Channel-Parameter-Based Encryption Key ...

Channel-Parameter-Based Encryption Key Generation Algorithm And Performance Analysis For Wireless Relay Networks Against Eavesdropping

Likun Yang*, Gongpu Wang*, Feifei Gaot ,Zhangdui Zhong*, and Bin Sunt

*School of Computer and Information Technology, Beijing Jiaotong University, Beijing, China, 100044. tDepartment of Automation, Tsinghua University, Beijing, China, 100084. tSchool of Computer Science, Beijing University of Posts and Telecommunications, Beijing, China, 100876. Email: *{12125169.gpwang.zhdzhong}@[email protected]@bupt.edu.cn.

Keywords: Channel estimation, encryption key, performance analysis. Abstract

In this paper, an encryption key generation algorithm is suggested for multiple-relay networks against eavesdropping. The proposed algorithm is based on the parameters of the wireless channels between the relays nodes and the destination, which is unavailable for any eavesdroper. The secure performance of the proposed algorithm is also analyzed through mathmatical derivation. Specifically, the closed form of key matching probability, an important measure for secure performance, is obtained through multiple-round integration and reasonable approximation. Finally, simulations are provided to corroborate our proposed studies. 1

Introduction

Physical layer security for wireless communication has attracted much attention recently [1]-[3]. It is Wyner who firstly investigated the physical-layer security problem in an information-theoretic sense [4] in 1975. Shortly after, the authors in [5] extended Wyner's results to Gaussian wiretap channels and derived the secrecy capacity. In recent years, multiple-input single-output (MISO) wiretap channel is considered in [I], and multiple-input multiple-output (MIMO) wiretap channel is studied in [2]. Besides, cooperative relayaided secure communication has been suggested in [3]. Furthermore, the authors in [6] characterize the security­ reliability tradeoff performance of conventional direct transmission from source to destination in the presence of an eavesdropper, where the security and reliability are evaluated by the intercept probability at eavesdropper and outage probability at destination, respectively. Encryption is an effective way against eavesdropping [7], and utilizing the channel parameters to generate encryption key is

a good choice of secret key selection. The author in [8] gave the key generation algorithm between the legitimate users for the first time. However, this algorithm had a prerequisite that an authenticated channel should be available before key generating. In [9], the author demonstrated the eavesdropper might not have any information about the encryption key that was generated from the wireless channel between legitimate users, and presented the detailed key-generating algorithm. The special property of wireless channel is utilized in [9]: the channel between source node and destination node is unique, and the channels between the source node and two destination nodes are decorrelated. The similar property is used in [10], [II]: the reference [10] used the channel parameters in frequency domain while the reference [II] gave the method based on the phase. All the previous works about key-generating focus on point­ to-point networks. To our best knowledge, no encryption key generation algorithms are proposed for relay networks, and there lacks corresponding secure performance analysis, which motivates our present work. In this paper, we suggest an encryption key generation algorithm for multiple-relay networks against eavesdropping. Our proposed key generation algorithm is based on the parameters of the wireless channels between the relays nodes and the destination, which cannot be accessed by any eavesdropper. The secure perfonnance of the proposed algorithm is also analyzed in our paper through mathematical derivation. Specifically, we obtain the closed form of key matching probability to measure the secure performance. Finally, the simulation results are provided to corroborate our proposed studies. 2

System model

.

go

S

R '- I

g,

./

Ro

Thus, the source node will receive �

11",.,n �

h.,..,

h

0

hi

;\

i

D

b':!\I�1

"IR/" \1 _I,i ./

I , •

E

Using some estimation method, Thus we can obtain

Fig. 1. System model. The wireless system (Fig. I ) contains one source node, one destination, one eavesdropper, and some relay nodes, where the solid lines and the broken lines represent the main link (from source to destination) and wiretap link (from source to eavesdropper) respectively. The number of relays is 2Nk,. Each relay amplifies the received signal from the source and retransmits the signal to the destination node. For convenience, the index of relays stands for the transmission sequence. In this paper, we assume the wireless channel between relays and destination, and the channel between relays and eavesdropper are all time­ varying. In contract, the channel between relays and source are time-invariant. The channels between the source node and relay nodes is denoted as gi, where i represents the index of relays. Similarly, the channels between destination and relays, between eavesdropper and relays are denoted as h; and h""",i respectively. Moreover, all channels of gi, hi and her,i are modeled as complex Gaussian random variables with zero­ mean and variance equal to (j�i ' ali and at,.. ' o ::.:;;

'i

::.:;; 2N",

-

1,

respectively.

3

Channel-parameter-based

3.1

Sensing the channels

encryption

key

generation algorithm

=

. . .

, 2Nk

-

1.

(3)

(2)

After the destination receives the signal di from �, it will send the known probe pulse signal to Ri, which then retransmit the signal to the source again. We assume the channel changes slightly, since the span of our probe pulse signal is very short.

gi

can be derived from (1).

