IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 8, NO.
11, NOVEMBER 2013
SmokeGrenade: An Efficient Key Generation
Protocol With Artificial Interference
Dajiang Chen, Zhen Qin, Member, IEEE, Xufei Mao, Member, IEEE, Panlong Yang, Member, IEEE,
Zhiguang Qin, Member, IEEE, and Ruijin Wang
Abstract—Leveraging a wireless multipath channel as the source
of common randomness, many key generation methods have been
proposed according to the information-theory security. However,
existing schemes suffer a low generation rate and a low entropy,
and mainly rely on nodes’ mobility. To overcome this limitation,
we present a key generation protocol with known artificial inter-
ference, named SmokeGrenade, a new physical-layer approach for
secret key generation in a narrowband fading channel. Our scheme
utilizes artificial interference to contribute to the change of mea-
sured values on channel states. Our theoretical analysis shows that
the key generation rate increases with the increment of the interfer-
ence power. Particularly, the achievable key rate of SmokeGrenade
gains three times better than that of the traditional key generation
schemes when the average interference power is normalized to 1.
Simulation results also demonstrate that SmokeGrenade achieves a
higher generation rate and entropy compared with some state-of-
the-art approaches.
Index Terms—Secret key generation, artificial interference,
physical layer security, wireless security.
I. INTRODUCTION
A LONG with the proliferation of wireless devices over
the past several decades, wireless security have attracted
much attention since wireless communication is prone to being
attacked, (e.g., eavesdropping, message modification, and node
impersonation) due to the broadcast nature of wireless commu-
nications. Generally speaking, secret keys should be established
Manuscript received January 21, 2013; revised April 26, 2013 and August
11, 2013; accepted August 11, 2013. Date of publication August 16, 2013; date
of current version September 26, 2013. This work was supported in part by
the National Nature Science Foundation of China (Grant 61272426, 61133016,
61300191), in part by China Postdoctoral Science Foundation funded project
under Grants 2012M510029 and 2013T60119, in part by the Project on the
Integration of Industry, Education and Research of Guangdong Province
(Grant 2012B091000054), and in part by the National High Technology Joint
Research Program of China (863 Program, Grant 2011AA010706). This work
was also supported in part by the Important National Science and Technology
Specific Project of China (20112X03002-002-03). The associate editor coor-
dinating the review of this manuscript and approving it for publication was
Prof. Y.-W. Peter Hong.
D. Chen, Z. Qin, and R. Wang are with the School of Computer Science
and Engineering, University of Electronic Science and Technology of China,
Chengdu 611731, China (e-mail: dajiangchen2010@gmail.com; qinzg@uestc.
edu.cn; wrj8882003@gmail.com).
Z. Qin is with the School of Communication and Information Engineering,
University of Electronic Science and Technology of China, Chengdu 611731,
China (e-mail: qinzhen@uestc.edu.cn).
X. Mao is with the School of Software and TNLIST, Tsinghua University,
Beijing 100083, China (e-mail: xufei.mao@gmail.com).
P. Yang is with the Institute of Communication Engineering, PLA
University of Science and Technology, Nanjing 210007, China (e-mail:
panlongyang@gmail.com).
Color versions of one or more of the figures in this paper are available online
at http://ieeexplore.ieee.org.
Digital Object Identifier 10.1109/TIFS.2013.2278834
1556-6013 © 2013 IEEE
Authorized licensed use limited to: University of Electronic Science and Tech of China. Downloaded on March 13,2023 at 13:14:07 UTC from IEEE Xplore. Restrictions apply.
1731
between authorized parties before communications in order to
protect the confidentiality, integrity, and authenticity of the in-
formation. Unfortunately, wireless devices are usually powered
by batteries and have constrained computing ability such that
some traditional cryptography methods (e.g., Diffie-Hellman
key exchange scheme [3]), whose performance rely upon
computational hardness of problems, face severe tests.
Recently, some promising alternative approaches [13]–[17]
have been proposed to generate secret keys according to infor-
mation theoretical security. These approaches can work prop-
erly by employing the special properties of wireless channels
between two communicating devices, including (1) Temporal
variations in the radio channel: the channel fading is random
along with time due to multipath propagation; (2) Spatial vari-
ations: the properties of the radio channel are independent to the
locations of the two endpoints of a link. Hence, an eavesdropper
at a third location more than half-wavelength away from either
endpoint measures a different and uncorrelated radio channel;
and (3) Reciprocity of radio wave propagation: the multipath
properties of radio channels (e.g., gains, phase shifts, and de-
lays) at any time are identical on both directions of a link. Based
on aforementioned properties, one observation is that there in-
deed exists a natural random source in wireless communications
for the secrecy extraction.
Unfortunately, existing practical systems still suffer from the
following major limitations, including: (1) a low key genera-
tion rate due to the fact that existing physical-layer-based (PHY-
based) key generation schemes rely on channel variation and
they cannot generate new secret bits unless the channel changes.
For instance, the state-of-the-art highest achieved secrecy rate is
only 40 bps [17]. Furthermore, achieving this rate relies on node
mobilities and leads to 4% disagreement bit rate between com-
munication nodes at the same time; (2) vulnerable to predicable
channel attacks since the channel change in coherence time is
great slowly and the entropy of key bits is low; (3) performing
badly in stationary scenarios due to infrequent and small scale
variations in the channel measurements. According to the anal-
ysis in [15], in static scenarios, the extracted key bits have a very
low entropy which makes these bits unsuitable for a secret key.
In addition, the key generation may be modeled and predicted
by an eavesdropper in such static environments. Furthermore,
as we show in Section IV, if there exist jamming signals while
the keying nodes send probes to each other for channel mea-
surement, the key generation rate degrades rapidly.
In this work, we study the security key generation problem,
especially for the following scenario: one node (named Alice)
wants to establish a symmetrical key with another node (named
Carol) under the assistance of a “helper” node (saying Bob) in
 1732 IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 8, NO. 11, NOVEMBER 2013
the presence of an eavesdropper node (saying Eve). In addition,
there is a secure channel shared between the helper and one of
the keying nodes (i.e., Alice or Carol). We present a new phys-
ical layer approach, named SmokeGrenade, for secret key gen-
eration problem in a narrowband fading channel and static envi-
ronments. Our approach utilizes artificial interference (or jam-
ming) to contribute to the changes of channel states. The basic
idea underlying SmokeGrenade is as follows. When the sender
Alice sends probes to the receiver node Carol, the helper node
Bob broadcasts artificial interference to change the measure-
ment value of channel states. To achieve this, there are mainly
two issues need to be carefully addressed.
How to ensure the correlation of information between Alice
and Carol. An intuitive strategy changing the channel states
with interference is that Bob broadcasts different jamming sig-
nals for Alice and Carol. However, as shown in Section IV,
due to the interference asymmetry, the relevance of informa-
tion between Alice and Carol is reduced rapidly so that this ap-
proach does not work since the correlation of the information
between keying nodes is the base of key extraction, Another
way is to broadcast the same jamming signals between Alice
and Carol. However, in this case, we cannot avoid that Eve ob-
tains the information about the interference at the same time.
SmokeGrenade addresses this problem using a secure channel,
i.e., Bob sends the interference signals to Alice over a secure
channel in order to maintain the correlation between Alice and
Carol. In addition, by using this secure channel, the helper can
send other useful messages (e.g., the channel state information
between the helper and keying nodes) to Alice. The gain brought
by this secure channel is described in Section V.
How to ensure that the eavesdropper is not able to obtain any
information about the channel measurement at Alice and Carol.
If Bob transmits time-varying jamming signals only, Eve can es-
timate those signals as well. Due to the fact that the secret key
rate can be upper bounded by the conditional mutual informa-
tion between the observations of two keying nodes under the ob-
servations of Eve [5], the change of channel states hardly bring
the improvement of key rate. We address this issue by changing
the transmitted signals at both Alice and Bob in the solution.
