Efﬁcient secret key generation scheme of physical layer security communication in ubiquitous wireless networks

This paper focuses on high efﬁciency secret key generation mechanism of physical-layer communication over fading channels in ubiquitous wireless networks. The secret key rate via traditional physical-layer approach could be limited when the wireless propagation channels connecting two sensors change slowly. To generate a high-rate secret key and improve the communication efﬁciency over quasi-static block fading channels, a novel multi-randomness device-to-device secret key generation strategy and a cooperative communication mechanism aided by relay nodes are proposed. In the proposed schemes, the legitimate members to send random signals rotationally in every coherent time T are set; thus, two legitimate ubiquitous wireless network members, Alice and Bob, can obtain the potential correlated information by exploiting the randomness and the reciprocity of the wireless propagation channels. Considering the reciprocity of wireless channels is variable while the forward channel gain and backward channel gain are correlated in coherent time, a modiﬁed secret key generation scheme is proposed via layered coding with theoretical secret key rates derived. The simulation results show that the proposed scheme outperforms traditional approaches with favourable application prospects in ubiquitous wireless communications networks and internet of things.


INTRODUCTION
Wireless sensor networks (WSNs) are distributed intelligent networks composed of a large number of tiny sensor nodes with wireless communication and computing capabilities deployed in a specific area. In recent years, with the information science industry rapidly developing, WSNs is becoming one of the most important role of ubiquitous wireless networks (UWNs). As a foundation of the internet of things technology, low-cost UWNs have been widely used due to them being flexible, powerful and low-cost in data collection and short distance wireless communication. However, UWNs are highly susceptible to attacks due to their unique characteristics: large-scale, self-organization, dynamic topology, and constrained resources [1]. Naturally, security policies are (RSA) is computationally intensive, so it was unsuitable for UWNs. Recently, a series of research indicate that if one chooses appropriate algorithm and parameters, optimize and reduce power consumption, public key cryptography algorithms can also be used in UWNs [5]. For public key cryptography algorithms in UWNs applications, most of the existing literatures focus on the research and improvement of RSA or error correcting code (ECC) algorithms. There are also many researchers devoting themselves to the application of symmetric cryptographic mechanisms in UWNs due to its advantages in computing speed and energy consumption [6][7][8]. In the symmetric encryption mechanism, two communicating parties use the same key for encryption and decryption. Therefore, key distribution has always been a challenge in symmetric encryption. Fortunately, physical layer communication is found to be robust when the security performance is considered [9][10][11][12][13]. Physical layer security technique is becoming an alternative approach to prevent attacks in UWNs since it takes the following advantages: (1) less computational power needed; (2) the communication can still be secure in the case where there are eavesdroppers. Recently, physical layer secret key generation (SKG) by exploiting the randomness and the reciprocity of the wireless channels to extract secret keys over public channels has attracted considerable attention [14][15][16][17][18][19][20][21]. If the eavesdroppers are located far enough from the legitimate users, for example, more than half of the wavelength, the legitimate members experience independent channels to eavesdroppers, which enables them to generate a secret key at legitimate members. By separately measuring their common channel, the two legitimate members, often namely Alice and Bob, can obtain highly correlated channel measurements. After a series of follow-up steps including quantization, information reconciliation, and privacy amplification, Alice and Bob can extract a common secret key through the noisy channel measurements. In a nutshell, the common wireless channel connecting two communication nodes provides a valuable common random source required for generating secret keys using the method proposed in [22] and [23]. Since the generated secret bits are stored for further use with one-time-pad scheme, it will not affect the realtime data communication, even if there is a loss or delay in some block. Hence, in SKG, we are more interested in the rate of secret key.
Commonly, the rate of traditional secret key generated by physical-layer approach could be limited when the wireless channels connecting two sensors change slowly. To improve the key generation rate, [15] proposed a relay-assisted method, in which the random channels associated with relay nodes in the network topology are exploited as added stochastic sources for secret key generation. When the direct link channel is not sufficient to generate a key, the cooperative scheme has also been considered [16,24,25]. In [16], a three-time-slot secret key generation scheme for two single-antenna legitimate users with the help of a relay has been proposed, the transmission schemes are described and the simulation results are presented using information estimation based on k-nearest neighbor distance. In [24], a secret key generation scheme using a two-way relay channel has been proposed and a k-nearest neighbor distance mutual information estimation is also used to present a secret key rate. A high-rate secret key generation scheme with assistance of multiple relays is proposed in [26] to further improve the generated secret key rate, but they are based on the assumption that relay nodes are authenticated and trusted, which is not necessarily guaranteed in practice. [27] proposed a physical-layer secret key generation scheme for multi-antenna legitimate nodes with the help from multiple untrusted relays with single antenna, so the rate leaked to the untrusted relays is low and the secret key rate is modestly high. This paper, to generate a high-rate secret key and improve the security of the ubiquitous wireless networks, proposes a novel multi-randomness (MR) device-to-device secret key generation strategy and develops a novel cooperative communication mechanism aided by relay nodes over quasi-static block fading channels. In the proposed schemes, we set the legitimate members to send random signals rotationally during the coherent time T ; thus two legitimate UWNs members Alice and Bob can obtain the potential correlated information by exploiting the randomness and the reciprocity of the wireless channels. After quantization, information reconciliation, and privacy amplification, Alice and Bob can extract a common secret key through the noisy channel measurements. Furthermore, we also consider the scenario that the reciprocity of wireless channels is variable while the forward channel gain and the backward channel gain are correlated in the coherent time. In this case, we present a modified secret key generation scheme via layered coding, which is proved to be theoretically optimal. The simulation results demonstrate that the proposed scheme outperforms traditional approaches with favourable application prospect in ubiquitous wireless networks.
The remaining parts of the paper are organized as follows: Section 2 describes the system model and summarizes some important definitions with the conclusions of secret key rate. In Section 3, we propose a novel device-to-device secret key generation scheme over quasi-static block fading channels in detail. In Section 4, we propose a cooperative secret key generation scheme with assistance of relay nodes. We further extend the study to the scenario in which the forward gain and backward gain of wireless channels are not equal but correlated in Section 5. Simulation results of the proposed scheme and the modified secret key generation scheme are presented in Section 6. Section 7 draws the conclusions.

