel characteristics measurement results of A and B. µ A is obtained by

Key Generation System Overview
Some existing studies [24][25][26][27][28][29] use a key generation system consisting of five phases as shown in Figure 2. The first phase is to alternately measure channel characteristics between two authorized nodes. Non-simultaneous measurements can lead to high differences in the generated key bits. To overcome these problems, the signal pre-processing phase is carried out on measured channel characteristics using smoothing [24] and filtering [28]. The third phase is quantization which aims to change the channel characteristics of the signal pre-processing results in the form of a single bit [38] and multi-bit [39]. The fourth phase is the error-correcting that is used to correct the different bits due to nonsimultaneous measurements. The last phase is privacy amplification which aims to obscure the part of the leaked key to the tapper by increasing the randomness of the produced key. At this step, verification is also carried out which aims to ensure that the produced keys from the authorized nodes are the same. between the two authorized nodes. The value of the channel reciprocity of both authorized nodes can be measured by Equation (1). The principle of temporal variation can be obtained if there is a movement of the sender or recipient node and other things in the observation area. The movement of objects and nodes can affect the level of randomness of the produced channel characteristics. The higher the level of randomization, the more difficult it is for tappers to get the same key as the authorized nodes. The last principle the spatial decorrelation is very important to determine the security of the built key generation system. In this principle, the distance of the unauthorized node that is more than ½ wavelengths will get uncorrelated channel characteristics with the authorized nodes [37].

Key Generation System Overview
Some existing studies [24][25][26][27][28][29] use a key generation system consisting of five phases as shown in Figure 2. The first phase is to alternately measure channel characteristics between two authorized nodes. Non-simultaneous measurements can lead to high differences in the generated key bits. To overcome these problems, the signal pre-processing phase is carried out on measured channel characteristics using smoothing [24] and filtering [28]. The third phase is quantization which aims to change the channel characteristics of the signal pre-processing results in the form of a single bit [38] and multi-bit [39]. The fourth phase is the error-correcting that is used to correct the different bits due to nonsimultaneous measurements. The last phase is privacy amplification which aims to obscure the part of the leaked key to the tapper by increasing the randomness of the produced key. At this step, verification is also carried out which aims to ensure that the produced keys from the authorized nodes are the same.

Measurement of channel characteristics
Signal preprocessing Quantization Error-correcting Privacy amplification The other studies use a key generation system consisting of four phases [40][41][42]. These phases include the measurement of channel characteristics, quantization, error-correcting, and privacy amplification. The performance evaluation shows that direct quantization can result in high bit mismatches at the quantization phase. The addition of the signal pre-processing phase at [24][25][26][27][28][29] aims to reduce the incompatibility of the resulting bits. However, compared with [32], the studies that use five phases tend to be less efficient due to the addition of the signal pre-processing and error-correcting phases, which increases computing time. The higher the difference bit that occurs, the higher the produced computing time is because more data blocks must be corrected. The study [32] modified the signal pre-processing phase to increase the similarity of channel characteristics in each block of measurement data and eliminate error-correcting phase. However, the signal pre-processing phase requires high computing time because it is conducted for each data block. The more data the higher computing time needed. In this paper, we try to overcome this problem by proposing a simpler key generation system, i.e. signal strength exchange (SSE) system because it The other studies use a key generation system consisting of four phases [40][41][42]. These phases include the measurement of channel characteristics, quantization, error-correcting, and privacy amplification. The performance evaluation shows that direct quantization can result in high bit mismatches at the quantization phase. The addition of the signal pre-processing phase at [24][25][26][27][28][29] aims to reduce the incompatibility of the resulting bits. However, compared with [32], the studies that use five phases tend to be less efficient due to the addition of the signal pre-processing and error-correcting phases, which increases computing time. The higher the difference bit that occurs, the higher the produced computing time is because more data blocks must be corrected. The study [32] modified the signal pre-processing phase to increase the similarity of channel characteristics in each block of measurement data and eliminate error-correcting phase. However, the signal pre-processing phase requires high computing time because it is conducted for each data block. The more data the higher computing time needed. In this paper, we try to overcome this problem by proposing a simpler key generation system, i.e., signal strength exchange (SSE) system because it only consists of 3 phases. Elimination of signal pre-processing and error-correcting phases significantly reduced computing time so it is suitable for IoT devices with limited computing resources.

