Secret Key Generation From Mobility

Onur Gungor, Fangzhou Chen, C. Emre Koksal Department of Electrical and Computer Engineering The Ohio State University, Columbus, 43210

Abstract—We consider secret key generation from relative improving its observations. We study the tradeoffs involved localization information of a pair of nodes in a mobile wireless and show that, while in some cases it may be possible to network in the presence of a mobile eavesdropper. Our scheme increase the beacon rate unboundedly with the number of consists of two phases: in the first phase, legitimate node pair exchanges beacon signals to establish localization information beacons, if the eavesdropper possesses certain capabilities such based on noisy observations of these beacons; in the second as measuring the angle of arrival, increasing the number of phase, nodes generate secret key bits via a public discussion. Our beacons do not necessarily increase the achievable key rate problem can be categorized under the source models of informa- beyond a certain limit. We also study the loss of key rate due to tion theoretic secrecy, where the distance between the legitimate imperfections such as quantization noise and clock mismatch. nodes acts as the observed common randomness. We characterize the achievable secret key bit rate in terms of the observation noise variance at the legitimate nodes and the eavesdropper. This II. RELATED WORK work provides a framework that combines information theoretic Source model of secrecy studies generation of secret key secrecy and wireless localization, and proves that the localization bits from common randomness observed by legitimate nodes. information provides a significant additional resource for secret In his seminal paper, Maurer showed that, if two nodes observe key generation in mobile wireless networks. correlated randomness, then they can agree on a secret key through public discussion [1]. He provided upper and lower I.INTRODUCTION bounds on the achievable secret key rates, considering that the We consider the generation of a common key in a pair of nodes have unlimited access to a public channel, accessible by nodes, which move in R2 (continuous space) according to a the eavesdropper. Although the upper and lower bounds have discrete time stochastic mobility model. An eavesdropper is been improved over time [2], [3], the secret key capacity of the also mobile with a mobility pattern, independently of those of source model in general is still an open problem. Despite this the legitimate nodes. We exploit the reciprocity of the distance fact, the source model has been extended to several different between a given pair of locations, view the distance between settings [4]. the legitimate nodes as a common randomness shared by these There is a vast amount of literature on localization in wire- nodes and utilize it to generate secret key bits using the ideas less networks (see, e.g., [5]–[7], and the references therein). from source models of secrecy. There has been some focus on secure localization and position- We propose a system, in which the legitimate nodes use a based cryptography [8]–[11], however, these works either two stage key generation process: (1) In the first stage, they consider key generation in terms of other forms of secrecy (i.e., repeatedly exchange wireless beacons to obtain information computational secrecy), or fall short of covering a complete regarding the sequence of distances between them over many information theoretic analysis. Also a similar line of work in time slots as they move in the area. The beacon signal wireless network secrecy considers channel identification [12] may contain explicit information such as a time stamp, or for secret key generation. Based on the channel reciprocity the receiving node can extract other means of localization assumption, nodes at both ends experience the same channel, information by analyzing the angle of arrival, the received corrupted by independent noise. Therefore, nodes can use signal strength (RSS), etc. We assume that the eavesdrop- their channel magnitude and phase response observations to per overhears the beacons and tries to deduce the distance generate secret key bits from