Basically, we show that Eve cannot obtain any useful informa-
tion (details in Section V-B).
The main contributions are summarized as follows:
• For the known-interference model, we present
SmokeGrenade with a theoretically achievable key
generation rate. When all other related parameters are
fixed, we show that the key generation rate increases
with the increment of interference power. Particularly,
the theoretical achievable key rate of SmokeGrenade
gains at least three times better than that of traditional key
generation schemes when the average interference power
is normalized to 1.
• To the best of our knowledge, this is the first work that rig-
orously analyzes how interfere power impacts the perfor-
mance of a key generation protocol and how secret keys
are generated by using interference which contributes to
the changes of channel states.
The rest of the paper is organized as follows. In Section II,
we place our work in the context of related research in secret
Authorized licensed use limited to: University of Electronic Science and Tech of China. Downloaded on March 13,2023 at 13:14:07 UTC from IEEE Xplore. Restrictions apply.
key extraction. Section III lays out the system model and ad-
versary model used in this paper. In Section IV, we describe
the impact of Interference on the general key generation model.
Details of SmokeGrenade with complete analysis of its perfor-
mance are presented in Section V. Section VI details the simu-
lation studies. We finally conclude our work in Section VII.
II. RELATED WORK
There are many active research work related to PHY-based
secret key generation over the past several decades. Actually,
the related work can be traced back to Shannon’s work on in-
formation-theoretical formulation of secure communication [1]
and Wyner’s work on wiretap channel model [2]. Later, fol-
lowing [1] and [2], a large number of theoretical results that
characterize secrecy capacity appear, like work in [5], [7], [10],
[23]–[25], [28], [30]. However, they only aimed at deriving the-
oretical limits and did not provide practical key generation al-
gorithms in wireless networks due to the characteristics of non-
reachability of random coding. Based on aforementioned theo-
retical results, recently, several radio channel features have been
proposed for key extraction in wireless networks [13]–[17]. Un-
fortunately, they suffered from some problems such as a low
key generation rate, a low entropy of key bits and a high re-
liance on nodes mobility as well. To overcome these issues,
there are several solutions which have been proposed. For ex-
ample, Zeng et al. [18], proposed a key generation protocol by
exploiting multiantenna diversity with the cost of sacrificing
low complexity of transceivers. In [19], Gollakota et al. intro-
duced iJam, a channel-independent PHY-based technique to im-
prove the rate of channel changes. However, the security of the
system cannot be guaranteed when facing more powerful adver-
sary (such as the adversary has two directional antennas).
Some other related work (e.g., [20] and [22] studied this
problem from another point of view. For instance, in [20],
Wang et al. designed a suite of channel-phase-based key gen-
eration schemes that support both pairwise key generation and
group key generation. Liu et al. [22] addressed the problem of
performing secret key extraction for a group of wireless devices
by exploiting the readily available Received Signal Strength
(RSS) in radio channels.
Recently, cooperative jamming has recently been proposed
for improving PHY-based security for wireless networks in the
presence of an eavesdropper. In [28], [29], [31], [32], a trusted
third party jams the message signal from senders to receivers
such that the latter decode the distortion information by can-
celing the known jamming signal while an eavesdropper cannot
achieve this due to unknown jamming signal. A variation on the
above model was presented in [33] and [34]. Their main idea is
to let the sender itself transmit the key combined with a jamming
signal and a third party node transmit an anti-jamming signal
which cancels out the jamming signal at the receiver but not at
the adversary. All in all, the purpose of cooperative jamming is
to increase the interference at the adversary (i.e., regarding in-
terference as noise) and to eliminate the jamming signal at legit-
imate user such that the main channel (i.e., the channel between
a sender and a receiver) has less noise than the wiretap channel
(i.e., the channel between a sender and an eavesdropper). In this
 CHEN et al.: SMOKEGRENADE: AN EFFICIENT KEY GENERATION PROTOCOL WITH ARTIFICIAL INTERFERENCE
TABLE I
SUMMARY OF IMPORTANT NOTATIONS
paper, we mainly work on the performance and information the-
oretic limits of key extraction by using interference (or say jam-
ming). Instead of making noise (artificial interference) simply,
we utilize jamming to contribute to the changes of channel states
as well.
III. MODELS AND PRELIMINARIES
In this section, we first review some notions of secret key
generation under the standard narrowband fading and wireless
interference channel model [11], following which we describe
the network model and the adversary model, and introduce some
basic concepts of information theory.
Notions: Let be the coherence time, be the coherence
frequency, be the sampling rate and be the samples by
fully exploiting the coherence time interval at Alice and Carol.
RVs are denoted by upper case letters (e.g., ),
random vector are indicated by bold face upper case letters
(e.g., ). A list of important notations used in the
work is shown in Table I.
A. System Model
The system model is constructed based on the following sce-
nario. We assume that two keying nodes, Alice and Carol, who
plan to extract a symmetrical key for secure communication
under the assistance of a helper node Bob (who is capable of
broadcasting jamming signal to change the measured values of
channel states between Alice and Carol) while an eavesdropper
Eve capable of observing the error-correcting information tries
to break the secret key (please refer to Fig. 1(a) for illustration).
Under general PHY-based key generation model with interfer-
ence, keying nodes know nothing about the jamming signal
transmitted by any neighbor node or any malicious node. In
other words, there is no secure channel among Bob and Alice
(or Carol) such that there is no way for Bob to send any message
to one of the keying nodes privately (i.e., unknown to Eve). In
this work, we focus on the known-interference model (refer to
Fig. 1(b)), following which there is a secure channel between
Authorized licensed use limited to: University of Electronic Science and Tech of China. Downloaded on March 13,2023 at 13:14:07 UTC from IEEE Xplore. Restrictions apply.
1733
Fig. 1. (a) General model with interference; (b) our system model with known-
interference.
Bob and Alice, i.e., Bob can send some useful messages (e.g.,
the jamming signal, the channel states information between the
helper and the keying nodes) to Alice privately (unknown to
Eve). In this paper, we assume that the helper node Bob is a
trusted third party.
B. Channel Model
We consider the standard narrowband fading, wireless inter-
ference channel model in this work (actually, our solution can be
extended to the wideband scenario with a slight modification).
To be precisely, we consider a channel from node to node as
a multipath fading model with channel impulse . Here, the
delay spread of the multipath channel is small enough such
that the multipath components are typically nonresolvable ac-
cording to the definition of narrowband fading model. Hence,
if node transmits a signal to node along with a jamming
signal sent by node , the signal outputs at is given by
where is the noise component. Following the work in [20],
we assume that channel is reciprocal in both forward and reverse
directions during the coherence time such that and
the underlying noise in each channel is additive white Gaussian
noise. All nodes are assumed to possess a common time ref-
erence, which could be obtained using GPS. We also assume
that each node is half-duplex and possesses a single isotropic
antenna.
C. Adversary Model
Following the well-known assumptions in most key gener-
ation schemes with respect to physical layer approaches (e.g.,
work in [13]–[17]), we assume that the adversary Eve is able to
listen to communications in the network and measure the chan-
nels between itself and communicating nodes. In addition, Eve
is powerful enough to know the whole key generation protocol
and the values of the parameters used in the protocol. During the
key reconciliation process, the adversary Eve is able to observe
the error-correcting information, which helps him to break the
secret key. We assume that Eve is always at least half of the
wavelength of radios waves away from any one of nodes from
Alice, Bob and Carol. This is reasonable since for most radios
on 2.4 GHz, half of the wavelength of which is usually sev-
eral centimeters only [14]. We further assume that Eve does not
try to prevent Alice and Carol from building the secret keys or
modify any message exchanged by Alice and Carol in order to
 1734 IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 8, NO. 11, NOVEMBER 2013

