No Arabic abstract
Reconfigurable Intelligent Surface (RIS) is a new paradigm that enables the reconfiguration of the wireless environment. Based on this feature, RIS can be employed to facilitate Physical-layer Key Generation (PKG). However, this technique could also be exploited by the attacker to destroy the key generation process via manipulating the channel features at the legitimate user side. Specifically, this paper proposes a new RIS-assisted Manipulating attack (RISM) that reduces the wireless channel reciprocity by rapidly changing the RIS reflection coefficient in the uplink and downlink channel probing step in orthogonal frequency division multiplexing (OFDM) systems. The vulnerability of traditional key generation technology based on channel frequency response (CFR) under this attack is analyzed. Then, we propose a slewing rate detection method based on path separation. The attacked path is removed from the time domain and a flexible quantization method is employed to maximize the Key Generation Rate (KGR). The simulation results show that under RISM attack, when the ratio of the attack path variance to the total path variance is 0.17, the Bit Disagreement Rate (BDR) of the CFR-based method is greater than 0.25, and the KGR is close to zero. In addition, the proposed detection method can successfully detect the attacked path for SNR above 0 dB in the case of 16 rounds of probing and the KGR is 35 bits/channel use at 23.04MHz bandwidth.
Physical-layer group secret-key (GSK) generation is an effective way of generating secret keys in wireless networks, wherein the nodes exploit inherent randomness in the wireless channels to generate group keys, which are subsequently applied to secure messages while broadcasting, relaying, and other network-level communications. While existing GSK protocols focus on securing the common source of randomness from external eavesdroppers, they assume that the legitimate nodes of the group are trusted. In this paper, we address insider attacks from the legitimate participants of the wireless network during the key generation process. Instead of addressing conspicuous attacks such as switching-off communication, injecting noise, or denying consensus on group keys, we introduce stealth attacks that can go undetected against state-of-the-art GSK schemes. We propose two forms of attacks, namely: (i) different-key attacks, wherein an insider attempts to generate different keys at different nodes, especially across nodes that are out of range so that they fail to recover group messages despite possessing the group key, and (ii) low-rate key attacks, wherein an insider alters the common source of randomness so as to reduce the key-rate. We also discuss various detection techniques, which are based on detecting anomalies and inconsistencies on the channel measurements at the legitimate nodes. Through simulations we show that GSK generation schemes are vulnerable to insider-threats, especially on topologies that cannot support additional secure links between neighbouring nodes to verify the attacks.
It is well-known that wireless channel reciprocity together with fading can be exploited to generate a common secret key between two legitimate communication partners. This can be achieved by exchanging known deterministic pilot signals between both partners from which the random fading gains can be estimated and processed. However, the entropy and thus quality of the generated key depends on the channel coherence time. This can result in poor key generation rates in a low mobility environment, where the fading gains are nearly constant. Therefore, wide-spread deployment of wireless channel-based secret key generation is limited. To overcome these issues, we follow up on a recent idea which uses unknown random pilots and enables on-the-fly key generation. In addition, the scheme is able to incorporate local sources of randomness but performance bounds are hard to obtain with standard methods. In this paper, we analyse such a scheme analytically and derive achievable key rates in the Alice-Bob-Eve setting. For this purpose, we develop a novel approximation model which is inspired by the linear deterministic and the lower triangular deterministic model. Using this model, we can derive key rates for specific scenarios. We claim that our novel approach provides an intuitive and clear framework to analyse similar key generation problems.
In this work, we consider a complete covert communication system, which includes the source-model of a stealthy secret key generation (SSKG) as the first phase. The generated key will be used for the covert communication in the second phase of the current round and also in the first phase of the next round. We investigate the stealthy SK rate performance of the first phase. The derived results show that the SK capacity lower and upper bounds of the source-model SKG are not affected by the additional stealth constraint. This result implies that we can attain the SSKG capacity for free when the sequences observed by the three terminals Alice ($X^n$), Bob ($Y^n$) and Willie ($Z^n$) follow a Markov chain relationship, i.e., $X^n-Y^n-Z^n$. We then prove that the sufficient condition to attain both, the SK capacity as well as the SSK capacity, can be relaxed from physical to stochastic degradedness. In order to underline the practical relevance, we also derive a sufficient condition to attain the degradedness by the usual stochastic order for Maurers fast fading Gaussian (satellite) model for the source of common randomness.
The physical-layer key generation is a lightweight technique to generate secret keys from wireless channels for resource-constrained Internet of things (IoT) applications. The security of key generation relies on spatial decorrelation, which assumes that eavesdroppers observe uncorrelated channel measurements when they are located over a half-wavelength away from legitimate users. Unfortunately, there is no experimental validation for communications environments when there are large-scale and small-scale fading effects. Furthermore, while the current key generation work mainly focuses on short-range communications techniques such as WiFi and ZigBee, the exploration with long-range communications, e.g., LoRa, is rather limited. This paper presents a LoRa-based key generation testbed and reveals a new colluding-eavesdropping attack that perceives and utilizes large-scale fading effects in key generation channels, by using multiple eavesdroppers circularly around a legitimate user. We formalized the attack and validated it through extensive experiments conducted under both indoor and outdoor environments. It is corroborated that the attack reduces secret key capacity when large-scale fading is predominant. We further investigated potential defenses by proposing a conditional entropy and high-pass filter-based countermeasure to estimate and eliminate large-scale fading associated components. The experimental results demonstrated that the countermeasure can significantly improve the key generations security when there are both varying large-scale and small-scale fading effects. The key bits generated by legitimate users have a low key disagreement rate (KDR) and validated by the NIST randomness tests. On the other hand, eavesdroppers average KDR is increased to 0.49, which is no better than a random guess.
It is well known that physical-layer key generation methods enable wireless devices to harvest symmetric keys by accessing the randomness offered by the wireless channels. Although two-user key generation is well understood, group secret-key (GSK) generation, wherein more than two nodes in a network generate secret-keys, still poses open problems. Recently, Manish Rao et al., have proposed the Algebraic Symmetrically Quantized GSK (A-SQGSK) protocol for a network of three nodes wherein the nodes share quantiz