Authenticated Key Establishment for Low-Resource DevicesExploiting Correlated Random Channels

Christian T. Zenger1,2, Mario Pietersz1,2, Jan Zimmer2, Jan-Felix Posielek2, Thorben Lenze2, Christof Paar2

1PHYSEC GmbH, Universitatsstr. 150, 44801 Bochum, Germany, www.physec.de{christian.zenger, mario.pietersz}@physec.de

2Horst Gortz Institute for IT-Security (HGI), Ruhr-University Bochum, Germany{jan.zimmer, jan-felix.posielek, thorben.lenze, christof.paar}@rub.de

Abstract

Authenticated key establishment is a central requirement for securing IoT devices. For efficiency and managementreasons, it might be desirable to avoid public-key-based solutions that are ubiquitous in traditional Internet settingsbut have many drawbacks for resource-constrained (RC) nodes. We introduce a novel Vicinity-based Pairing (VP)mechanism that allows authenticating arbitrary ’unloaded’ RC-nodes by delegating trust from already authenticatedand secured, we call it ’loaded’, RC-nodes. For authenticating RC-nodes, VP exploits the correlation between channelprofiles from devices that are in close physical proximity. In our setting, only devices that are within a few centimetresfrom the ’loaded’ RC-nodes are authenticated after a user initiates such a process. Subsequently, the embeddedend device can extract an unique shared symmetric key with another device such as a SCADA gateway, again byexploiting channel parameters. Based on extensive experiments, we propose new techniques for extracting time-varying randomness from channel parameters for use in VP. We describe the first MITM-resistant device pairingprotocol purely based on a single wireless interface with an extensive adversarial model and protocol analysis. Weshow that existing wireless devices can be retro-fitted with the VP protocol via software updates, i.e. without changesto the hardware. Implementation results of our embedded prototype demonstrates that the approach has the potentialto dramatically reduce the cost and efforts of securing low-resource devices that are common in the IoT.

Keywords:Authenticated key agreement over wireless channels, experimental results, proximity-based pairing, embeddedimplementation

1. Introduction

We are in the midst of the evolution towards the In-ternet of Things (IoT). Myriads of resource-constrained(RC) nodes from a wide spectrum of applications willcommunicate with each other. A surprisingly largenumber of IoT systems will be security sensitive, e.g.,automotive controllers, medical devices, supervisorycontrol and data acquisition (SCADA) systems, andmany other resource-constrained cyber-physical sys-tems in smart factories. It is thus paramount that fu-ture IoT applications are equipped with security mech-anisms. Also, to enjoy a broad acceptance, a crucialrequirement for securing the IoT is ease-of-use. Wepresent a detailed approach solving what is arguablythe most difficult part in the majority of security sys-tems, namely entity authentication and key establish-

ment. The system offers an easy way of providingshared secrets for wireless nodes, which covers manyIoT systems and also many other, non-IoT, applications.Therefore, we utilize complex-valued channel proper-ties to establish symmetric key material and to tag keymaterial with proximity based authentication flags. Thisallows us to overcome the many drawbacks of PKI-based key management for embedded environments, in-cluding costly asymmetric crypto operations and certifi-cate revocation lists (CRLs). In contrast to previous sys-tems that attempt to use physical channel properties forthe key establishment, the solution at hand is resistantagainst active MITM attackers and provides implicit de-vice authentication. Therefore, the presented approachextends works which exploit proximity-dependent prop-erties of the communication channels between two or

Preprint submitted to Special issue on Recent Advances in Physical-Layer Security June 15, 2016

more parties [1, 2]. As we will demonstrate later, it isthe first tailored solution to be applicable on resource-constrained devices and to prevent recent attacks, suchas [3, 4, 5, 6]. Compared to earlier solutions based onthe resurrecting duckling principle introduced by Sta-jano and Anderson [7], our approach has low complex-ity, is more resistant to attacks and does not require out-of-band communication, such as NFC or Bluetooth.

1.1. Overview on Vicinity-Based Pairing

Our solution is called Vicinity-based Pairing (VP). Atthe heart of VP is a user-friendly entity authenticationand key establishment mechanism: A ’loaded’ RC-nodecan authenticate an ’unloaded’ RC-node only if they arewithin a couple of centimeters of each other and if theuser gives a corresponding command, e.g., pushing a(virtual) button on an access point or the ’loaded’ RC-node. The result of this trust delegation is an individu-ally authenticated and secure channel between an accesspoint and a previously unknown RC device. Fig. 1 de-picts the basic operation of VP.

In many IoT applications, this link is the most dif-ficult one to establish because the RC-nodes are en-ergetically and computationally constrained, and therecan be a large number of them. A crucial premise forour system is that the access point and a ’loaded’ de-vice have a trusted relationship. More specifically, theyhave authenticated each other mutually at some pointin the past. In many real-world settings this require-ment can easily be fulfilled, e.g., if the access point isa Wi-Fi router and the first loaded device is a smart-phone or a low-power token. We would like to stressthat, apart from a bidirectional wireless interface, no ad-ditional I/Os (display, keyboard, NFC, Bluetooth, cam-era for QR-tags, blinking-LED, etc.) are needed forthe RC-node. Moreover, the processing required by theRC-node is moderate and can readily be performed bya ubiquitous microcontroller. The root of trust simplycomes from the existing communication link betweenan access point and a ’loaded’ device; no further trustedthird-parties (TTP) or certificate authorities (CA) are re-quired. Also, there is no physical contact or other out-of-band communication required which is the case for anumber of related protocols.

VP is based on time- and frequency-varying chan-nel profiles. If the ’loaded’ device is sufficiently close(in our system a few centimeters) to the sensor, thetwo communication links ’loaded’ RC-node ↔ accesspoint and ’unloaded’ RC-node↔ access point have sim-ilar physical characteristics. The access point measuresthe individual channel profiles of both links when data

data

data||HMAC

data

data||HMAC

A

B

C

Figure 1: The basic VP operation is shown. The access point A mea-sures the profile hBA of its channel with the ’unloaded’ RC-node B(e.g., a temperature sensor) and hCA of its channel with the ’loaded’RC-node C (or here a smartphone). If the correlation ρ(hBA, hCA) ex-ceeds a threshold, A identifies the packets of B and initiates an authen-ticated key establishment process with B based on hBA.

packages are exchanged. Then it evaluates the cross-correlation between both channels. If the correlation islarger than a pre-defined threshold th, the access pointidentifies the packets of the ’unloaded’ RC-node and ex-ecutes an authenticated key establishment process basedon these channel profiles.

1.2. Challenges and Contributions

All modern security solutions are based on crypto-graphic algorithms. In the majority of cases, hybridprotocols are required, which combine symmetric andasymmetric algorithms. Symmetric algorithms providedata encryption and integrity. They are well suited forembedded IoT devices: Algorithms such as AES al-ready are a good fit for (small) embedded systems due totheir efficiency, and in extreme cases specialized ciphersare available which require even less energy. However,asymmetric cryptography, which is required for key es-tablishment and authentication, can be painfully diffi-cult in embedded nodes. Algorithms such as RSA or el-liptic curves Diffie-Hellman key generation (ECDH) aretypically 2-3 orders of magnitude slower, their code hasa comparably large memory footprint, and, crucially,they are much more energy-hungry than their symmet-ric counterparts. Furthermore, they require an embed-ded RNG as well as a randomness test which is still themajor cause for weak security application realizations.Finally, implementing and using asymmetric cryptogra-phy correctly can be a major challenge for embedded

2

system designers. In summary, while providing sym-metric key cryptography is an easy task for most IoTdevices, it would be highly desirable to provide strongsecurity without resorting to public-key algorithms.