public discussion. Another no- information based on these observations. (2) In the second table work [13] considers secret key generation from common stage, the nodes communicate over the public channel to agree phase information. Considering a narrow-band fading model, on a “reliable” secure key based on the observed sequence the authors describe a hierarchical structure to generate keys, of relative distances. Using a source model of secrecy, we with applications to multi-node key generation. However, the characterize the achievable secret key bits in terms of the security of the model depends on the fact that eavesdropper’s observation noise variance at the legitimate nodes and the phase observation is independent of the legitimate nodes’ eavesdropper. We show that localization information provides phase observation, which does not hold if the eavesdropper a significant additional resource for secret key generation. observes or estimates the positions and velocities of legitimate Next, we consider the case where legitimate nodes are nodes using the received signals. capable of improving the observation quality by exchanging Note that, our approach of using the distances robust with multiple beacons at a given location. Note however that the respect to channel issues. There may be numerous scenarios improvement comes at the expense of the eavesdropper also in which channel reciprocity does not hold (e.g., presence of ground reflections), which leads to the failure of the The legitimate nodes generate secret key bits from their approaches based on that assumption. However, the distance mobility patterns in two phases: localization and key gen- (or the propagation delay) between two points is identical in eration. In the first (localization) phase, nodes observe the both directions, regardless of the medium. sequence of distances using the beacon signals (e.g., by using the propagation delay (time of arrival) of electromagnetic III. SYSTEM MODEL signals [5]). In the second (secure key generation) phase, the Consider a simple network consisting of two mobile le- nodes generate secret key bits from the common localization gitimate nodes, called user 1 and 2, and a possibly mobile information via public discussion. Now, we explain these eavesdropper e. We divide time into discrete slots {1, ,n}, phases in more detail: where slot i covers the time interval [iT, (i+1)T ). We assume Phase I - localization: At the beginning of each slot i, node 1 T to be large enough for many beacon-signal exchanges to 1 broadcasts a beacon. Considering perfect clock synchroniza- be possible, but too short for a significant location change to tion of the nodes2, nodes 2 and e obtain a noisy observation occur. Hence, we assume the location to be constant within of d12[i] and d1e[i] respectively. Let these observation be dˆ2[i] 2 a slot. Let xj [i] ∈ R be the random variable that denotes and dˆ1e[i]. Similarly, node 2 follows up with a beacon and the location of node j ∈ {1, 2,e} at slot i in cartesian nodes 1 and e observe dˆ1[i] and dˆ2e[i], respectively. With the coordinates. The distance between nodes 1 and 2 in slot i is observations of both the beacons, the eavesdropper also obtains d n d12[i]= |x1[i]−x2[i]|. We use the notation 12 = {d12[i]}i=1. a noisy observation, φˆ [i], of the angle between the legitimate d d e Similarly 1e, 2e denotes the sequence of distances between nodes. The first phase ends after n slots. nodes (1,e) and nodes (2,e) respectively. Hence, the distance Phase II - key generation: In the second phase, nodes 1 and vectors form n triangles, one of which is shown in Figure 1. 