SSE System
We propose the SSE system as a key generation system that consists of three phases, i.e., measurement of channel characteristics, quantization, and privacy amplification as shown in Figure 3. The system is simpler when compared to existing systems [24][25][26][27][28][29]32,[40][41][42], so it is expected to be able to reduce computing time, communication overhead and suitable for IoT devices with limited computing resources. We claim that our proposed key generation system is simpler in terms of the number of phases that must be passed. The more phases that must be passed will affect the produced computing time. The amount of communication/synchronization between two nodes will affect communication overhead and the produced communication/synchronization time. Table 1 shows the comparison of the phases that must be passed on the key generation. Overall, it can be said that SSE systems have fewer phases compared to existing systems. The measurement of channel characteristics was carried out in two different scenarios i.e., unobstructed and obstacles scenarios. In this paper, we use RSS as channel characteristics to be measured due to the most easily acquired on a variety of wireless devices. A is one of the authorized nodes selected as the initiator. The channel characteristics of measurement results will be converted into multi-bit using the quantization phase. As part of the SSE system, we also propose a new quantization method i.e., synchronized quantization (SQ) which synchronizes data blocks in the quantization phase. Synchronization is carried out between the two authorized nodes by exchanging wasted index of blocks to ensure that the produced key is absolutely the same so it can eliminate the error-correcting phase. Another advantage of the SQ method is the elimination of the signal pre-processing phase. This occurs because the SQ method is able to produce absolutely the same key bits directly from the channel characteristics of the measurement results. In the privacy amplification phase, we use the universal hash [43] to obfuscate the leaked key parts to the unauthorized node and SHA-1 [44] to ensure that the produced keys by the two authorized nodes are the same.
The first phase of the SSE system is the mechanism for measuring RSS channel characteristics y u between nodes as shown in Figure 4. Subscript u can be replaced with A for Alice, B for Bob, E for Eve (RSS channel characteristics from A), and E for Eve (RSS channel characteristics from B). A sends pings to B with each time interval t m . B measures and stores the RSS channel characteristics of the ping conducted by A before giving response with delay τ. In the same way, A also conducts measurement and stores the RSS channel characteristics of response conducted by B. To ensure the reciprocity of the produced channel characteristics τ must be made as small as possible so it is smaller than coherence time. From the measurement phase, A and B collect a number of RSS channel characteristics n as shown by Equations (2) and (3). E as an unauthorized node listens to all the measurement processes and collects a number of RSS channel characteristics from A and B as seen in Equations (4) and (5).    [22][23][24][25][26][27] V        [22][23][24][25][26][27] V   The second phase is to convert the RSS channel characteristics y u into multi-bit using the SQ method. This method utilizes three parameters, i.e., standard deviation σ u , mean µ u and a to determine the produced bits in each area. In this paper standard deviation and mean are calculated from the overall RSS channel characteristics, while a is used as dividers from the standard deviation. These parameters are used to determine the area of each channel characteristics. Bit conversion Q u from each area determined using Gray code as shown by Equation (6). All the RSS channel characteristics will be converted into multi-bit and no waste channel characteristics. The resulting multi-bit sequence K u is seen in Equation (7).
There are no wasted channel characteristics so the length of K u is N, where N = 2xn. The sequence of K u will be divided into a few blocks B N wherein each block contains 3 bits so ] is obtained. The next step is the synchronization of bit blocks K B . The bit blocks will be saved if there are three sequential bits (i.e., 000 or 111) and convert it to 1 or 0. Synchronization is conducted by exchanging wasted index of blocks between the authorized nodes. After synchronization is complete, the remaining block bits will be converted back into bit sequences Key u . A detailed description of the SQ method that is run on each node can be seen in Algorithm 1. We initialize 2 parameters i.e., a and k which is able to provide the most optimal configuration as shown in Line 1. Determining the number of areas and bit conversion of each channel characteristic is shown in Line 2-3. The conversion mechanism of channel characteristics measurement results into a multi-bit is shown in Lines 4-14 (Equation (6) and (7)), while the division of bits into several blocks and synchronization of each of the blocks are shown in Lines 15-26.
: Determination of the number of areas 2 k 3 : Determination k bit in each area with Gray Code : 10 : The latter is a privacy amplification phase that consisted of an increased randomness and verification mechanism. Increased randomness mechanism is used to increase the randomization of key synchronization results and remove the possibility of information obtained by the unauthorized node during the block synchronization phase and is used to guess the part of the key [38]. Bit synchronization u Key will be improved for its randomness by using a Universal Hash. The method works by randomly selecting a hash function with certain mathematical properties that can ensure the randomness of produced data. The advantage of this method is the small possibility of obtaining the same data even though the data is selected by the unauthorized node. In this paper, increased randomness was carried out on u Key that had been divided into several blocks of key bits. Each The latter is a privacy amplification phase that consisted of an increased randomness and verification mechanism. Increased randomness mechanism is used to increase the randomization of key synchronization results and remove the possibility of information obtained by the unauthorized node during the block synchronization phase and is used to guess the part of the key [38]. Bit synchronization Key u will be improved for its randomness by using a Universal Hash. The method works by randomly selecting a hash function with certain mathematical properties that can ensure the randomness of produced data. The advantage of this method is the small possibility of obtaining the same data even though the data is selected by the unauthorized node. In this paper, increased randomness was carried out on Key u that had been divided into several blocks of key bits. Each block contains a 128-bit key and will be tested by using NIST software [45]. Blocks that fulfill the requirements will be used as a key to encrypt the plaintext. The verification mechanism is carried out to ensure that the keys used by authorized nodes are the same. In this paper, a block of the 128-bit key that has met the randomness requirements will be hashed using SHA-1. We chose this method because of the high security of the produced hash and it is widely used for one-way functions so key constancy could be seen without revealing information to the tapper. SHA-1 generates hash up to 160 bits long so it will increase the time communications between authorized nodes if all bits are transmitted. Since SHA-1 has the ability to detect bit differences even though it is very small, then only 6 bits of hashes will be sent with a correction capability of up to 98%. The relationship between the length of the bit and the correction ability c is expressed by Equation (8).

