Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Secret-Key Generation from Private Identifiers under Channel Uncertainty

Vamoua Yachongka, Rémi A. Chou

TL;DR

This work tackles secret-key generation for device authentication from physical identifiers (PUFs) under channel uncertainty with multi-antenna parties. It develops inner and outer bounds for discrete sources and provides a complete Gaussian capacity characterization, using a two-layer random-coding strategy and Fisher-information-based converses to handle secrecy and privacy leakage. For Gaussian sources, the bounds coincide, yielding an exact region and revealing how the number of antennas at the decoder and Eve affects the secret-key, storage, and privacy trade-offs; numerical results illustrate when GS or CS strategies are advantageous depending on storage constraints. Overall, the paper advances robust, CSI-uncertain secret-key authentication in IoT, offering concrete design insights for balancing key rate, leakage, and public-data storage. Key contributions include novel treatments of compound channels in a source-type model and the incorporation of privacy leakage constraints, with practical implications for PUF-based security systems.

Abstract

This study investigates secret-key generation for device authentication using physical identifiers, such as responses from physical unclonable functions (PUFs). The system includes two legitimate terminals (encoder and decoder) and an eavesdropper (Eve), each with access to different measurements of the identifier. From the device identifier, the encoder generates a secret key, which is securely stored in a private database, along with helper data that is saved in a public database accessible by the decoder for key reconstruction. Eve, who also has access to the public database, may use both her own measurements and the helper data to attempt to estimate the secret key and identifier. Our setup focuses on authentication scenarios where channel statistics are uncertain, with the involved parties employing multiple antennas to enhance signal reception. Our contributions include deriving inner and outer bounds on the optimal trade-off among secret-key, storage, and privacy-leakage rates for general discrete sources, and showing that these bounds are tight for Gaussian sources.

Secret-Key Generation from Private Identifiers under Channel Uncertainty

TL;DR

This work tackles secret-key generation for device authentication from physical identifiers (PUFs) under channel uncertainty with multi-antenna parties. It develops inner and outer bounds for discrete sources and provides a complete Gaussian capacity characterization, using a two-layer random-coding strategy and Fisher-information-based converses to handle secrecy and privacy leakage. For Gaussian sources, the bounds coincide, yielding an exact region and revealing how the number of antennas at the decoder and Eve affects the secret-key, storage, and privacy trade-offs; numerical results illustrate when GS or CS strategies are advantageous depending on storage constraints. Overall, the paper advances robust, CSI-uncertain secret-key authentication in IoT, offering concrete design insights for balancing key rate, leakage, and public-data storage. Key contributions include novel treatments of compound channels in a source-type model and the incorporation of privacy leakage constraints, with practical implications for PUF-based security systems.

Abstract

This study investigates secret-key generation for device authentication using physical identifiers, such as responses from physical unclonable functions (PUFs). The system includes two legitimate terminals (encoder and decoder) and an eavesdropper (Eve), each with access to different measurements of the identifier. From the device identifier, the encoder generates a secret key, which is securely stored in a private database, along with helper data that is saved in a public database accessible by the decoder for key reconstruction. Eve, who also has access to the public database, may use both her own measurements and the helper data to attempt to estimate the secret key and identifier. Our setup focuses on authentication scenarios where channel statistics are uncertain, with the involved parties employing multiple antennas to enhance signal reception. Our contributions include deriving inner and outer bounds on the optimal trade-off among secret-key, storage, and privacy-leakage rates for general discrete sources, and showing that these bounds are tight for Gaussian sources.

Paper Structure

This paper contains 20 sections, 14 theorems, 72 equations, 3 figures.

Table of Contents

  1. Introduction
  2. Motivations
  3. Related Work
  4. Main Challenges and Contributions
  5. Modeling Assumptions
  6. Notation and Paper Organization
  7. Problem Statement
  8. Main Results
  9. Discrete Sources
  10. Gaussian Sources
  11. Numerical Examples
  12. Concluding Remarks and Future Directions
  13. Proof of Propositions \ref{['inner-bound']} and \ref{['discrete-result-outer']}
  14. Proof of Proposition \ref{['inner-bound']}
  15. Proof of Proposition \ref{['discrete-result-outer']}
  16. ...and 5 more sections

Key Result

Proposition 1

We have where auxiliary random variables $V$ and $U$ satisfy the Markov chain $V-U-\Tilde{\mathbf{X}}-X-(\mathbf{Y}_k,\mathbf{Z}_l)$ for all $k \in \mathcal{K}$ and $l \in \mathcal{L}$, and $|\mathcal{V}| \le |\Tilde{\mathbfcal{X}}| + 6$ and $|\mathcal{U}| \le (|\Tilde{\mathbfcal{X}}| + 2(|\mathcal{K}|+|\ma

Figures (3)

  • Figure 1: An authentication scheme based on secret-key generation with PUFs. The eavesdropper (Eve) is a passive adversary who is interested in learning the secret key and the source identifier, but does not interfere with the communication mechanism of the system.
  • Figure 2: Illustration of the system model in State $(k,l)$.
  • Figure 3: (a) the relation of storage and secret-key rates in the GS model, (b) the secret-key and storage rates for a given value of $\alpha$ in the GS model, and for given a storage rate, a comparison of the secret-key and privacy-leakage rates in the GS and CS models are shown in (c) and (d), respectively.

Theorems & Definitions (30)

  • Definition 1: GS model
  • Definition 2: CS model
  • Definition 3: GS model
  • Definition 4: CS model
  • Proposition 1: Inner bounds
  • proof
  • Proposition 2: Outer bounds
  • proof
  • Corollary 1: Capacity regions
  • proof
  • ...and 20 more