Physical-layer key agreement is used to generate a shared key between devices on demand. Such schemes utilize the characteristics of the wireless channel to generate the shared key from the device-to-device channel. As all characteristics are time-dependent and location-dependent, it is hard for eavesdroppers to get the key. However, most research works in this area use passive attack models whereas active attacks that aim at manipulating the channel and key are also possible. Physical-layer key agreement with User Introduced Randomness (PHY-UIR) is a solution similar to the Diffie–Hellman protocol against such a kind of active attack. The users (devices) introduce their own randomness to help to prevent active attacks. In this paper, we analyze the possibility of launching a session hijacking attack on PHY-UIR to allow an attacker to control the shared key established. The session hijacking attack manipulates the key agreement through a man-in-the-middle interaction and forces legitimate devices to run the PHY-UIR protocol with the attacker. Our simulation and experiment results validate our attack and show the high performance of our attack on manipulating the generated key. We also propose PHY-UIR $ ^{+}$ where devices simultaneously exchange information about the established shared keys, which allows them to detect whether they have agreed to different keys with a third party.
Read full abstract