SCIENCE CHINA Information Sciences, Volume 60, Issue 10: 100307(2017) https://doi.org/10.1007/s11432-017-9195-3

Secret key generation based on private pilot under man-in-the-middle attack

More info
  • ReceivedApr 21, 2017
  • AcceptedJul 25, 2017
  • PublishedSep 1, 2017


Given the openness and invariance of public pilot, secret key generation (SKG) based on wireless channels is vulnerable to active attacks. In this paper, we explore man-in-the-middle (MITM) attacks, where the attacker acts as a transparent relay to intercept channel state information and deduce the generated keys. To prevent this type of attacks, a dynamic private pilot is generated, where legitimate nodes first consider the information authenticated between them as seed information for the private pilot, and then generate the private pilot based on this seed information according to the pilot requirements. Then, both the new seed information and secret keys are dynamicaally derived from wireless channels that are estimated with the private pilot instead of a public pilot. The proposed private pilot encrypts and authenticates wireless channels, allowing an SKG rate close to that without attackers. Analysis and simulation results show that the proposed SKG approach can effectively withstand an MITM attack.


The authors would like to thank the anonymous reviewers for their detailed evaluation and constructive comments. This work was partially supported by National High-Tech R&D Program of China (863) (Grant No. SS2015AA011306), National Natural Science Foundation of China (Grant Nos. 61601514, 61379006, 61401510, 61521003, 61501516), and China Postdoctoral Science Foundation (Grant No. 2016M592990).


[1] Li N, Tao X, Wu H. Large-System Analysis of Artificial-Noise-Assisted Communication in the Multiuser Downlink: Ergodic Secrecy Sum Rate and Optimal Power Allocation. IEEE Trans Veh Technol, 2016, 65: 7036-7050 CrossRef Google Scholar

[2] Qi X H, Huang K Z, Zhong Z H, et al. Physical layer security of multi-hop aided downlink MIMO heterogeneous cellular networks. China Commun, 2016, 13: 120--130. Google Scholar

[3] Ji X S, Kang X L, Huang K Z, et al. The full-duplex artificial noise scheme for security of a cellular system. China Commun, 2015, 12: 150--156. Google Scholar

[4] Li M, Guo Y, Huang K. Secure power and subcarrier auction in uplink full-duplex cellular networks. China Commun, 2015, 12: 157-165 CrossRef Google Scholar

[5] Zhang L J, Jin L, Luo W Y, et al. Robust secure transmission for multiuser MIMO systems with probabilistic QoS constraints. Sci China Inf Sci, 2016, 59: 022309. Google Scholar

[6] Li X Y, Jin L, Huang K Z, et al. Transmission frequency-band hidden technology in physical layer security. Sci China Inf Sci, 2016, 59: 019301. Google Scholar

[7] Lou Y M, Jin L, Zhong Z, et al. Secret key generation scheme based on MIMO received signals spaces (in Chinese). Sci Sin Inform, 2016, 47: 362--373. Google Scholar

[8] Khisti A. Interactive secret key generation over reciprocal fading channels. In: Proceedings of 50th Annual Allerton Conference on Communication, Control, and Computing (Allerton), Monticello, 2012. 1--8. Google Scholar

[9] Kapetanovic D, Zheng G, Rusek F. Physical layer security for massive MIMO: An overview on passive eavesdropping and active attacks. IEEE Commun Mag, 2015, 53: 21-27 CrossRef Google Scholar

[10] Zhou X, Maham B, Hjorungnes A. Pilot Contamination for Active Eavesdropping. IEEE Trans Wireless Commun, 2012, 11: 903-907 CrossRef Google Scholar

[11] Zhou H, Huie L M, Lai L. Secret Key Generation in the Two-Way Relay Channel With Active Attackers. IEEE TransInformForensic Secur, 2014, 9: 476-488 CrossRef Google Scholar

[12] Zafer M, Agrawal D, Srivatsa M. Limitations of Generating a Secret Key Using Wireless Fading Under Active Adversary. IEEE/ACM Trans Networking, 2012, 20: 1440-1451 CrossRef Google Scholar

