A.A. Galiev − Post-graduate Student,

Department of Radiophysics, Kazan Federal University, Institute of Physics

E-mail: ggalievv@mail.ru

A.I. Sulimov − Ph.D. (Phys.-Math.), Associate Professor,

Department of Radiophysics, Kazan Federal University, Institute of Physics

E-mail: asulimo@gmail.com

A.V. Karpov − Dr.Sc. (Phys.-Math.), Professor,

Department of Radiophysics, Kazan Federal University, Institute of Physics

E-mail: arkadi.karpov@kpfu.ru

Random variations of channel characteristics in wireless communication systems can be used as a natural source of randomness for generating shared encryption keys in a given pair of nodes. Two identical copies of the encryption key for securing the information channel between the legal nodes A and B are distilled from phase measurements of the fading signal travelling through the multipath environment.

In this work, we experimentally investigate an immunity of such key generation method to an effect of external compromising and masking interferences emitted by an adversary transmitter E. The masking interference was used to reduce the key generation rate (determined by the cross-correlation of the phase measurements made at the both link ends) by intentional lowering the signal-tonoise ratio at the inputs of the legal receivers. The compromising interference (with the same structure as information signals) imitated natural fading of the communication channel, which  can be used either for the suppression of the key generation or for the manipulation over the generated encryption key.

Our test setup was implemented on the basis of a software-defined radio. The programmable transceivers, A and B, were exchanging by a series of probe signals consisting of narrowband radio frequency pulses of 3-ms duration at the carrier frequency of 850 MHz. To prevent possible collisions, the channel probing was being performed in a TDD-mode. Precise clock and phase-frequency synchronization of the devices was provided by their direct cable connection to a common rubidium frequency standard. The output power of the adversary transmitter E was varied through programmable gain of the transmitter amplifier. The measurements of the actual power levels of the interferences and received signal were performed with a spectrum analyzer connected to the antenna of the legal node B. In order to preserve constant power ratio of the external interferences to the information signal, all antennas were kept unmoved. To simulate the random phase fading in the idealized Rayleigh channel, the initial phase of the radiated signal was modulated from pulse to pulse according to a uniformly distributed pseudo-random sequence. At the same time, the initial phase of the external interference emitted by the adversary E was modulated with another statistically independent pseudo-random sequence.

After a series of experiments carried out in a typical academic indoor environment, the remaining cross-correlation of the signals received by the legal nodes was determined under condition of external impact to the system with interferences of various types and power levels. Both the cases of the impact of synchronous and asynchronous interferences were investigated. 

To compare an efficiency of the interferences of various types, we used a dependence of the bit disagreement rate between the legal and adversary encryption keys on the cross-correlation of phase measurements.

It is shown that synchronous compromising interferences may be used to predefine the generated encryption key. At comparable to signal power level, such interferences are able to violate the secrecy of the key or simply to suppress its generation. However, technical implementation of such an attack is a rather difficult in real conditions. Asynchronous compromising interferences are much easier for practical implementation but can only be used for the suppression of the key generation. The masking interferences achieve comparable suppression efficiency at much higher power levels, which indicates their low efficiency.

Our results show that a precise phase synchronization of the adversary with the legal nodes is required for compromising the generated secret keys. However, an asynchronous impact to the system still may be used for the rude suppression of the key generation.

Galiev A.A., Sulimov A.I., Karpov A.V. Experimental study of immunity of wireless key generation systems to compromising interferences. Radiotekhnika. 2020. V. 84. № 9(18). P. 61−71. DOI: 10.18127/j00338486-202009(18)-05 (In Russian).

1. Hassan A.A., Stark W.E., Hershey J.E., Chennakeshu S. Cryptographic key agreement for mobile radio. Digital Signal Processing. 1996. V. 6(4). P. 207−212. DOI: 10.1006/dspr.1996.0023. 
2. Maurer U.M. Secret key agreement by public discussion from common information. IEEE Transactions on Information Theory. 1993.  V. 39(3). P. 733−742. DOI:10.1109/18.256484.
3. Mathur S., Trappe W., Mandayam N., Ye C., Reznik A. Radio-Telepathy: exctracting a secret key from an anuthenticated wireless channel. Proceedings of the 14th ACM international conference on Mobile computing and networking (MobiCom’08). 2008.  P. 128−139.
4. Wang Q., Xu K., Ren K. Cooperative Secret Key Generation from Phase Estimation in Narrowband Fading Channels. IEEE Journal on Selected Areas in Communications. 2012. V. 30(9). P. 1666−1674. DOI: 10.1109/JSAC.2012.121010.
5. Smolyakov A.D., Sulimov A.I., Karpov A.V., Galiev A.A. Experimental extraction of shared secret key from fluctuations of multipath channel at moving a mobile transceiver in an urban environment. 12th International Joint Conference on e-Business and Telecommunications (ICETE). 2015. P. 355−360.
6. Korzhik V., Yakovlev V., Kovajkin Y. Secret key agreement over multipath channels exploiting a variable-directional antenna. International Journal of Advanced Computer Science and Applications. 2012. V. 3(1). P. 172−178.
7. Eberz S., Strohmeier M., Wilhelm M., Martinovic I. A practical man-in-the-middle attack on signal based key generation protocols. Lecture Notes in Computer Science. Springer. 2012. P. 235−252.
8. Rong J., Kai Z. Physical layer key agreement under signal injection attacks. IEEE Conference on Communications and Network Security (CNS), Florence. 2015. P. 254−262. DOI:10.1109/CNS.2015.7346835.
9. Galiev A.A., Sulimov A.I., Karpov A.V., Simatov V.L., Smolyakov A.D. Contribution Estimation of Malicious External Modulation into Phase of Multipath Signal. Proceedings of the 2019 Russian Open Conference on Radio Wave Propagation (RWP). Kazan, Russia. 2019. P. 1−4. DOI:10.1109/RWP.2019.8810211.
10. Sulimov A.I., Galiev A.A., Karpov A.V., Markelov V.V. Verification of Wireless Key Generation Using Software Defined Radio. Proceedings of the 2019 International Siberian Conference on Control and Communications (SIBCON). Tomsk, Russia. 2019.  P. 1−6. doi:10.1109/SIBCON.2019.8729607.
11. Sulimov A.I., Smolyakov A.D., Karpov A.V., Sherstyukov O.N. Experimental study of performance and security constraints on wireless key distribution using random phase of multipath radio signal. Proc. 11th Int. Conf. on Security and Cryptography. 2014. P. 411−416.
12. Levin B.R. Teoreticheskie osnovy statisticheskoj radiotekhniki. Kn. 1. M.: Sovetskoe radio. 1969 (In Russian).
13. Ponomarev G.A., Kulikov A.M., Tel'puhovskij E.D. Rasprostranenie UKV v gorode. Tomsk: MP «Rasko». 1991 (In Russian).