Implementation and Performance Evaluation
This section discusses in detail the implementation and performance evaluation of the SSE system. The implementation section provides a detailed description of the devices and software used, as well as the topology measurement scenarios. The performance evaluation section discusses the parameters of performance of the built SSE system, analysis of test results and comparison with several existing systems.

Implementation
We implemented the SSE system on three Raspberry Pi 3 Model B devices with the operating system Raspbian Stretch and kernel version 4.14.74-v7 +. Two devices become authorized nodes A and B while another becomes an unauthorized node E. One of the reasons why we chose this device is because of the open source operating system used i.e., Linux so there are many possibilities for application development. The number of high-level programming languages that can be used such as Python and the existence of additional slots for various connectivities is also the reason for choosing this device. RSS channel characteristics measurements conducted using the wireless USB Adapter (TL-WN722N) that operates at a carrier frequency of 2.45 GHz. This device works in the half-duplex mode so the measurements must be made alternately. Figure 5 shows the devices that used to build the SSE system. The measurement mechanism is conducted by equipping each node with Wireshark software so that it can capture the received RSS channel characteristics. As an initiator A pings to B at any time interval t m = 110 ms. The time interval is based on the speed of movement of the authorized nodes which is equal to 1.2 m/s. The Doppler Frequency f obtained is 9.6 GHz (the speed of movement multiplied by the carrier frequency divided by the speed of light) so the coherence time obtained is 104.2 ms (1/ f ). Randomness requirements can be fulfilled if the time interval t m exceeds coherence time [46] so we select time interval 110 ms. In this paper, there are 4000 RSS channel characteristics captured by each node.
There are two topology measurement scenarios used in this paper, i.e., unobstructed and obstacles scenarios. In unobstructed scenarios as shown in Figure 6, we measure in classroom measures 8.8 m and 6.9 m. The barrier to the left and right of the classroom is glass, while the front and rear borders are walls. The objects in the classroom include tables, chairs, and blackboards. A is a mobile node and moves straight along the yellow path. B and E are static with a distance of approximately 10 cm. In obstacles scenario, as seen in Figure 7, we measure in two rooms, the laboratory room, and the final project. The room is bounded by closets. Both rooms measure 8 and 14.7 m. The two rooms also contain tables, chairs, blackboards, and closets as a barrier. The same as the previous scenarios A is a mobile node and moves to the yellow path. B and E static with a distance of approximately 10 cm, and separated by closets with A. There were no people passing at the time of measurement in both scenarios. distance of approximately 10 cm, and separated by closets with A . There were no people passing at the time of measurement in both scenarios.

