SHARED SECRET KEY ESTABLISHMENT USING WIRELESS CHANNEL MEASUREMENTS by Jessica Erin Dudley Croft A dissertation submitted to the faculty of The University of Utah in partial fulfillment of the requirements for the degree of Doctor of Philosophy Department of Electrical and Computer Engineering The University of Utah July 2011 Copyright c Jessica Erin Dudley Croft 2011 All Rights Reserved THE UNIVERSITY OF UTAH GRADUATE SCHOOL SUPERVISORY COMMITTEE APPROVAL of a dissertation submitted by Jessica Erin Dudley Croft This dissertation has been read by each member of the following supervisory committee and by majority vote has been found to be satisfactory. Chair: Neal Patwari Sneha K. Kasera Rong-Rong Chen Cynthia Furse John Regehr ACKNOWLEDGEMENTS Very rarely does a project like this come together based solely upon the work of the author. Here is where I get to say thank you: Neal Patwari has put a great deal to time into explanations, editing and encour- agement. He is unfailingly optimistic and patient and I feel very fortunate to have had him as an advisor. The SPAN lab he created produces exciting ideas and inventions and he has fostered a distinctly collegial and collaborative spirit among its members. I am grateful to have found friends among my colleagues within the SPAN lab: Yang, Dustin, Piyush, Joey and Merrick. My parents, Jerry and Diana Croft, gave me a love of learning and a solid place to rest. They taught me that building or growing or creating something useful can be a source of great joy and satisfaction. Thank you. For a hug, or a laugh or a push when I need it, I thank my partner, Todd Bailey. He listened to me explain the same problem in different ways (some much better than others) a thousand times in the last few years and never stopped trying to understand. ABSTRACT Secret key establishment (SKE) is a method that allows two users, Alice and Bob, to obtain shared secret keys using randomness inherent in the wireless channel. Alice and Bob sample the channel many times, extract bits from those measurements and then use the bits to encrypt further communications. Even if an eavesdropper, Eve, were to overhear Alice and Bob measure the channel, she would still have no knowledge of the secret key because she does not measure the same channel as Alice and Bob. While the channel is reciprocal and random, measurements of the channel are temporally correlated and can include non-reciprocities caused by differing transceiver characteristics and the inability of Alice and Bob to measure the channel simultaneously. The thesis aims to reduce or remove the non-idealities and noise of the reciprocal channel measurement process in order to increase secret key bit rate while maintaining an uncorrelated bit stream. The first contribution of this thesis addresses correlated received signal strength (RSS) measurements and differing transceiver characteristics in the context of sensor nodes. Because typical sensor nodes are constrained both by available energy and computational power, balancing the decorrelation method with node resources and changing wireless environments is also addressed. Ranking and fractional delay inter- polation are used to mitigate non-reciprocities associated with differing transceiver characteristics and the inability of the two nodes to measure the channel at identical points in time. Second, bit extraction is applied to channel impulse response (CIR) measure- ments. We develop a novel, inexpensive switching system that allows existing single receiver/single transmitter channel sounding equipment to make bi-directional mea- surements. With this system it is possible to investigate non-reciprocal interference and experimentally evaluate bit extraction for CIR that takes advantage of both the time and spatial diversity of the wireless channel. Finally, non-uniform sampling caused by non-deterministic packet delay when sharing a wireless channel with other users is detrimental to bit extraction yet very common in practical wireless networks, especially for IEEE 802.11-based devices. Interpolation and regression are used to estimate the reciprocal fading signal given the non-uniform samples at Alice and Bob and the non-reciprocities caused by non- simultaneous channel measurements. iii CONTENTS ACKNOWLEDGEMENTS ::::::::::::::::::::::::::::::::::::: i ABSTRACT :::::::::::::::::::::::::::::::::::::::::::::::::: ii LIST OF FIGURES :::::::::::::::::::::::::::::::::::::::::::: vii LIST OF TABLES ::::::::::::::::::::::::::::::::::::::::::::: x CHAPTERS 1. INTRODUCTION ::::::::::::::::::::::::::::::::::::::::: 1 1.1 Three General Extraction Methods . .4 1.2 Channel Measurements . .5 1.2.0.1 Received Signal Strength . .6 1.2.0.2 Channel Impulse Response . .6 1.3 Adversary Model . .7 1.4 Contributions . .7 2. ROBUST UNCORRELATED BIT EXTRACTION METHODOLOGIES FOR WIRELESS SENSORS :::::::::::::::::::::::::::::::: 11 2.1 Abstract . 11 2.2 Introduction . 11 2.3 Adversary Model . 14 2.4 Methodology . 14 2.4.1 Interpolation . 16 2.4.2 Ranking . 17 2.4.2.1 Motivation . 17 2.4.2.2 Algorithm . 18 2.4.3 Decorrelation . 19 2.4.4 Quantization . 20 2.5 Experimental Data Collection . 22 2.6 Enabling Channel Adaptation . 23 2.6.1 Previous Approach . 23 2.6.2 Selection of N . 24 2.6.3 Covariance Matrix and Correlation Coefficient Estimation . 26 2.7 ARUBE Protocol . 29 2.7.1 Packet Transmissions . 31 2.7.2 Computational Complexity . 32 2.8 Results . 34 2.9 Discussion . 36 2.10 Conclusion . 37 3. BIT EXTRACTION FROM CIR USING A BI-DIRECTIONAL RADIO CHANNEL MEASUREMENT SYSTEM ::::::::::::: 39 3.1 Abstract . 39 3.2 Introduction . 39 3.3 Related Work . 42 3.3.1 RF CIR Measurement . 43 3.3.2 Secret Key Establishment . 43 3.4 Analysis . 45 3.4.1 Power Loss . 46 3.4.2 Leakage . 46 3.4.3 System Design . 47 3.4.4 Example Realization . 49 3.5 Bi-Directional CIR Measurements . 51 3.5.1 Software Radio . 51 3.5.2 Measurements Collected . 53 3.6 Secret Key Extraction . 55 3.6.1 Adversary Model . 56 3.6.2 Method . 56 3.6.3 Results . 60 3.6.4 Discussion . 64 3.7 Conclusion . 66 4. RECIPROCAL FADING SIGNAL ESTIMATION METHODS FOR SECRET KEY ESTABLISHMENT :::::::::::::::::::::::::::::::::::::::: 68 4.1 Abstract . 68 4.2 Introduction . 68 4.3 Related Research . 70 4.4 Problem Statement . 71 4.5 Estimation Methods . 73 4.5.1 Polynomial Interpolation . 73 4.5.2 Fractional Delay Interpolation . 75 4.5.3 Gaussian Processes Regression . 76 4.5.3.1 Covariance Function . 77 4.5.4 Gaussian Processes Regression with Side Information . 78 4.5.4.1 Public Exchange of Side Information . 79 4.5.4.2 Setting γ2(i).................................... 80 4.6 Experiment . 80 4.6.1 PHY layer and RSS Measurement . 80 4.6.2 Sample Variance . 81 4.6.3 Sampling Non-uniformity . 82 4.7 Results . 83 4.7.1 Performance Metrics . 83 4.7.2 GPRSI Parameter Selection . 84 v 4.7.3 Example . 84 4.7.4 Filter Response . 84 4.7.5 Normalized Root Mean Square Error . 85 4.7.6 Bit Extraction . 86 4.7.6.1 802.15.4 Sensor Nodes . 86 4.7.6.2 802.11 Smartphones . 87 4.8 Conclusion . ..