avoid being detected. In addition, the man-in-the-middle attack Step (2) In time slot , Carol transmits the known probe
is not considered in this work, i.e., our methodology does not signal to Alice, and the interference signal from Bob
aim to authenticate Alice or Carol. is . Then the signals received by Alice and Eve are:

D. Entropy and Mutual Information

Let be a RV with cumulative distribution function
, we know that is said to be continuous where and is noise at Alice and Eve respectively.
when is continuous. If is derivativable, (letting Step (3) Repeat Step (1) and Step (2) for times ( time
) is called the probability density function for slots totally). Then all of the signals received by Alice and Carol
when . The set in which is larger than 0 is can be written as:
called the support set of . The differential entropy of a
continuous RV with density is defined as

Moreover, all of the signals received by Eve can be written as:

where is the support set of the RV. Given RV the conditional

entropy of is denoted by . The
mutual information between and is denoted by Here and are drawn independent and
. identically distributed (i.i.d.) according to distribu-
tion
IV. THE IMPACT OF INTERFERENCE ON THE KEY GENERATION and all the probing vectors
PROTOCOL used are
In this section, we rigorously show the impact of interference
on traditional key generation protocols. We still take the case
(shown in Fig. 1(a)) as the example. In this case, two legitimate
nodes (Alice and Carol) plan to extract a symmetrical key in the
presence of an eavesdropper Eve. There is some other node Bob Step (4) Alice and Carol compute their channel measure-
(not necessarily a helper node in this case) who may be an ad- ments as follows.
versary or a neighbor node, and generates an interference signal
during the channel sensing process. In this scenario, we assume
that Alice and Carol know nothing about the jamming signal.
We first give the theoretical performance analysis of how the (1)
interfere power impact on the performance of a key generation
protocol.
To simplify the analysis, we only consider the coherence time (2)
period, i.e., out of entire channel sensing time. If we use
For simplicity, we use (resp. ) to denote
to denote the number of samples in the coherence time at
time and time and is the sampling rate, clearly we have (resp. ).
. Then, the traditional key extracting schemes In general, the terms in the equations above are complex RVs.
with interference can be described as follows. In this work, we For simplicity, we take them as real numbers by assuming that
consider that time has been divided into slots, during each of only the in-phase component of communication is utilized [11].
which a probing signal could be launched. Thus, in this paper, we take the variances of and
Step (1) In time slot , Alice transmits a known probe signal as and , respectively. We have
to Carol, and Bob generates an interference signal and , i.e.,
at the same time. Hence, the signals received by Carol fading coefficients are zero-mean real Gaussian RVs.
and Eve in time slot can be computed as:
A. Theoretical Analysis
For mathematical simplicity, we take and
for some real number random selected by Bob, and let
. Then (1) and Equ. (2) can be rewritten as the
where and is noise at Carol and Eve respectively. equations, respectively, at the bottom of the page.

Authorized licensed use limited to: University of Electronic Science and Tech of China. Downloaded on March 13,2023 at 13:14:07 UTC from IEEE Xplore. Restrictions apply.
 CHEN et al.: SMOKEGRENADE: AN EFFICIENT KEY GENERATION PROTOCOL WITH ARTIFICIAL INTERFERENCE 1735

We denote the average transmission power constraints by , respectively. Thus, the mutual information
and can be computed as follows.
(It is clear ). In order to simplify the
expression, from now on, we let
and .
Now, we introduce a lemma about conditional density func-
tion.
Lemma 1: Let be the pairwise independent Gaussian
RVs with zero mean and variance and . We assume
and , here and could be any
real number. Then the conditional density is where is the Gaussian density function of .
Gaussian with mean and variance Let and
. Then and are the pairwise
independent Gaussian RVs with zero mean and variances
and respec-
Proof: Clearly, we have tively. Using Lemma 1, we have the conditional density
is Gaussian with mean and
variance respectively. Thus, for any real number , we
have . Clearly, we have

By [5], one can generate a key with rate

such that is equal to the maximum key rate of general model

if , and when . This finishes the
where the third to last Equality comes form the fact that proof.
and are independent on condition , and the second to last Based on Theorem 1, we have the following corollary di-
Equality is obtained from (resp. rectly, which can be considered as a special case.
) is the Gaussian function with mean and variance Corollary 1: If , we have
(rep. ).
Since is the Gaussian function with zero mean and vari- (4)
ance . By Bayes rule, the conditional probability den-
sity function
Let be a real function with . Then is
a monotone decreasing function. Moreover, if , then
.
Proof: From , we obtain that is
Here, and . This a monotone decreasing function in the interval . The
other results can be obtained directly from Lemma 1.
finishes the proof.
Fig. 2 plots the maximum key rate when the interference
Based on the measured value at Alice and Carol,
power increases when parameters
we have the following theorem.
. As we can see that the rate of
Theorem 1: The theoretical maximum key rate of tra-
change of over the interval is very fast. Hence, it is
ditional key generation protocol with interference can be ex-
not hard to conclude that a slight interference does have a huge
pressed as
impact on the key generation rate.
Actually, Theorem 1 provides a theoretical basis for how the
(3) performance of secret key generation rate relates to the interfer-
ence power. Specifically, when the interference power in-
If , then is equal to the maximum key rate of general creases, the mutual information decrease, hence the
model [26]. Moreover, if , then . key generation rate is reduced. Moreover, no secret key can be
Proof: It is easy to know that and are the zero mean extracted when and are independent and goes to infi-
Gaussian RVs with variance and nite, In summary, we draw the following conclusion that (1) the