Performance Evaluation
This section discusses in detail the performance parameters and the performance analysis of test results. The used performance parameters are aimed at determining the success rate of the SSE key generation system. Performance analysis discusses in detail the measurement results performed

Performance Evaluation
This section discusses in detail the performance parameters and the performance analysis of test results. The used performance parameters are aimed at determining the success rate of the SSE key generation system. Performance analysis discusses in detail the measurement results performed distance of approximately 10 cm, and separated by closets with A . There were no people passing at the time of measurement in both scenarios.

Performance Evaluation
This section discusses in detail the performance parameters and the performance analysis of test results. The used performance parameters are aimed at determining the success rate of the SSE key generation system. Performance analysis discusses in detail the measurement results performed

Performance Evaluation
This section discusses in detail the performance parameters and the performance analysis of test results. The used performance parameters are aimed at determining the success rate of the SSE key generation system. Performance analysis discusses in detail the measurement results performed in two types of scenarios and the advantages of the SSE system compared with previous key generation systems.

Performance Parameter
We evaluate the built SSE key generation system by using several parameters i.e., key synchronized rate (KSR), key discrepancy rate (KDR), irregularity, computing time and communication overhead. KSR, computing time and communication overhead are implementational dependent parameters because it is strongly influenced by the computing resources used. KDIR and irregularity are implementational independent parameters because it is influenced by the method used in each key generation phase. So there is no result difference if the key generation system is run in different computing resources. A summary of each parameter is explained as follows.

1.
Key synchronized rate (KSR): the number of identical bits during the duration of the key generation system communication. The aim of this proposed key generation system is to conduct key updates every 15 minutes. This time has met the requirements proposed by [47] because the key update time is less than 1 hour.

2.
Key discrepancy rate (KDIR): the number of discrepancy bits from the obtained 128-bit key after the quantization phase. The aim of this proposed key generation system is yielding KDIR values of 0 for channel characteristics obtained from authorized nodes and KDIR above 0 for channel characteristics obtained from an unauthorized node. 3.
Irregularity: the randomness of the produced key evaluated using 6 tests from the National Institute of Standards and Technology (NIST) [45]. The tests included frequency test (F), frequency block test (BF), runs test (R), a long run of ones in the block (LROB), approximate entropy test (AP), and cumulative sums test (CS). Each test result will produce P value. If P value is at least 0.01 then the produced key has met the randomness requirements.

4.
Computing time: the length of time required to complete each key generation phase. The lower the complexity of the phases performed, the faster the resulted in computing time is, so it is suitable for IoT devices that have limited computing resources.