The list of solutions and accompanying challengeswe have provided is by no means exhaustive; the inten-tion was mere to show some of the things that can po-tentially go wrong. Furthermore, this provides us with aperspective of the things we intend to simplify and solvewith our proposal as will be described in the following.

This work contributes answers to recent open re-search questions:

Can we design a secure real-world realization ofphysical layer security (PHYSEC), without artificiallyweakening the potential adversary? [6] — A multi-tude of open research questions are formulated in re-cent works [3, 4, 5, 6, 8], all wondering about open,unaddressed issues in previous security analyses andadversarial models of physical-layer security schemes.We collect and address all these questions and presentthe first pairing protocol tailored for low-cost resource-constrained wireless platforms and resistant againststrong, active attackers. It reduces user’s expertiseof authentication mechanisms to zero, by introducingproximity mechanisms. The solution allows authen-ticated key establishment using the wireless interfaceonly. Compared to previous researches, our pairing pro-tocol is based on an attacker model including strong,active adversaries. Further, we provide an extensive se-curity analysis.

Does PHYSEC have the potential to be a low-energy security solution? [9, 10] — We describetwo comprehensive implementations of VP: (a) Thefirst one represents a real-time capable prototypicaldemonstrator and long-time measurement system basedon three credit card-sized computers equipped withCC2531EMK IEEE 802.15.4 low-power controller. (b)The second implementation was performed on low-resource embedded devices: a 32-bit ARM Cortex-M3processor as well as an 8-bit ultra-low-power MCU.This provides exact resource requirements such as codesize, the number of clock cycles, and power consump-tion. By comparing VZ with well known Elliptic CurveDiffie-Hellman (ECDH) implementations, we show thatphysical layer security approaches can be a promis-ing alternative for existing and upcoming resource-constrained platforms. Furthermore, the solution is ap-plicable via software update onto virtually every wire-lessly communicating device.

How to determine proximity in static environ-ments? [1] — We introduce channel properties aspotential security primitives. Therefore, we present

comprehensive results of distance-depending correla-tion behavior of wireless indoor and outdoor channelsat 2.4 GHz and real-world-oriented performance eval-uation by quantifying the extracted entropy in channelmeasurements. We extent the work of Kalamandeen etal. [1], by analyzing the approach with regard to largerdistances and fixed-position (no transmitter movement)use-cases. Based on these, we formalized a trust dele-gation process.

2. System Model

2.1. Problem Definition and Threat ModelWe define three types of devices in a typical pairing

scenario: access point A, ’unloaded’ RC-node B, and’loaded’ RC-node C. Device A is a trustworthy accesspoint to, for example, a centralized SCADA network. Itis a platform with a powerful processor and permanentpower supply. The device can be mobile, however, it canalso be stationary and locked in physical secure room,e.g., a cabinet in a production facility. All other de-vices (Bs and Cs), representatives for a massive numberof industrial sensors, are (battery-powered) RC-nodesthat are equipped with a single wireless communicationinterface. Their task is, for example, providing sensordata for quality control of an Aspirin production. RC-nodes usually do not have an embedded RNG and arehardly capable to perform public-key algorithms, suchas ECDH. A good example of a RC-node is the widelyused CC2531EMK IEEE 802.15.4 (WirelessHART ca-pable) low-power communication chip with internal 8-bit SoC, powered with a button battery (type CR2032),with a desired lifetime of 5 − 10 years.

Except for one single RC-nodes C all other RC-nodesBi have no secure and authentic channel to A. These’unloaded’ RC-nodes are potential pairing candidatesand can be paired with the access point if C (a trustwor-thy RC-node) is in proximity and the user gives a corre-sponding command. After that, a ’loaded’ RC-node canoptionally archive trust-delegation capabilities.

We define the problem of secure pairing of the de-vices A and Bs as follows. Two devices that are locatedwithin each others broadcast range but do not know eachother a priori need to establish a channel between themthat is both secure and authentic. To do so, a user iden-tifies Bi, gives a corresponding command, and puts apreviously paired and ’loaded’ node C in close physicalproximity to Bi. Now, A knows that B and C are locatedin close physical proximity and can use this informationfor authentication.

Establishing dynamically (/pair-wisely) a secure, buteffectively anonymous, channel with another device is

3

possible through public-key protocols, such as RSA orECDH. Hence we authenticate not over keys or digitalsignatures but by location.

We consider three classical threat models: Adoppelganger-attack (DGA) where the attacker suc-ceeds in disabling one of the RC-nodes and attempts toimpersonate it; a stepmother attack where the attackersucceeds in disabling A and attempts to impersonate it;and a MITM attack where the attacker attempts to pairwith both parties simultaneously, and fakes proximitydue to relaying authentication traffic between them.

2.2. Channel-Based Key Extraction (CBKE)Channel-based key extraction (CBKE) was intro-

duced and patented 1995 by Hershey et al. [11] anddescribed an alternative paradigm for generating sharedsecret keys. The approach is based on common mea-surements of the wireless channel by the sender and re-ceiver, whereby symmetric secret keys are derived fromthe common channel parameters. The first practice-oriented protocol for unconditionally secure extractionof a symmetric key over public wireless fading chan-nels was introduced by Tope et al. [12] in 2001. Basedon this method many protocols for key extraction havebeen proposed.

One family of contributions, including [13], [14],[15], [3],[16], are based on received signal strength in-dicators (RSSI). RSSI-based PHYSEC systems are veryattractive because virtually every wireless communica-tion interface provides RSSI on a per-packet base. As aresult PHYSEC can easily be integrated in existing sys-tems. Another family exploits the channel impulse re-sponse (CIR) more generally [17], [18]. Other variantsare based on channel phase randomness [19] and fre-quency hopping [20]. Note that each of these systemscould be applied in our architecture as well.

CBKE has been investigated as a potentiallightweight solution for cyber-physical and IoTdevices [21]. The classic system and threat model forCBKE is illustrated in the following scenario. Twokeying nodes, A and B, plan to extract a symmetric keyby exploiting the common physical channel for securecommunication while an eavesdropper, E, capable ofeavesdropping all communication, and measuring thechannels between itself and the two communicatingnodes, tries to recover the secret key (cf. Fig. 2(a)).We assume that A and B do not share any information(e.g., shared keys) a priori. Further, we show how ourtechnique can deal with the most powerful attackerwho manipulates the physical channel that A and B areusing for key extraction and authentication. The onlyassumption is that E is located at a distance of further

A B

E

hAB(t)

hBA(t)

hAE(t) h

BE (t)

(a)

A B

C

hAB(t)

hBA(t)

hBC(t)hC

B(t)

(b)

Figure 2: System model: (a) Legitimate nodes A and B measure recip-rocal properties of the physical channel denoted by hBA(t) and hAB(t).A passive attacker E’s observations hAE(t) and hBE(t) are dependenton his relative position and are less correlated to hBA(t) and hAB(t)than hBA(t) to hAB(t). (b) A third legitimate party C also broadcasts(and receives) pilot signals for establishing keys in a triangle mannerbetween A and B. Note: Here node A and C own pre-shared keysfor confidentiality and authenticity of data modulated on transmittedsignals for channel measurement.

than 25 cm from both A and B during authentication.Zenger et al. [22] describe in their paper how to actuallyachieve the property perfect forward secrecy with theirproposed scheme on resource constrained transceiverplatforms.

2.3. Wireless Channel

The design of CBKE as well as of VP is based onphysical properties of the wireless channel. Therefore,we summarize three required physical properties of theradio channel, which can be assumed to be given in in-door environments, as well as one key feature of wire-less communication that connects transmitted informa-tion with physical properties.

