Professional Documents
Culture Documents
AbstractWe consider secret key generation by a pair of mobile nodes utilizing observations of their relative locations in the
presence of a mobile eavesdropper. In our proposed algorithm, the
legitimate node pair makes noisy observations of the relative locations of each other. Based on these observations, the nodes generate
secret key bits via information reconciliation, data compression,
and privacy amplification. We characterize a theoretically achievable secret key bit rate in terms of the observation noise variance
at the legitimate nodes and the eavesdropper and show that the
performance of our algorithm is comparable to the theoretical
bounds. We also test our algorithm in a vehicular setting based
on observations made using wireless beacon exchange between the
legitimate nodes. To achieve this, we used TelosB wireless radios
mounted on the sides of the vehicles on local roads and freeways.
Note that our approach relies solely on distance reciprocity, and
thus, it is not restricted to the use of wireless radios and can be
used with other localization systems (e.g., infrared and ultrasound
systems) as well. Overall, this study proves, via both information
theoretic and practical analysis, that localization information provides a significant additional resource for secret key generation in
mobile networks.
Index TermsInformation theoretic secrecy, localization, secret
key generation, vehicular security, wireless security.
I. I NTRODUCTION
Manuscript received November 28, 2013; revised March 24, 2014 and
May 26, 2014; accepted July 8, 2014. Date of publication July 24, 2014;
date of current version June 16, 2015. This work was supported in part by
the National Science Foundation under Grant CNS-1054738, Grant CNS0831919, and Grant CCF-0916664. This work was presented in part in the
Workshop on Physical Layer Security, Globecom 2011. The review of this
paper was coordinated by Dr. M. Elkashlan.
The authors are with the Department of Electrical and Computer Engineering, The Ohio State University, Columbus, OH 43210 USA.
Color versions of one or more of the figures in this paper are available online
at http://ieeexplore.ieee.org.
Digital Object Identifier 10.1109/TVT.2014.2342714
0018-9545 2014 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.
See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
2215
3) Evaluate the performance of our algorithm via simulations, and show that it is comparable to the information
theoretic bounds on key capacity, i.e., the loss that we
attain by implementing computationally feasible algorithms is not large.
4) Illustrate via real-world experiments in vehicular settings that our algorithm can be implemented using
on-the-shelf devices without any modification on the
physical layer, and demonstrate that provably secure
keys can be generated even under extremely pessimistic
settings.
5) Develop an opportunistic beacon exchange algorithm that
achieves positive secrecy rates even when the adversary
obtains better localization information on average.
To the best of our knowledge, this is the first work that provides
both theoretical and practical analyses on secret key generation
via localization. Our system can be valuable in a number of possible applications, including intelligent transportation systems,
tactical networks, mobile secure crowd sensing, wireless LANs,
and Internet of things. We would like to emphasize that, in
any application, our system based on localization and mobility
does not have to be the only mechanism to generate secret key
bits. Instead, its robustness puts our system in a position to
play an excellent supporting role for other existing methods,
particularly for key generation via wireless channel gains.
A. Related Work
The generation of a secret key from relative localization
information can be categorized under source model of information theoretic secrecy, which studies the generation of secret key
bits from common randomness observed by legitimate nodes.
In his seminal paper [1], Maurer showed that, if two nodes
observe correlated randomness, then they can agree on a secret
key through public discussion. He provided upper and lower
bounds on the achievable secret key rates. Although the bounds
have been improved later [2], [3], the secret key capacity of
the source model, in general, is still an open problem. Despite
this fact, the source model has been utilized in several different
settings [4][6].
There is a vast amount of literature on localization (see,
e.g., [8] and [9] for wireless localization, [15] for infrared
localization, and [16] for ultrasound localization). There has
been some focus on secure localization and position-based
cryptography [10][13]; however, these works either consider
key generation in terms of other forms of secrecy (i.e., computational secrecy) or fall short of covering a complete information
theoretic analysis.