SYSTEM MODEL AND SECRET KEY DEFINITION
In this section, we first introduce the system model and summarize some important definition and conclusions of the secret key rate.

System model
The secret key generation system considered in this paper is a simple device-to-device model with two legitimate UWNs members Alice and Bob, as shown in Figure 1. Alice and Bob are equipped with a single antenna. They communicate with an identical frequency and can transmit signals over the wireless channels and send helper information over the public channel. As generally assumed in most research literature, there is a passive eavesdropper Eve, which does not interfere with legitimate transmissions and is located at least half of the wavelength away from any legitimate members. The fading channels are independent quasi-static fading channels, where the fading channels remain constant for a certain coherent time but vary independently from one coherent time to another. It is also assumed that the channel gain h 0 ∼  (0, 2 0 ), and the noise in each channel also obeys Gaussian distribution with zero mean and variance 2 .
In this place, we should note that the proposed method still works if the distribution of wireless channel gain changes. For practical reasons, we consider the model as half-duplex, in which Alice and Bob can not transmit or receive signals at the same time.

Secret key capacity
We suppose the legitimate members Alice, Bob and the eavesdropper Eve obtain n sequences X = (X 1 , respectively. Alice and Bob calculate a common key represented as K A and K B , respectively, based on their observations. Hence, the generated secret key rate r K (X ; Y ||Z ) can be upper and lower bounded as [14,16,24] where I (A; B) denotes the mutual information of A and B, and the conditional mutual information can be calculated where H (A, B) denotes the joint entropy of A and B.

