Springer Nature is making Coronavirus research free. View research | View latest news | Sign up for updates

Secret key generation based on private pilot under man-in-the-middle attack


Given the openness and invariance of public pilot, secret key generation (SKG) based on wireless channels is vulnerable to active attacks. In this paper, we explore man-in-the-middle (MITM) attacks, where the attacker acts as a transparent relay to intercept channel state information and deduce the generated keys. To prevent this type of attacks, a dynamic private pilot is generated, where legitimate nodes first consider the information authenticated between them as seed information for the private pilot, and then generate the private pilot based on this seed information according to the pilot requirements. Then, both the new seed information and secret keys are dynamicaally derived from wireless channels that are estimated with the private pilot instead of a public pilot. The proposed private pilot encrypts and authenticates wireless channels, allowing an SKG rate close to that without attackers. Analysis and simulation results show that the proposed SKG approach can effectively withstand an MITM attack.

This is a preview of subscription content, log in to check access.


  1. 1

    Li N, Tao X F, Wu H C, et al. Large system analysis of artificial noise assisted communication in the multiuser downlink: ergodic secrecy sum-rate and optimal power allocation. IEEE Trans Veh Technol, 2016, 65: 7036–7050

  2. 2

    Qi X H, Huang K Z, Zhong Z H, et al. Physical layer security of multi-hop aided downlink MIMO heterogeneous cellular networks. China Commun, 2016, 13: 120–130

  3. 3

    Ji X S, Kang X L, Huang K Z, et al. The full-duplex artificial noise scheme for security of a cellular system. China Commun, 2015, 12: 150–156

  4. 4

    Li M L, Guo Y F, Huang K Z. Secure power and subcarrier auction in uplink full-duplex cellular networks. China Commun, 2015, 12: 157–165

  5. 5

    Zhang L J, Jin L, Luo W Y, et al. Robust secure transmission for multiuser MIMO systems with probabilistic QoS constraints. Sci China Inf Sci, 2016, 59: 022309

  6. 6

    Li X Y, Jin L, Huang K Z, et al. Transmission frequency-band hidden technology in physical layer security. Sci China Inf Sci, 2016, 59: 019301

  7. 7

    Lou Y M, Jin L, Zhong Z, et al. Secret key generation scheme based on MIMO received signals spaces (in Chinese). Sci Sin Inform, 2016, 47: 362–373

  8. 8

    Khisti A. Interactive secret key generation over reciprocal fading channels. In: Proceedings of 50th Annual Allerton Conference on Communication, Control, and Computing (Allerton), Monticello, 2012. 1–8

  9. 9

    Kapetanovic D, Zheng G, Rusek F. Physical layer security for massive MIMO: an overview on passive eavesdropping and active attacks. IEEE Commun Mag, 2015, 53: 21–27

  10. 10

    Zhou X, Maham B, Hjrungnes A. Pilot contamination for active eavesdropping. IEEE Trans Wirel Commun, 2012, 11: 903–907

  11. 11

    Zhou H, Lauren M H. Secret key generation in the two-way relay channel with active attackers. IEEE Trans Inf Forens Secur, 2014, 9: 476–489

  12. 12

    Zafer M, Agrawal D, Srivatsa M. Limitations of generating a secret key using wireless fading under active adversary networking. IEEE/ACM Trans Netw, 2012, 20: 1440–1451

  13. 13

    Bellovin S M, Merritt M. Encrypted key exchange: passwordbased protocols secure against dictionary attacks. In: Proceedings of IEEE Computer Society Symposium on Research in Security and Privacy, Oakland, 1992. 72–84

  14. 14

    Demillo R, Merritt M. Protocols for data security. Computer, 1983, 2: 39–51

  15. 15

    Baker W, Goudie M, Hutton A, et al. Data breach investigations report. Methodology, 2011, 36: 1–63

  16. 16

    CAPEC. Capec-94: Man in the middle attack. 2014. http://capec.mitre.org/data/definitions/94.html

  17. 17

    Frankel S, Eydt B, Owens L, et al. Establishing wireless robust security networks: a guide to IEEE 802.11i. National Institute of Standards and Technology, Gaithersburg. Report No. NIST SP 800-97. 2007