A similar line of work in wireless network secrecy considers channel identification [14] for secret key generation using
wireless radios. Based on the channel reciprocity assumption,
nodes at both ends experience the same channel, corrupted
by independent noise. Therefore, nodes can use their channel
magnitude and phase response observations to generate secret
key bits from public discussion. The literature on channel
identification-based secret key generation is vast. The authors
of [20][25] study key generation with on-the-shelf devices,
under the 802.11 development platform using a two-way radio
2216
TABLE I
L IST OF VARIABLES
Fig. 1.
2217
TABLE II
N ODES O BSERVATIONS
C. Attacker Model
Fig. 2. With GLI, the nodes obtain noisy observations of the relative orientation of each other with respect to the x-axis.
D. Notion of Security
We consider the typical definition of source model of information theoretic secrecy under a passive eavesdropper: We
assume that there exists an authenticated error-free public
channel, in which the legitimate nodes can communicate to
agree on secret keys, based on the observations of the distances
and angles (o1 and o2 ) obtained during beacon exchange.
This process, commonly referred to as public discussion [1],
is a T step message exchange protocol, where, at any step
2218
j {1, 2}
(4)
(5)
j {1, 2}.
(6)
Step 0: Quantization
(, ) : L L = {1 . . . M }2
lj [i] (lj [i])
s
j [i] [l1 [i], l2 [i], le [i]]
Step 1: Localization
a: Beacon Exchange
for slot i = 1 : n do
if No GLI then
oj [i] dj [i], j {1, 2}
oe [i] [d1e [i], d2e [i], e [i]]
else if Perfect GLI then
oj [i] [dj [i], j [i]], j {1, 2}
oe [i] [d1e [i], d2e [i], 1e [i], 2e [i]]
end if
end for
b: Viterbi Algorithm
node j {1, 2}
for slot i = 1 : n do
for s [i 1] {1 . . . M }6 do
for s [i] {1 . . . M }6 do
if f (oj [1], . . . , oj [i], j (s [i1]), s [i]) > f (oj [1],
. . . , oj [i], j (s [i])) then
j (s [i]) (j (s [i 1]), s [i])
end if
end for
end for
end for
s
j [n] arg maxj (s [n]) f (j (s [n]), oj )
Step 2: Public Discussion
for slot i = 1 : n do
vj [i] (d
j [i] dj [i 1])
end for
(u1 , u2 , ue ) CASCADE(v1 , v2 , ve )
Step 3: Data Compression
qj Hc (uj ), j {1, 2}
Step 4: Privacy Amplification
kj Ha (qj , nR), j {1, 2}
A. Quantization
First, the nodes quantize the field L. Quantization is required
for the nodes to efficiently calculate the location estimates and
store them in their buffers for use in the subsequent public
discussion phase. In our algorithm, we consider the uniform
2-D quantization function , which is
(l, ) =
III. K EY G ENERATION A LGORITHM
In this section, we briefly explain our algorithm in five parts
and provide the complete scheme in Algorithm 1. For guidance,
the main steps are sketched in Fig. 3 for node 1. Prior to the first
stage, one of the legitimate nodes is appointed to be the master
arg min
,uZ2
k:k= u
k l
quantized states s = [l
= (L )3 .
1 , l2 , le ], where s S
s = [l1 , l2 , le ], where
s
j = arg max P(s |oj ),
s S
j {1, 2}.
(7)
Note that s
j = [l1,j l2,j le,j ], where l1,j is node js maximum
likelihood estimate of the node 1 location vector.3 The terms
s
j are obtained efficiently by using the Viterbi algorithm as
explained in our technical report [34]. Note the following.
1) For very small , it is not computationally feasible to
run the Viterbi algorithm since the quantized state size
|S | as 0.
2) If mobility statistics is not available at the nodes, then the
ML estimate of the node locations at a given slot depends
solely on the observations on the particular slot.