2.3.1. Reciprocity/SymmetryThe first key feature of the wireless channel is its

symmetry, which can be exploited and utilized dueto common channel probing by transceiver A andtransceiver B. Without taking noise, interference andnon-linear components into account the symmetry re-lies on the principle of antenna reciprocity [23] andchannel reciprocity [24]. In other words, the commonradio channel from A to B is symmetric to the chan-nel from B to A. While antenna reciprocity is high andconstant, a symmetric observation of A and B is onlygiven if both channel measurements are done within theenvironmental-dependent and movement-dependent co-herence time. For most practical channels, this reci-procity properties holds and is easily measurable [25].

2.3.2. DiversityThe second property of the radio channel, we like to

introduce as key feature, is the spacial decorrelation or

4

channel diversity: If uniformly distributed scatterers aregiven, and channel variations occur, such as due to mov-ing scatterers, transmitter and receiver nodes, the spatialdecorrelation is a zero-order Bessel function, wherebythe first zero correlation is given after ≈ λ/2 and λ isthe wavelength of the carrier [26]. Therefore, the corre-lation/mutual information between the channel A ↔ Band A↔ C has a dBC distance-dependent or proximity-dependent behavior (cf. Fig. 3). However, an open re-search question is how the channel (de-)correlation be-havior looks like if the requirements for Jake’s Dopplerspectrum are not fully given (e.g., scatterers are not uni-formly distributed). We tackle this question in the nextsection.

2.3.3. RandomnessThe third key-feature is the randomness of the radio

channel. A complex and dynamic environment leads toan unpredictable evolution of wave propagation effects,such as diffraction, scattering, and reflection. However,the wireless channel for key extraction, represented bylocation-specific, reciprocal, and time-varying channelmeasurement, has to be considered as an RNG for cryp-tography. In particular this includes a secure modusoperandi for the potential case of a breakdown of theentropy source as well as a thorough evaluation of thephysical source of randomness with respect to:

• Bias (unequal distribution, leaked information),

• Correlation (temporal dependency),

• Agility (spectrum), and

• Manipulability (i.e., as shown by Eberz et al. [4]).

As we demonstrate later, on-line statistical testing is es-sentially relevant to security by considering statisticaldefects (during runtime) of an RNG in combination withthe unavoidable revelation of information during errorcorrection.

2.3.4. Connecting the Digital and Analog WorldsAs we will show later we extend the classical CBKE

model (illustrated in Fig. 2(a)) with a secure connec-tion between A and C (cf. Fig.2(b)). To understandthe delegation process of trust, we introduce the con-nection between digital information and physical chan-nel properties. Information (e.g., by containing a hash-chain, an HMAC or data in conjunction with AES/GCMor Salsa20/Poly1305) are modulated into a signal s(t)that gets transmitted. This signal gets influenced by thechannel in such a way that the receiver is still able todemodulate potential information in s(t). The corre-sponding received signal is g(t) = s(t) ∗ h(t), where ∗

A B

C10 Correlation

dBC

lc

Figure 3: Simplified channel model: The spatial channel (de-) correla-tion versus distance is illustrated for each node. We call the coherenceregion (radius lc) close to a node the vicinity zone. Further, because ofthe complex, time-varying environment, all channels are independent.

is the convolution and h(t) is the time-varying randomchannel. Further, we assume that the modulated infor-mation of s(t) and the corresponding channel profile h(t)are inseparably combined (due to the unique and unpre-dictable channel in time and space). Therefore, we as-sume that the channel profiles corresponding to authen-ticated packets are also authentic. Because of the chan-nel’s diversity those profiles are independent of channelprofiles of other parties on condition the neighbor sys-tems are located outside their close physical proximity.

3. Proximity Verification

The key idea of our approach is the delegation of trustfrom a previously known and trusted, low-resource de-vice to another unknown low-resource device. The un-known device is identified due to physical proximity.Before going deeper into the authentication protocol,we would like to introduce and present an analysis ofchannel diversity behavior. Therefore, we will introducetwo testbeds. One RSSI-based off-the-shelf implemen-tation using the IEEE 802.15.4 low-power communica-tion standard and one based on software-defined radios(SDRs) providing complex-valued channel state infor-mation (CSI). We performed with both setups channeldiversity evaluations and present proximity verificationresults using hypothesis testing.

3.1. Related Work on Wireless Channel DiversityIn the past, channel diversity analyses for security ap-

plications present diverse results. First results are oftheoretical nature and provide probability distributionsof the phase difference at two frequencies [24, Section1.5.4]. Statistical channel models based on small-scalepropagation parameters are used, physically assumingsome ideal conditions. For example, the Jake’s Doppler

5

spectrum is derived using physical multipath propaga-tion assuming uniform distribution of scatters.

Ideal conditions used as a statistical mean value toadopt communication techniques to make them morerobust seem as a good approach. However, such as-sumptions are side-specific and not worst-case orientedwhich is required if security applications are addressed.

Later results reflect practice-oriented evaluations andshow that broad channel abstractions as a fundamentalof a security system might not be the right choice. Re-cent experimental measurement results, e.g., [14, 15, 3,17, 18], provide arguments that the unpredictable multi-path propagation and the resulting fading behavior ofwireless channel can be used to extract shared secretmaterial.

For example, Mathur et al. [15] claimed that Jake’sDoppler spectrum holds in multipath environments andtherefore channels spatially decorrelate after λ/2, whereλ is the wavelength of the carrier of the communicationsystem. In case of the 2.4 GHz ISM frequency band,λ/2 is approximately 6.25 cm, which makes CBKE at-tractive for WiFi and WSN applications. The authorsillustrate measurement results of a passive attacker andshows that (visual) correlation does not occur.

Other experiments show that an attacker, positionedat special spots in the close environment, is actually ableto receive a correlated observation, e.g., [27]. Edman etal. [27] present correlation results that show that the as-sumption the RSSI is uncorrelated at distances greaterthan λ/2 is not always true. Based on three single-roomtest environments, the result of this work puts the practi-cal applicability of the theoretical foundations of CBKEmechanisms in doubt.

Previous analyses only present results of experimen-tal measurements of fixed A/B/E positions, where E isa potential passive attacker. Unfortunately, the evalu-ation metrics (for performance as well as for security)used, differ from experiment to experiment and are hardto compare.

We identified missing research that are high-resolution location-dependent channel measurementsand diversity analyzes. Our analyses, presented next,hold a highly spatial and temporal accuracy and addressbidirectional channels between n-parties, e.g., for n = 3:A↔ B, B↔ C, C ↔ A.

3.2. Wireless Channel Diversity in Practice

We present results of three measurement testbeds.Two using off-the-shelf communication hardware suchas IEEE 802.11a Wi-Fi and IEEE 802.15.4 (conformto ZigBee, WirelessHART, and 6LoWPAN). The third

testbed is based on a software-defined radio (SDR) pro-viding complex-valued channel state information (CSI).

3.2.1. Off-the-shelf Testbed ImplementationWe implemented a channel measurement protocol on

the hardware platform Raspberry Pi. We equipped thecredit-card-sized computer with a battery for mobilityas well as with the TL-WN722N and the CC2531EMKwireless USB adapter, utilizing IEEE 802.15.4 (for ap-plications like ZigBee, WirelessHART, 6LoWPAN) andIEEE 802.11 (for Wi-Fi), both at 2.4 GHz. The protocolpresented ensures synchronized channel measurements(RSSI values on a per-packet basis) between each of thethree parties within the probing duration of r−1

p ≤ 5 ms.The sampling rate is rs ≈ (10 ms)−1 for subsequentrounds of channel probing.

Unfortunately, detailed information on the generationof the RSSI values are not specified in the standard andalso not provided by the vendors. The fact that eachmanufacturer can provide proprietary implementationsof the RSSI generation makes real-world security anal-yses difficult. For example, the potential of RSSI ma-nipulation of each realization needs to be evaluated.

