channels indicate that pairs of UWB radio transceivers measure their common radio channel with a high degree of agreement and third parties are not be able to ...
Verification of Secret Key Generation from UWB Channel Observations Masoud Ghoreishi Madiseh, Shuai He, Michael L. McGuire, Stephen W. Neville, Xiaodai Dong Department of Electrical and Computer Engineering University of Victoria Victoria, B.C. V8W 3P6, CANADA Email: {masoudg,heshuai,mmcguire,sneville,xdong}@ece.uvic.ca
Abstract—Theoretical models of ultrawideband (UWB) radio channels indicate that pairs of UWB radio transceivers measure their common radio channel with a high degree of agreement and third parties are not be able to accurately estimate the state of the common channels. These properties allow generation of secret keys to support secure communications from UWB channels measurements. In this paper, the results of UWB propagation studies are presented that validate the required properties to support secret key generation in a typical indoor environment. Key generation algorithms are employed on the measured data and key lengths on the order of thousands of bits are obtained capable of supporting most popular cryptographic systems. The paper also reports measurements of the spatial and temporal correlation of the UWB channel from which the relative privacy of the secret keys can be determined as well as the rate new secret keys may be generated. Index Terms—Ultra Wideband, Secret Key Generation, Reciprocity, Public Discussion, Channel Measurements, Security, Permutation, Signal Purification.
I. I NTRODUCTION Ultra-wideband (UWB) radio communications systems have being proposed for indoor, short range, high data rate communications since they allow for high data rate communications at low power densities with simple receiver structures. This has led both academic and industrial researchers to work extensively on improving the physical and media access layer of UWB communications systems [1]. A danger with the use of an UWB radio system, or any radio system, is that the integrity of the communications can be compromised by eavesdroppers intercepting the data signals. A challenge for the designers of UWB wireless systems is to develop methods to ensure data integrity and system security despite the use of an open medium. For two parties to communicate with perfect security, it is necessary to share a common secret key unknown to any other party. In UWB communications systems, it has been recently proposed that two communicating transceivers can generate a common secret key from the characterizations of their common radio channel [2], [3]. The basis of this work is the electromagnetic reciprocity theorem which states that the radio channel from point A to B is the same as the radio channel from point B to A, so long as there are no nonlinear components in the propagation environment [4]. Therefore, the radio channel characteristics provide a source of common information between two transceivers. The channel
measurements can be used to generate secret keys in UWB systems since channel measurements have shown that indoor UWB channels become independent after antenna displacements of more than 15.2 cm (6 inches) [5]. Therefore, if a reasonable distance separates the eavesdroppers from each of the legitimate users, the channel impulse response between legitimate users becomes a source of shared unique secret information that an eavesdropper cannot obtain likely measurements unless they are less than 15.2 cm of either communicating party [2]. In the previous literature, secret key generation algorithms has been developed based on these assumptions where confirmation of the successful operation has been restricted to simulations based on the standard IEEE UWB radio channel models [6], [7]. The main contribution of this paper is to report results that verify the operation of secret key generation from actual UWB channel measurements. The lengths and cost of the secret keys generated from actual UWB channel measurements taken under various environmental conditions are reported. Analysis is performed to confirm the size of the region around each communicating transceivers in which an eavesdropper must be located to obtain information about the shared secret key (see Figure 1). The time correlation of the UWB radio channel is measured so the maximum rate at which secret key bits may be generated is determined. The secret key generation methods previously described in the literature are verified under actual operating conditions [6]. The remainder of this paper has been organized as follows. In Section II, the test methodology is described and the equipments and designed sub-systems are reviewed. The test strategy and the analysis of the results are presented in Section III. Finally, in Section IV, the performance results of key generation algorithm with real data measurement is reported. II. M EASUREMENT S YSTEM OVERVIEW In this section, the measurement methodology is reviewed and the measurement scenarios for all of the measurement tests are presented. A. Transmitted Signal Constraint Measurements were obtained for UWB signals in the frequency band from 3.1 GHz to 10.6 GHz specified by the
No. 1 2 3 4 5
Name oscilloscope Arbitrary Waveform Generator Vector Signal Generator Microwave System Amplifier Antenna
Model Agilent DSO81004A Tekronix AWG7052 Agilent E8267D Agilant 83017A EM-6865
TABLE I T EST APPARATUS
UWB Channel
Transmitter Side Pulse Genartor
Receiver Side Amplifier
Modulator
Agilent 83017A
Agilent E8267D
Tekronix AWG7052
f c=4GHZ
Agilent DSO81004A
Synch
Oscilloscope
Fig. 2.