For these cases, we skip the Viterbi algorithm. For the perfect
GLI, instead of (7), we use
l [i] = l [i] + d1 [i]1 [i], l [i] = l [i] + d2 [i]2 [i]
2,1
1
1,2
2
i. Note that, in perfect GLI, each node knows its global
s
estimates, i.e., we set s
1 = d1 and
1 = d2 .
C. Binary Conversion and Public Discussion
First, each node j {1, 2} obtains an initial m bit binary
sequence
vj [i] = l1,j
[i] l2,j
[i], m
(8)
2219
(9)
where > 0 can be chosen low enough such that the reliability
constraint is satisfied. The process is referred to as information
reconciliation by public discussion [1]. In our algorithm, we use
the cascade reconciliation protocol [29], which is covered in
our technical report [34]. Cascade protocol performs efficiently
when the BMR of the initial sequences is low enough such
that [29]
BMR(v1 , v2 ) < 0.15.
(10)
j {1, 2}
(11)
= R /m.
E. Privacy Amplification
Legitimate nodes will map their compressed keys q1 and q2
into shorter sequences, k1 and k2 , of key bits in such a way that
perfect secrecy condition (6) in Definition 1 is satisfied. We use
the following universal hash function for privacy amplification.
Let Ha (x, R) denote
Ha (x) = LSBnR (a x)
(12)
2220
1
H q1 |oe , {C1 [t], C2 [t]}Tt=1 .
n
(13)
However, the calculation of (13) may be computationally infeasible, as discussed in [32]. In our technical report [34], we
approximate R to obtain
R = BMRe log(BMRe )
(1 BMRe ) log(1 BMRe )
T
n
(14)
and privacy amplification. Thus, these bounds are valid for any
key generation scheme that satisfies Definition 1.
Theorem 1: A lower bound RL and an upper bound RU
on the perfectly reliable key rate achievable through public
discussion are
1
RL = max lim [I(o1 ; o2 ) I(o1 ; oe )]+
n n
1
+
lim [I(o2 ; o1 ) I(o2 ; oe )]
(15)
n n
1
min {I(o1 ; o2 ), I(o1 ; o2 |oe )}
n n
RU = lim
(16)
(17)
(18)
j {1, 2, e}
4 In [18, Prop. 7], general upper and lower bounds are provided, including
the case where the source processes are not ergodic. In our system model, o1 ,
o2 , and oe are ergodic processes, and therefore, these lower and upper bounds
reduce to (15) and (16), respectively [17].
2221
(d1e ) +
2
(d2e )
(d1e ) +
(d2e )
(d1e , d2e )
(25)
+ 4d1e d2e +64(d1e d2e )2 (d1e , d2e )
(23)
Clearly, the achievable key rates depend highly on the functions , , and . In Section V-C, we evaluate the key rate
performance of our algorithm for particular choices of , ,
and and compare with the theoretical bounds in Section IV.
We emphasize that our key generation algorithm works in
the general case, without the aforementioned assumptions on
the node locations following a Markov process and with the
distance and angle observations being Gaussian, as illustrated
in experimental results in Section VI.
Note that there may be a bias on these observations due to
small scale fading [19]. The effect of biased observations is
considered in our technical report [34].
(24)
lim
P 1
2
RL
= lim
log(P ) P
1
2
RU
= 1.
log(P )
2222
(27)
(28)
B[i] =
6
P(s
1 [0]) 1/M , s1 [0] {1 . . . M }
for slot i = 1 : n do
0
for s [i 1] {1 . . . M }6 do
for s [i] {1 . . . M }6 do
x1 1((d12 [i]) > A[i] + B[i]|s [i])
x2 f (oj [1], . . . , oj [i 1], s [i 1])
x3 P(s [i]|s [i 1])
+ x1 x2 x3
end for
end for
if < or CTR c then
NODE 1 TX BEACON
NODE 2 TX BEACON
oj [i] (dj [i], )
CTR 0
else
NODE 1 SILENT
NODE 2 SILENT
oj [i]
CTR CTR + 1
end if
end for
If the other legitimate node receives a beacon during slot i, it
replies back with a beacon; otherwise, it remains silent. At the
end of slot i, the nodes update their observations such that, if no
beacons have been transmitted, then oj [i] = for j {1, 2, e}.