DEVICE-TO-DEVICE SECRET KEY GENERATION SCHEME VIA WIRELESS CHANNEL RECIPROCITY
In this section, we present a device-to-device secret key generation scheme over quasi-static block fading channels. The proposed method can be summarized as two steps: (1) randomness sending: Alice and Bob send random signals alternately in coherent time T , then they can obtain the correlated information by exploiting the randomness and the reciprocity of the wireless channels; (2) key agreement: Alice and Bob agree on a common randomness secret key according to their obtained information by using Slepian-Wolf code.
Firstly, Alice transmits a Gaussian random signal ) with power P A over wireless fading channel; then the received signal of Bob and Eve can be expressed as respectively, where h 0 and h 1 are the wireless channel gains from Alice to Bob and Eve, N B 1 and N E 1 are channel noises. Then, Bob transmits a Gaussian random signal x B 1 ∼  (0, 2 B 1 ) with power P B over wireless fading channel, the received signal of Alice and Eve can be expressed as respectively. Repeat the above process until the coherent time ends. Consequently, Alice and Bob obtain correlated information respectively, where T 0 represents the time required to complete a transmission, and ⌊.⌋ denotes the largest integer that is smaller than its argument. Since the channel gain h 1 and h 2 are independent of h 0 , the observations obtained by Eve are independent of that obtained by Alice and Bob, and Eve learns nothing about , Alice and Bob can agree on a secret key with the rate where the last step follows the fact that x A and x B are independent. Obviously, the first term of (7) comes from the randomness of wireless channel which equals to the secret key rate of conventional method [15,24], and the second term of (7), where the last step follows the fact that x A and h 0 are independent.
In this place, we introduce the following multivariate normal distribution [28]. Let X 1 , X 2 , … , X n have a multivariate normal distribution with mean and covariance matrix K . The probability density function of X 1 , X 2 , … , X n is given by So the entropy can be expressed as Consider the conditional mutual information I (x A ; Y B |h 0 ) above, when h 0 is given, h 0 could be regarded as a constant. Hence, Y B i = h 0 x A i + N B i can be considered as a Gaussian random variable. Therefore, we have Hence, where i is the correlation coefficient of x A i and Y B i . The covariance of x A i and Y B i can be calculated as It is easy to check that the variances var ( Substituting (13) and (15) into (9), we have Similarly, the third term of (7) can be expressed as Finally, we get the secret key rate as In order to generate a secret key having the rate in (18), it is necessary for Alice to transmit helper data to Bob over the public channel using Slepian-Wolf code [15] to coordinate the influence of noise in its channel estimation. Somewhat notable is that although the helper data can be obtained by Eve, Eve learns nothing about the key. More specifically, in every coherent time T , Alice has m = ⌊ T 2T 0 ⌋ observations. These observations can be expressed as a vector g A = [g Δ A (1), … , g Δ A (m)] T , where g A (i ) = x Ai Y Ai and g Δ A (i ) represents a quantized version of g A (i ) with quantization interval being Δ. We note that all of these g Δ A (i )'s are independent of each other. Similar to this process, Bob also has a vector g B = [g Δ B (1), … , g Δ B (m)] T . Alice randomly divides the typical g Δ A sequences into non-overlapping bins, with each bin having 2 mI (g Δ A ;g Δ B ) typical sequences. Each sequence contains two indexes: the bin number and the index within the bin. In the next step, Alice sets the key to the index Cooperative secret key generation model of the sequence in its bin after observing the vector g A , and then transmits the bin number as a secondary information to Bob over the public channel. In this step, Alice should transmit H (g Δ A |g Δ B ) bits of information over the public channel. Based on the information observed from the common channel and on g B , Bob can recover the value of g A with any probability closing to one and then recover the key. Due to the independence of bin number and index within the bin, Eve learns nothing about the key though it can obtain the bin number over public channel. Now, in the limit where the quantization level Δ tends to zero, one achieves the secret key rate (18). In this place, we should note that the key generated according to this approach can be proved to be uniformly distributed [23], so they are suitable for encryption according to the one-time pad technique.