[13] Bellovin S M, Merritt M. Encrypted key exchange: passwordbased protocols secure against dictionary attacks. In: Proceedings of IEEE Computer Society Symposium on Research in Security and Privacy, Oakland, 1992. 72--84. Google Scholar

[14] Demillo R, Merritt M. Protocols for data security. Computer, 1983, 2: 39--51. Google Scholar

[15] Baker W, Goudie M, Hutton A, et al. Data breach investigations report. Methodology, 2011, 36: 1--63. Google Scholar

[16] CAPEC. Capec-94: Man in the middle attack. 2014. http://capec.mitre.org/data/definitions/94.html. Google Scholar

[17] Frankel S, Eydt B, Owens L, et al. Establishing wireless robust security networks: a guide to IEEE 802.11i. National Institute of Standards and Technology, Gaithersburg. Report No. NIST SP 800-97. 2007. Google Scholar

[18] Agarwal M, Biswas S, Nandi S. Advanced Stealth Man-in-The-Middle Attack in WPA2 Encrypted Wi-Fi Networks. IEEE Commun Lett, 2015, 19: 581-584 CrossRef Google Scholar

[19] Song I-A, Lee Y-S. Improvement of key exchange protocol to prevent Man-in-The-Middle attack in the satellite environment. In: Proceedings of 8th International Conference on Ubiquitous and Future Networks (ICUFN), Vienna, 2016. 408--414. Google Scholar

[20] Conti M, Dragoni N, Lesyk V. A Survey of Man In The Middle Attacks. IEEE Commun Surv Tutorials, 2016, 18: 2027-2051 CrossRef Google Scholar

[21] Chunxuan Ye , Mathur S, Reznik A. Information-Theoretically Secret Key Generation for Fading Wireless Channels. IEEE TransInformForensic Secur, 2010, 5: 240-254 CrossRef Google Scholar

[22] Thomas M, Joy A T. Elements of Information Theory. New York: Wiley-Interscience, 1991. Google Scholar

[23] Bjornson E, Ottersten B. A Framework for Training-Based Estimation in Arbitrarily Correlated Rician MIMO Channels With Rician Disturbance. IEEE Trans Signal Process, 2010, 58: 1807-1820 CrossRef ADS Google Scholar

[24] Shariati N, Wang J, Bengtsson M. Robust Training Sequence Design for Correlated MIMO Channel Estimation. IEEE Trans Signal Process, 2014, 62: 107-120 CrossRef ADS Google Scholar

[25] Soltanalian M, Naghsh M M, Shariati N. Training Signal Design for Correlated Massive MIMO Channel Estimation. IEEE Trans Wireless Commun, 2017, 16: 1135-1143 CrossRef Google Scholar

[26] Chae S H, Choi W, Lee J H. Enhanced Secrecy in Stochastic Wireless Networks: Artificial Noise With Secrecy Protected Zone. IEEE TransInformForensic Secur, 2014, 9: 1617-1628 CrossRef Google Scholar

[27] Ren K, Su H, Wang Q. Secret key generation exploiting channel characteristics in wireless communications. IEEE Wirel Commun, 2011, 18: 6--12. Google Scholar

[28] Chunxuan Ye , Mathur S, Reznik A. Information-Theoretically Secret Key Generation for Fading Wireless Channels. IEEE TransInformForensic Secur, 2010, 5: 240-254 CrossRef Google Scholar

[29] Yang B, Wang W J, Yin Q Y. Secret key generation from multiple cooperative helpers by rate unlimited public communication. In: Proceedings of IEEE Internation Conference on Acoustics, Speech Signal Process (ICASSP), Florence, 2014. 8183--8187. Google Scholar

[30] Szabo Z. Information theoretical estimators toolbox. J Mach Learn Res, 2014, 15: 283--287. Google Scholar

[31] Tayebi A, Berber S, Swain A. Syncim: a new impersonation attack against chip synchronization in WSN. In: Proceedings of 9th International Conference on Sensing Technology, Auckland, 2015. 128--132. Google Scholar

[32] AlQahtani S, Gamble R. Mitigating service impersonation attacks in clouds. In: Proceedings of Future Technologies Conference (FTC), San Francisco, 2016. 998--1007. Google Scholar

[33] Kashima K, Inoue D. Replay attack detection in control systems with quantized signals. In: Proceedings of European Control Conference (ECC), Linz, 2015. 782--787. Google Scholar

  • Figure 1

    (Color online) System model.