  18. 18

    Mayank A, Santosh B, Sukumar N. Advanced stealth Man-in-The-Middle attack in WPA2 encrypted Wi-Fi networks. IEEE Commun Lett, 2015, 19: 581–584

  19. 19

    Song I-A, Lee Y-S. Improvement of key exchange protocol to prevent Man-in-The-Middle attack in the satellite environment. In: Proceedings of 8th International Conference on Ubiquitous and Future Networks (ICUFN), Vienna, 2016. 408–414

  20. 20

    Conti M, Dragoni N, Lesyk V. A survey of Man-in-The-Middle attacks. IEEE Commun Surv Tutor, 2016, 18: 2027–2051

  21. 21

    Ye C, Mathur S, Reznik A, et al. Information-theoretically secret key generation for fading wireless channels. IEEE Trans Inf Forens Secur, 2010, 5: 240–254

  22. 22

    Thomas M, Joy A T. Elements of Information Theory. New York: Wiley-Interscience, 1991

  23. 23

    Bjornson E, Ottersten B. A framework for training-based estimation in arbitrarily correlated Rician MIMO channels with Rician disturbance. IEEE Trans Signal Process, 2010, 58: 1807–1820

  24. 24

    Shariati N, Wang J, Bengtsson M. Robust training sequence design for correlated MIMO channel estimation. IEEE Trans Signal Process, 2014, 62: 107–120

  25. 25

    Soltanalian M, Naghsh M M, Shariati N, et al. Training signal design for correlated massive MIMO channel estimation. IEEE Trans Wirel Commun, 2017, 16: 1135–1144

  26. 26

    Chae S H, Choi W, Lee J H, et al. Enhanced secrecy in stochastic wireless networks: artificial noise with secrecy protected zone. IEEE Trans Inf Forens Secur, 2014, 9: 1617–1628

  27. 27

    Ren K, Su H, Wang Q. Secret key generation exploiting channel characteristics in wireless communications. IEEE Wirel Commun, 2011, 18: 6–12

  28. 28

    Ye C, Mathur S, Reznik A, et al. Information-theoretically secret key generation for fading wireless channels. IEEE Trans Inf Forens Secur, 2010, 5: 240–254

  29. 29

    Yang B, Wang W J, Yin Q Y. Secret key generation from multiple cooperative helpers by rate unlimited public communication. In: Proceedings of IEEE Internation Conference on Acoustics, Speech Signal Process (ICASSP), Florence, 2014. 8183–8187

  30. 30

    Szabo Z. Information theoretical estimators toolbox. J Mach Learn Res, 2014, 15: 283–287

  31. 31

    Tayebi A, Berber S, Swain A. Syncim: a new impersonation attack against chip synchronization in WSN. In: Proceedings of 9th International Conference on Sensing Technology, Auckland, 2015. 128–132

  32. 32

    AlQahtani S, Gamble R. Mitigating service impersonation attacks in clouds. In: Proceedings of Future Technologies Conference (FTC), San Francisco, 2016. 998–1007

  33. 33

    Kashima K, Inoue D. Replay attack detection in control systems with quantized signals. In: Proceedings of European Control Conference (ECC), Linz, 2015. 782–787

Download references


The authors would like to thank the anonymous reviewers for their detailed evaluation and constructive comments. This work was partially supported by National High-Tech R&D Program of China (863) (Grant No. SS2015AA011306), National Natural Science Foundation of China (Grant Nos. 61601514, 61379006, 61401510, 61521003, 61501516), and China Postdoctoral Science Foundation (Grant No. 2016M592990).

Author information

Correspondence to Liang Jin.

Additional information

Conflict of interest The authors declare that they have no conflict of interest.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Huang, Y., Jin, L., Li, N. et al. Secret key generation based on private pilot under man-in-the-middle attack. Sci. China Inf. Sci. 60, 100307 (2017). https://doi.org/10.1007/s11432-017-9195-3

Download citation


  • private pilot
  • man-in-the-middle attack
  • secret key generation
  • physical layer security