Channel covariance matrix based secret key generation for low-power terminals in frequency division duplex systems

The existing secret key generation (SKG) techniques are not applicable for frequency division duplex (FDD) Internet of Things networks due to the low power constraints and limited computing resources. This letter proposes a SKG scheme based on the channel covariance matrix in FDD systems. First of all, a novel algorithm is proposed for inferring the downlink channel covariance matrix from the observed uplink channel covariance matrix with the aid of the transformation matrix. Then, a complete SKG scheme for low-power terminals in FDD systems is designed to generate keys from the downlink channel covariance matrix. Finally, simulation results show that this scheme can generate high-agreement secret keys in FDD systems. Compared with the loopback mechanism-based SKG scheme, this scheme is suitable for low-power terminals and can achieve signiﬁcant performance improvement in terms of the key disagreement ratio.

Introduction: Physical layer secret key generation (SKG) techniques based on wireless channels have been widely studied in recent years, which can provide lightweight cryptographic protocols for wireless communication systems. Based on the reciprocity, spatial decorrelation and temporal variation of wireless channels, two legitimate users can obtain real-time updated secret keys through the steps of channel estimation, quantization, information reconciliation and privacy amplification [1]. However, the reciprocity of wireless channels is no longer hold since the uplink channel and the downlink channel experience different fading in frequency division duplex (FDD) systems. As a result, most reciprocal shared random sources used in time division duplex (TDD) systems, such as received signal strength, channel impulse response and channel frequency response, are completely different between the uplink and downlink channel in FDD systems.
Several research works have attempted to address the above problems. Based on the spatial reciprocity, some works have explored frequencyindependent parameters to generate secret keys. In [2], the angle and delay of each path were extracted to generate shared keys. In [3], considering the slow variability of the channel covariance matrix, a SKG scheme based on the channel covariance matrix eigenvectors was proposed. However, the complexity of path extraction algorithms and special restrictions on the antenna configuration in [2,3] was not suitable for low-power terminals. Besides spatial reciprocity-based schemes, a loopback mechanism-based SKG scheme was proposed in [4]. Nevertheless, this method was insecure and can be attacked by a passive eavesdropper [5].
In this letter, we propose a secret key generation scheme based on the channel covariance matrix in FDD systems. We design a novel algorithm to infer the downlink channel covariance matrix (DCCM) from the observed uplink channel covariance matrix (UCCM). Hereafter, a complete key generation scheme is proposed to generate keys from the downlink channel covariance matrix. Compared with the existing SKG schemes, this scheme does not require high computational operations and is suitable for low-power terminals. Simulation results show that this scheme can achieve significant performance improvement in terms of the key disagreement ratio.
System model: Consider the FDD IoT network, where Alice is equipped with M antennas and Bob is a low-power terminal equipped with a single antenna due to the device cost. Alice and Bob wish to agree on secret keys from wireless channels. Meanwhile, there exists a potential passive eavesdropper Eve who is more than several wavelengths away from Bob. Assuming that Eve knows the complete SKG process and tries to eavesdrop, as shown in Figure 1.
We consider a frequency-flat fading channel, where the spatially correlated Rayleigh fading channel [6] between Alice and Bob can be expressed as where g(θ ) = |g(θ )|e jφ is complex-valued channel gain whose amplitude and random phase are |g(θ )| and φ, respectively. Signal power received at Alice is limited within the angle interval A = [θ − /2,θ + /2], whereθ and are mean angle of arrival (AoA) and angle spread (AS), respectively. This assumption is reasonable when Alice is located at an elevated position and Bob is surrounded by limited local scatters in realistic outdoor wireless propagation environments [7]. a(θ ) is array manifold vector for signals arriving from θ. When a uniform linear array (ULA) is deployed, a(θ ) is given as where λ and d denote the signal wavelength and antenna spacing, respectively. It is noted that Bob is only equipped a single antenna, the channel from Alice to Bob is a scalar. To construct a vector of channels at Bob, Alice sends pilots by different antennas in different slots during a coherence time. The specific time slots allocation is shown in Figure 2.