5.
Communication overhead: the number of bytes transmitted for two-node communication. In the SSE system, communication overhead is greatly influenced by the number of wasted index of blocks in the quantization phase and the number of hashes transmitted during privacy amplification. Figures 8 and 9 show box plots of the correlation coefficients measurement results between nodes in the unobstructed and obstacles scenarios. In this paper, the box plots were obtained from the calculation of data block correlation coefficients with Equation (1), each of which contained 128 RSS channel characteristics. The smaller the value of the correlation coefficient, the more different RSS channel characteristic values are obtained from the measurement results, so it is difficult to get the same keys. The correlation coefficients value range from 1 to −1. There are three pieces of information that will be retrieved from the box plots i.e., the median, the lower and upper quartile of the correlation coefficient. Generally, it can be seen that the correlation coefficient value of authorized nodes in the obstacles scenario is lower than the unobstructed scenario. There is a barrier between authorized nodes so that the RSS channel characteristics obtained is also worse and decreases the correlation coefficient of the measurement results. Similar to the testing conducted in an unobstructed scenario, the correlation coefficients obtained also indicate the difficulty of the unauthorized node to get the same key because of the significant difference of the correlation coefficient between the authorized nodes (A − B) and the unauthorized node (A − E and B − E).    The SQ method performs the multi-bit conversion by dividing the RSS channel characteristics into several areas. The number of RSS channel characteristics in each area is strongly influenced by the selection of a as a standard deviation dividing parameter. Figures 10 and 11 show the number of RSS channel characteristics from the node A and B in each area on the unobstructed and obstacles scenarios. The performed tests indicate that in all of the value of a the highest amount of RSS is in area 2 and 3. These conditions resulted in increasing the probability of getting three sequential bits i.e., 111 and convert it to 1. The resulting key bit will be dominated by 1. The higher the a value, the higher the possibility to get variations 1 and 0 of the produced keys is. This happens because of the growing number of RSS channel characteristics that are in area 1 and 4 thus increasing the probability of getting three sequential bits i.e., 000 and converting them to 0. The higher variations 1 and 0 in the resulting key, the higher the likelihood of different key bits being produced between the two nodes. Table 2 shows the number of equal keys with lengths of 128, 192 and 256 that were successfully produced from two scenarios. Equal keys are obtained if the resulting KDIR between authorized nodes is 0. The test results in unobstructed scenario show that the higher the value of a the less equal key is successfully produced. This happens because of the higher variations of the 1 and 0 thus reducing the possibility of getting an equal key. The highest number of equal keys is obtained when a = 0.6 and a = 0.65. In these parameters, most RSS channel characteristics are in areas 2 and 3 so that the resulting key bits are dominated by 1. The low variation in the resulting bits increases the possibility to get an equal key. The test results in obstacles scenario show that the equal key is only obtained when a = 0.6 and a = 0.65. The high difference in the amount of RSS channel characteristics in each area and also the higher variations of 1 and 0 triggering more difficulties to get the equal key. The encryption method used to randomize the messages is Advanced Encryption Standard (AES) with key lengths of 128, 192, and 256. In this study, we focus on 128-bit keys because our proposed key generation system produces more keys at the key length of 128. The more keys produced, the higher the KSR value is generated so it can improve the performance of the built key generation system.      Figures 12 and 13 show the number of RSS channel characteristics from nodes A and E (node A − E) and nodes B and E (node B − E) in each area in the unobstructed scenario. Meanwhile, Figures 14 and 15 show the number of RSS channel characteristics from nodes A and E (node A − E) and nodes B and E (node B − E) in each area in the obstacles scenario. At the node A − E, RSS channel characteristics that are processed by the node E is RSS channel characteristics received from the node A. At the node B − E, RSS channel characteristics that are processed by the node E is RSS received from the node B. From all scenarios, it can be seen that the number of RSS channel characteristics from a node A − E is mostly in areas 2 and 3 for all values of a. These conditions result in the higher probability of getting three sequential bits i.e., 111 and convert it to 1. However, testing in obstacles scenario results in the possibility of obtaining three sequential bits, i.e., 111 which are higher when compared to unobstructed scenarios because there are more numbers of RSS channel characteristics in areas 2 and 3. These results in the higher keys are produced. The number of RSS channel characteristics from a node B − E is also mostly in areas 2 and 3 for all values a, but there are significant differences in the number of RSS channel characteristics from area 2 and 3. These results in the lower probability of getting three sequential bits i.e., 111 so fewer keys are produced.      The number of produced 128-bit keys by the unauthorized node and key discrepancy rate (KDIR) between the unauthorized and authorized nodes is shown in Tables 3-7. The produced 128-bit keys by the authorized nodes are expressed as Ka (node A B − ) while the produced 128-bit keys by the unauthorized node are expressed as Ke (node A E − ) and Kb (node B E − ). The KDIR The number of produced 128-bit keys by the unauthorized node and key discrepancy rate (KDIR) between the unauthorized and authorized nodes is shown in Tables 3-7. The produced 128-bit keys by the authorized nodes are expressed as Ka (node A − B) while the produced 128-bit keys by the unauthorized node are expressed as Ke (node A − E) and Kb (node B − E). The KDIR value was obtained from the number of discrepancy bits between Ka and Ke with Ka and Kb. To meet security requirements, it is expected that there is no equal 128-bit key obtained by the unauthorized node indicated by the KDIR value above 0. The performed test results in both scenarios indicate less number of produced 128-bit keys by node B − E compared to the node A − E. This happens because of the low probability of getting three sequential bits i.e., 111 because of the significant difference in the number of RSS in areas 2 and 3. The fewer three sequential bits produced, the fewer 128-bit keys that can be produced. The test results in unobstructed scenarios also indicate that the higher the value of a, the higher KDIR value between unauthorized and authorized nodes. The high KDIR is caused by the higher variations of the 1 and 0 so as to increase the difference in the produced bits. From the results of testing in the obstacles scenario, there is no significant difference in the KDIR value between the values of a = 0.6 and a = 0.65. This happens because the number of RSS is almost the same in each area for both a values. Overall, it can be said that the built SSE system has met the security requirements because all KDIR values have exceeded 0. There are no equal keys that were successfully produced by the unauthorized node. Obstacles Table 4.

