A channel perceiving attack and the countermeasure on long-range IoT physical layer key generation

Abstract

Physical layer key generation is a lightweight technique to generate secret keys from wireless channels for resource-constrained Internet of things (IoT) applications. The security of the key generation relies on spatial decorrelation, which assumes that eavesdroppers observe uncorrelated channel measurements when they are located over a half-wavelength away from legitimate users. Unfortunately, no experimental validation exists for communications environments with both large-scale and small-scale fading effects. Furthermore, while the current key generation work mainly focuses on short-range communications techniques such as WiFi and ZigBee, the exploration with long-range communications, e.g., LoRa, is somewhat limited. This paper presents a long-range key generation testbed and reveals a new attack scenario that perceives and utilizes large-scale fading effects in key generation channels, by using multiple eavesdroppers circularly around a legitimate user. We formalized such an attack and validated it through extensive experiments conducted in indoor and outdoor environments. It is corroborated that the attack reduces secret key capacity when large-scale fading is predominant. We further investigated potential defenses by proposing a conditional entropy and high-pass filter-based countermeasure to estimate and eliminate large-scale fading components. The experimental results demonstrated that the countermeasure significantly improved the key generation’s security when both large-scale and small-scale fading existed. The keys generated by legitimate users have a desirable low key disagreement rate (KDR) and are validated by the NIST randomness tests. In contrast, eavesdroppers’ average KDR is increased from 0.25 to 0.49.