A Channel Perceiving Attack on Long-Range Key Generation and Its Countermeasure


Abstract in English

The physical-layer key generation is a lightweight technique to generate secret keys from wireless channels for resource-constrained Internet of things (IoT) applications. The security of key generation relies on spatial decorrelation, which assumes that eavesdroppers observe uncorrelated channel measurements when they are located over a half-wavelength away from legitimate users. Unfortunately, there is no experimental validation for communications environments when there are large-scale and small-scale fading effects. Furthermore, while the current key generation work mainly focuses on short-range communications techniques such as WiFi and ZigBee, the exploration with long-range communications, e.g., LoRa, is rather limited. This paper presents a LoRa-based key generation testbed and reveals a new colluding-eavesdropping attack that perceives and utilizes large-scale fading effects in key generation channels, by using multiple eavesdroppers circularly around a legitimate user. We formalized the attack and validated it through extensive experiments conducted under both indoor and outdoor environments. It is corroborated that the attack reduces secret key capacity when large-scale fading is predominant. We further investigated potential defenses by proposing a conditional entropy and high-pass filter-based countermeasure to estimate and eliminate large-scale fading associated components. The experimental results demonstrated that the countermeasure can significantly improve the key generations security when there are both varying large-scale and small-scale fading effects. The key bits generated by legitimate users have a low key disagreement rate (KDR) and validated by the NIST randomness tests. On the other hand, eavesdroppers average KDR is increased to 0.49, which is no better than a random guess.

Download