Performance Analysis of the SSE System
The key discrepancy rate of unauthorized nodes in the unobstructed scenario (a = 0.6 and a = 0.65).  Table 5.

KDIR for Each a Value
The key discrepancy rate of unauthorized nodes in the unobstructed scenario (a = 0.7 and a = 0.75).   Table 7.

KDIR for Each a Value
The key discrepancy rate of unauthorized nodes in the obstacles scenario (a = 0.6 and a = 0.65). a  Ka  Ke-1  Ke-2  Ke-3  Kb-1  a  Ka  Ke-1  Ke-2  Ke-3  Kb- The computation of time testing is conducted by calculating the time needed in the SQ and privacy amplification phase. In the SQ phase, there are two calculated times, i.e., computing time (CT) of multi-bit conversion and the division of bits into several blocks, as well as communication/synchronization time (C/ST) of exchanges of wasted index of blocks to ensure the produced key is absolutely the same as it can eliminate the error-correcting phase. In the privacy amplification phase, there are also two calculated times, i.e., computing time (CT) of increased randomness and the verification mechanism, as well as communication/synchronization time (C/ST) of hash exchanges between the two authorized nodes. Communication overhead testing is conducted by calculating the size of the files sent for synchronization between 2 authorized nodes. Synchronization is conducted after the SQ and the privacy amplification phase. Tables 8 and 9 show the computing time testing to get equal 128-bit keys for each a value in two scenarios while communication overhead testing is shown in Tables 10 and 11. The results of the tests showed no significant computing time differences for each a value in both scenarios, even in the SQ or privacy amplification phases. Computing time differences actually occur between SQ and privacy amplification phases. This happens because the processed data in the SQ phase for each a value is the same channel characteristics measurement data. The processed data in the privacy amplification phase is the remaining of the SQ phase data. Communication/synchronization time testing also showed no significant time difference for each a value in both the SQ and privacy amplification phases. This happens because there is no significant difference between the produced communication overhead.  In this paper, the KSR parameter is obtained by calculating the number of equal key bits during the duration of the SSE system communication. The duration of this system communication includes the measurement of channel characteristics, computing and communication/synchronization time at the synchronized quantization (SQ) phase, as well as computing and communication/synchronization time at the privacy amplification phase. This study carried out testing by varying the parameter of a within 0.6 to 0.85. The varied selection of the value of a is based on the attempt to get the equal 128-bit keys between authorized nodes and ensuring that there are no equal 128-bit keys of the unauthorized node. Figure 16 shows that the higher the value of a, the lower the generated KSR as there are fewer number of equal 128-bit keys. This happens because there is an increase of 1 and 0 of the produced key bits, thus minimizing the possibility of obtaining an equal key. The results of the performed tests in unobstructed scenarios showed that the highest KSR was obtained at a = 0.6 and a = 0.65, i.e., 1.05 bps, while the lowest KSR was obtained at a = 0.85 i.e., 0.26 bps. The obtained values indicate that the computing time to get 128-bit keys ranges from 2.03 min to 8.21 min. Meanwhile, the results of the testing carried out in unobstructed scenarios showed that the highest KSR was obtained at a = 0.6, i.e., 1.05 bps, while the lowest KSR was obtained at a = 0.65, i.e., 0.26 bps. The obtained values indicate that the computing time to get 128-bit keys ranges from 2.03 min to 8.21 min. Overall, it can be said that the SSE system is able to produce keys below 1 hour to meet the requirements of the update key maximum time proposed by [44]. keys to be selected on the SSE system is Ka-4, Ka-1, Ka-2, and Ka-3. The selection of this ranking is based on the results of the AP test. If Ka-4 fails to be used as a key in the verification phase, then Ka-1 will be used as such a key. The highest P value of the AP tests is 0.9484 (unobstructed scenarios) and 0.9403 (obstacles scenario). This shows that K-4 obtained during the obstacles scenario has a higher persistence bit compared to K-4 obtained when in the unobstructed scenario.  Irregularity testing was carried out to ensure that the 128-bit keys of universal hash results met the randomness requirements. In this paper, the authors used the 128-bit keys produced by a = 0.6. This value is selected because of the higher number of the produced 128-bit keys than the other value in both scenarios. In addition, the security requirements have also been met because there are no equal 128-bit keys produced by the unauthorized nodes. There were 6 randomization tests performed, i.e., frequency test (F), frequency block test (BF), runs test (R), a long run of ones in the block (LROB), approximate entropy test (AP), and cumulative sums test (CS). Each test result will produce a P value which is the randomness probability value of 128-bit keys (0≤ P value ≤ 1). The closer to 1, the more random the 128-bit keys are produced. In order to fulfill the randomization requirements, the minimum P value of the 128-bit keys is 0.01. The details of the usability of each test are explained as follows. The F test is used to determine the ratio of 0 and 1 of 128 key bits. The BF test aims to discover the ratio of 1 of each block in the 128-bit keys. The determination of whether fluctuations 0 or 1 in a 128-bit key is too fast or slow can be known by R tests, while the determination of whether fluctuations of 0 or 1 of each block in a 128-bit key is too fast or slow can be known with the LROB test. The AP test is used to determine the frequency of all possible intersection bits of each block in the 128-bit keys. Meanwhile, the CS test is used to specify that the accumulative number of the 128 key bits tested is too large or too small for the accumulative sum of the random sequence. Table 12 shows the results of the NIST test in the unobstructed and obstacles scenario. In both scenarios, it appears that all the produced keys have met the randomness requirements for 6 tests because the resulting P value has exceeded the specified standard, i.e., 0.01. The ranking of keys to be selected on the SSE system is Ka-4, Ka-1, Ka-2, and Ka-3. The selection of this ranking is based on the results of the AP test. If Ka-4 fails to be used as a key in the verification phase, then Ka-1 will be used as such a key. The highest P value of the AP tests is 0.9484 (unobstructed scenarios) and 0.9403 (obstacles scenario). This shows that K-4 obtained during the obstacles scenario has a higher persistence bit compared to K-4 obtained when in the unobstructed scenario.