Authorized licensed use limited to: University of Electronic Science and Tech of China. Downloaded on March 13,2023 at 13:14:07 UTC from IEEE Xplore. Restrictions apply.
 1736 IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 8, NO. 11, NOVEMBER 2013

Step (3) In time slot , Carol broadcasts known probe signal

to Alice and Bob. The signals received by Alice, Bob and
Eve are:

Step (4) In time slot , Alice transmits probe signal

to Carol, and Bob broadcasts jamming signal
simultaneously, where are independently generated
from variable . The signals received by Carol and Eve are:

Fig. 2. Maximum key rate versus the interference powers under dif-
ferent power at keying nodes A and C. where and are noises at Carol and Eve, respectively.
Step (5) Repeat Step (1)–(4) times. Then all of the signals
received by Alice, Bob and Carol can be written as:
key rate is reduced rapidly when the interference power in-
creases; (2) the key rate converges at zero when goes to
infinite due to the fact that interference is asymmetric for the
keying nodes Alice and Carol.

V. SMOKEGRENADE KEY GENERATION PROTOCOL

And the signals received by Eve can be written as:
In this section, we propose our key generation protocol
named SmokeGrenade based on the known-interference model
(see Fig. 1(b) for illustration). We assume that there are
two keying nodes, named Alice and Carol respectively, who
plan to extract a symmetrical key for secure communication,
an eavesdropper with name Eve capable of observing the Step (6) Alice and Coral estimates by
error-correcting information tries to break the secret key. In
addition, a helper node Bob, who broadcasts jamming signal (5)
to change the measured values of channel states between Alice
and Carol. Moreover, there is a secure channel between Alice
and Bob. (6)

A. The Architecture of SmokeGrenade Bob and Coral estimate by

Basically, SmokeGrenade consists of the following stages.
1) Collecting the Channel Information: We divide coherence (7)
time into parts , where .
Let be a Gaussian RV with mean 0 and variance . For sim- (8)
plify, we take .
Step (1) In time slot , Alice broadcasts known probe signal
to Bob and Carol. The signals received by Carol and Eve Step (7) Bob sends message and to Alice by the
are: secure channel. Alice and Carol computes:

(9)
Step (2) In time slot , Bob broadcasts known probe signal
to Alice and Carol. The signals received by Carol and Eve
are: (10)

Step (8) Repeat Step (1)–(7) times, where is the system

parameters. Then Alice obtains

Authorized licensed use limited to: University of Electronic Science and Tech of China. Downloaded on March 13,2023 at 13:14:07 UTC from IEEE Xplore. Restrictions apply.
 CHEN et al.: SMOKEGRENADE: AN EFFICIENT KEY GENERATION PROTOCOL WITH ARTIFICIAL INTERFERENCE 1737

and , and Carol obtains dropped. They exchange their list of dropped channel
and estimations and only keep the ones (named valid indices)
The details of Algorithm of SmokeGrenade at the stage of the that they both decide not to drop.
channel information collection are shown in Alg. 1. • Alice and Carol generate their bit streams by extracting a
“1” or a “0” for each channel estimation if the estimation
Algorithm 1: SmokeGrenade lies above or below , respectively.
We denote the bit streams after being quantized as
Input: : the sampling rate; the length of probe vector and .
for each measurement value; the random variable 3) Information Reconciliation: After obtaining and
obeying Gaussian distribution : known probe at Alice and Carol respectively. The asymmetry in the
vector . bit streams brings up the challenge of how to make Alice and
Output: Carol agree upon the same bits without giving out too much
information on the channel that can be used by the Eve to
Alice obtains recreate secret bits between Alice and Carol. We discuss this
Carol obtains issue from both theoretical and practical aspects.
1: for round do • Theoretical viewpoint: To achieved the limitation of
2: In , Alice sends known probe key generation, we use Slepian-Wolf Coding [5]. After
to Carol. obtaining , Alice applies the Slepian-Wolf
3: In , Bob sends known probe Coding to send helper information to Carol though the
Carol. public channel. Then Carol uses the helper’s information
4: In , Carol broadcasts known and to recover .
probe to Alice and Bob. • Practical viewpoint: Existing information reconciliation
5: In , Alice and Bob generate techniques either use some interactive information rec-
and with , and then send and onciliation protocol [8], or use error correcting codes
to Carol, respectively. [9]. We adopt the latter in this work. Assume that the
6: Alice estimates with Equ. (5); Bob measures Hamming distance of two bit streams is at most . We use
with Equ. (7); Carol estimates a error-correcting code to correct errors in
and with Equ. (6), (8) and (10) as follows. Alice randomly selects a codeword from
respectively. and computes . Then Alice sends
7: Bob transmits and to Alice with secure to Carol. Upon receiving , Coral computes
channel. . Then Carol decodes to get , and
8: Alice estimates with Equ. (9). computes by .
9: end for 4) Privacy Amplification: It is worth mentioning that since
the reconciliation information is public to both the communi-
2) Quantizing the Collected Information: Many quantization cating nodes and the adversary, it can be used by the adversary
methods have been proposed in previous work. For instance, as well to guess portions of the generated key. To cope with this
[14] partitions the channel measurements to multiple parts and problem, Alice and Carol can further run privacy amplification
performs quantization in every part. We let protocols to recover the entropy loss.
The procedure of privacy amplification has been in-
vestigated in detail in [7]. The main idea is to let
be a publicly known -class of hash functions [6]
(11) . Alice randomly chooses
a hash function and transmits it to Carol over some
(12) public channel. Then Alice and Carol compute their key as
.
The quantizer that we used in this work is described as follows:
• Alice and Carol divide (resp. ) and B. Theoretical Analysis
(resp. ) into small blocks and each block con- In this subsection, we analyze the performance and informa-
tains sample values, respectively. tion theoretic limits of the SmokeGrenade. It has been shown in
• For each block, they calculate two adaptive thresholds [5] that the secret key rate can be upper bounded by the con-
and independently such that and ditional mutual information between the observations of two
, where and are the mean value and keying nodes under the observations of Eve (See Fig. 3 for illus-
standard deviation of the block, and is a chosen tration). Based on the measured values of and at Alice
constant of our protocol. and Carol, we have the following Theorem 2.
• Alice and Carol parse their channel measurements and Theorem 2: Let . If the channel gain is
drop channel estimates that lie between and and independently and identically distributed across coherence pe-
maintain a list of indices to track the channel estimation riods, and the sampling number in is sufficiently large.

Authorized licensed use limited to: University of Electronic Science and Tech of China. Downloaded on March 13,2023 at 13:14:07 UTC from IEEE Xplore. Restrictions apply.
 1738 IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 8, NO. 11, NOVEMBER 2013

for any , i.e., both and can be

rewritten as

(16)

After obtaining , clearly, the

optimal strategy for Eve is to compute the followings.

