A Channel Perceiving Attack on Long-Range Key Generation and Its Countermeasure

TL;DR

This paper investigates a new attack on long-range wireless key generation exploiting large-scale fading effects, and proposes a countermeasure that enhances security by filtering out these effects, validated through extensive experiments.

Contribution

It introduces a colluding-eavesdropping attack on LoRa-based key generation and proposes a novel countermeasure to mitigate large-scale fading influence, improving security in long-range wireless communications.

Findings

The attack reduces secret key capacity under large-scale fading conditions.

The proposed countermeasure significantly increases eavesdropper's key disagreement rate.

Legitimate key generation maintains low KDR and passes randomness tests.

Abstract

The physical-layer key generation is a lightweight technique to generate secret keys from wireless channels for resource-constrained Internet of things (IoT) applications. The security of key generation relies on spatial decorrelation, which assumes that eavesdroppers observe uncorrelated channel measurements when they are located over a half-wavelength away from legitimate users. Unfortunately, there is no experimental validation for communications environments when there are large-scale and small-scale fading effects. Furthermore, while the current key generation work mainly focuses on short-range communications techniques such as WiFi and ZigBee, the exploration with long-range communications, e.g., LoRa, is rather limited. This paper presents a LoRa-based key generation testbed and reveals a new colluding-eavesdropping attack that perceives and utilizes large-scale fading effects in key generation channels, by using multiple eavesdroppers circularly around a legitimate user. We formalized the attack and validated it through extensive experiments conducted under both indoor and outdoor environments. It is corroborated that the attack reduces secret key capacity when large-scale fading is predominant. We further investigated potential defenses by proposing a conditional entropy and high-pass filter-based countermeasure to estimate and eliminate large-scale fading associated components. The experimental results demonstrated that the countermeasure can significantly improve the key generation's security when there are both varying large-scale and small-scale fading effects. The key bits generated by legitimate users have a low key disagreement rate (KDR) and validated by the NIST randomness tests. On the other hand, eavesdroppers' average KDR is increased to 0.49, which is no better than a random guess.