2 agree on a secret key based on the observation sequence Furthermore, let φe[i] denote the angle of the triangle at node dˆ = {dˆ [i]}n and dˆ = {dˆ [i]}n by communicating n dˆ dˆ 1 1 i=1 2 2 i=1 e at slot i, and φe = {φe[i]}i=1. For the n-tuples ( 1, 2), over an error-free public channel. This phase is commonly 1d12[i] 2 referred to in the source model literature as the public dis- cussion phase [1]. A public discussion algorithm C1, , Ct is a t step message exchange protocol, where node 1 send d1e[i] d2e[i] messages C1, C3, , at odd steps, and node 2 sends messages φ [i] e C2, C4, at even steps, according to a deterministic function such that e Fig. 1: Parameters of the system H(C |dˆ , C , , C )=0, odd i (1) we denote the joint probability density function as f(dˆ , dˆ ), i 1 i−1 1 1 2 dˆ and define [14] H(Ci| 2, Ci−1, , C1)=0, even i (2) • The mutual information as At the end of the t step protocol, node 1 obtains S1, and node f(dˆ1, dˆ2) 2 obtains S as the secret key, where I(dˆ ; dˆ ) = log 2 1 2 dˆ dˆ f( 1)f( 2)! t H(Sj |dˆj , C )=0, j ∈{1, 2} (3) • The average mutual information as Independent of the localization phase, let the eavesdrop- I(dˆ1; dˆ2)= E[I(dˆ1; dˆ2)] per obtain its global position observation xˆe. Then, eˆ = dˆ dˆ ˆ x • The spectral-inf mutual information rate as { 1e, 2e, φe, ˆe} denotes the set of eavesdropper’s complete observations of the system. We say that secret key bits are 1 dˆ dˆ p- lim inf I( 1, 2)= reliably generated at rate R if ∀ǫ> 0, ∃n,t such that (1), (2) n→∞ n 1 and (3) are satisfied, and sup β : lim P I(dˆ1; dˆ2) <β =0 n→∞ n     H(Sj )/n = R, j ∈{1, 2} • The spectral-sup mutual information rate as P(S1 = S2) ≤ ǫ 1 e t p- lim sup I(dˆ1, dˆ2)= I(Sj ; ˆ, C )/n ≤ ǫ, j ∈{1, 2} n→∞ n 1 The problem of finding a public discussion algorithm inf α : lim P I(dˆ1; dˆ2) > α =0 n→∞ n C1, , Ct that maximizes R is out of the scope of this     paper. Our purpose is to understand the effect of localization dˆ Similarly, define the entropy, and the average entropy of 1 as parameters on achievable key rate R. 1 H(dˆ1) = log , and H(dˆ1)= E[H(dˆ1)], respectively. f(dˆ1)   2We consider the possibility of clock mismatch in Section VI-B and argue 1We keep the definition of the beacon signal general as a short signal that clock asynchrony can be corrected asymptotically as the number of slots bearing localization information on the initiating node. n →∞. IV. UPPER/LOWER BOUNDS where the distance observations and eavesdropper angle ob- The following corollaries establish the upper and lower servations can be expressed as (omitting the slot index for bounds on the key bits achievable through public discussion. simplicity) ˆ Corollary 1: The following key rate is achievable through dj = d12 + Nj , j ∈{1, 2} (8) one way public discussion. dˆje = dje + Nje, j ∈{1, 2} (9)

RL = φˆe = φe + Nφ (10) + 1 1 and N , N , and N are zero mean Gaussian noise with max p- lim inf I(dˆ1; dˆ2) − p- lim sup I(dˆ1; eˆ) , j je φ n→∞ n n→∞ n 2 2 2 3   variances σj , σje, and σφ respectively . Note that the noise 1 + in distance observations is due to the limited clock precision, p- lim inf I(dˆ2; dˆ1) − p- lim sup I(dˆ2; eˆ) (4) n→∞ n→∞ n corruption of beacons due to channel noise at the receiver    antenna and fading. The case in which there is no angle Corollary 2: An upper bound for the key rate achievable estimation by the eavesdropper can be represented by choosing through any public discussion is the phase estimation error uniform in (0, 2π): Nφ ∼U[0, 2π]. 1 1 RU = min p- lim inf I(dˆ1; dˆ2), p- lim inf I(dˆ1; dˆ2|eˆ) n→∞ n n→∞ n V. MULTIPLE BEACONS   (5) Next, we consider the case where legitimate nodes exchange Both corollaries follow directly from Theorem 4 in [14], which multiple beacons at each time slot. This reduces the observa- generalizes Maurer’s results on secret key generation through tion noise for both the legitimate nodes and the eavesdropper public discussion [1], to non-i.i.d. settings. and in this section we study the tradeoffs involved. Remarks: (1) In this work, we only consider secret key Suppose, in each slot, the legitimate nodes exchange K generation from the observations of distance information d12 beacons instead of 1. Then, the set of observations for all nodes of the legitimate nodes. One can achieve higher key rates by form a 2-dimensional discrete sequence, e.g., node 1 observes also considering the the angle and global position information. {dˆ1[i, 1], , dˆ1[i,K]} in the ith time slot. The observation (2) There are better upper and lower bounds available in of each beacon (i, k) has the form given in (8)-(10), where the literature. By using two-way public discussion, and using we assume that the noise sequences Nj [i, k], Nje[i, k], and randomization at the encoders, one can achieve better lower Nφ[i, k] are i.i.d. for