Statistical channel reciprocity based on channel covariance matrix:
The wireless channel is well modelled as a non-stationary process. In practice, considering an outdoor urban environment, for instance, massive IoT devices are deployed for smart cities and environment monitoring. The statistical information of wireless channels varies over time due to the movement of vehicles and people. That is to say, the covariance matrix varies over time. Therefore, the channel covariance matrix can be used to generate real-time updated secret keys. The channel covariance matrix R can be expressed as where p(θ) = E[|g(θ)| 2 ] denotes the angular power spectrum (APS) characterizing the channel power distribution per unit angle. Since the downlink and uplink channel share the same propagation environment, the angle of departure (AoD) in the downlink channel is the same as the AoA in the uplink channel, i.e. A u = A d . Moreover, the reciprocity of the electromagnetic propagation ensures that uplink and downlink ray power densities are approximately the same [8], i.e. p d (θ ) = α p u (θ ), where α is a frequency-dependent scalar. Hence, channel covariance matrix based statistical channel reciprocity is available for FDD systems. The UCCM R u and DCCM R d can be represented as Since the distribution of p(θ) is unknown, it is difficult to derive the closed-form solution of R and obtain the transformation relationship between R u and R d . We try to approximate the continuous integral of Equation (4) and (5) via truncated Fourier series. Here we replace p(θ) by a -periodic function p (θ) with p(θ) as the base function. The Fourier We take the main Kth harmonic component to approximate p (θ), then there is p (θ) = K k=−K c(k)e jk 2π θ . As a result, the continuous PAS function can be approximated by discrete expansion coefficients. Further, R u and R d can be approximately represented as where S u (k) and S d (k) are written as respectively. Let m and n be the mth and nth elements of the ULA, respectively, (m, n)th element of S(k) is given as Since is usually small in realistic outdoor wireless propagation environments, we can approximate the integral of Equation (11) using the Taylor expansion of cos(θ ), where cos θ ≈ cosθ − (θ −θ ) sinθ. Hereafter, S m,n (k) is computed as For the ULA with antennas placed at equal intervals, the channel covariance matrix is a positive semi-definite Hermitian Toeplitz [9].
As a result, based on the statistical channel reciprocity, Alice can infer downlink channel covariance matrixR d from the observed uplink channel covariance matrix R u with the aid of the transformation matrix F.

