4.2 System Model
4.2.1 General System Model
h2
h1
h1E h2E
Node 1: Alice Node 2: Bob
Eavesdropper
Figure 4.1: A wireless communication scenario consisting of two legitimate communi-cating nodes and an eavesdropper.
In this section, we describe the general system model which is formed mainly of two communicating nodes Alice(Node 1) and Bob(Node 2) and an eavesdropper (Eve) as shown in Fig.4.1. In this scenario, Alice and Bob want to derive and agree on a secret key that can be used to secure their communication. This key should be secure in a way that Eve or any other eavesdropper should not get any information about this key.
We suppose also that Alice and Bob are using the same frequency band (i.e. Time Division Duplex communication) so that they are experiencing the same channel. More-over, we assume that Eve is sufficiently separated in space so that her channel obser-vations are completely uncorrelated from those of Bob and Alice. In fact, multipath wireless channels are characterized by their fast variation with location such that in locations separated by even small distances in the order of a wavelength, a different channel is experienced. As a result, the two channelsh1 andh2are practically different from the channel observations of Eve. And due to the reciprocity principle, they are equivalent. Hence, they can be leveraged in extracting a shared secret key.
48 Chapter 4. Secret Key Generation on the Physical Layer
4.2.2 Multipath Channel
The wireless channel considered in this scenario is supposed to be a multipath fading channel which can be modeled as a combination of different channel impulses (channel taps) having different amplitudes and delays. In fact, the channel incorporates the different paths which are traversed by the signal traveling from the source to the des-tination. Each of these channel taps is characterized by its complex gain and delay. In addition, due to the mobility of the communicating nodes and the reflecting clusters, the channel is varying with time. In other words, the channel impulse response at time instantt can be expressed as
h(t, τ) =
L−1
X
l=0
hl(t)δ(τ−τl), (4.3)
where δ is the unit impulse function, L is the length of the channel (number of taps), while hl(t) and τl represent the complex gain and delay of the (l+ 1)th channel tap at time instant t.
The main idea in this work is to use the wireless channel as a source of secret information. The channel taps can be considered independent from each other and can be quantized separately thus leveraging multipath to increase the number of secret bits generated [9, 68, 88, 89]. Moreover, the uniform phase distribution [18] of the channel taps encourages the idea of phase quantization to generate secret keys. In fact, a condition of secrecy is the perfect randomness. Thats why we tend to use the randomly distributed phase to generate secret bits.
It is important to note that the variation of the channel with time can have a neg-ative influence on the performance of a key extraction mechanism. Channel variation influences negatively the channel estimation procedure. Therefore, the channel esti-mation procedure should be done at the two nodes as fast as possible to avoid any decorrelation between the channel estimates.
However, due to some practical issues, it is difficult to obtain channel estimates at the same instant. Thus, in the case of small delay and mobility, the resulting channel variation should be modeled and corrected as we will see in section 4.4.2. In deed, Basis Expansion Modeling (BEM) [90] has been largely investigated to model channel variation during short periods where the channel is highly correlated. In this case, it is important to find the time-spaced autocorrelation function as it determines the channel correlation as a function of time-shift ∆t. Hence, it is necessary to take into account the coherence time of the channel and the autocorrelation function as these parameters help in determining how much the channel is correlated.
Moreover, the phase of the channel taps is very sensitive to time synchronization and frequency offset. Indeed, a small residual frequency offset might lead to a con-siderable variation in the estimated phase of the channel taps and would result in a
4.2. System Model 49
disagreement between the extracted bits. However, in this work we assume perfect time and frequency synchronization and leave these issues to be handled in future work with real implementations and testing.
4.2.3 Channel Estimation
Channel estimation is a necessary part of a digital signal processing unit of any radio device. It helps in performing equalization and error correction. In our case, it is necessary to perform accurate channel estimation so that the channel estimates could be used to derive and agree on a key. In this section, we briefly summarize the chan-nel estimation procedure in an OFDM (Orthogonal Frequency Division Multiplexing) system.
One of the main advantages of an OFDM system is that it allows a simple channel estimation. In deed, the FFT (Fast Fourier Transform) and IFFT (Inverse Fast Fourier Transform) allows the transformation of the channel matrix into a diagonal matrix in the frequency domain. Hence, considering an OFDM system, the channel coefficients in the frequency domain can be estimated by a simple division obtaining [90]:
Hb =H+nG, (4.4)
where nG is the added white Gaussian noise vector which can be different at the two nodes; and H is a vector of N channel coefficients in the frequency domain with N being the FFT size. These channel coefficients can be expressed as (taking out the time indext)
The basic idea is to use these channel coefficients to derive secret bits. Hence, a di-rect approach that comes first in mind is quantizing these coefficients didi-rectly. However, the channel coefficients show some correlation in the frequency domain. Therefore, we tend to transform them to the time domain where we get the uncorrelated channel taps. In our approach, we first estimate the Hk’s and then by Fourier transform we obtain thehl’s as:
hb=h+z, (4.6)
wherez is the equivalent Gaussian noise in the time domain.
Since the Fourier transform is a unitary transform, Parseval’s theorem states that:
L−1
50 Chapter 4. Secret Key Generation on the Physical Layer
Therefore, we have the following relation between the frequency domain SNR:
SN Rf =E[|Hk|2] and the SNR of the time domain channel coefficients: SN Rτ(l) = E[|hl|2]:
L−1
X
l=0
SN Rτ(l) =N·SN Rf (4.8)
This means that the use ofN channel samples in the frequency domain to find the time domain coefficients leads to a gain of Tap-to-Noise power Ratio (TNR) equal to N.
4.2.4 Key Agreement Protocol
The communicating nodes need only to estimate their common channel to be able to generate a secret key. It is also very important to perform this estimation in a very short period, especially in mobile scenarios where the channel response varies rapidly.
Therefore, the first step in the key generation procedure should be the consecutive exchange of probe or pilot signals so that the two nodes can obtain accurate channel estimates.
We propose a simple key generation protocol consisting mainly of channel esti-mation, exchange of quantization parameters, quantization and secret bit extraction, and finally key agreement and verification. Considering, without loss of generality, that Node 1 is the leading node and Node 2 is the follower, we summarize the key generation and agreement protocol in the following steps:
1. Node 1 sends a pilot signal to Node 2 for the purpose of channel estimation.
2. Node 2 sends back a pilot signal to Node 1 for the purpose of channel estimation.
3. Nodes exchange parameters (ex. TNRs, Tap Indexes,...) related to the key gener-ation mechanism over the public insecure channel. The purpose of this exchange is to minimize the probability of disagreement without any loss of secrecy. The parameters exchanged vary according to the key generation protocol as we will see in section4.3.
4. Nodes proceed in quantizing channel taps according to the key generation mech-anism.
5. Steps 1 −4 can be repeated as necessary, consecutive times for performance enhancement or larger key sizes.