The probability in (29) can be efficiently approximated with
linear complexity using the forward algorithm, as provided in
Algorithm 2 and illustrated in Appendix A-1.
Remarks:
If the mobility is i.i.d., then no advantage in terms of secret
key rate can be obtained by using opportunistic beacon
transmission. Still, power would be more efficiently utilized due to less beacon exchanges.
The algorithm works when the statistical knowledge of
eavesdropper mobility is available at the legitimate nodes.
Despite the fact that the eavesdropper is passive, it is reasonable to assume certain mobility models under specific
settings (e.g., vehicular applications).
In Section V-C, we show that our algorithm achieves nonzero
secret key rates for some cases that yield zero secrecy rates
when a beacon is transmitted every time slot. We also compare
our algorithm with the genie-aided case, in which a genie knows
the exact locations of all the nodes in the field and tells the
nodes to skip beacon transmission at slot i when the condition
(d12 [i]) max > (A[i] + B[i]) e
2223
0,
otherwise.
For no GLI, we choose (d) = 0.1 + d2 and (d1e , d2e ) =
(/(1.1 + (d21e + d22e ))), and for perfect GLI, we choose
(dje ) = (/(1.1 + d2je )) such that both parameters are
strictly increasing functions of the distances.7 We assume that
nodes employ identical location sensors, and the observation
variance term is a function of the number of sensors: Since
the observation noise in different sensors is i.i.d. Gaussian, the
maximum ratio combining yields
a single less noisy Gaussian
observation such that 1 = 1/ K1 , where K1 is the number of
sensors in node 1, and we similarly define 2 , e . We consider
identical nodes (1 = 2 = e = 1) unless stated otherwise.
The theoretical key rates are calculated using the forward
algorithm procedure described in our technical report [34].
Results: Due to computational limitations explained in
Section III-B, we consider examples in which M 11 and
B 3. Note that this choice limits the maximum achievable
secret key rate.8 First, we compare the performance of our
key generation algorithm with the theoretical capacity bounds
in Section IV. Recall that the theoretical lower bound RL is
achieved by using random coding arguments which are not feasible to implement due to computational complexity. Therefore,
our algorithm is expected to perform worse than RL since it is
implemented using computationally efficient tools, such as the
Viterbi algorithm, cascade algorithm, etc. In Fig. 4, we plot the
key rates with respect to the normalized beacon power P/02 for
M = 5, A = 5, and B = 1, where 02 denotes the variance of
distance observations dj [i] of legitimate nodes at unit distance.
We show that, even in this grid with a small number of possible
locations, we can generate reliable key bits comparable with
RL . The key rate starts to decrease at a certain beacon power,
7 A similar model for distance observation noise is used in [8]. Since
e
[0, ], the angle observation error variance cannot diverge with distance, and
we upper bounded the variance term by /1.1. To avoid zero error variances at
zero distance, we introduce a 0.1 offset to the numerator and denominator of
and , respectively.
8 For instance, for B = 1, there are 13 different possible distance combinations. Consequently, a key rate of log 13 is an absolute upper bound for no GLI,
even in the case when the eavesdropper obtains no observation.
2224
Fig. 8.
Fig. 9.
2225
TABLE III
ACHIEVED K EY R ATES (B ITS /S ECOND )
VIA OUR K EY G ENERATION A LGORITHM
2226
VII. C ONCLUSION
Fig. 12. Bit error patterns before and after public discussion.