COOPERATIVE SECRET KEY GENERATION SCHEME WITH ASSISTANCE OF RELAY NODES
In this section, we propose a cooperative scheme for secret key generation which increases the secret key rate by utilizing relay nodes in UWNs. The cooperative secret key generation model is shown in Figure 2. Alice and Bob want to agree on a secret key aided by N relay nodes. We assume that all of N relay nodes follow the designed protocols and do not leak information to Eve. The channel gains h 0 , h 1,A , h 1,B , … , h N ,A , h N ,B and the noise in each channel are all Gaussian distributed. For simplicity, we assume the channel gains h n ∼  (0, 2 n ), where h n represents h n,A and h n,B with n = 1, 2, … , N . All other assumptions about the system model are the same with the description in Section 2.
The proposed method can be summarized as three steps: (1) randomness sending, in which Alice, Bob and R i send random signals x A , x B , x Ri , respectively, in turn, where i = 1, 2, … , N ; (2) relays sending help information, in which relay node R i sends help information h i = x Ri Y Ri,A ⊕ x Ri Y Ri,B in turn, where i = 1, 2, … , N , and ⊕ denotes the XOR operation; (3) key agreement, in which Alice and Bob agree on a common randomness secret key according to their obtained information using Slepian-Wolf code. Next, we will elaborate on the first two steps.
In the randomness sending step, firstly, Alice transmits a Gaussian random signal x A ∼  (0, 2 A ) with power P A over wireless fading channel, the received signal of Bob and R i can be expressed as respectively, where i = 1, 2, … , N . Similarly, Bob transmits a Gaussian random signal x B ∼  (0, 2 B ) with power P B over wireless fading channel, the received signal of Alice and R i can be expressed as respectively. Then relay R i transmits a Gaussian random signal x Ri ∼  (0, 2 Ri ) with power P Ri in turn; the received signal of Alice and Bob can be expressed as respectively.
In the next relay-aided step, N relay nodes send assistant information h 1 , h 2 , … , h N in turn, where h i = x Ri Y Ri,A ⊕ x Ri Y Ri,B , from which, and based on their received signals after the step of randomness sending , Alice and Bob obtain respectively. Due to the reciprocity of wireless channels, we have Ri . Then Alice and Bob obtain estimations respectively. After this step, Alice and Bob obtain three sets of correlated information, (x A Y A,B , x B Y B,A ), (x Ri Y Ri,B , x B Y B,Ri ), and (x A Y A,Ri , x Ri Y Ri,A ). The step of key agreement is similar to that in Section 3 and we do not illustrate here. The resulting

MODIFIED DEVICE-TO-DEVICE SECRET KEY GENERATION SCHEME OVER CORRELATED CHANNELS
In this section, we investigate a more general and realistic scenario in which the reciprocity of wireless channels is varied while the forward channel gain and backward channel gain are correlated in every coherent time. All other assumptions about the model are the same as that in Section 2. Since the forward channel gain and backward channel gain are no longer equal, the protocol developed above is not applicable. We present a modified secret key generation scheme via layered coding, which is proved to be theoretically optimal. The process of information reconciliation is depicted in Figure 3. The basic principle of the modified scheme is the correlation of error rates of the same symbol at different bit layers [29]. For instance, considering the model where h Δ is uniformly distributed on {0, 1, … , q − 1}, where q = 2 k for integer k, and P (h B |h A ) is a uniform-error channel (i.e. if h B ≠ h A , h B takes value in the remaining 2 k − 1 symbols with equal probabilities). If any symbol errors in one bit layer, then the probability that it errors in the next bit layer is 0.5, and the next bit can be considered as erased [30].
We suppose Alice transmits a signal x A over the wireless fading channel, then the received signal of Bob can be expressed as where h 0 denotes the channel gain from Alice to Bob. If Bob transmits a signal x B over the wireless fading channel, the received signal of Alice can be expressed as where h * 0 denotes the channel gain from Bob to Alice. In order to obtain common information from received signals, Alice and Bob estimate the channel gain. The channel gain estimation can be expressed as Then Alice generates a message (E 1 , E 2 , … , E k ) by utilizing a binary Slepian-Wolf coding to each bit layer and sends it to Bob. Note that h 0 and h * 0 is not equal but h A and h B are correlated. Fixing P h A , we can consider h B as the output signal after transmitting an input signal h A over wireless channel, which is characterized by the transition law P (h B |h A ).
Based on the messages transmitted and on h A and h B , respectively, Alice generates a message M ∈ {0, 1} m and Bob generates a message M ′ ∈ {0, 1} m . a Alice and Bob try to make M = M ′ through information reconciliation and then privacy amplification is applied to extract the secret key, which is the same as conventional ones [31]. The key rate of information reconciliation can be expressed as where t represents the number of bits communicated between Alice and Bob.
In the following, we analyze the theoretical limit of achievable key rate of the proposed scheme. Let t j be the length of the message E j , we assume that for each bit layer, an asymptotically optimal Slepian-Wolf code can be found, then in the limit where the probability that M = M ′ tends to one and where block length n tends to infinity, the secret key rate is We first have so If the first j − 1 bit layers are decoded successfully, then we have Using the chain rule for entropies, for any positive , Since the sequence h A and h B are memoryless, in the limit where block length n tends to infinity, we have Letting n → ∞, Setting arbitrarily small, thus the maximum secret key rate of the modified secret key generation scheme is That is, the proposed modified secret key generation scheme is theoretically optimal.