Block Diagram of measurement system setup
4 GHz cosine signal. This signal is then filtered with a low pass Chebyshev-approximation digital filter to remove out-ofband measurement noise. The specifications of the filter with Chebyshev-approximation are as follows: • Double side bandwidth: W = 1 GHz. W/2 • Normalized passband edge frequency: ωp = = fs 0.0125. • Normalized stopband ripple: ωa = 2 × ωp . • Maximum bandpass ripple: Ap = 0.1 dB. • Minimum stopband attenuation: Aa = 60 dB. • Filter order 9. The received signal for a single transmitted pulse was measured with both antennae located in an electromagnetic anechoic chamber to obtain the benchmark signal shown in Figure 3. Transmitted Pulse Shape 0.7
0.6
0.5
0.4
Amplitude (volts)
FCC for UWB indoor communication. To satisfy the FCC requirements, the effective isotropic radiated power (EIRP) emission over 3.1-10.6 GHz bandwidth was kept to less than −41.3 dBm/MHz [1]. In our tests, the radio transmitter and receiver are synchronized via a direct cable connection. The transmitter sends a trigger pulse on the cable connection to the radio receiver at the same time that it sends UWB pulse through the wireless channel. The measurement equipment in the receiver starts signal capture when it receives the trigger signal. Measurement were performed during both Line-of-Sight (LOS) and Non-Line-of-Sight (NLOS) propagation conditions. A radio connection is classified as LOS when 60 % or more of the first Fresnel zone between the transmitter and receiver antennae is unobstructed [8]. Otherwise, the radio connection is classified as Non-Line-of-Sight. For our carrier frequency of 4.0 GHz, to block at least the 40 % of the first Fresnel zone and create NLOS propagation requires an obstacle with a minimum radius of r = 49.18 cm. Table I lists the test equipment used in our measurement tests; Figure 2 shows the block diagram of the measurement apparatus setup. The parameter of the measurements are • The sampling rate of measured data is fs = 40 GS/sec. • The carrier frequency is fc = 4 GHz. • The output of vector signal generator is set to have 10 dBm power for an EIRP of −41 dBm/MHz.
0.3
0.2
0.1
In the radio receiver, the frequency down-conversion to baseband is performed with digital signal processing techniques by multiplying the received signal by an ideal sampled
0
−0.1
−0.2 0
0.2
0.4
0.6
0.8
Time (sec)
Fig. 3.
Unsuccessful Eavesdropper E
1.2 −9
x 10
Transmitted pulse shape
III. T ESTS S TRATEGIES
Secured UWB Channel B
A
1
Limited Regions of Close Proximity where Eavesdropping is Viable
Fig. 1. Physical scenario of A and B communicating over the UWB channel secured through the secret key generated directly from the UWB channel characteristics [6].
