TY - JOUR
T1 - On the Security of Key Extraction From Measuring Physical Quantities
AU - Edman, Matthew
AU - Kiayias, Aggelos
AU - Tang, Qiang
AU - Yener, Bülent
N1 - Funding Information:
The work of A. Kiayias and Q. Tang was supported in part by the European Union Research Council, through the CODAMODA Project under Grant 259152, and previously by National Science Foundation under Grant 0831304. The work of Q. Tang was also supported in part by the National Science Foundation within the Division of Computer and Network Systems under Grant CNS1518765 and Grant CNS1514261.
Publisher Copyright:
© 2016 IEEE.
PY - 2016/8
Y1 - 2016/8
N2 - Key extraction via measuring a physical quantity is a class of information theoretic key exchange protocols that rely on the physical characteristics of the communication channel, to enable the computation of a shared key by two parties that share no prior secret information. The key is supposed to be information theoretically hidden to an eavesdropper. Despite the recent surge of research activity in the area, concrete claims about the security of the protocols typically rely on channel abstractions that are not fully experimentally substantiated. In this paper, we propose a novel methodology for the experimental security analysis of these protocols. The crux of our methodology is a falsifiable channel abstraction that is accompanied by an efficient experimental approximation algorithm of the conditional min-entropy available to the parties given the view of the eavesdropper. We focus on the signal strength between two wirelessly communicating transceivers as the measured quantity, and we use an experimental setup to compute the conditional min-entropy of the channel given the view of the attacker which we find to be linearly increasing. Armed with this understanding of the channel, we showcase the methodology by providing a general protocol for key extraction in this setting that is shown to be secure for a concrete parameter selection. In this way, we provide a comprehensively analyzed wireless key extraction protocol that is demonstrably secure against passive adversaries assuming our falsifiable channel abstraction. Our use of hidden Markov models as the channel model and a dynamic programming approach to approximate conditional min-entropy might be of independent interest, while other possible instantiations of our methodology can be feasible and may be motivated by this paper.
AB - Key extraction via measuring a physical quantity is a class of information theoretic key exchange protocols that rely on the physical characteristics of the communication channel, to enable the computation of a shared key by two parties that share no prior secret information. The key is supposed to be information theoretically hidden to an eavesdropper. Despite the recent surge of research activity in the area, concrete claims about the security of the protocols typically rely on channel abstractions that are not fully experimentally substantiated. In this paper, we propose a novel methodology for the experimental security analysis of these protocols. The crux of our methodology is a falsifiable channel abstraction that is accompanied by an efficient experimental approximation algorithm of the conditional min-entropy available to the parties given the view of the eavesdropper. We focus on the signal strength between two wirelessly communicating transceivers as the measured quantity, and we use an experimental setup to compute the conditional min-entropy of the channel given the view of the attacker which we find to be linearly increasing. Armed with this understanding of the channel, we showcase the methodology by providing a general protocol for key extraction in this setting that is shown to be secure for a concrete parameter selection. In this way, we provide a comprehensively analyzed wireless key extraction protocol that is demonstrably secure against passive adversaries assuming our falsifiable channel abstraction. Our use of hidden Markov models as the channel model and a dynamic programming approach to approximate conditional min-entropy might be of independent interest, while other possible instantiations of our methodology can be feasible and may be motivated by this paper.
KW - Physical layer key extraction
KW - information theoretic security
UR - http://www.scopus.com/inward/record.url?scp=84973514524&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84973514524&partnerID=8YFLogxK
U2 - 10.1109/TIFS.2016.2543687
DO - 10.1109/TIFS.2016.2543687
M3 - Article
AN - SCOPUS:84973514524
SN - 1556-6013
VL - 11
SP - 1796
EP - 1806
JO - IEEE Transactions on Information Forensics and Security
JF - IEEE Transactions on Information Forensics and Security
IS - 8
M1 - 7435287
ER -