(4) 8:' = hi.x + Wsd,.i, where Wsd,. is the circularly Symmetric Complex Gaussian (CSCG) noise with the zero-mean and the variance a::, . ---sa.1 The channel estimate can be expressed as

h1'd,i held

=

hi

!:::..hd,'i,

(5)

= hi + !:::..h'·,i, (6) where b..hd,i and b..h'r;' are the corresponding estimation errors, which can be modeled as zero-mean Gaussian random variables.

3.2

Key-extracting algorithm

The destination can find the channel response 1 111'(1,i 12 from the obtained estimates of channel parameters. Let the ascending sequence of the channel responses is

Thus, we can obtain the ordering vector through associating the channel responses order with the channel estimates in the transmission sequence. The ordering vector can be expressed as i 0, . . . , 2Nk - 1. (8) J(l) .it, =

In order to extract a key from the channels, the estimates of channel parameters are required at the source and the destination [13]. We assume that the relay nodes work in turns. The relay R,: transmits a probe pulse signal (j which is known to source and destination nodes. The source node will receive (1) 8i = g/j + W1• ,i' The destination node will receive di hiD + W,'d.i,

0,

Here, we assume W.,.s,i, w,'d,i and wd."i are circularly Symmetric Complex Gaussian (CSCG) noise with zero mean and variance a�"'f'::l".1 (j� l"a.1. and (j� d'r.l,respectively.

,h., \',_1

h,..r�\�_'

=

=

Next, we take the odd elements from the ordering vector to constitute the key-generating vector K. (9) K(m) = J(2m+ 1), m = 0, . . . ,Nk - 1 .

Finally, we convert each elements of K. to the binary number of n bits, where n satisfies the condition (10) 2",-1 < Nk � 2'11 - 1, and rearrange the bits to a bit string in order. The bit string k is the encryption key that will be utilized in the following communication process. The source node can also obtain the encryption key with the same method. The proposed key-generating algorithm can be summarized as follows: I) Estimate the channels, and calculate the channel responses; 2) Permute the channel responses in ascending order. Associate the order number with the channel estimates

3)

in the transmission sequence to form an ordering vector .J. Obtain the key-generating vector KK from the odd .1. elements of.1; of.J; Convert each elements of KK to binary bits, and then these bits constitutes the string kk,, which is the encryption key of interest.

Ihrd,jNk-'' INk INk-l' 10.< denote the event Ihd'· Ihd1·.. ..io 1010 Ihrd,jNk- l' c" 22

�

~

22

4.1 Probability of key at 4.1 Probability of identical identical key at the the eavesdropper eavesdropper node node As the wireless channel is open in the air, the key-generating elements kk can be received by eavesdropper. However, the wireless channel has a special property: the channel response is unique and uncorrelated in space. The common channel hhi; and the eavesdropper channel h e,i are statistically he,i independent, as well as their channel gains. gains. In addition, the sequences of the selected channel gains are also statistically independent. Consequently, an eavesdropper has no more information than a random guess about the sequence of selected key-generating elements. The intercept probability Pin! of eavesdropper to derive the selected elements and their Pinl. sequence is: sequence is: 1 1 _ (Nk/2) ! 1 1 (Nk/2)! (11) ( I I) Pint (N)I . N, /2 (N,d (N./2)1. Pint = CN1J2 )! (N,.)! 2 k k . =

=

Nk eNk

..

I, we can know Pinl From TABLE 1, p;.n!. decreases rapidly with and Pint can reach a negligible level even for increasing N " N"A. , Pinl small N N,,:. k. Pin! Pint 8.30 8.30 X X lOlO-JJ 5.95 5.95 XX 1010-44 3.31 3.31 X X 1010-55 1.50 1.50 X X 1010-66

N NA",, 6 88 10 12

' 2 . .. :s; Ih"d,j!lIIl :s;� � Ih,·d,.i! .

.

.

.

.

.

Nk -- 1, 1, and /3(/." /3d,",1,1denote the value of Ih"d,il IhTd,i,llll for ll = 00, ... ,, Nk 0, . .. ,, Nk Nk -- 1. 1. Thus, the probability of h.dr,j,ltlt for ll = 0, Ih'd,·,jl of event c10 can be written as: •-

22

=

.

.

.

=

.

.

.