every observation point. Note that, a bound, which is tight for one way public discussion case [2]. sufficient statistic (Section 2.9 in [15]) for d12[i] at node 1 1 K ˆ Furthermore, a better upper bound is given in [3]. We chose is K k=1 d1[i, k]. Consequently, the sequence of K obser- the above bounds for the simplicity of evaluation. vations of each node in slot i can be summarized by a single (3) Note that eˆ depends on the capabilities of the eavesdropper. observationP for that slot: If the eavesdropper cannot estimate the angle-of-arrival, i.e., if ˆ ˜ the eavesdropper is only equipped with single omnidirectional dj [i]= d12[i]+ Nj[i], j ∈{1, 2} (11) ˆ ˆ ˜ antenna, then φe = ∅. Similarly, if the eavesdropper cannot dje[i]= dje[i]+ Nje[i], j ∈{1, 2} (12) observe its global position in the field, then xˆe = ∅. In this φˆe[i]= φe[i]+ N˜φ[i], (13) work, we only consider the availability of angle information ˜ 2 ˜ 2 ˜ in the eavesdropper, and leave the possibility of the global where Nj ∼ N (0, σj /K), Nje ∼ N (0, σje/K), and Nφ ∼ position observation as a future work. 2 ˜ N (0, σφ/K) if the eavesdropper estimates the angle and Nφ ∼ Equations (4) and (5) are valid for the general stochastic U[0, 2π] otherwise. We analyze these two cases separately. mobility models. In the sequel, we analyze RL and RU for With Angle Observation: The eavesdropper has noisy ob- the special case where node locations are i.i.d. and obser- servations for d1e, d2e, and φe (illustrated in Fig. 1). It can vation of the nodes are corrupted by independent additive combine these observations to estimate d12. We assume that Gaussian noise. Note that, due to the i.i.d. mobility structure, the eavesdropper uses the cosine law to obtain its estimate dˆe: the conditioning on the past and future observations in RL and disappear. Hence, we omit the index and use ˆ ˆ2 ˆ2 ˆ ˆ ˆ RU i de = d1e + d2e − 2d1ed2e cos(φe). (14) f(d12, d1e, d2e, φe) to denote the joint probability density 2 q 2 2 2 function of the node distances and angle at node e, which are For K ≫ 1, σ1 /K,σ2/K ≪ d12, σ1e/K ≪ d1e, σ2e/K ≪ 4 the variables that characterize the triangle given in Figure 1. d2e and Nφ/K ≈ 0 with high probability. Consequently , (14) For this case, the upper and lower bound expressions become can be approximated with

+ dˆe ≈ d12 + N 0, A + B , (15) R =max I(dˆ ; dˆ ) − I(dˆ ; dˆ , dˆ , φˆ ) , L 1 2 1 1e 2e e    h + i 3 ˆ ˆ ˆ ˆ ˆ ˆ Note that the distance observation noise cannot be perfectly Gaussian. I(d2; d1) − I(d2; d1e, d2e, φe) (6) However, under the assumptions σ1, σ2 ≪ d12, σ1e ≪ d1e, σ2e ≪ d2e, h i  the Gaussian assumption is reasonable. 4We omit the derivation due to space constraints. The following follows RU = min I(dˆ1; dˆ2), I(dˆ1; dˆ2|dˆ1e, dˆ2e, φˆe) (7) from a sequence of linear approximations in (14)   2 2 2 2 (d1e−d2e cos(φe)) σ1e+(d2e−d1ecos(φe)) σ2e ′ where A = Kd2 is the Note that, if ∆ = ∆ , then, by the relationship of continuous 12 Q uncertainty that comes from the distance observation errors, and discrete mutual information [15], we have lim|∆|→0 R = 2 2 L d1 d2 φ σ ( e e sin( e) ) φ R . and B = 2 is the uncertainty that comes from L Kd12 the angle estimate error. B. Clock mismatch No Angle Observation: As K → ∞, σ2/K,σ2 /K → 0 j je Assume that there is a clock mismatch between nodes 1, for j ∈{1, 2}, and due to the lack of an angle estimate at the and 2. Consequently, all the observations of d12 of nodes 1 eavesdropper, Nφ ∈U[0, 2π]. Then, and 2 in localization phase are shifted by a random value γ1

RL = I(dˆ1; dˆ2) − I(dˆ1;ˆe) and γ2 respectively: ˆ ˆ ˆ ˆ = h(d1|de) − h(d1|d2). dˆj [i]= d12[i]+ Nj[i]+ γj (16) We have for j ∈{1, 2}. Note that we assume the amount of mismatch is random, but it remains constant. Considering the case where lim h(dˆ1|dˆe)= h(d12|d1e, d2e) K→∞ N1 and N2 are zero mean random variables, (a) 2 2 E ˆ E = h( d1e + d2e − 2d1ed2e cos(φe)|d1e, d2e) [dj |γ1,γ2]= [d12]+ γj . (17) (b) q Hence, with the knowledge of the statistics of the mobility, > −∞ each node j ∈ {1, 2} can obtain a perfect estimate of the where (a) follows from the cosine law. For u, v = 0, amount of clock mismatch γj as n → ∞, and broadcast it in 2 2 h( d1e + d2e − 2d1ed2e cos(φe)|d1e = u, d2e = v) > −∞ the public discussion phase. Therefore, clock mismatch does since φ is uniform in [0, 2π]. Further note that P(d =0)= not affect the theoretical bounds of secret key generation rates. p e 1e 0, and P(d2e = 0)= 0 since nodes cannot be on the exact VII. NUMERICAL RESULTS same location at the same time, hence (b) holds. Similarly, In this section, we numerically evaluate (6) and (7) for the ˆ ˆ ˜ ˜ lim h(d1|d2) = lim h(d12 + N1|d12 + N2) case where the node locations x1[i], x2[i] and xe[i] for each K→∞ K→∞ slot are characterized by i.i.d. circularly symmetric zero mean, = lim h(N˜1 − N˜2|d12 + N˜2) K→∞ unit variance Gaussian random variables. Throughout this sec- = −∞, tion, we assume that the nodes have identical observation noise statistics, i.e., σ1 = σ2, and the observation noise for each ˜ ˜ 2 2 due to the fact that (N1 + N2)∼N (0, (σ1 + σ2 )/K). Hence, user is also statistically symmetric at the eavesdropper, i.e., limK→∞ RL = ∞. Thus, we conclude that, without the angle σ1e = σ2e. We assume uniform quantization with precision estimate at the eavesdropper, any positive key rate can be |∆| = 0.1 for all nodes, including the eavesdropper. Since achieved with the sufficiently large choice of the number |∆| ≪ 1, the calculated rates will be very close to the of beacons K. On the other hand, when eavesdropper can achievable rates as discussed in Section VI-A. In what follows, estimate the angle, the key rate converges to a value that we analyze the behavior of RL and RU as a function of nodes’ depends on the mobility model. observation noise. In the first example, we fix the eavesdropper observation VI. PRACTICAL ISSUES noise σje = 0.2, j ∈ {1, 2} and σφ = 0.2, and observe the A. Quantization key rates as a function of σj , j ∈ {1, 2} with and without an angle observation. As shown in Fig. 2a, without angle Even though the observations dˆ1, dˆ2, eˆ of the nodes are from a continuous space, in practice nodes quantize their observation, even the lower bound grows unboundedly as σ1 observations to store them and the quantized values are and σ2 decreases. This implies that, theoretically, infinite key used in the public discussion. Let ψ() be a predetermined rate can be achieved in the case where nodes 1 and 2 have d quantization function. Then the legitimate nodes j ∈ {1, 2} perfect observation of 12. Furthermore, it can be clearly seen can obtain quantized versions of the distance observation that observation of angle by the eavesdropper significantly dˆ∆ dˆ decreases the secret key rate. i = ψ( i, ∆), where |∆| = maxx |x − ψ(x)| is the resolution of quantization. The eavesdropper is also subject Next, we fix σj = 0.3, j ∈ {1, 2} and σφ = 0.2, and in ′ to similar quantization constraints and let eˆ∆ = ψ(eˆ, ∆′) be Figure 2b, we plot RL and RU with and without an angle its quantization function with another resolution ∆′. Define observation, as a function of the eavesdropper observation noise σje, j ∈ {1, 2}. Clearly, the secrecy rate increases Q RL = as the eavesdropper distance observation noise gets stronger. + ′ However, the impact of the eavesdropper distance observation 1 dˆ∆ dˆ∆ 1 dˆ∆ e∆ max p- lim inf I( 1 ; 2 ) − p- lim sup I( 1 ; ˆ ) noise is much less significant compared to the impact of the n→∞ n n→∞ n  +  observation noise of the legitimate nodes. Indeed, even when ′ dˆ∆ dˆ∆ 1 dˆ∆ e∆ the eavesdropper has perfect distance observations, a non-zero , p- lim inf I( 2 ; 1 ) − p- lim sup I( 2 ; ˆ ) n→∞ n  n→∞   key rate is achievable. This, however, is not true when the 4.5 1.4 2.5 R L 4 R U 1.2 R with angle 3.5 L 2 R with angle U 1 3 1.5 0.8 R 2.5 L R U 2 0.6 R with angle 1

Key Rate, bits Key Rate, bits L Key Rate, bits R with angle 1.5 U 0.4 R L 1 R 0.5 U 0.2 R with angle 0.5 L R with angle U 0 0 0 0 0.05 0.1 σ 0.15 0.2 0.25 0.05 0.1 0.15 0.2 0.25 0.3 0.35 0.4 0.45 0 2 4 6 8 10 12 14 16 j σ Number of Beacons je (a) (b) (c)

Fig. 2: Key rate vs (a) σj , (b) σje, (c) number of beacons, with and without angle observation