3.2.2. Software-defined Radio Testbed ImplementationThe SDR testbed provides complex-valued CSI, such

as the complex channel impulse response (CIR) h(t)and its Fourier transform the channel transfer function(CTF) H( f ). The measuring setup is based on a GnuRa-dio software implementation with reference to the IEEE802.11a standard. From a schematic point of view, themeasuring setup consists of one transmitter and two re-ceivers. During a measurement series, the transmittercontinuously sends messages composed of OFDM sym-bols, e.g., 64 BPSK modulated subcarriers. The sendsignal s(t) includes a preamble, a sequence number id,and a CRC-checksum for error detection. At the re-ceiver’s side, the 64-bin channel transfer function H( f )for each error-free received message is determined us-ing the preamble. Therefore, the IEEE 802.11a conformtraining sequence of the preamble of the received signalg(t) = s(t)∗h(t), influenced by the channel h(t), is trans-formed into the frequency domain G( f ) = S ( f ) · H( f ).Then G( f ) is divided by the original training sequenceS ( f ) to estimate the channel transfer function H( f ).

The transmitter hardware is based on a USRP N210manufactured by Ettus Research 1. The two receiversare based on a single USRP X310 working with twoindependent signal processing units. Both USRPs are

1www.ettus.com

6

equipped with Ettus Research CBX daughterboards en-abling the USRPs to transmit and receive in the fre-quency spectrum between 1.2 GHz and 6 GHz witha maximum sample rate of 120 MS/s as well as withVERT2450 antennas. We realized a probing durationof r−1

p ≤ 100 µs and applied a sampling rate of rs ≈

(1 ms)−1 for subsequent rounds of channel probing.The results for both receivers consist of the sequence

id of a received packet and a vector holding the 64 com-plex values of the estimated channel transfer functionH( f ). In a dedicated post-processing step, the resultsare harmonized. That means that all messages havingan invalid CRC-checksum are discarded and the resultsof both receivers are matched based on the sequence ids.

3.2.3. Empirical Channel EvaluationWe present extensive measurement series in three en-

vironments. To gain statistically meaningful results ofchannel diversity for each setup, we applied an auto-mated antenna positioning system. It was constructedfrom a low-reflectivity material and moved the antennaof one receiver on a linear guide over 2 m towards afixed antenna of the second receiver. The accuracy ofthe antenna positioning was 0.05 mm. With this setup,we can easily evaluate the distance-to-correlation be-havior between the bidirectional channels A ↔ B andA ↔ C in real environments. To introduce randomnessinto static environments, we built a random antenna mo-tion system. The antenna was moved slowly within aspot of 10 cm2.

The first measurement series contains out-door measurements with a line-of-sight pathfor distances between A and B of dAB ∈

{5 m, 20 m, 60 m, 120 m, 200 m, 300 m}. The envi-ronment includes a few multipath components from theground and buildings. Therefore, it represents a worstcase scenario for terrestrial IoT use cases.

For the second measurement series, the testbed is ap-plied at the space of our research group, which is an of-fice area in a modern university building (17.000 qm ef-ficient area, 550 rooms, 280 offices, completed in 2010).A is positioned at a predestined access point position,which in our case is pretty much the center of the of-fice area. B and C are mounted on the automated an-tenna positioning setup, which is positioned at severalpredestined ’end-device’-positions. For this, we choosepositions for security-related IoT applications, such asdoorknob- (electronic locking systems), window frame-(perimeter fence intrusion sensor), and wall- (motiondetectors) positions. Please refer to Fig. 4(a) for illus-tration.

The third field campaign was conducted in one ofthe university’s courtyards that provide good conditionsfor multipath propagation. The courtyard measuresan area of about 50m × 20m. The courtyard is sur-rounded by the building’s 20m tall facade that mainlyconsist of concrete, insulated windows and metal fac-ing. Furthermore, obstacles like single trees, waste binsand concrete-benches are located within the courtyard.During the field campaign the courtyard was not pub-licly accessible so that only single people may havecrossed the measuring area. After each measurementseries, transmitter- and receiver-setups were rearrangedwithin the courtyard. In the first measurement series,the transmitter- and receiver-setups were arranged with4m, 12.5m, 25m and 49m distance to each other and ina line of sight (position 1−4). In a further measurementseries, one setup was placed in the south-west-corner ofthe courtyard and the other setup within the center (po-sition 5). In a second step, both setups were exchanged(position 6). Please refer to Fig. 4(b) for illustration.

3.2.4. ResultsWe evaluated the measurements regarding the linear

correlation behavior as a function of the distance be-tween B and C. Therefore, we introduce the block-wisecalculation of the PEARSON correlation coefficient. Itprovides a metric on the similarity of two series witha value between −1 and 1, where 1 refers to absolutecorrelation, 0 to no correlation, and −1 to inverse cor-relation. This offers an indication for the linear depen-dence of two data series. The coefficient is defined inEq. 1. Here X and Y are the series of measurementsto be compared, e.g., X is the variable representing thechannel measurements of B → A and Y is the variablerepresenting the channel measurements of C → A, andX and Y being the mean of the specified series. Becausethe inverse correlation contains the same amount of in-formation as the positive correlation, we simplify thevisualization of the evaluation by applying the absolutevalue of ρ.

ρX,Y =

∑ni=1(Xi − X)(Yi − Y)√∑n

i=1(Xi − X)2√∑n

i=1(Yi − Y)2(1)

For the off-the-shelf hardware setup, X and Y are se-ries of RSSI values over time. The blocksize is a vari-able performance parameter. For the SDR setup severaloptions of calculating a similarity measure is possible.For example, X and Y are 64-point CTFs or CIRs of Aand B. Furthermore, X and Y could also be a time seriesof one specific bin of CTFs or CIRs, e.g., the dominantpath point of the CIR.

7

Note that, for secure CBKE purposes high correlationbetween both legitimate parties are desired, whereas aneavesdropper should not be able to measure high cor-related channel profiles. The required minimum cor-relation between both legitimate parties for commonkey extraction as well as the permitted maximum cor-related observation for an attacker depends on the ap-plied quantization scheme. We will discuss this later inSection 4.4.1.

We provide distributions of the correlation coeffi-cients for each 5 mm interval of each setup. Withoutmaking any assumptions of the underlying statisticaldistribution of the correlation coefficients, we chose boxplots to illustrate the variations of statistical populationsfor each of the 60 5 mm spacing intervals. Therefore,each experiment is evaluated separately, and the cor-responding results are illustrated in individual figures.Results of the indoor measurement campaign are illus-trated in Fig. 5(a)-(e). Results of the outdoor (worst-case) measurement campaign are given in Fig. 5(f)-(j)and results of the inner yard measurement campaign aregiven in Fig. 6.

The first key observation is that in applying blockwisecorrelation, as introduced above, there is no differencebetween correlations of CIR-amplitude vectors to corre-lations of RSSI vectors.

The second key observation of our analysis showsthat the correlation-over-distance function ρB→A,C→A

is almost identical with ρA→B,A→C . Furthermore, theoutdoor results demonstrate that the correlation-over-distance function is dependent on the physical dis-tance between A and B/C dAB (≈ dAC): ρB→A,C→A =

ρA→B,A→C = f (dBC). For example, at a distance of300 m the correlation ρA→B,A→C starts decreasing if C’sposition to B is larger than 17 cm. This is explainabledue to the limited dynamic range of the automatic gaincontroller and thereupon the low variance of the corre-sponding RSSI values, if weak signals are received. Thefree space loss factor Ls(d) attenuating the propagatingelectromagnetic signal is Ls(d) = ( 4πd

λ)2, where d is the

distance between transmitter and the receiver, and λ isthe wavelength of the signal.

Mostly the highest correlation is achieved if both Band C are as close as possible to each other. However, insome cases the correlation is the highest if the distancedBC is of several millimeters. This might be caused bynear-field parasitic effects.

