How to Test the Randomness from the Wireless Channel for Security?

TL;DR

This paper critically examines how wireless channel randomness testing impacts security and efficiency in secret key generation, proposing guidelines to improve security assurance and key rate.

Contribution

It introduces a new adversary model, analyzes the misuse of randomness tests, and provides guidelines to enhance security and efficiency in wireless key generation.

Findings

Common randomness tests do not guarantee security.

Misuse of privacy amplification reduces key security.

Guidelines significantly improve key security and rate.

Abstract

We revisit the traditional framework of wireless secret key generation, where two parties leverage the wireless channel randomness to establish a secret key. The essence in the framework is to quantify channel randomness into bit sequences for key generation. Conducting randomness tests on such bit sequences has been a common practice to provide the confidence to validate whether they are random. Interestingly, despite different settings in the tests, existing studies interpret the results the same: passing tests means that the bit sequences are indeed random. In this paper, we investigate how to properly test the wireless channel randomness to ensure enough security strength and key generation efficiency. In particular, we define an adversary model that leverages the imperfect randomness of the wireless channel to search the generated key, and create a guideline to set up randomness testing and privacy amplification to eliminate security loss and achieve efficient key generation rate. We use theoretical analysis and comprehensive experiments to reveal that common practice misuses randomness testing and privacy amplification: (i) no security insurance of key strength, (ii) low efficiency of key generation rate. After revision by our guideline, security loss can be eliminated and key generation rate can be increased significantly.