Comparison of Performance between SSE Systems and Existing Key Generation Systems
There are two performance parameters, i.e., computing time and the communication overhead, that are used to compare SSE systems with previous key generation systems that are also implemented on IoT devices with limited power and computing. The selection of these parameters is based on the consideration of obtaining an efficient key generation system in terms of computing time and the communication overhead. The lower the computing time and the communication overhead required, the more efficient the built key generation system. There are 4 existing key generation systems that will be used for comparison, i.e., system [9,31,33,46,48]. The system [9] uses four phases where the RSS channel characteristics will be quantized using the cumulative distribution function (CDF) method. The system [31] uses five phases where the RSS channel characteristics will be divided into several blocks, each containing 50 data. Each block will be pre-processed using the Kalman method and the results will be converted into multi-bits with the quantization method proposed by [24]. The system [33] uses five phases in building a key generation system. The RSS channel characteristics will be pre-processed using a third order polynomial regression. The results of the signal pre-process phase will be divided into several blocks, each containing 250 bits. Each block will be converted into multi-bit with the quantization method proposed by [24]. The system [47] works by signal pre-processing the RSS channel characteristics using the discrete cosine transform (DCT) method. The results of the pre-process will be quantized using several parameters which include the mean and standard deviation. The system [48] works using 4 phases where the RSS channel characteristics will be divided into several blocks, each containing 128 bits. Each block will be converted into multi-bit with the quantization method proposed by [38]. All of the existing key generation systems still require an error-correcting phase to correct the different bits produced by the authorized nodes. In this paper, the error-correcting method used is BCH (255, 87), while privacy amplification uses the Universal Hash and SHA-1 methods.
Computing time system testing in both scenarios is divided into two parts, i.e., parts A and B. In the SSE system, part A consists of the SQ phase while part B consists of the privacy amplification phase. In the existing key generation system, part A consists of a signal pre-processing phase to the error-correcting phase, while part B consists of privacy amplification. Each part will be divided into two, i.e., computing time (CT) and communication/synchronization time (C/ST). Table 13 shows a comparison of computing time between the SSE and the existing system. The results of the performed tests indicate that the SSE system is able to reduce computing time (CT) of part A to 25.77 times (unobstructed scenarios) and 26.08 times (obstacles scenario) compared to existing systems. The decrease in communication/synchronization time (C/ST) reaches 1.55 times (unobstructed scenarios) and 1.52 times (obstacles scenario). The test results of part B also show that SSE systems are able to reduce computing time (CT) to 2.60 times (unobstructed scenario) and 2.47 times (obstacles scenario) compared to existing systems. There is no significant communication/synchronization (C/ST) time difference of part B between SSE and the existing systems because the produced communication overhead is almost the same. Overall, it can be seen that the computing time (CT) and communication/synchronization (C/ST) time of the SSE system are lower than the existing system. This happens because, in part A, the multi-bit conversion of the SSE system is conducted directly from the RSS channel characteristics without going through the signal pre-processing phase. Further, there is no blocking division in processing RSS channel characteristics so it speeds up computing time compared to existing systems. The high computing time of existing systems is due to the error-correcting phase. The more data proceeded at this phase, the higher the computing time, communication/synchronization time and communication overhead required. Table 14 shows a comparison of the communication overhead between the SSE system and existing systems. The communication overhead is calculated from the size of the file sent for synchronizing the authorized nodes. In the SSE system, the data synchronization occurs after the SQ and privacy amplification phase, whereas in existing systems, the data synchronization occurs after the error-correcting and privacy amplification phase. The results of the performed tests indicate that the SSE systems can reduce the communication overhead from part A to 2.75 times (unobstructed scenario) and 2.92 times (obstacles scenario) compared to existing systems. There is no significant communication overhead difference of part B between SSE and the existing systems because of produced the communication overhead is almost the same. This happens because synchronization after the SQ phase is only conducted on the index of the wasted data block, while synchronization after the error-correcting phase is carried out on the parity bit to increase the size of the communication overhead. Overall, the results of the tests conducted indicate that SSE systems are able to reduce computing time, communication/synchronization time and the communication overhead compared to existing systems. Therefore, it can be said that the SSE system is more efficient for implementation of IoT devices with limited resources compared to existing systems.