In this section, a description of all the measurements performed is provided. Here, we use correlation coefficient to show the likelihood along channel measurements. It is assumed that the measurement noise is ergodic. The correlation coefficient between channel measurements, X (n) and Y (n) are estimated with: ¯ Y¯ A [X (n) Y (n)] − X p (1) ρXY = 2 2 σX σY where A [·] calculates the time average of its operand over 2 ¯ ¯ all� samples � n, 2X = A2 [X (n)],� Y2 =� A [Y2 (n)], σX = 2 ¯ , and σ = A Y (n) − Y¯ . For Eq. (1) A X (n) − X Y
to provide the statistical correlation, it is necessary for the channel impulse responses to be both correlation and mean ergodic. This, unfortunately, is not a feasible property that can be confirmed with experimental measurements so, here, it is conventionally assumed without proof [9]. A. Reciprocity Test This test confirms the extent to which the measurements made for signals transmitted from antenna A to antenna B match those for signals transmitted from antenna B to antenna A. Theory indicates that the match should be perfect for a linear channel but non-linearities in the transmitter and receiver systems can cause mismatches between the measurements. This set of measurements was made to see to what extent reciprocity exists in a real UWB system. For this experiment set, all the measurements for a given set of antennae positions are made within the coherence time of the radio channel. In other words, within the time interval between two measurements, the channel is stationary. To ensure this, object movement in the radio propagation environment was eliminated, if possible, or minimized. The correlation coefficient calculated based on Eq. (1). Tables II and Table III show the calculated results respectively for LOS and NLOS conditions, at different antennae separation distances. In the LOS case, the results are averaged over 16 measurement sets, where in the NLOS, the average is calculated over 64 measurement sets. The reported signal-tonoise (SNR) value shows the output power ratio of the vector signal generator, our carrier modulator. distance (meters) 1 4 6 8 10
average 16 16 16 16 16
SNR (dBm) 10 30 30 30 30
correlation coefficient −1 ≤ ρ ≤ 1 0.974 0.927 0.908 0.933 0.904
B. Spatial Correlation Test This set of tests was made to find the correlation of channel measurements made at different locations. For security purposes, it is optimal for the channel measurements to become uncorrelated after only short distance displacements at either antenna. In this test, one antenna is kept stationary while the other antenna is moved to a different location for each measurement. The impulse response of the radio channel was measured at 25 points on a 5 by 5 grid. The distance between the neighboring points in one row or column of the grid is 20 cm. At each point, 10 channel measurements were collected and then averaged together to reduce the measurement noise. As well as in the set of measurements for confirming reciprocity, movement in the radio propagation environment is minimized so that the differences measured between channel measurements are a result of either antenna movement or measurement noise. Measurement noise effects are mitigated by averaging to isolate the changes in the measurements caused by antennae positioning. The correlation coefficient is calculated for different separation distances of receiver and transmitter antennae. Here we are reporting two type of cases. The complete set is available in [10]. Figure 4 and Figure 5 demonstrate the correlation coefficient calculated over the test grid for LOS propagation and NLOS propagation, respectively. In each case, the correlation of the channel measurement with respect to the reference point at the center node of the grid is computed. The estimated correlation coefficient for the center node is calculated as the average of the correlation coefficients, Eq. (1), over all data vectors collected at that point. The measurement noise results the central correlation coefficient being reduced from its ideal value, one. Spatial Correlation Coefficient (d=3m, LOS)
distance (meters) 1 4 6 8 10
average 64 64 64 64 64
SNR (dBm) 10 10 10 10 10
correlation coefficient −1 ≤ ρ ≤ 1 0.998 0.987 0.910 0.959 0.965
TABLE III C ORRELATION COEFFICIENT RESULTS IN RECIPROCITY TEST FOR NLOS MEASUREMENTS .
20 cm
TABLE II C ORRELATION COEFFICIENT RESULTS IN RECIPROCITY TEST FOR LOS MEASUREMENTS .
0.3081
0.07103
0.2024
0.078597
0.20283
0.22542
−0.14755
0.56747
0.98375
0.074854
−0.56765
0.47506
0.4615
0.026357
0.22349
0.22652
−0.16788
−0.32419
−0.50251
−0.27574
−0.25118
0.24543
0.078281
0.30118
0.17249
20 cm
Fig. 4. Spatial Correlation Coefficient (LOS, average separation distance = 3 m).
The results show that in all the examined cases, the forward and reverse channel measurements are highly correlated. So, the reciprocity assumption is a good match to the actual channel conditions and may be used for secret key generation in actual systems.
The results show that the correlation of received measurements is reduced when the receiver antenna is moved away from the reference point. However, there is no exponential relation between spatial correlation and distance
Spatial Correlation Coefficient (d=3m, NLOS)
Time Correlation (LOS) 1
0.38322
−0.43009
0.48479
−0.28353
−0.42766
−0.61027
0.30065
0.00695
0.23141
−0.36979
−0.32258
−0.17516
0.9601
0.21485
0.36705
0.51356
−0.63805
0.084791
−0.18464
0.51983
−0.67183
0.62474
0.74524
0.47847
−0.18387
0.9
Correlation Coefficient
0.8 0.7 0.6 0.5 0.4 0.3
20 cm
0.2 0.1 0
100
200
300
400
500
600
Time (sec)
700
800
900
1000
20 cm
Fig. 5. Spatial Correlation Coefficient (NLOS, average separation distance = 3 m).