Further, we note that for most positions, the profilesare not entirely decorrelated (after λ/2) as claimed in thetheory. However, for increasing distance dBC a negativeslope of the correlation curve is always given, wherebyoccurrences of recorrelations are possible. Most recor-

relation occurs with a λ-distance dependency (in ourcase λ = 12.5 cm) which occurs environmental and po-sition dependent. For the reconstruction of the origin aray tracing approach could help. However, this is out ofthe scope of our work.

3.3. Determining Zones

We will now introduce the concept of vicinity zones.First, we recall the notion of private space introducedby Capkun et al. [28, definition 1]: ”A user’s (device’s)private space PS (A) is the largest spherical space cen-tered at user’s (device’s) location, within which the usercan establish the presence of other wireless devices, orwithin which the user can assume the absence of adver-saries.”

In the analyses above we evaluated the channel (de-) correlation behavior of the spherical space centeredat several potential device positions within a diameterof 60 cm, which can now be interpreted as the privatespace of C PS (C) (or of B PS (B)). Based on the user-controllable private space, we define vicinity zones asfollows:

Definition 1. A vicinity zone VZ(C) of a node C is thesubspace of its private space PS (C), bounded by thediversity properties of the radio channel, such as thecorrelation behavior.

We consider a three-party model as shown in Fig. 3.Our key observation is that a third party A - A can beinterpreted as a witness - can easily verify if radio sig-nals - where information, such as message authentica-tion codes or hash chains, are modulated on - are com-ing from a node B that is within or outside the vicinityzone of C:

• Node C and B are sharing the same vicinityzone. A measures a high correlation ρB→A,C→A dueto the spatial channel correlation function withinthe coherence length (dBC < lc). Due to environ-mental dependencies, the level of correlation th re-quired to verify vicinity needs to be experimentallyverified, as needs to be the distance lc. (The coher-ence length lc = λ/2 can only be seen as a theoret-ical reference value.)

• Node B is outside the vicinity zone of C. As il-lustrated in Fig. 3, if the distance between nodes Band C is larger than the coherence length (dBC ≥

lc) the spatial diversity measure by A attested no-proximity due to the resulting low correlation level.Therefore, the correlation ρB→A,C→A is comparableto the previous case low (i.e., ρB→A,C→A << th).

8

Down

3,29m 3,42m 5,87m 3,47m 3,47m 3,47m 3,47m 3,61m

8,29m

4,18m

3,42m 3,48m

5,21m

5,17m

0,12m

0,12m

0,51m

0,26m

3,41m0,26m 0,25m 0,12m 0,12m

0,12m 0,12m 0,12m 0,12m 0,12m 0,12m 0,12m

7,16m

0,25m

0,26m

3,48m 3,47m 3,47m 3,47m0,12m 0,12m 0,12m 0,12m 7,07m

Alice

pos. 8

pos. 3

pos. 6

pos. 10

pos. 9

pos. 5

pos. 7

pos. 2

pos. 11

pos. 1

Bob

Carol/Eve

(a) office

A

A

A

A

RX-Setup

TX-Position 1 4m

TX-Position 2 12,5m

TX-Position 3 25m

TX-Position 4 49m

23m / 20m

50m

(b) inner yard

Figure 4: The testbed includes several experimental setups for performance evaluation as well as for security analysis. B and C/E are mounted ona automated antenna positioning setup for long time measurements.

0

0.1

0.2

0.3

0.4

0.5

Pea

rson

cor

rela

tion

(AB

,AE

)

Distance [cm]15 300

(a) position 6

0

0.05

0.1

0.15

0.2

0.25

0.3

0.35

0.4

0.45

0.5

Pea

rson

cor

rela

tion

(AB

,AE

)

Distance [cm]15 300

(b) position 7

0

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

Pea

rson

cor

rela

tion

(AB

,AE

)

Distance [cm]15 300

(c) position 8

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

Pea

rson

cor

rela

tion

(AB

,AE

)

Distance [cm]15 300

(d) position 9

0

0.1

0.2

0.3

0.4

0.5

0.6

0.7

Pea

rson

cor

rela

tion

(AB

,AE

)

Distance [cm]15 300

(e) position 10

0

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

Pea

rson

cor

rela

tion

(BA,EA

)

Distance [cm]15 300

(f) dAB = 20

0

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

Pea

rson

cor

rela

tion

(BA,EA

)

Distance [cm]15 300

(g) dAB = 60

0

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

Pea

rson

cor

rela

tion

(BA,EA

)

Distance [cm]15 300

(h) dAB = 120

0

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

Pea

rson

cor

rela

tion

(BA,EA

)

Distance [cm]15 300

(i) dAB = 200

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

Pea

rson

cor

rela

tion

(BA,EA

)

Distance [cm]15 300

(j) dAB = 300

Figure 5: Evaluation results of the correlation behavior over distance for |b| = 512: (a-e) present selected results of the office indoor measurementseries and (f-j) present the results of the outdoor measurement series.

It is important to mention that the spherical space ofthe vicinity zone depends on the carrier frequency of thecommunication system. Therefore, different use-case-required zone sizes can be realized. E.g., in a car↔car-key application we could use a 100 MHz carrier (knownfrom AM/FM radio); the theoretical coherence length islc = λ/2 = 1.5 m. However, note that due to too lowcarrier frequencies the vicinity zone could exceed theprivate space, which violates Definition 1. The theoreti-cal coherence length lc = λ/2 of our prototype system is6.25 cm and fulfills the requirement: VZ(C) < PS (C).We will show that the experimentally verified coherence

length does also not violate Definition 1.

Summarizing, in the physical world we define threekinds of zones - given by the space between two spheresand quantified by its radii - and therefore two importantgeometrical boundaries: the coherence length depen-dent boundary lc, and the maximum radius of the pri-vate space rPS (C). Therefore, the spherical radius of thevicinity zone VZ(C) - centered at C’s (antenna’s) loca-tion - is between [0; lc], the radius interval of the privatespace PS (C) is [0; rPS (A)], and the space outside PS (C)represents the third zone.

9

Distance d[cm]0 15 30

Pea

rson

corr

elation;(H

RX

A(f

);H

RX

B(f

))[]

-0.8

-0.6

-0.4

-0.2

0

0.2

0.4

0.6

0.8

1

(a) position 1Distance d[cm]

0 15 30

Pea

rson

corr

elation;(H

RX

A(f

);H

RX

B(f

))[]

0

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

(b) position 2Distance d[cm]

0 15 30

Pea

rson

corr

elation;(H

RX

A(f

);H

RX

B(f

))[]

0

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

(c) position 3Distance d[cm]

0 15 30

Pea

rson

corr

elation;(H

RX

A(f

);H

RX

B(f

))[]

0

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

(d) position 4

Distance d[cm]0 15 30

Pea

rson

corr

elation;(H

RX

A(f

);H

RX

B(f

))[]

0

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

(e) position 5Distance d[cm]

0 15 30

Pea

rson

corr

elation;(H

RX

A(f

);H

RX

B(f

))[]

0

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

(f) position 6Distance d[cm]

0 15

Pea

rson

corr

elation;(H

RX

A(f

);H

RX

B(f

))[]

0

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

(g) position 7Distance d[cm]

0 15 30

Pea

rson

corr

elation;(H

RX

A(f

);H

RX

B(f

))[]

0

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

(h) position 8

Figure 6: Evaluation results of the correlation behavior over distance for |b| = 512: (a-h) present selected results of the inner yards measurementseries.

3.4. Hypothesis Testing for Proximity Verification

We introduce a proximity verification mechanism: Ais capable to verifying if B is within VZ(C), defined bylc, and potential attackers outside PS (C) are not able toperform a DGA. We will analyze the security in detail inSection 4.4, however, we will introduce the DGA now,followed by a demonstration that this attack has a verylow success probability.