eavesdropper has perfect angle estimates that accompany the [2] R. Ahlswede and I. Csiszar, “Common randomness in information theory perfect distance estimates. In that case, the achievable key rate and cryptography. I. Secret sharing,” IEEE Trans. Information Theory , vol.39, no.4, pp.1121-1132, Jul 1993 is 0, since the eavesdropper has perfect knowledge of d12. [3] U. M. Maurer and S. Wolf, “Unconditionally secure key agreement and Finally, we analyze the impact of multiple beacons. With the intrinsic conditional information,” IEEE Trans. Information Theory , vol.45, no.2, pp.499-514, Mar 1999 σj = σje = 0.3 j ∈ {1, 2} and σφ = 0.3, in Figure 2c, we [4] I. Csiszar and P. Narayan, “Secrecy Capacities for multiterminal channel plot RL and RU without and with an angle observation, as models,” IEEE Trans. Information Theory, vol.54, no.6, pp.2437-2452, a function of the number of beacons. We can see that, using June 2008 multiple beacons may be beneficial, depending on whether [5] S. Gezici, Z. Tian, G. B. Giannakis, H. Kobayashi, A.F. Molisch, H.V. Poor, and Z. Sahinoglu, “Localization via ultra-wideband radios: a eavesdropper has the angle observation or not. With no angle look at positioning aspects for future sensor networks,” IEEE Signal observation, the key rate grows unboundedly with the number Processing Magazine, vol.22, no.4, pp. 70- 84, July 2005 of beacons, as shown in Section V, i.e., the legitimate nodes’ [6] Y. Shen and M.Z. Win,“Fundamental limits of wideband localization Part I: A general framework,” IEEE Trans. Information Theory, vol.56, benefit by transmitting as many beacons as possible. With an no.10, pp.4956-4980, Oct. 2010 angle observation, the accuracy of the angle estimate as well [7] Y. Shen, H. Wymeersch and M.Z. Win, “Fundamental limits of wideband as the distance estimates at the eavesdropper increase with the localization Part II: Cooperative networks,” IEEE Trans. Information Theory, vol.56, no.10, pp.4981-5000, Oct. 2010 number of beacons, and the eavesdropper will be able to locate [8] H. Buhrman, N. Chandran, V. Goyal, R. Ostrovsky and C. Schaffner, the nodes highly accurately via the cosine law as n increases. “Position-based quantum cryptography: Impossibility and construc- Hence, the key rate remains bounded. tions,”, 2010 [9] A. Srivinasan and J. Vu, “A survey on secure localization in wireless sen- sor networks”, Encyclopedia of Wireless and Mobile Communications, VIII. CONCLUSION 2007. In this paper, we studied the information theoretic limits of [10] R. Poovendran, C. Wang, S. Roy, “Secure localization and time syn- chronization for wireless sensor and ad-hoc networks”, Springer Verlag, secure key generation using the distance between legitimate 2007 nodes in mobile wireless networks. We considered a two [11] N. Chandran, V. Goyal, R. Moriarty and R. Ostrovsky, stage process to generate keys. In the first stage, legitimate “Position based cryptography,” Cryptology ePrint Archive, 2009, http://eprint.iacr.org/2009/ nodes generate relative localization information by exchanging [12] Wilson, R.; Tse, D.; Scholtz, R.A.; , “Channel identification: Secret beacons, whereas in the second stage, the nodes generate secret sharing using reciprocity in ultrawideband channels,” IEEE International key bits by public discussion. We characterized lower and Conf. Ultra-Wideband, ICUWB 2007, pp.270-275, 24-26 Sept. 2007 [13] Q. Wang, H. Su, K. Ren and K. Kim, “Fast and scalable secret key upper bounds of key rates utilizing results from the source generation exploiting channel phase randomness in wireless networks,” model of secrecy. We showed that when eavesdropper cannot Proc. IEEE INFOCOM 2011, pp.1422-1430, 10-15 April 2011 have angle of arrival observation for the transmitted beacons, [14] M. R. Bloch and J. N. Laneman, “Secrecy from resolvability,” arXiv:1105.5419v1 [cs.IT], May 2011 nodes can highly improve the key rate by exchanging multiple [15] T.M. Cover and J.A. Thomas, “Elements of information theory,” Wiley, beacons, whereas with an angle observation this is not true. New-York, 2nd edition, 2006. Our current investigations are mainly focused on 1) common secret key generation among multiple nodes in a wireless network, 2) application to wideband localization, and 3) the general non-i.i.d. mobility cases.

REFERENCES [1] U.M. Maurer, “Secret key agreement by public discussion from common information,” IEEE Trans. Information Theory, vol.39, no.3, pp.733-742, May 1993