Conclusions
This paper proposes the SSE system as an efficient key generation system and synchronized quantization (SQ) as a part of the SSE system that synchronizes data blocks in the quantization phase in order to eliminate the signal pre-processing and error-correcting phase. The efficiency of the system is indicated by lower computing time and the communication overhead between authorized nodes compared to existing systems. Validation of the SSE system performance is carried out in two real indoor environment scenarios, i.e., unobstructed and the obstacles scenarios. The test results showed that the SQ method was able to produce equal 128-bit keys without going through the signal pre-processing and error-correcting phase with KSR values reaching 1.05 bps (unobstructed and obstacles scenario). Testing of computing time and the communication overhead in two scenarios also show the efficiency of the SSE system compared to the existing system. This is indicated by a decrease in computing time up to 25.77 times (unobstructed scenarios) and 26.08 times (obstacles scenario), and decreased communication/synchronization time up to 1.55 times (unobstructed scenarios) and 1.52 times (obstacles scenario) of part A. Part B also shows that SSE systems are able to reduce computing time to 2.60 times (unobstructed scenario) and 2.47 times (obstacles scenario). The communication overhead of part A also decreased by 2.75 times (unobstructed scenario) and 2.92 times (obstacles scenario). In addition, the built SSE system has met the security requirements because there is no equal key that was successfully produced by the unauthorized node.