Attack 1. The attack where the user is tricked intoadding an end device OB instead of B to his networkis called DGA. The doppelganger O also responds tothe pairing request, and, therefore, gets listed at the ac-cess point A as a possible end device to pair with. Or hesucceeds in disabling one of the RC-nodes and attemptsto impersonate it.

Therefore, we consider the proximity verificationprocess as a hypothesis testing problem. In order to ver-ify the performance of proximity verification, a binaryhypothesis testing is formulated. In particular the block-wise calculated Pearson correlation coefficient (with theblock size |b|) of the channel profiles hCA(t) (’loaded’RC-node C → access point A) and hBiA(t) (’unloaded’RC-node Bi → access point A) is compared with somethreshold th to identify the corresponding channel pro-files and to determine if a spoofing attack occurs. Thebinary hypothesis testing problem is expressed as:

H0 : ρ|b|Bi→A,C→A ≥ th

H1 : ρ|b|Bi→A,C→A < th,(2)

where H0, the null hypothesis, denotes RC-node Bi

as the physically identified and legitimated transmitter,while the one hypothesis, H1, represents a transmitteroutside of the private space of the ’loaded’ device.

The threshold th for decision making is chosen byconsidering a reasonable false positive rate (FPR). TheFPR indicates the percentage of blocks that are falsepositive verified. FPR is evaluated by the relation:FPR = bFP

b#NVZ(C)where, bFP is the number of false pos-

itive verified blocks (outside of VZ(C)) and b#NVZ(C) isthe total number of blocks outside the vicinity zone ofC.

The false negative rate (FNR) indicates the percent-age of blocks that are false negative verified (B is inVZ(C) but ρ|b|Bi→A,C→A < th), evaluated by the relation:FNR =

bFNb#VZ(C)

where, bFN is the number of false nega-tive verified blocks (inside of VZ(C)) and b#VZ(C) is thetotal number of blocks inside the vicinity zone of C. Thesuccess rate 1−FNR describes the performance.

To evaluate the security and efficiency of theproximity-based verification mechanism in a realisticmanner, we performed a third campaign with a widerange of measurements, introducing a DGA. For theevaluation results below, we set the maximum FPR to10−6 and the vicinity parameter lc = 7 cm and rPS (C) =

25 cm. Then RC-nodes were mounted next to doorlocks, simulating unpaired electronic locking systemsBi. Each door was extended with our setup. For the at-tacking scenarios, we chose straightforward doors nextto each other. The distances between the doors variedbetween 1 m to 4 m.

10

In our evaluation, we assume that the attacker suc-ceeds in disabling the legitimate RC-node and attemptsto impersonate it. Further, the attacker is also able toperform the same movement and positioning of a sec-ond RC-node identical in construction (but without cre-dentials for authentication to A) simultaneously. Weused these measurements for h1. To verify proximityof B and C (or to challenge H1 hypothesis given OB) forFPR/FNR calculation, a button on C was pressed eachtime it reached the proximity of the disabled B (approx.1-7cm). We repeated this procedure several times for le-gitimate parties as well as for doppelgangers at differentdoors in the hallway.

Based on this measurement set, we calculated thePearson coefficient by considering block sizes of |b| = 2i

with i ∈ {4, ..., 10}. The blocksizes relate to a reactiontime of t ≈ 0.16 sec upto t ≈ 10 sec. Security (FPR)and performance (FNR) are dependent on the decisionthreshold th and the blocksize |b| for Pearson coefficientcalculation. Whereby the blocksize is also connected tothe usability of the mechanism, because a larger block-size results in an increasing pairing duration. The sum-marized results of the pairing experiment are illustratedin Fig. 7. As a function of th, a general (blocksize-independent) tradeoff between high security (low FPR)and low performance (high FNR) is shown. The re-sults show that with an increasing block (> 26) sizethe FPR drops to less than 0.001 % for correspondingthresholds. As the graphic proves, a reliable determina-tion with less than 10−6 of false-positive vicinity-basedverification probability is given for block sizes |b| equalor larger than 512 samples (≈ 5 seconds) and a thresh-old th ≥ 0.49. The resulting FNR is 0.79 which leads toa success probability of 21%. By shrinking the radiusof the vicinity zone from 7 cm to 3 cm the FPR stag-nates, but the success probability increases to almost54%. Shrinking the radius leads to an on average du-ration for 100%-successful verification (at least for thepresented experiment) of approximately 10 sec.

4. Vicinity-Based Paring Protocol

In this section, we will first introduce the general ap-proach of establishing a shared secret (with conditionaland unconditional approaches) followed by giving anoverview of our vicinity-based security system. Af-ter that, we present our reference protocol for vicinity-authenticated CBKE and introduce a detailed securityanalysis. For energy-constrained reasons of the targetplatform, the entire protocol is based on CBKE.

0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.90

0.2

0.4

0.6

0.8

1

Threshold th

FalsePositiveRate

i = 4

i = 5

i = 6

i = 7

i = 8

i = 9

i = 10

(a)

0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.90

0.2

0.4

0.6

0.8

1

Threshold th

False

NegativeRate

i = 4

i = 5

i = 6

i = 7

i = 8

i = 9

i = 10

(b)

Figure 7: Evaluation results of the paring process for different blocksizes |b| = 2i for threshold th vs. (a) false positive rate and (b) falsenegative rate.

4.1. Dynamic Key Establishment (Agreement and Ex-traction)

The vicinity-based authenticated key agreement pro-tocol is a generic construction that can be composed ofany kind of dynamic key establishment scheme in com-bination with our vicinity-based trust delegation mech-anism. For dynamic key establishment public-key cryp-tography could be applied, which is however still chal-lenging on resource-constrained devices, because of thecalculation of discrete modular exponentiation or pointmultiplication on an elliptic curve which is O(n3) insize n of the desired key. Therefore, as an promisinglow-resource alternative with a only linear complexityof O(n) - as we will show later - we designed a fullyworking system based on CBKE.

11

CommonRandomness

ChannelMeasurement

Quantization InformationReconciliation

EntropyEstimation

PrivacyAmplification

KeyVerification

ChannelMeasurement

Quantization InformationReconciliation

PrivacyAmplification

KeyVerification

EstimatedEntropy

ChannelProfile

PreliminaryKey

SynchronizedKey Material

KeyCandidate

CommonRandomness

ChannelMeasurement

ChannelMeasurement MAC

ProximityAuthentication

Auth. / No Auth.

ProximityDependantBehaviour

’loaded’ RC-node

AP

’unloaded’ RC-node

Figure 8: Overview of the components involved in the PHY-based keygeneration scheme. Extracting symmetric keys from variations of thechannel. The grey blocks represent the required extensions for VP.

4.1.1. Public-key Cryptography

Dynamic key establishment mechanisms based onpublic-key cryptography have been known for almost40 years and are well established on the Internet as wellas in high-end embedded devices. Often elliptic curvecryptography (ECC) is applied, because it is the mostefficient established public-key primitive. Therefore,we will use the elliptic curve Diffie-Hellman (ECDH)key agreement protocol as a reference for classical dy-namic key establishment primitive, which can also beembedded in our generic vicinity-based authenticatedkey agreement protocol.

4.1.2. Physical Layer Security

The security architecture we applied for generatingsecret symmetric keys from correlated random variablesis based on a proposal of Zenger et al. [21] and is illus-trated in Fig. 8. Reusing channel readings, which areprovided by virtually every communication chip on areceived packet basis, has little or no energy overhead.The channel readings are quantized into vector bits toobtain an initial preliminary key. The non-perfect reci-procity in measurement and noise leads to errors in thevector bits of the preliminary key. These errors are de-tected and corrected in the information reconciliationstage by using error correcting techniques. Since infor-mation for error correction is exchanged over the chan-nel during the information reconciliation stage, furtherenhancement of entropy is done in the privacy amplifi-cation stage. Because the channel is utilized as a com-mon random number generator (CRNG) on-line statis-tical testing is required. Here an on-line entropy esti-mation verifies the security level of the symmetric key.The key generation protocols we address aim the secu-rity level of at least 128-bit.