Fig. 6.
Time Correlation Coefficient, LOS propagation.
Time correlation (NLOS) 1
C. Time Correlation Test The purpose of these experiments is to taking account the variations in channel correlation over time that caused by different types of movement in the propagation environment. For these measurements, the position of both antennae are kept stationary and controlled movement is introduced into the radio channel environment during the test. To conduct the measurements, a pulse is transmitted every 500 msec and the channel impulse response is recorded for each pulse. During the test, we asked people to walk around the antennae (like a normal working day of the laboratory, test environment). The correlation coefficient is obtained between the first channel measurement at τ = 0 and channel measurements obtained at delays of τ = k × 500 msec for k = 1, . . . , 2000. The test was conducted for LOS and NLOS propagation conditions. Figure 6 and Figure 7 show the LOS and NLOS time correlation coefficients over time. The dips in Figures 7 and Figure 8 are caused when a mobile person blocks a propagation path with significant power between the transmit and receive antennae. The time correlation results show that the measurements are highly correlated most of the time. In addition, the correlation during LOS propagation is greater than NLOS propagation. Indicates that secret keys generated at different times but at exactly the same locations have a high probability of being the same.
0.9
Correlation Coefficient
between position of receiver antenna and reference node that is often used in other propagation models [11]. We can not claim that spatial correlation decreases continuously for farther separation distances from the reference point. It has been shown that the correlation reduces significantly as soon as the receiver antenna position is changed. Therefore, from security viewpoint, the results are generally approving that secrecy of the common key between two communicating transceivers gets increased when the eavesdropper is located farther than 20 cm from one of communication antennae. To determine more accurate statement, much more observation is required.
0.8
0.7
0.6
0.5
0.4
0.3
0.2 0
Fig. 7.
100
200
300
400
500
600
Time (sec)
700
800
900
1000
Time Correlation Coefficient, NLOS propagation.
IV. S ECRET K EY G ENERATION V ERIFICATION Previous work has presented algorithms for generating secret keys from channel measurements in UWB systems [6]. This section applies these algorithms to the measurements described in the previous section to see how many secret key bits are obtainable from these channel measurements. The key generation algorithm is summarized in Figure 8. We use a variation of a previously published key generation algorithm [6]. Each transceiver sends a pulse to the other transceiver to be used for channel measurements. Each transceiver filters the received signal with filter matched to the transmitted channel sounding pulse to reduce measurement noise. The filtered signal on each side is then fed into a quantizer to convert the signals into binary data vectors. This binary data is then reordered with public permutation algorithm. In our observation, typically, we obtained 2000 samples from a channel measurement so that the number of available bits for key generation from a single channel measurement, using a 5 bit quantizer, approximately is 10000 bits. Finally, the public discussion is facilitated through as discussed by detail in [6]. As reported in Figures 9 and 10, the disagreement probability, cost of key generation process, increases monotonically
input measurement
Matched Filter
quantizer
output
Hamming decoder
Permutator
LOS channel, d=10 (m), Quantization Level=5 (bits)
key bits
A side
10
−2
input
Matched Filter
measurement
Fig. 8.
quantizer
output
Hamming decoder
Permutator
key bits
Schematic of modified public discussion sub-system
LOS channel, d=10 (m), PurificationCoefficient=0.5
Probability of Disagreement
10
−2
Probability of Disagreement
B side
10
10
10 10
10
10
−3
−4
k=5, C=0.6 k=5, C=0.45 k=5, C=0.4
−5
0
12
24
36
48
60
72
Key length (bits)
84
96
108
120
129
Fig. 10. probability of disagreement of LOS measurements for various key length values and different purification coefficient. The signal is quantized with 5 bit quantizer.