  • Figure 2

    (Color online) SKGR according to power allocation factor for the transmitter.

  • Figure 3

    SKGR according to SNR under MITM attack with $~{N_A}=~{N_B}=~1$, ${N_E}=~1$ or $2$.

  • Figure 4

    SKGR according to SNR under MITM attack with ${N_A}=~4$, ${N_B}=~1$, ${N_E}=~1$ or $2$.

  • Figure 5

    (Color online) SKGR according to SNR under MITM attack with ${N_A}=~4$, ${N_B}=~{N_E}=~2$.

  • Figure 6

    (Color online) SKGR according to SNR under MITM attack with legitimate node SNR of 10 dB, ${N_A}=~4$, ${N_B}=~{N_E}=~1$.

  • Figure 7

    (Color online) SKGR according to SNR under passive eavesdropping with $~{N_A}=~{N_B}=~1$, ${N_E}=~1$ or $2$.

  • Figure 8

    (Color online) SKGR according to the SNR of legitimate nodes under replay attack with $~{N_A}=~{N_B}=~{N_E}=~1$ or ${N_A}=~{N_B}=~{N_E}=~2$.

  • Table 1   The proposed SKG scheme based on private pilot under MITM attack
    Scheme of the proposed SKG
    Step 1: Initialization:
    The legitimate users initialize the seed sequence of the private pilot with initial authentication key $~{{\boldsymbol{X}}^K}$.
    The legitimate users generate private pilot $~{{\boldsymbol{S}}^{K}}~$ from seed sequence $~{{\boldsymbol{X}}^K}~$ according to the channel estimation algorithm
    and the pilot characteristics.
    Step 2: Secret key generation:
    The legitimate users measure wireless channels $~{{\boldsymbol{H}}_K}~$ with private pilot $~{{\boldsymbol{S}}^{K}}~$, and obtain channel estimation values $~{\tilde{\boldsymbol{~H}}_K}~$.
    The legitimate users generate secret key $~{{\boldsymbol{K}}_K}~$ based on channel estimation values $~{\tilde{\boldsymbol{~H}}_K}~$.
    Step 3: New private pilot generation:
    The legitimate users generate new seed sequence $~{{\boldsymbol{X}}^{K~+~1}}~$ from different characteristics of channel estimation values $~{\tilde{\boldsymbol{~H}}_K}~$.
    The legitimate users generate private pilot $~{{\boldsymbol{S}}^{K~+~1}}~=~\sqrt~E~({{\boldsymbol{S}}_\Sigma~}^K/\left\|~{{{\boldsymbol{S}}_\Sigma~}^K}~\right\|)~$ according to seed sequence ${{\boldsymbol{X}}^{K~+~1}}~$ and the
    condition of the proposed private pilot generation
    $ \mathop{\min}\limits_{\textrm{tr}\{\boldsymbol{S}^{K~+~1}(\boldsymbol{S}^{K~+~1})^\text{H}\}~\le~E}~\left\|~\boldsymbol{S}^{K~+~1}~-~\boldsymbol{S}_\Sigma~^K~\right\|_F. $
    The legitimate users take new private pilot $~{{\boldsymbol{S}}^{K~+~1}}$ to replace private pilot $~{{\boldsymbol{S}}^{K}}~$ from step 1.
    Step 4: Repeat step 2 and step 3.

Copyright 2020 Science China Press Co., Ltd. 《中国科学》杂志社有限责任公司 版权所有

京ICP备18024590号-1       京公网安备11010102003388号