TABLE IV
R ANDOMNESS T EST R ESULTS FOR THE K EY G ENERATION A LGORITHM
e [i])
x=(d1e [i],d2e [i],
subject to
f d1 [i]|x dx
f(u)du = 1.
(31)
de [i] =
d1e [i]2 + d2e [i]2 2d1e [i]d2e [i] cos e [i]
P s [i]|s [i 1] f oj [i]|s [i] ds [i 1].
(29), e.g., (d
12 , dje , e ). Hence, the probability in (29) can be
efficiently calculated.
(32)
2227
(34)
10 However, the converse is not true since d [i] is not a sufficient statistic of
e
A PPENDIX B
P ROOFS OF T HEOREMS IN S ECTION V-A
A. Proof of Theorem 2
We provide three lemmas that will be useful in the proof.
Lemma 1: Let x and y be random variables. Then
Var(x + y) 2Var(x) + 2Var(y).
(35)
>
1.
Let
=
1 + /(1 + ). Then,
Var( [1 + x]+ ) Var(x).
Lemma 3: Let x, y be random variables. Then
Var E 1 (1 + x)+ |y E (E [|x| | y])2 .
The proofs of Lemmas 1, 2, and 3 are provided in our technical
report [34] due to space constraints. Assume, without loss of
e =
generality, that min = min(1 , 2 ) = 1 . When
1
I(d1 ; d2 |d1e , d2e , e )
n n
1
1 |d12 ) (36)
h(d1 |d1e , d2e , e ) h(d
lim
n n
n
1
e [i])
lim
h(d1 [i]|d1e [i], d2e [i],
n n
i=1
h(d1 [i] d12 [i]|d12 [i])
RU = lim
(37)
1 d12 (d
2, d
1e ,
where (36) follows from the fact that d
de =
d21e + d22e 2d1e d2e cos(e ) .
2228
Then
h(d1 |d1e , d2e , e ) h(d1 |de ) h(d1 de ).
(39)
Note that, for a given variance, Gaussian distribution maximizes the entropy. Therefore, the entropy of a Gaussian random
variable that has a variance identical to that of d1 de will be
an upper bound for (39). We proceed as follows:
Var(d1 de ) = E Var(d1 de |d12 , d1e , d2e )
(40)
+ Var E[d1 de |d12 , d1e , d2e ]
where (40) follows since, for any dependent random variables x
and y, Var(x) = E[Var(x|y)] + Var(E[x|y]). Now, we upper
bound the first term of (40). Note that
Var(d1 de |d12 , d1e , d2e ) = Var(d1 |d12 )
+ Var(de |d12 , d1e , d2e )
(41)
(d12 )1
.
P
(42)
16e
E
4(d1e + d2e )2 ((d1e ) + (d2e ))
P d212
1
+ 4(d1e d2e )2 (d1e , d2e ) + o
P
(47)
(48)
Then
[1 + ]+
= Var d12 E 1 (1 + )+ |d12 , d1e , d2e
(49)
E d212 (E [|| |d12 , d1e , d2e ])2
(50)
(43)
(44)
1
2
2
E
2(d1e + d2e ) (|w1e | + |w2e |) + w1e
+ w2e
d212
2
2e
=E
P d212
2(d1e + d2e )
(d1e ) + (d2e )
(d1e ) + (d2e )
P e
(d1e ) + (d2e )
P
2
(51)
2e
=E
P d212
2
4(d1e + d2e )2
(d1e ) + (d2e )
e
8(d1e +d2e )d1e d2e
(d1e )+ (d2e )
e
1
(d1e , d2e ) + o
.
