Vulnerabilities of Wireless Key Exchange Based on Channel Reciprocity

  • Nico Döttling
  • Dejan Lazich
  • Jörn Müller-Quade
  • Antonio Sobreira de Almeida
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6513)


Wireless key exchange on the physical layer is a key exchange protocol independent of computational assumptions. It relies only on the physical properties of the wireless channels to generate a common secret key between two parties. Precise conditions, however, for such a key exchange to be secure remain unclear. An argument why unconditional security does not hold for general scenarios is provided. Finally, a novel side-channel attack against such key exchange schemes is described and experimentally validated.


Wireless key exchange physical layer channel reciprocity joint randomness antenna reradiation side-channel attacks 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [AHT+05]
    Aono, T., Higuchi, K., Taromaru, M., Ohira, T., Komiyama, B., Sasaoka, H.: Wireless secret key generation exploiting the reactance-domain scalar response of multipath fading channels. IEEE Transactions on Antennas and Propagation, 3776–3784 (November 2005)Google Scholar
  2. [ANT]
  3. [ASKMY07]
    Azimi-Sadjadi, B., Kiayias, A., Mercado, A., Yener, B.: Robust key generation from signal envelopes in wireless networks. In: ACM conference on Computer and Communications Security, pp. 401–410 (October 2007)Google Scholar
  4. [Bal97]
    Balanis, C.A.: Antenna Theory: analysis and design. John Wiley and Sons, Chichester (1997)Google Scholar
  5. [BBRM08]
    Bloch, M., Barros, J., Rodrigues, M.R.D., McLaughlin, S.W.: Wireless information-theoretic security. IEEE Transactions on Information Theory 54(6), 2515–2534 (2008)MathSciNetCrossRefzbMATHGoogle Scholar
  6. [Bla90]
    Blahut, R.E.: Digital Transmission of Information. Addison-Wesley, Reading (1990)Google Scholar
  7. [FRA]
    Frankonia emc test-systems,
  8. [GN05]
    Goel, S., Negi, R.: Secret communication in presence of colluding eavesdroppers. In: Proc. IEEE Military Communication (MILCOM), vol. 3, pp. 1501–1506 (October 2005)Google Scholar
  9. [HHY95]
    Hershey, J.E., Hassan, A.A., Yarlagadda, R.: Unconventional cryptographic keying variable management. IEEE Transactions on Communications 43, 3–6 (1995)CrossRefzbMATHGoogle Scholar
  10. [HIU+08]
    Hashimoto, T., Itoh, T., Ueba, M., Iwai, H., Sasaoka, H., Kobara, K., Imai, H.: Comparative studies in key disagreement correction process on wireless key agreement system. In: Information Security Applications, pp. 173–187 (January 2008)Google Scholar
  11. [HSHC96]
    Hassan, A.A., Stark, W.E., Hershey, J.E., Chennakeshu, S.: Cryptographic key agreement for mobile radio. Digital Signal Processing 6, 207–212 (1996)CrossRefGoogle Scholar
  12. [J.G02]
    Proakis, J.G.: Communication Systems Engineering, ch. 7.6. Prentice Hall, Englewood Cliffs (2002)zbMATHGoogle Scholar
  13. [JYK+07]
    Jørgensen, M., Yanakiev, B., Kirkelund, G., Popovski, P., Yomo, H., Larsen, T.: Shout to secure: Physical-layer wireless security with known interference. In: Global Telecommunications Conference, GLOBECOM 2007, pp. 33–38. IEEE, Los Alamitos (November 2007)Google Scholar
  14. [KHC00]
    Koorapaty, H., Hassan, A.A., Chennakeshu, S.: Secure information transmission for mobile radio. IEEE Communication Letters 4, 52–55 (2000)Google Scholar
  15. [KV08]