Fig. 3. Maximum key rate is the conditional mutual information

, where , , and are the entropy of the
random variables , , and at Alice, Carol, and Eve, respectively. (17)

Now, the Equ. (14) can be rewritten as Equ. (18), shown at

the bottom of the page, in which the second Equality comes
Then the maximum key rate of SmokeGrenade is bounded
from the Equ. (16); the third Equality is based on the assumption
by
that the channel gain is independently and identically distributed
across coherence periods and the fact that and are
(13) independent identical Gaussian distribution ; the forth
Equality drives from the Equ. (17); and the last Equality is ob-
tained by the chains rule of conditional entropy [4].
where is the coherence time. Moreover, when Due to the spatial decorrelation fact, a fourth party who lies at
the average interference power . Furthermore, the least one-half wavelength away from the legitimate nodes expe-
protocol is information-theoretically security. riences fading which is uncorrelated to that between the legit-
Proof: From [5], we obtains the maximum key rate imate parties, the security of our scheme is guaranteed based
by on the assumption that the adversary Eve keeps a short distance
(larger than one-half wavelength of the radio waves [14]) to any
of the legitimate nodes, i.e., Alice, Bob and Carol. For example,
at 2.4 GHz carrier frequency, we only require that Eve should
(14) be roughly 6.25 cm away from Alice, Bob and Carol to ensure
that Eve gets no useful information.
with information-theoretical security, where and from Formally, variable
Equ. (11) and (12) respectively. are pairwise independence (note that and are randomly
If the sampling number is sufficiently large. Then, from selected by Alice and Bob respectively). Then and
Equ. (7)–(10), we have are independent of .
Hence,

(15)
(19)

(18)

Authorized licensed use limited to: University of Electronic Science and Tech of China. Downloaded on March 13,2023 at 13:14:07 UTC from IEEE Xplore. Restrictions apply.
 CHEN et al.: SMOKEGRENADE: AN EFFICIENT KEY GENERATION PROTOCOL WITH ARTIFICIAL INTERFERENCE 1739

Furthermore, the variables and are

independence. Thus, we have the Equ. (20), shown at the bottom
of the page, in which is the probability density
function of the corresponding Gaussian variables and the third
to last Equality comes from Equ. (21) directly, shown at the
bottom of the page. The second to last Equality in Equ. (20)
derives from the fact that ,
and ; The final inequality
can be obtained by Equ. (22), shown at the bottom of the page,
where and .
Combining Equ. (18)–(20), we have Fig. 4. (a) Theoretical achievable key rate versus the interference power
. (b) Theoretical performance of the SmokeGrenade versus the traditional
protocols under different values of .

achievable key rate of SmokeGrenade when the increases.

It shows that the key generation rate goes up when in-
Note that is Gaussian distribution with zero mean and vari-
creases. Fig. 4(b) plots the performance of traditional protocols
ance . Hence, the average interference power can be denoted
versus the SmokeGrenade. Notice that, by [27], the theoretical
by . So, if maximum key rate of traditional protocols can be expressed as
, then and hence .

C. Numerical Analysis
As an example with the parameters when the sampling number is sufficiently large. The results
, Fig. 4(a) plots the show that the achievable key rate of the SmokeGrenade is larger

(20)

(21)

(22)

Authorized licensed use limited to: University of Electronic Science and Tech of China. Downloaded on March 13,2023 at 13:14:07 UTC from IEEE Xplore. Restrictions apply.
 1740 IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 8, NO. 11, NOVEMBER 2013

Fig. 5. (a) Group key distribution scene, where the secure channel 1 is estab-
lished with traditional protocol, and secure channels 2, 3 are set up by using Fig. 6. Channel measurement without interference, where dB.
SmokeGrenade. (b) Two antennas scene, in which Alice and Bob are antennas
of one wireless device. Hence, in this scenario, there exists a “secure channel”
between Alice and Bob.

than those of traditional ones. In particular, our scheme is makes

3 times better than the traditional ones when .
Discussion: In the known-interference model, we use a se-
cure channel to achieve the symmetry of the interference for
keying nodes. We assume that the helper has already established
trust relationship with one of the keying nodes, with Bob as
a helper to facilitate secret generation between them. Here, it Fig. 7. Channel measurement with interference, where dB, .
seems that the assumption about adding a secure channel be-
tween Alice and Bob is a little bit strong. However, through
leveraging the secure channel and artificial interference, our
protocol overcomes the limitation of traditional protocols (e.g.,
relying on the node mobility, suffering a low key generation rate
and a low entropy). Furthermore, our protocol can be applied to
the following two common scenarios: (1) in the process of gen-
erating a group key (example shown in Fig. 5(a) under the as-
sumption that the group nodes are within a single hop), we can
use the key generation scheme in [13]–[17] to produce a secure Fig. 8. Measurements at Alice and Carol, where , dB,
channel for a pair of nodes, while leveraging our SmokeGrenade .
for the others. Clearly, it still improves the overall efficiency of
group key generation; and (2) Alice and Bob are the two an-
tennas of the device with multiple antennas (see Fig. 5(b) for il-
lustration). In this scenario, there does exist a “secure channel”
between Alice and Bob since both of them belong to the same
equipment with multiple antennas. Here, Bob is considered to
be the helper in SmokeGrenade, Alice and Carol are considered
to be the keying nodes.

VI. SIMULATION STUDIES Fig. 9. Measurements at Alice and Eve, where , dB,
In order to verify the feasibility and efficiency of .
SmokeGrenade, we conduct extensive simulations. Basi-
cally, we simulate a communication system, include keying -BCH code is utilized in the system with error
nodes Alice and Carol, helper Bob and adversary Eve with the tolerance (named error threshold).
Rayleigh fading channel. To simplify our simulation, we as- The first example considers the effect of interference on
sume that the probes and artificial interference are single-tone channel measurements. Fig. 6 shows the variation of the
signals. Let be the channel measurement without interference. The values dis-
known probing signals, where is the amplitude, is the played changes periodically with the transfer of coherence time
angular frequency, is the initial phase and is the length when the variation range is small. Moreover, the change in each
of a single time slot. In our simulation, the probing signals are coherence time is pretty slowly. Thus, the generated key rate
set to be fixed at probing steps (i.e., each of the transmitters is low and the key is easily cracked by Eve. Fig. 7 shows the
sends at Step (1) and Step (2)), and are variation of measurements with jamming. As we can see, the
decided by (or ) at jamming step (i.e., Alice sends variation range of the measurements is large, even in coherence
and Bob sends at Step time. Hence, with these values, we can generate keys with a
(3)). In addition, we assume that the carrier frequency of the high rate and a high entropy. Fig. 8 plots the collected values
single-tone signal is , the sampling rate , at Alice and Carol when dB and interference power
and the Doppler frequency shift is (hence, the coher- . It is not hard to see that the values at Alice and Carol
ence time ). We further assume that constantly change over time and have similar variations. Fig. 9

Authorized licensed use limited to: University of Electronic Science and Tech of China. Downloaded on March 13,2023 at 13:14:07 UTC from IEEE Xplore. Restrictions apply.
 CHEN et al.: SMOKEGRENADE: AN EFFICIENT KEY GENERATION PROTOCOL WITH ARTIFICIAL INTERFERENCE 1741

Fig. 10. Mismatch (match) rate against under different values of , where , , and .