−4
C=0.5, k=5 C=0.5, k=7 C=0.5, k=10
−5
0
−3
12
24
36
48
60
72
Key Length (bits)
84
96
108
120
129
Fig. 9. probability of disagreement of LOS measurements for various key length values and different quantization levels; quantization levels are in bits. The purification coefficient is set to 0.5 in these results.
along desired key length. For instance if Hamming (7, 4) code is used at the decoder of Figure 8 then maximum available key length is taken by 4 × 10000/7 where approximately is 5714. Generating such a large key is not impossible but the probability of disagreement is almost one. Using the public discussion method of Figure 8 with Hamming (7, 4) decoder, the probability of disagreement is calculated for different levels of quantization in Figure 9. Suppose that the output of the matched filter is ymi where p i = a, b. Here, the samples with the amplitude less than C Var (ymi ) are removed from the stream for both transceivers where Var (·) denotes the variance of input averaged over all samples. We call this signal purification and the coefficient C is called the purification coefficient. Figure 10 presents results for the use of different levels of purification for 5-bit quantization. Increasing the purification level means that the more samples in an observation are throwing out. Therefore, the number of available samples for the key generation process is reduced but the remaining samples (those are not eliminated during purification) are more likely to agree. Figure 10 shows that for larger values of the purification coefficient the probability of disagreement decreases. The results verify that the algorithm proposed in [6] works with real data. V. C ONCLUSION Our measurement results demonstrate secret key generation in UWB channel communication. The measurements validate that the available channel reciprocity is high enough to allow for UWB channel measurements to be used as a source of
common information for secret key generation. Also, the spatial correlation results guarantee the secrecy of this common information. Finally, the performance of the system shows an acceptable disagreement for key generation. In future work, the effect of multivariate interference sources in the environment and the effect of synchronization error on the key agreement process will be studied. ACKNOWLEDGMENT This work has been partially supported by research grants from the Canadian National Science and Engineering Research Council (NSERC), Canadian Foundation for Innovation (CFI), and British Columbia Knowledge Development Fund (BCKDF). R EFERENCES [1] M. Ghavami, M. L. B., and K. R., Ultra Wideband Signals and Systems in Communication Engineering, 2nd ed. John Wiley & Sons, 2007. [2] R. Ahlswede and I. Csiszar, “Common randomness in information theory and cryptography – part I: Secret sharing,” IEEE Transactions on Information Theory, vol. 39, no. 4, pp. 1121–1132, 1993. [3] A. Hassan, W. Stark, J. Hershey, and S. Chennakeshu, “Cryptographic key agreement for mobile radio,” Digital Signal Processing, Academic Press, vol. 6, pp. 207–212, 1996. [4] G. Smith, “A direct derivation of a single-antenna reciprocity relation for the time domain,” Antennas and Propagation, IEEE Transactions on, vol. 52, no. 6, pp. 1568–1577, June 2004. [5] C. Prettie, D. Cheung, L. Rusch, and M. Ho, “Spatial correlation of uwb signals in a home environment,” Ultra Wideband Systems and Technologies, 2002. Digest of Papers. 2002 IEEE Conference on, pp. 65–69, 2002. [6] M. Ghoreishi Madiseh, M. McGuire, S. Neville, L. Cai, and M. Horie, “Secret key generation and agreement in uwb communication channels,” Global Telecommunications Conference, 2008. IEEE GLOBECOM 2008. IEEE, pp. 1–5, 30 2008-Dec. 4 2008. [7] J. Foerster and Q. Li, “UWB channel modeling contribution from intel.” [8] H. Hristov, Fresnel Zones in Wireless Links, Zone Plate Lenses and Antennas, 1st ed. Artech House, 2000. [9] M. Patzold, Mobile Fading Channels, 1st ed. John Wiley & Sons, 2002. [10] M. Ghoreishi Madiseh, S. He, M. McGuire, W. Neville, and X. Dong, “Statistical analysis of uwb channel measurements,” Dep. of Elec. & Comp. Eng., University of Victoria, Tech. Rep., Aug 2008, available online: http://www.ece.uvic.ca/∼ masoudg/upload/report.pdf. [11] M. Gudmundson, “Correlation model for shadow fading in mobile radio systems,” Electronics Letters, vol. 27, no. 23, pp. 2145–2146, Nov. 1991.