    Kim, H., Villasenor, J.D.: Secure MIMO communications in a system with equal number of transmit and receive antennas. IEEE Communication Letters 12, 386–388 (2008)CrossRefGoogle Scholar
  16. [LHR06]
    Li, X., Hwu, J., Paul Ratazzi, E.: Array redundancy and diversity for wireless transmissions with low probability of interception. In: IEEE International Conference on Acoustics, Speech and Signal Processing, ICASSP Proceedings, vol. 4, pp. 525–528 (May 2006)Google Scholar
  17. [LXMT06]
    Li, Z., Xu, W., Miller, R., Trappe, W.: Securing wireless systems via lower layer enforcements. In: Proceedings of the 5th ACM Workshop on Wireless Security, pp. 33–42 (2006)Google Scholar
  18. [LYCH78]
    Leung-Yan-Cheong, S.K., Hellman, M.E.: The gaussian wiretap channel. IEEE Trans. Inform. Theory 24, 451–456 (1978)MathSciNetCrossRefzbMATHGoogle Scholar
  19. [Mau93]
    Maurer, U.M.: Secret key agreement by public discussion from common information. IEEE Transactions on Information Theory 39(3), 733–742 (1993)MathSciNetCrossRefzbMATHGoogle Scholar
  20. [MTM+08]
    Mathur, S., Trappe, W., Mandayam, N.B., Ye, C., Reznik, A.: Radio-telepathy: extracting a secret key from an unauthenticated wireless channel. In: Garcia-Luna-Aceves, J.J., Sivakumar, R., Steenkiste, P. (eds.) MOBICOM, pp. 128–139. ACM, New York (2008)CrossRefGoogle Scholar
  21. [Ohi05]
    Ohira, T.: Secret key generation exploiting antenna beam steering and wave propagation reciprocity. In: European Microwave Conference , vol. 1 (October 2005)Google Scholar
  22. [OOKF68]
    Okumura, Y., Ohmori, E., Kawano, T., Fukuda, K.: Field strength and its variability in vhf and uhf land mobile radio services (1968)Google Scholar
  23. [SHOK04]
    Sun, C., Hirata, A., Ohira, T., Karmakar, N.C.: Fast beamforming of electronically steerable parasitic array radiator antennas: Theory and experiment. IEEE Transactions on Antennas and Propagation, 1819–1832 (July 2004)Google Scholar
  24. [TM01]
    Tope, M.A., McEachen, J.C.: Unconditionally secure communications over fading channels. In: Military Communications Conference, Communications for Network-Centric Operations: Creating the Information Force, MILCOM 2001, vol. 1, pp. 54–58 (2001)Google Scholar
  25. [TV05]
    Tse, D., Viswanath, P.: Fundamentals of Wireless Communication. Cambridge University Press, Cambridge (2005)CrossRefzbMATHGoogle Scholar
  26. [TY07]
    Tekin, E., Yener, A.: The gaussian multiple access wire-tap channel: wireless secrecy and cooperative jamming. In: Information Theory and Applications Workshop, pp. 404–413 (February 2007)Google Scholar
  27. [USR]
    Ettus research,
  28. [Wyn75]
    Wyner, A.D.: The wire-tap channel. Bell Syst. Tech. J. 54, 1355–1387 (1975)MathSciNetCrossRefzbMATHGoogle Scholar
  29. [XTZW05]
    Xu, W., Trappe, W., Zhang, Y., Wood, T.: The feasibility of launching and detecting jamming attacks in wireless networks. In: Proceedings of the 6th ACM International Symposium on Mobile ad hoc Networking and Computing, pp. 46–57 (2005)Google Scholar
  30. [YMR+09]
    Ye, C., Mathur, S., Reznik, A., Shah, Y., Trappe, W., Mandayam, N.B.: Information-theoretically secret key generation for fading wireless channels. CoRR, abs/0910.502 (2009)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Nico Döttling
    • 1
  • Dejan Lazich
    • 1
  • Jörn Müller-Quade
    • 1
  • Antonio Sobreira de Almeida
    • 1
  1. 1.Institute of Cryptography and Security, Faculty of InformaticsKarlsruhe Institute of TechnologyKarlsruheGermany

Personalised recommendations