Fig. 11. Mismatch (match) rate against and , where , , Fig. 12. Mismatch (match) rate against and , where , ,
, dB. , dB.

shows the collected values at Alice and Eve when SNR is 0 dB . When , the mismatch rate is less than the error
and which shows that Eve at a third location measures threshold 0.047, and the match rate is higher than 0.5. Thus, we
different values. choose in our system. Fig. 13 shows the mismatch rate
and the match rate with different block sizes. We can see that
A. Mismatch Rate and Match Rate the matched ratio remains relatively stable, while mismatched
We consider the effect of the quantizer parameters and ratio experiences relatively large fluctuation. Especially, when
on the mismatch rate (i.e., the ratio of the number of mismatch the block size is up to 30, the number of mismatched bits ratio
bits to the number of valid indices) and the match rate (i.e., the is less than 0.047. In our system, we set block size .
ratio of the number of match bits to the number of measure- Then we consider the effect of (i.e., the length of probe
ments) before the information reconciliation. The quantizer in vector for each measurement value) on the mismatch rate and
our protocol divides the measurements into smaller blocks with the match rate respectively. Figs. 11 and 12 plot the mismatch
length and calculates the thresholds for each block separately. rate versus under different interference powers and SNRs
Obviously, a smaller improves the rate of bits generation but where and . Fig. 14 shows the key rate versus
increases the mismatched bits ratio at the same time. For ex- interference power under different SNRs, where
ample, Fig. 10 shows the mismatch rate and match rate versus and . The results show that (i) a larger
respectively under different values of where dB, improves the matched bits ratio and decrease the mismatched

Authorized licensed use limited to: University of Electronic Science and Tech of China. Downloaded on March 13,2023 at 13:14:07 UTC from IEEE Xplore. Restrictions apply.
 1742 IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 8, NO. 11, NOVEMBER 2013

TABLE III
NIST STATISTICAL TEST SUITE RESULTS

secure to defend the key from an opponent. Since we have as-

sumed that the adversary possesses a complete knowledge of
our algorithm, any nonrandom process in the bit sequence can
be leveraged by the adversary to reduce the time-complexity of
cracking the key. For example, if the number of “1” is always
Fig. 13. Mismatch (match) rate against block size , where , , bigger than that of “0” in a bit stream, the effective search space
and . for the adversary could be reduced. We employ a widely used
randomness test suite to verify the randomness of the
generated bits in our simulation. The p-value from four kinds
of tests is listed in Table III. A p-value is the probability of
obtaining a test statistic which is larger than one observed if
the sequence is random. Runs Test defines “run” as substrings
of consecutive 1’s and consecutive 0’s, and considers whether
the oscillation among such homogeneous substrings is too fast
or too slow. FFT Test is designed to detect periodic features
in the tested sequence that indicates a deviation from the as-
sumption of randomness. Frequency Test is to detect whether the
number of “0” and “1” is as expected for a random sequence. Ap-
proximate Entropy Test is to compare the frequency of overlap-
ping blocks of two consecutive/adjacent lengths ( and )
against the expected results for a normally distributed sequence.
Longest Run of Ones Test determines whether the longest run
of “1”s within the tested sequence is consistent with that in a
random sequence. Small values are interpreted as an evidence
Fig. 14. Key rate against the interference power under different SNR, that a sequence is unlikely to be random. To pass a test, the
where , , . -value for that test must be greater than 0.01. Let
and be the corresponding optimal value for each SNR (0 dB,
TABLE II 10 dB, and 20 dB), we find that the bit streams generated from
OPTIMAL VALUE OF SmokeGrenade pass all the tests.

C. Key Entropy
As we know, entropy is a measure of the uncertainty
in a random variable in Information Theory, i.e., the high
randomness means the high entropy. However, the high en-
tropy (randomness) of the generated bits at keying nodes
is a necessary but not sufficient condition for security. For
example, if the generated key at Alice is a random
bits ratio; (ii) the larger and SNR also increase the match vector with entropy , and generated bits at
rate and lessen the mismatch rate. However, the larger is, the Eve is (where “ ” is the length of the
more energy is consumed. To minimize the energy expenditure, key, “ ” is the bitwise exclusive-OR operation), then
for each pair of SNR and , we choose the smallest value of Eve can easily break the key by . Here,
such that the mismatch rate is lower than the error threshold. As .
shown in Table II, we conduct our simulation in a wide variety Thus, we need the conditional entropy (or equivocation)
of SNR and to find the optimal value of . , which quantifies the amount of information
needed to describe the outcome of a random variable
B. Key Randomness
when the value of another random variable is given,
It is critical to make sure that all generated keys are random to measure the level of the key’s security. It is clear
since they are intended for being used as a cryptographic key. that in the above example, where
The randomness test results indicate whether SmokeGrenade is

Authorized licensed use limited to: University of Electronic Science and Tech of China. Downloaded on March 13,2023 at 13:14:07 UTC from IEEE Xplore. Restrictions apply.
 CHEN et al.: SMOKEGRENADE: AN EFFICIENT KEY GENERATION PROTOCOL WITH ARTIFICIAL INTERFERENCE 1743

Fig. 17. (a) Key rate versus the value of , where , ,

dB, and . (b) Performance of SmokeGrenade
under different scenarios.
Fig. 15. Conditional entropy under different SNR, where , ,
.
considering the impact of the distance, where (resp. ) is
the distance between node (resp. node ), and node is the
path loss exponent. Similarly, by using this channel model, we
can rewrite Equ. (9) and (10) as