4.2. Protocol Overview

In this section, we propose a proximity-based pairingprotocol that is applicable for virtually all indoor use-cases and covers all requirements for IoT nodes. Our so-lution is resistant against strong, active attackers, repre-sents an intuitively applicable solution for the end user,and it works on resource-constrained devices due to lowcomplexity. Further the scheme requires the existing ra-dio interfaces only.

There are two types of communicating parties: (1)Low-cost RC-nodes, e.g., industrial sensors or actorsand (2) high-performance access points which providegateway capabilities for the RC-nodes, e.g., to the In-ternet or an internal SCADA network. The RC-nodesare divided into two categories: ’loaded’ RC-nodes- preloaded with cryptographic material for authenti-cated, encrypted communication to an access point - and’unloaded’ RC-nodes without an association so far.

As an example, we introduce a WSN as illustratedin Fig. 9. In the initial setup, it contained one accesspoint, one ’loaded’ RC-device, and several ’unloaded’RC-devices. The access point is the only device in oursystem that can be considered as high-performance witha permanent power supply. The RC-nodes are represen-tative of the huge variety of IoT devices, from industrialsensors and actuators to all kinds of smart things, whichonly have a wireless communication interface in com-mon . As we said, the hardware of the first ’loaded’RC-node C can be low-resource, such as the targetedRC-nodes, but for simplicity it can also be a smartphonewith UI.

Our protocol is a two-phased approach to establish asecure and authentic (transient) association between twonodes. On the left hand, we have phase yellow, takingcare of the proximity-based authentication mechanism,and on the right hand we have phase blue, handling thekey establishment.Authentication: In phase yellow an transitive, authen-ticated association between an ’unloaded’ RC-node andaccess point is established. The authentication of the ac-cess point to the RC-node is based on the resurrectingduckling policy [7]. The RC-node remains faithful tothat access point (imagine there are more access pointsof neighbor systems) which is the first one it sees. Aftera reset of a RC-node, it is ready for pairing with a newand possibly different access point.

If the VP protocol is activated, the access point iden-tifies and authenticates the RC-node due to its proxim-ity to a trusted device. If a user wants to add a spe-cific RC-node (intuitively identifiable due to its physi-cal position) into the network, the user simply holds the

12

A

C

B3

B2

B1

access point

’loaded’ RC-node

’unloaded’ RC-node

Figure 9: The initial system setup (full and dashed arcs represent se-cure and insecure channels, respectively).

’loaded’ device close to the selected RC-node. The pro-cess works securely due to the exploitation of the cor-relation properties of the unpredictable channel profilesmeasured by the access point. Based on this mecha-nism, the access point can colorize/flag the key materialobtained by the key establishment with an authentica-tion color/tag. Due to the low experience requirement,we believe that from the user perspective the approachis perfectly applicable in many practical use-cases.

Confidentiality and integrity: In phase blue the keygeneration protocol establishes unique long-time securekeys between an access point and RC-node. In an idealcase, this phase is repeated periodically to provide per-fect forward secrecy (PFS). For efficiency reasons, weapply CBKE to achieve a secure key. For authenticatedkey establishment, phase blue is performed simultane-ously to phase yellow and, therefore, the resulting keymaterial is directly based on the authenticated channelprofiles. However, for availability or simplicity reasonsit is also possible to perform phase blue before andwithout authentication, and authenticate the key mate-rial later based on encrypted data send through the chan-nel.

The duration of key generation using CBKE stronglydepends on the entropy rate obtained from the individ-ual channel. As we will address later in detail, the128-bit security level of the symmetric key is mostlya linear function of the time and requires approximately60 seconds.

Finish: After successfully completing phase yellow andblue the final state green gets established. Therefore,the authenticated key material kauth, which might begiven by a sufficient proportion of the CBKE key, iscombined with the 128-bit key kcon f . Nested phases alsodo not decrease the security as long as the key verifica-tion is based on key material with a security level suffi-ciently high.

A

C6=

B

(a)

A ≈C

(b)

A

C

B

(c)

Figure 10: User-friendly authentication process. In the beginning,only the access point A, and a ’loaded’ device C hold an authenticatedand secured communication. If C and an ’unloaded’ RC-node B cometogether (vicinity zone), their channel profiles measured by the accesspoint are correlated. The correlation property hand down trust from Cvia the connection of channel and data to B. In the end, an authentic,secure connection is established between A and B.

4.3. Protocol Specification

The proposed protocol consists of three algorithms.The two algorithms 4.1 (KeyGenA) and 4.2(KeyGenB) aim to establishment a secret-key. Thiscan also be done using an asymmetric approached, suchas ECDH. However, as we will demonstrate later, ourPHYSEC-CBKE algorithm requires two magnitudesless energy. Algorithm 4.1 is executed at the accesspoint and Algorithm 4.2 is executed at the RC-node.The protocol is designed to provide load-balancing tothe advantage of the RC-node. This is because of the ap-plied reconciliation scheme, where only one party needsto run a decoder, and because of the single-side random-ness test2. The third algorithm 4.3 (ViPair) is also exe-cuted at the access point and is responsible for MITM-resistant authentication.

A user starts the key generation and authenticationprocess by interacting with a ’loaded’ device. By push-ing a (logical or physical) button on the access point,a pairing request is broadcasted to all devices in trans-mission range. RC-nodes without an association answeras potential pairing candidates. The access point thenstarts the key establishment protocol with potential RC-nodes. The initial key establishment can be done aftera selection process or in combination with the ViPairalgorithm.

Recalling Fig. 8, key extraction starts with a syn-chronized block of channel measurements, which arequantized (quantize) applying the multilevel schemeby Jana et al. [3]. The chosen quantization was rec-ommended by Zenger et al. [8] as a result of theirsecurity evaluation. In order to cope with disagree-ments due to imperfect channel-reciprocity, we utilize

2Note that a true random source and its randomness verification isstill a major challenge in low-power embedded systems.

13

syndrome-based secure sketch with BCH codes as pro-posed in [29] for reconciliation and [5]. Here, weconsider a (255, 131, 37)-BCH code. In our imple-mentation, the RC-node needs to compute syndromes(syncalc) and transmits those to the access point,which has a complexity of O(n) only. The accesspoint then also quantizes its measurements and de-tect and correct potential bit errors applying decoding(reconcile). Based on the result of the informationreconciliation a success or failure notice is transmittedback to the RC-node. If the bit string was successfullycorrected, both parties would collect the synchronizedkey material within the privacy amplification. For pri-vacy amplification (amplify) we used CBC-MAC assuggested in [30] in combination with the AES blockcipher.

In addition to the generated key, the access pointkeeps track of the collected entropy (estimate) andreturns an estimated security level of the key. There-fore, we applied the bit-wise on-line entropy estima-tion based on SP800 − 90B draft by NIST [31] whichis designed to work on non-independent and identicallydistributed (non-IID) random variables. To determinethe security level we adopt the design criterias proposedin [32].

Key extraction might be continuously executed andcollects entropy with its key-evolving design. The secu-rity level is calculated continuously (security) basedon the conditional entropy of the synchronized key ma-terial due to public discussion as well as on the esti-mated entropy. Note, that a non-sufficient amount of es-timated entropy leads to stagnation of the security level.The key verification is performed once a specific secu-rity level is reached.