(52)
P
where (49) follows from the fact that de = d12 (1 + )+ , and
(50) follows from Lemma 3. Finally, we obtain
+
(54)
2
+ 4(d1e +d2e )2 (d1e )+ (d2e )
+ 4d1e d2e +64(d1e d2e )2 (d1e , d2e )
+ 8(d1e + d2e )d1e d2e
1
E log
2
>
(58)
(59)
(60)
{e [j]}i1
j=1
+o
0.5
2d1e [i]d2e
[i] cos (e [i])) |d1e , d2e
1
P
(57)
(53)
1
log
2
e d212 1
2E 2
(d12 )
d12 P
e
1
h(d1 |d1e , d2e )
n
1
= lim h(d12 |d1e , d2e )
n n
n
1
h d12 [i]|d1e , d2e , {e [j]}i1
= lim
j=1
n n
i=1
n
1
= lim
h d1e [i]2 + d2e [i]2
n n
i=1
lim
P,n
2229
21 (d12 )
P
(55)
1
I(d1 ; d2 |d1e , d2e )
n
1
1 |d
1e , d
2e ) h(d
1 |d12 )
lim (h(d
n n
RU = lim
where (53) follows from (37) and (39), and (54) follows from
(61)
the fact that the entropy of d1 de is upper bounded by the
entropy of a Gaussian random variable with the same variance. where the first term of (61) is finite. The second term can be
The first term of (55) is obtained by combining (42), (48), and upper bounded as
(52), and the second term of (55) follows from (38). As P
1
, the P terms in (55) cancel each other since, for any random
h(d1 |d12 ) = h(w1 |d12 )
n
variables u and v
21 (d12 )
1
log
E
1
u
v
2
P
+o
E log
= log E[u] E[log v]
lim log E
P
P
P
P
1
1
= E [log (21 (d12 ))] log(P )
2
2
hence, limP RU < .
therefore, limP (RU /(1/2) log(P )) 1. Since RL RU
by definition, the proof is complete.
B. Proof of Theorem 3
e = .
When the eavesdropper does not observe the angle,
Hence
1
1 |d
2) .
h(d1 |d1e , d2e ) h(d
(56)
RL = lim
n n
ACKNOWLEDGMENT
The authors would like to thank Prof. P. Sinha and his team
for sharing the vehicular experiment data.
2230
R EFERENCES
[1] U. M. Maurer, Secret key agreement by public discussion from common information, IEEE Trans. Inf. Theory, vol. 39, no. 3, pp. 733742,
May 1993.
[2] R. Ahlswede and I. Csiszar, Common randomness in information theory
and cryptography. I. Secret sharing, IEEE Trans. Inf. Theory, vol. 39,
no. 4, pp. 11211132, Jul. 1993.
[3] U. M. Maurer and S. Wolf, Unconditionally secure key agreement and
the intrinsic conditional information, IEEE Trans. Inf. Theory, vol. 45,
no. 2, pp. 499514, Mar. 1999.
[4] I. Csiszar and P. Narayan, Secrecy capacities for multiterminal channel models, IEEE Trans. Inf. Theory, vol. 54, no. 6, pp. 24372452,
Jun. 2008.
[5] U. M. Maurer and S. Wolf, Secret-key agreement over unauthenticated
public channels.I. Definitions and a completeness result, IEEE Trans. Inf.
Theory, vol. 49, no. 4, pp. 822831, Apr. 2003.
[6] I. Csiszar and P. Narayan, Common randomness and secret key generation with a helper, IEEE Trans. Inf. Theory, vol. 46, no. 2, pp. 344366,
Mar. 2000.
[7] U. M. Maurer and S. Wolf, Information-theoretic key agreement: From
weak to strong secrecy for free, in Advances in Cryptology, EUROCRYPT 2000. Berlin, Germany: Springer-Verlag, 2000, pp. 351368.
[8] S. Gezici et al., Localization via ultra-wideband radios: A look at positioning aspects for future sensor networks, IEEE Signal Process. Mag.,
vol. 22, no. 4, pp. 7084, Jul. 2005.
[9] Y. Shen and M. Z. Win, Fundamental limits of wideband localization,
part I: A general framework, IEEE Trans. Inf. Theory, vol. 56, no. 10,
pp. 49564980, Oct. 2010.