From the above equalities, we find that the distance between

Fig. 16. Correlation of generated bits between Alice and Eve, where the black
squares denote “1,” the gray squares denote “0,” and , ,
, , . (a) The generated bits at Alice. (b) The
generated bits at Eve.
. Fig. 15 presents the conditional entropy of
generated bits at Alice on condition that the generated bits at
Eve under different SNRs, where the number of generated bits
are and respectively. We
can see that the conditional entropy is more than 0.999 and the
keys generated from have a high key entropy.
Fig. 16 plots the generated bits at Alice and Eve, where the
black squares denotes “1”, the grey squares denotes “0”, and
dB, . It
shows that the generated bits have relatively weak correlation
between Alice and Eve. Notice that if and
only if and are independent random variables. Hence, the
above two figures show that the generated bits and
are almost independent, which indicates that the key bits are
information-theory security.
D. The Impact of Distance Between Helper and Keying Nodes
Since Bob is a helper generating artificial noise and playing a
key role in our scheme, it is necessary to study the impact of the
distance between helper and keying nodes (Alice and Carol) on
the key rate. Theoretically, if node transmits a signal to node
along with a jamming signal sent by node , the channel
model can be rewritten as
a helper and keying nodes does not break the correlation
of random sources between Alice and Carol. If we fix the
distance and average jamming power , we have that
the mutual information decreases when
increases, where is the information obtained by
Eve. Moreover, due to the fact that converges
at zero when goes to infinite, the mutual information
converges at when
goes to infinite. Hence, it is not hard to conclude that a larger
decrease the key rate. Fig. 17(a) plots the key rate versus
the value of , where dB,
and . The result also shows that a larger
decrease the key rate. Fortunately, since the change rate
of the curve in Fig. 17(a) is slow, our SmokeGrenade has good
robustness with respect to the distance between helper and
keying nodes.
E. Comparison With Known Works
In this section, we presents the performance comparison
between SmokeGrenade and other existing key extraction ap-
proaches (i.e., Aono [12], Mathur [14], ASBG [15]). From the
simulation results, we find that our protocol can generate secret
key with higher entropy compared with the above methods.
The reason is that the measurements in those schemes are not
uniformly distributed, and the key generation scheme highly
depends on the variation of channel states to ensure the key
randomness. However, our scheme employs the artificial inter-
ference to increase the variation range of the measurements (see
Fig. 7 for illustration). Thus, the artificial jamming improves
the randomness of the generated key with no doubt. In addition,
our scheme has a significantly higher secret bit generation rate