P( ) _ P( II e.�)) -= P(lOcI p (ccl(es) nn fa) Es) ' Pee) C - Peed cd c.~ n / . \ • P

(13) (13)

=

From (5) and (6), we can obtain

iljI d" d,,,jl j),rd,j/ + (14) + !:lh,'d,il 6.h1•d,i, ,jr = 'lTd,jl where6.hrd,i '" CN(a, CN(O, O'~""t.i u�""t.i + O';ar,j) u� a" ) '' Clearly hdT,.il hd",}1 is where!:lhrd,i =

'"

d ,j l and a complex Gaussian random variable with mean h,' 12.·d,.11 . 2 varianceO";h' vananceO'l'..h·

Therefore, the probability density function (PDF) [15] [15] of of gain /3dd = II hd'·,.'il channel (3d,-,l hw..i' ltIt is

f( /3 d1',t )= 1(/3 (b',/ ) - -22 -

=

11

(_'�dT,I+fJr (_11 .,+flrrl.,) 1 ~n2 1 rlT

22 Ut::.h O'Clh

--

ee >

"'-,.

�n2 1>.1.

rl ,' )

(

(

00

)

J. If; {:'3d,',1, 1',, )

i 0

13dr.2

, 0

f( f3dr,o)df3dr,O f( f3dr,d F (f3d1', 1)d,Bdr ,1

-l'+oo j"!3dr,3 f( f3dr,2)df3dr,2 1!3dr,2 f(, f3dr,l) ( f( fJd1·,N!,- 1)df3dr,N!. - J · ·· , 0

0

1

+00 l

o

{Jdr,NA- -l

0

=

p(€rl n c,s ) =

10

1

i3dT ,l

0

+00

.0

... 1

0

...

1- QJ(

J f3rd,l J f3dr, l ) , ) dfJrlr·,1 ·(25) (J' b"h

(J' b"h

N -1 k

f( (3d'l',I)d fjd'f',O'" dfJdl',Nk - l

1=0

1

f( f3dr,N/,;- l)dfJdT,Nk -

+00 1 f3r d,N/,; - 1

a

0

II

f3rd ' 1

a

l

= F( f3dT,Nk -l) lt= =

1.

II g(f3rd,ddfJ~·d,O· ·· dPrd,N,, - l'

Nk -l 1= 0

)

0" lih

Nk - l

0

l'dr,Nk - ]

0

AI,

(_ ( ~+2~) 2 )

, h( f3d'l' ,l) =

d{3,i'I'.J

(j 'd , 1 ,l /~'l

2 0" lih

( {j",.;~t{ird. l ) I ( J f'd",l f:J.. d,l)

20" lih

U

(

0

0

+ 00

1 , 0

(~- .,(l!;i;i) 2 ,"2A I>

e

-2-

( J {::J{.,I '

k

o

=

-

=

e

f (f3,I'I',dd(3,b',1

+ 00

1

0" lih

(

1

'{J'h',2

·O

Pdf',l

We define defme

h((3d1',1)

) Ql(- - ' - - )

AI'

Unfortunately, this integration (21) cannot be obtained analytically. However, we can find find the following conditions . for further analysIs. analysis.



V~ fJr a,) V~ /Jdr . I

( '~ "r'.,..,.2 l +Jlrd,l ) ]

AI,.

2

- -

e

-

1

1

(20)

(Nk )!'

-

e

( _ (v'l£bj"+~)2) .,,,2 d

e

1

_

n

(

-220" lill

U

2

Similarly, P(cd P(cd n cs) cs) can be written as (24). The integration f (13d'(',I) in (24) can be simplified as (25) that about function !((3dr,d is shown on the bottom of this page.

fJ "r.z

1

'{J,j,.,2

- -

(26) (27)

transmitting power is not equal to 1. Since we cannot control the noise power, we can change the transmitting power to alter the value of (T� h' In Fig.3, we focus on how f1 changes about SNR(signal-to-noise ratio) on the condition of O"lh = 1 and fixed channel responses. We can find that .fl IS a decreasing function of SNR, and .fl rapidly comes to zero when SNR is large enough. This is verified in Fig.3.

-O!h=0.1 -e- O! =0.01 h

2

�-e-O.,,=0.OO5 �

Similarly, we can find

12 has the same property with .h

Thus, when SNR ::::: 20dB, we can obtain

h (/3,h",l) h(/31'rl,l)

1 0-250�__-:,:-__---:-,-:--__-::,-:-__---:,::--_-----' o

0.2

0.4

0.6

0.8

Fig. 2. The value of function fJ versus the channel gain

/3d1',I'

10"'"

10

=

(28) (29)

0,

0.

Therefore, we can rewrite (21) as

if3dr.21(/3

dr,l

. 0

10..0

=

)

(1 (Vf3"(/,IVf3d,",l)) -

Q1

---,

(J t.,.

rfJd .. . f(/3,/,,·,l)d{3tf.'I",l. io

---

(J t.h

d{3dr,l

2

=

-'"'

(30)

Utilizing (30), (25) can be rewritten as (26). Then we can obtain (27) based on (26). Therefore, we can obtain (3\) P(c:) 1, S R 2 20d13.

::: 10"'"

=

1O-

\

4.3

'''' l...---�--�-----' o

5

10

Fig. 3. The value of function

SNR(dB)

15

20

25

fl versus SNR.

Since the structures of function h (/3