[10] H. Buhrman, N. Chandran, V. Goyal, R. Ostrovsky, and C. Schaffner,
Position-based quantum cryptography: Impossibility and constructions,
SIAM J. Comput., vol. 43, no. 1, pp. 150178, 2014.
[11] A. Srivinasan and J. Vu, A survey on secure localization in wireless sensor networks, in Encyclopedia of Wireless and Mobile Communications.
Boca Raton, FL, USA: CRC, 2007.
[12] R. Poovendran, C. Wang, and S. Roy, Secure Localization and Time
Synchronization for Wireless Sensor and Ad-Hoc Networks. New York,
NY, USA: Springer-Verlag, 2007.
[13] N. Chandran, V. Goyal, R. Moriarty, and R. Ostrovsky, Position based
cryptography, in Advances in CryptologyCRYPTO 2009. Berlin,
Germany: Springer-Verlag, 2009.
[14] R. Wilson, D. Tse, and R. A. Scholtz, Channel identification: Secret sharing using reciprocity in ultrawideband channels, in Proc. IEEE ICUWB,
Sep. 2426, 2007, pp. 270275.
[15] N. Kirchner and T. Furukawa, Infrared localisation for indoor UAVs, in
Proc. ICST, 2005, pp. 6065.
[16] A. R. Jimenez and F. Seco, Ultrasonic localization methods for accurate
positioning, Inst. Autom. Ind., Madrid, Spain, 2005.
[17] S. Verdu and T. S. Han, A general formula for channel capacity, IEEE
Trans. Inf. Theory, vol. 40, no. 4, pp. 11471157, Jul. 1994.
[18] M. R. Bloch and J. N. Laneman, Strong secrecy from resolvability,
IEEE Trans. Inf. Theory, vol. 59, no. 12, pp. 80778098, Dec. 2013.
[19] D. Jourdan, D. Dardari, and M. Win, Position error bound for UWB
localization in dense cluttered environments, IEEE Trans. Aerosp.
Electron. Syst., vol. 44, no. 2, pp. 613628, Apr. 2008.
[20] S. Mathur, W. Trappe, N. Mandayam, C. Ye, and A. Reznik, Radiotelepathy: Extracting a secret key from an unauthenticated wireless channel, in Proc. ACM MobiCom, New York, NY, USA, pp. 128139.
[21] S. Jana et al., On the effectiveness of secret key extraction from wireless
signal strength in real environments, in Proc. ACM MobiCom, New York,
NY, USA, pp. 321332.
[22] J. Zhang, S. K. Kasera, and N. Patwari, Mobility assisted secret key
generation using wireless link signatures, in Proc. IEEE INFOCOM,
Mar. 1419, 2010, pp. 15.
[23] N. Patwari, J. Croft, S. Jana, and S. K. Kasera, High-rate uncorrelated bit extraction for shared secret key generation from channel
measurements, IEEE Trans. Mobile Comput., vol. 9, no. 1, pp. 1730,
Jan. 2010.
[24] C. Ye et al., Information-theoretically secret key generation for fading
wireless channels, IEEE Trans. Inf. Forensics Security, vol. 5, no. 2,
pp. 240254, Jun. 2010.
[25] S. Banerjee and A. Mishra, Secure spaces: Location-based secure
group communication for wireless networks, in Proc. ACM MobiCom,
Sep. 2002, vol. 7, pp. 6870.
[26] A. Pierrot, R. Chou, and M. Bloch, Practical Limitations of SecretKey Generation in Narrowband Wireless Environments, Dec. 2012,
arXiv:1312.3304 [cs.IT].
Fangzhou Chen received the B.S. degree in electrical and communication engineering from Zhejiang
University, Hangzhou, Zhejiang, China in 2010. He
is currently working toward the Ph.D. degree with
the Department of Electrical and Computer Engineering, The Ohio State University, Columbus,
OH, USA.
His research interests include wireless communication and networks and information theoretic
security.