Channel covariance matrix based secret key generation scheme:
Our proposed channel covariance matrix based secret key generation scheme for low-power terminals in FDD systems mainly consists of two steps: Channel covariance matrix estimation and Key generation from the channel covariance matrix, as shown in Figure 3.
(1) Channel covariance matrix estimation: Alice and Bob send public pilots to estimate the channel responseĥ ∈ C M . Since the channel covariance changes much more slowly than the coherence time, the channel covariance matrix is a constant over a certain window of time, which is called the coherent time of channel covariance in this letter. Therefore, Alice and Bob can measure the channel covariance through the numerical averaging during a coherent time of channel covariance. For N channel estimations during a coherent time of channel covariance, the channel covariance matrix can be computed through the numerical averaging method asR Since only a limited number samples are available, the calculatedR may be a non-Toeplitz matrix. We can artificially generate a Toeplitz matrix, whose mth element of the first column can be calculated by the average value of mth diagonal elements ofR, there iŝ Then Alice estimates the mean angleθ and ASˆ using the fast iterative shrinkage-thresholding algorithm (FISTA) to compute the transformation matrix F. As a result, Alice can inferR d from the observed R u with the aid of F. Notably, we adopt the truncated Fourier representation to approximate p(θ), thus it is crucial for the selection of K. It is obvious that the accuracy of the approximation increases as the value of K increases. However, considering that channel covariance matrix is a Hermitian Toeplitz matrix which is confined to (2M − 1)-dimensional real linear spaces and the symmetries of c(k), we choose K = M − 1 in this scheme to reduce the computational complexity.
(2) Key generation from the channel covariance matrix: Considering that the channel covariance matrix has a certain auto-correlation due to closely spaced antennas array, the quantized keys will have serious redundancy if we extract secret keys directly from the channel covariance matrix. Eve can easily crack the ciphertext encrypted using non-random keys via dictionary attack. Therefore, we extract eigenvalues of the channel covariance matrix to generate uncorrelated secret keys. Specifically, the channel covariance matrixR d andR u are decomposed as , which are quantized via uniform quantization algorithm [1]. It is worth noting that although there is a frequency dependent scalar α between the eigenvalues of the UCCM and DCCM, its effect will be eliminated by the quantization because α is a constant and does not affect the shape of the eigenvalue matrix. Then, we use error correction codes-based information reconciliation scheme [1] to correct mismatch bits. Finally, SHA-256 universal hash function is used for privacy amplification to eliminate leaked information.
Simulation results: In this section, we verify the performance of the proposed SKG scheme through Monte Carlo simulation. Alice is equipped ULA with eight antennas whose antenna spacing is separated with half wavelength. Bob is equipped with a single antenna. The uplink and the downlink carrier frequency are 2 and 1.9 GHz, respectively. The channel responses based on the spatially correlated Rayleigh fading channel model are randomly generated according to Equation (1), where the mean angleθ is assumed to be uniformly distributed over an interval [π/6, π/3]. We set N = 100 to compute channel covariance matrix through numerical averaging method. Simulation parameters are listed in Table 1. Figure 4 plots key disagreement ratio (KDR) against signal to noise ratio (SNR) with different schemes. It is noted that the complexity of path extraction algorithms and special restrictions on the antenna configuration in [2,3] was not suitable for the low-power terminals. Therefore, we only compare with the method proposed in [4]. It is obviously that KDR of the channel covariance matrix-based SKG scheme is much lower than that in [4]. The reason lies in that our scheme takes advantage of the statistical channel reciprocity, where Alice can accurately infer the DCCM from the observed UCCM. However, the algorithm proposed in [4] introduces more noise due to two rounds of channel sounding. We also compare the performance of KDR at different AS . It can be seen that KDR increases as increases. There are two main reasons for the performance loss. First, the FISTA algorithm relies on the approxi-  mate sparse representation of channel in the angular domain. It provides a worse estimation accuracy when becomes wider. More importantly, the channel covariance matrix which is approximated by Taylor expansion is no longer accurate when is large. Note that the KDR between Eve and Bob always remains at 0.5 with the increase of the SNR, indicating that Eve cannot steal useful information from shared keys regardless of the signal strength. This is because the eavesdropping channel is independent of the legitimate channel so that the channel covariance matrix of Eve is not correlated with that of Bob. To verify the secret key randomness, a National Institute of Standards and Technology (NIST) randomness test is performed on quantized sequences. Considering that some tests require extremely long sequences, we only run eight typical tests out of 16 different test. For each subtest, if the test result is not less than 0.01, i.e. P ≥ 0.01, it can be considered as random. Table 2 shows that the key bits generated from channel covariance matrix eigenvectors pass the NIST tests, indicating that this scheme can generate secret keys with strong randomness.

Conclusion:
In this paper, we propose a secret key generation scheme based on the channel covariance matrix in FDD systems. With the aid of the transformation matrix, the downlink channel covariance matrix can be inferred from the observed uplink channel covariance matrix. The proposed algorithm greatly relaxes the requirement on the angle estimation and antenna configuration, which is suitable for low-power terminals. Simulation results show that our proposed SKG scheme can generate high-agreement uncorrelated secret keys, which can satisfy the security requirements of FDD communication systems. Furthermore, due to the slow variability of the channel covariance matrix, the secret key generation rate will be limited. Therefore, it is worthwhile to improve the key generation rate for FDD systems in the future.