Information Theoretically Secure Encryption Key Generation over Wireless Networks by Exploiting Packet Errors

TL;DR

The paper addresses secure key exchange over wireless by exploiting the independence of packet-error events across receivers. It proposes transmitting N UDP packets with random data, having Bob identify those received on the first attempt, and using a hash of their contents to generate a shared key, with Eve’s risk diminishing as N grows. The security level is quantified by $SEC = -N \log_2(1 - c_b e_e)$, with detailed results for degraded channels ($(\mathtt{c}_e = \mathtt{c}_b$)) and general channels; e.g., the degraded-case max occurs at $\mathtt{c}_b = 1/2$ giving $SEC_{max} = N \log_2(4/3)$, and for typical $\mathtt{c}_b \approx 0.9$ a formula $SEC = -N \log_2(0.1 + 0.9 \mathtt{c}_e)$ applies. The authors also address practical challenges of ARQ at PHY/MAC by proposing a high-level, time-regularization approach to infer first-transmission successes from observed packet timings, with LTE demonstrations. The method is applicable across cellular, WLAN, Bluetooth, and IoT networks and supports key refreshing via updating packets, enabling practical, information-theoretic secure key generation in real-world wireless systems.

Abstract

This article presents a novel method for establishing an information theoretically secure encryption key over wireless channels. It exploits the fact that data transmission over wireless links is accompanied by packet error, while noise terms, and thereby the error events observed by two separate receivers are independent of each other. A number of data packets, with random data, are transmitted from a first legitimate node, say Alice, to a second legitimate node, say Bob. Bob identifies all packets that are received error-free in the first transmission attempt and sends their indices to Alice over a public channel. Then, both Alice and Bob mix the contents of identified packets, e.g., using a hash function, and thereby derive an identical encryption key. Since error events from Alice to Bob is independent of error events from Alice to Eve, the chances that Eve has successfully received all packets used in key generation error-free diminishes as the number of packet increases. In many wireless standards, the first stage in error detection and Automatic Repeat Request (ARQ) is deployed at the PHY/MAC (Physical Layer/Medium Access Control) layer. In such setups, the first re-transmission is manged by the PHY/MAC layer without informing higher layers. This makes it impossible to directly access the information related to packet errors through high-level programming interfaces available to an end-user. A method is presented for determining packets received error-free in first transmission attempts through high-level programming. Examples are presented in conjunction with an LTE cellular network.

Figures (6)

• Figure 1: $\mathsf{SEC}$ values for $N=617$ computed using \ref{['EQU2']}, i.e., $\mathtt{c}_b=0.9$.
• Figure 2: Example of information that can be extracted through high level programming in a cell phone over an LTE network.
• Figure 3: Interface deployed for depicting information extracted in a cell phone operating over an LTE network.
• Figure 4: Received times for packets sent at regular time intervals, where $T$ is the round trip time in PHY/MAC ARQ.
• Figure 5: Examples of time gaps measured over an LTE network, shifted around their respective mean value, where $T$ is the round trip time in PHY/MAC ARQ.