Authorized licensed use limited to: University of Electronic Science and Tech of China. Downloaded on March 13,2023 at 13:14:07 UTC from IEEE Xplore. Restrictions apply.
 1744 IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 8, NO. 11, NOVEMBER 2013
since other methods only use either the deep fades, or channel
measurements (above or below the threshold) and other sam-
ples are discarded, meanwhile, the artificial interference is used
to amplify the value of measurements in our scheme (Fig. 7).
Thus, the discarded samples are dramatically reduced with the
quantizer in our scheme. Moreover, in this case, it is possible
to extract multiple bits from each sample. Due to the fact that
the channel impulse response is essentially invariant over the
coherence time (i.e., the measurements in the same coherence
time are almost equal), in the above methods, there is only
one measurement (in each coherence time) can be used to
ensure the key randomness. However, for a given coherence
time, our scheme can run multiple rounds to generate more
bits due to the introduction of artificial jamming (i.e., run Step
4 and 7 in Section V several times during each coherence
time). According to SmokeGrenade, we conduct simulations
under different scenarios: A ( dB, ); B
( dB, ); C ( dB, );
D( dB, ); E ( dB, ),
where , , and the number of measured
samples in each coherence time is fixed at 20. The performance
of our secret key extraction approach is shown in Fig. 17(b).
VII. CONCLUSION
In this paper, a new physical layer approach for secret key
generation is presented in a narrowband fading channel and static
environments. Our approach named SmokeGrenade utilizes
interference to contribute to the changes of channel states. We
first consider the impact of interference power on the key rate
of traditional protocol, following which we give the theoretical
upper bound of key generate rate for traditional model with inter-
ference. The results show that the key rate of two keying nodes
is reduced when the interference power increases due to the
asymmetric interference at both of them. SmokeGrenade is based
on the known-interference model and give a theoretical analysis
of its key generation rate. We find that the key rate goes up when
the interference power increases and the key rate approaches
infinity when tends to infinite. The simulation results show
that SmokeGrenade generates secret bits with a high secret bit
rate, a high entropy and a low mismatch bit rate. Therefore, the
SmokeGrenade is more applicable to the narrowband fading
channel in physical layer compared with some existing physical
layer based schemes. One of interesting future work is to use
software radio platform to realize SmokeGrenade, and to eval-
uate it with both off-shelf-802.11 and software-radio platform.
REFERENCES
[1] C. E. Shannon, “Communication theory of secrecy systems,” Bell Syst.
Tech. J., vol. 28, pp. 656–715, 1948.
[2] A. D. Wyner, “The wire-tap channel,” Bell Syst. Tech. J., vol. 54, pp.
1355–387, 1975.
[3] W. Diffie and M. Hellman, “New directions in cryptography,” IEEE
Trans. Inf. Theory, vol. 22, no. 6, pp. 644–654, Nov. 1976.
[4] T. M. Cover and J. A. Thomas, Elements of Information Theory.
Hoboken, NJ, USA: Wiley, 1991.
[5] R. Ahlswede and I. Csiszar, “Common randomness in information
theory and cryptography, Part I: Secret sharing,” IEEE Trans. Inf.
Theory, vol. 39, no. 4, pp. 1121–1132, Jul. 1993.
[6] H. Krawczyk, “LFSR-based hashing and authentication In proc. ad-
vances in cryptology,” in Proc. CRYPTO, 1994, pp. 129–139.
Authorized licensed use limited to: University of Electronic Science and Tech of China. Downloaded on March 13,2023 at 13:14:07 UTC from IEEE Xplore. Restrictions apply.
[7] U. Maurer and S. Wolf, “Secret-key agreement over unauthenticated
public channels II: The simulatability condition,” IEEE Trans. Inf.
Theory, vol. 49, no. 4, pp. 832–838, Apr. 2003.
[8] G. Brassard and L. Salvail, “Secret key reconciliation by public discus-
sion,” Lecture Notes Comput. Sci., vol. 765, pp. 410–423, 1994.
[9] Y. Dodis, L. Reyzin, and A. Smith, “Fuzzy extractors: How to gen-
erate strong keys from biometrics and other noisy data,” in Proc. EU-
ROCRYPT, 2004, pp. 523–540.
[10] P. Parada and R. Blahut, “Secrecy capacity of simo and slow fading
channels,” in Proc. IEEE ISIT, Sep. 2005, pp. 2152–2155.
[11] D. Tse and P. Viswanath, Fundamental of Wireless Communication.
Cambridge, U.K.: Cambridge Univ. Press, 2005.
[12] T. Aono et al., “Wireless secret key generation exploiting reactance-
domain scalar response of multipath fading channels,” IEEE Trans.
Antennas Propag., vol. 53, no. 11, pp. 3776–3784, Nov. 2005.
[13] B. Azimi-Sadjadi et al., “Robust key generation from signal envelopes
in wireless networks,” in Proc. ACM CCS, 2007, pp. 401–410.
[14] S. Mathur et al., “Radio-telepathy: Extracting a secret key from an
unauthenticated wireless channel,” in Proc. ACM MOBICOM, 2008,
pp. 128–139.
[15] S. Jana et al., “On the effectiveness of secret key extraction from wire-
less signal strength in real environments,” in Proc. ACM MOBICOM,
2009, pp. 321–332.
[16] N. Patwari et al., “High-rate uncorrelated bit extraction for shared se-
cret key generation from channel measurements,” IEEE Trans. Wire-
less Commun., vol. 9, no. 1, pp. 17–30, Jan. 2010.
[17] J. Croft et al., “Robust uncorrelated bit extraction methodologies for
wireless sensors,” in Proc. ACM/IEEE ICNP, 2010, pp. 70–81.
[18] K. Zeng et al., “Exploiting multipleantenna diversity for shared secret
key generation in wireless networks,” in Proc. IEEE INFOCOM, 2010,
pp. 1–9.
[19] S. Gollskota and D. Katabi, “Physical layer wireless security made
fast and channel independent,” in Proc. IEEE INFOCOM, 2011, pp.
1125–1133.
[20] Q. Wang, H. Su, K. Ren, and K. Kim, “Fast and scalable secret key gen-
eration exploiting channel phase randomness in wireless networks,” in
Proc. IEEE INFOCOM, 2011, pp. 1422–1430.
[21] K. Ren, H. Su, and Q. Wang, “Secret key generation exploiting channel
characteristics in wireless communications,” IEEE Wireless Commun.,
vol. 18, no. 4, pp. 6–12, Aug. 2011.
[22] H. Liu, J. Yang, Y. Wang, and Y. Chen, “Collaborative secret key
extraction leveraging received signal strength in mobile wireless net-
works,” in Proc. IEEE INFOCOM, 2012, pp. 927–935.
[23] A. Sheikholeslami, D. Goeckel, H. Pishro-Nik, and D. Towsley, “Phys-
ical layer security from inter-session interference in large wireless net-
works,” in Proc. IEEE INFOCOM, 2012, pp. 1179–1187.
[24] C. Capar, D. Goeckel, B. Liu, and D. Towsley, “Secret communication
in large wireless networks without eavesdropper location information,”
in Proc. IEEE INFOCOM, 2012, pp. 1152–1160.
[25] Y. Liu, Y. Zhao, L. Chen, J. Pei, and J. Han, “Mining frequent trajec-
tory patterns for activity monitoring using radio frequency tag arrays,”
IEEE Trans. Parallel Distrib. Syst., vol. 23, no. 11, pp. 2138–2149,
Nov. 2012.
[26] Q. Wang, K. Xu, and K. Ren, “Cooperative secret key generation from
phase estimation in narrowband fading channels,” Special Issue on
Cooperative Networking: Challenges and Applications, IEEE J. Sel.
Areas Commun., vol. 30, no. 9, pp. 1666–1674, Oct. 2012.
[27] J. Wallace, “Secure physical layer key generation schemes: Perfor-
mance and information theoretic limits,” in Proc. IEEE ICC, 2009, pp.
1–5.
[28] M. L. Jorgensen and B. R. Yanakiev et al., “Shout to secure: Phys-
ical-layer wireless security with known interference,” in Proc. IEEE
GLOBECOM, 2007, pp. 33–38.
[29] L. Lai and H. E. Gamal, “The relay-eavesdropper channel: Cooperation
for secrecy,” IEEE Trans. Inf. Theory, vol. 54, no. 9, pp. 4005–4019,
Sep. 2008.
[30] L. Lai and H. V. Poor, “A unified framework for key agreement over
wireless fading channels,” in Proc. IEEE Information Theory Work-
shop (ITW), 2009, pp. 100–104.
[31] L. Dong, Z. Han, A. P. Petropulu, and H. V. Poor, “Cooperative jam-
ming for wireless physical layer,” in Proc. IEEE Statistical Signal Pro-
cessing Workshop, 2009, pp. 417–420.
[32] X. He and A. Yener, “Secure communication with a byzantine relay,”
in Proc. IEEE ISIT, 2009, pp. 2096–2100.
[33] R. Negi and S. Goel, “Secret communication using artificial noise,” in
Proc. IEEE VTC, 2005, p. 1906.
[34] S. Goel and R. Negi, “Guaranteeing Secrecy using artificial noise,”
IEEE Trans. Wireless Commmun., vol. 7, no. 6, pp. 2180–2189, Jun.
2008.
 CHEN et al.: SMOKEGRENADE: AN EFFICIENT KEY GENERATION PROTOCOL WITH ARTIFICIAL INTERFERENCE
Dajiang Chen received the B.Sc. degree in 2005 and
the M.Sc. degree in 2009 from Neijiang Normal Uni-
versity and Sichuan University, respectively. He is
currently a Ph.D. student at the School of Computer
Science and Engineering, University of Electronic
Science and Technology of China (UESTC). His
current research interests include information theory,
channel coding, and their applications in wireless
network security, wireless communications, and
other related areas. He is a student member of the
ACM.
Zhen Qin (M’13) received the B.Sc. degree in
communication engineering from UESTC in 2005,
the M.Sc. degree in electronic engineering from
Queen Mary University of London in 2007, and
the M.Sc. and Ph.D. degrees in communication
and information system from UESTC, in 2008 and
2012, respectively. He is currently a lecturer with
the School of Communication and Information
Engineering, UESTC. His current research interests
include network measurement, wireless sensor
networks, and mobile social networks.
Xufei Mao (M’10) received the Ph.D. degree in
computer science from Illinois Institute of Tech-
nology, Chicago, IL, USA, in 2010, the M.S. degree
in computer science from Northeastern University, in
2003, and the Bachelor degree in computer science
from Shenyang University of Technology, in 1999.
He is with the School of Software and TNLIST,
Tsinghua University, Beijing, China. His research
interests span wireless ad-hoc networks, wireless
sensor networks, pervasive computing, mobile cloud
computing, and game theory.
Authorized licensed use limited to: University of Electronic Science and Tech of China. Downloaded on March 13,2023 at 13:14:07 UTC from IEEE Xplore. Restrictions apply.
1745
Panlong Yang (S’03–M’05) received the B.Sc.,
M.Sc., and Ph.D. degrees in communication and
information systems from Nanjing Institute of Com-
munication Engineering, China, in 1999, 2002, and
2005, respectively. From November 2006 to March
2009, he was Postdoc Fellow in the Department
of Computer Science, Nanjing University. He is
now Assistant Professor in the Nanjing Institute of
Communication Engineering. His research interests
include wireless mesh networks, wireless sensor
networks, and cognitive radio networks.
Zhiguang Qin (S’95–A’96–M’04) is Dean of the
School of Computer Science and Engineering and
Dean of the School of Software of University
of Electronic Science and Technology of China
(UESTC), where he is also Director of the Key
Laboratory of New Computer Application Tech-
nology and Director of UESTC-IBM Technology
Center. His research interests include computer
networking, information security, cryptography, in-
formation management, intelligent traffic, electronic
commerce, distribution, and middleware.
Ruijin Wang received the M.Sc. degree in 2009 from
the University of Electronic Science and Technology
of China (UESTC). He is currently a Ph.D. student
at the School of Computer Science and Engineering
at UESTC. His main research interests include wire-
less ad-hoc sensor networks, pervasive computing,
and mobile cloud computing. He is a student member
of the ACM.