SIMULATION RESULTS
In this section, we analyze the effects of the key parameters through numerical results and put insights to obtain a higher Comparison of secret key generation rates versus h 0 key rate via wireless channel reciprocity. Furthermore, the performance of the modified secret key generation scheme based on LDPC codes is also tested. Figure 4 illustrates the secret key generation rates against i with h 0 = 0.4, 0.6, 0.8, respectively. In this test, we set T = 10, T 0 = 1, 2 = 2 0 = 3, P A = P B = 3. It is not difficult to find that the secret key generation rate of the MR scheme can be improved with the increase of i when other parameters are fixed. Figure 5 illustrates the secret key generation rates against h 0 using the proposed scheme, Xiao's scheme [26], Lai's scheme [15], and the conventional scheme without relay nodes. Without loss of generality, we assume T = 10, T 0 = 1, 2 = 2 0 = 2 We can find that the generated secret key rate of the proposed MR scheme can be improved with the increase of h 0 , while the secret key rates of the other three schemes do not change with the increase of h 0 . This is because in the proposed scheme, the effective information in Y A and Y B increases with the increase of h 0 when other parameters are fixed, and in the other three schemes, the key rates are independent of h 0 . We can also observe that the proposed scheme outperforms the other two relay schemes when h 0 is greater than 0.6. However, the proposed scheme does not require additional relay nodes and reduces hardware overhead. Figure 6 illustrates the secret key generation rates against T with T 0 = 1, 2 = 2 0 = 2 i = 3, P A = P B = 3, h 0 = 0.75. It is obvious that the secret key generation rate of the MR scheme hardly changes with the increase of T while the key rate of the conventional no relay algorithm decreases with the increase of T . This is because in the proposed scheme, as T increases, Alice and Bob could send more random signals and thus the correlated information obtained by them increases. Figure 7 illustrates the cooperative secret key generation rates against the number of relays N using the proposed scheme, Xiao's scheme [26] and Lai's scheme [15]. In this test, we assume T = 12, T 0 = 1, 2 = 2 0 = 2 A = 2 B = 2 R i = 3, P A = P B = 3, h 0 = 0.78. It is obvious that the proposed cooperative scheme has a better performance. We can also observe that each line in the diagram has a horizontal segment; this is because when T = 12, at most four relay nodes can help the two legitimate nodes in the proposed cooperative scheme and Xiao's scheme, and at most two relay nodes can help the two legitimate nodes in Lai's scheme. Figure 8 shows the performance of the modified secret key generation scheme based on LDPC codes with q = 32 and n = 4500. We can find a small gap between the key rates of the modified secret key generation scheme and the maximal key rate, since the regular LDPC codes are imperfect. From the point of view of engineering requirements, the modified secret key generation scheme can satisfy the practical application in UWNs.

CONCLUSION
To improve the secret key generation rate and the security of ubiquitous wireless communications networks, we propose a novel multi-randomness (MR) device-to-device secret key generation strategy and develop a novel cooperative communication mechanism aided by relay nodes over quasi-static block fading channels. In the proposed secret key generation scheme, the common randomness between two communication nodes is enhanced by exploiting the two-way random signals, and the generated secret key rate outperforms traditional relay-aided schemes. In addition, we consider the scenario with the reciprocity of wireless channels varied but the forward channel gain and backward channel gain are correlated in the coherent time.
In this case, we present a modified secret key generation scheme via layered coding, which is proved to be theoretically optimal. The theoretical analysis and simulation results demonstrate that the proposed scheme outperforms traditional approaches with favourable application prospects in ubiquitous wireless communications networks. In the future work, we will consider the case of the eavesdropping channel and the legitimate channel possessing a certain correlation.