The vicinity-based authentication process determineswhether hCA(t) ≈ hBA(t) to prove proximity, wherethe correlation-witnessing device (in our case on accesspoint A) reads both channel profiles of the ’loaded’ de-vice C and the ’unloaded’ RC-nodes Bi. The job of Cin this position is simply responding to authenticatedpackets of A with also authenticated packets that includea repetition-protection mechanism as well as its mea-sured channel profiles to prevent MITM-attacks. Theaccess point verifies that no MITM-attack is performedby comparing its measured channel profiles hCA fromC with the securely transmitted channel measurementshAC of C, as shown in Algorithm 4.3. Fig. 11 shows thedata communication and channel measurement involvedin the VP protocol.

As we demonstrated in Section 3.4, the proximity-prove requires approximately 5 seconds, whereby theextraction of an 128-bit key requires approximately

Algorithm 4.1: KeyGenA: The key generation onthe access point A

Data: measurements hiBA, previous key (ki−1

BA , si−1)

Result: key candidate (kiBA, s

i)1 if event(receive(IDS)) then2 (syni, i)← receive(IDS)3 qi

BA ← quantize(hiBA)

4 ri ← estimate(qiBA)

5 (ciBA)← reconcile(qi

BA, syni)6 transmit(IDS , |ci

BA| , 0, i)7 if |ci

BA| , 0 then8 ki

BA ← amplify(ciBA, k

i−1BA)

9 si ← security(ri, |syni|, si−1)

10 if kiBA = 0 then

11 kiBA ← ki−1

BA12 si ← si−1

13 return (kiBA, s

i)

Algorithm 4.2: KeyGenB: The key generation onthe RC-node B

Data: measurements hiAB, previous key ki−1

ABResult: key candidate ki

AB1 if measure(hi

AB) = 1 then2 qi

AB ← quantize(hiAB)

3 syni ← syncalc(qiAB)

4 transmit(IDB, syni, i)5 success← receive(IDA)6 if success = 1 then7 ki

AB ← amplify(qiAB, k

i−1AB)

8 if kiAB = 0 then

9 kiAB ← ki−1

AB

10 return kiAB

60 seconds. However, an additional idea to reduce theduration (for user convenience) is to generate an au-thenticated key with lower security level in the very firstkey extraction round, oriented towards an attacker thatcannot brute-force the key in 60 seconds. In the secondround a key with a security level of 128 bit needs to beextracted and hashed with the previous, authenticatedone to provide confidentiality.

As shown in Section 3.4, the hypothesis testing re-quires a block of approximately 500 channel profiles(≈ 5 seconds). This means in the case of ECDH, afterkey establishment encrypted and repetition-secure pack-ets need to be sent.

Executing authenticated CBKE for 5 seconds pro-vides a security level of approximately 10-bits, whichfulfills our requirements as we will see next at Attack 4.

14

access point A ’loaded’ RC-node C ’unloaded’ RC-node B

Pairing request

Reset

IDA, Pairing request, channel

IDB , Pairing response

Set channel

C moves towards B

hAC [i · nq + k] hAB [i · nq + k]

IDA,Pairing packeti

hBA[i · nq + k]IDB , Pairing packeti

hCA[i · nq + k]

Pairing packeti,hAC [i · nq + k]

ViPair KeyGenB

Figure 11: The VP protocol’s communication is shown for each ofthe three parties: the powerful trusted access point A, the ’loaded’RC-node C, as well as the targeted ’unloaded’ RC-node B.

4.4. Security Analysis and Attacks

We considered several types of attacks during the dif-ferent stages of VZ-protocol including impostor attacks(DGA, stepmother) and MITM attacks (applying relayand replay attacks).

The DGA was already introduced in Section 3.4 andit was demonstrated that only a very low success rate of≈ 0.001 % of a potential attacker can be achieved. Nextwe will introduce the ’step mother’ attack as well as themost powerful MITM-attack:

Attack 2. The ’step mother’ attacker’s goal is to pair ashort-term ’unloaded’ RC-node B with the evil accesspoint OA, which is easily possible if his pairing requestarrives before A’s request. However, the attacker alsoneeds to prevent the user from resetting the end deviceB. A known way to prevent a user from resetting B isto successfully perform a DGA. A DGA would be re-quired, because at some point in the future the user willtry to pair A with the ’evil-loaded’ B, which would failduring authentication. Following, the user resets B andexecutes the vicinity-based pairing protocol.

Attack 3. If A and B/C are not in direct communicationor an attacker tricks both to different physical channels,an attacker can launch a MITM-attack on VP. There-fore, he would perform the key extraction protocol withA and B separately and simply forward all authenti-cated packets of C to A. However, VP is not vulnerableto impersonation-attacks on C, MITM-attacks or relay-attacks, because an attack will be detected due to check-

Algorithm 4.3: ViPair: Pairing algorithm for A.Result: authenticated key (kauth, s)

1 i = 02 (ki

BA, si) = 0

3 transmit(KeyGenRequest)4 repeat5 i← i + 16 hi

BA ← measure(IDB)7 hi

CA ← measure(IDC)8 (ki

BA, si)← keyGenA(hi

BA, (ki−1BA , s

i−1))9 if ρ(hi

BA, hiRG) > th then

10 authS ec← authS ec + (si − si−1)

11 hiAC ← receive(IDC)

12 if ρ(hiCA, h

iAC) < 0.95 then

13 mitm-attack det()

14 until userInteraction() and authS ec > minS ec;15 vi

CA = challenge(kiBA)

16 transmit(IDB, viCA)

17 success← receive(IDB)18 if success = 1 then19 kauth ← ki

BA

20 else21 kauth ← 022 si ← 0

23 return (kauth, si)

ing the channel reciprocity (high correlation) between Aand C during pairing.

Attack 4. In the case of executing both phases yellowand blue simultaneously, the access point colorizes theresulting key material within the pairing process as au-thentic as well. Assuming the worst case where phaseyellow was only executed for 5 seconds, and thereforethe security level for authentication is only 10 bits; fur-ther assuming that an attacker immediately imperson-ates B after phase yellow to attack phase blue, he wantsto perform a DGA (or a MITM attack). Therefore he ex-tracts the rest 118 bit of the 128 bit key between A andB. However, now the attacker only has a single try toguess the entire 128 bit key challenged by A for key ver-ification correctly. The probability of success for thisattack is 2−10.

Further, we provide a detailed experimental securityanalysis based on the key extraction protocol. The anal-yses focuses on passive eavesdroppers and active attack-ers. The goal of both attackers is the prediction of thekey material.

15

4.4.1. Security Analysis for Passive AttackersThe degree to which a passive channel measurement

attack succeeds is evaluated using linear correlation asmetric as shown before (as well as in earlier works [3,33, 34]). Due to channel reciprocity, the distributions ofthe correlation coefficient versus the distance betweenB and C of our measurement campaign are illustrated inFig. 5, whereby C can now be interpreted as a passiveattacker.

Further we evaluated the blockwise correlation ρ vs.bit disagreement rate (BDR) for the applied quantiza-tion scheme (proposed by Jana et al. [3]) as well asfor a ’robust’ scheme (proposed by Mathur et al. [15]).Therefore, we compared the result of the Monte-Carlosimulation environment of Guillaume et al. [34] with thedistribution results of our real-world measurement cam-paign. Concluding from Fig. 12(a), the, in this workapplied, quantizer leads to high BDRs for correlationslower than 0.8.

By combining the results of the channel measure-ments (cf. Fig. 5) with the results of the quantizationschemes (cf. Fig. 12) the capabilities of an passive at-tacker can be clearly seen. Correlated observations byan attacker with a coefficient larger than 0.8 are onlypossible for outdoor scenarios (with no rich multipathenvironment) if attackers position is within 3 cm fordAB < 60 m and closer than 17 cm for 60 m < dAB <300 m. Therefore, it is important that an attacker is notable to get within this dAB-dependent vicinity zones dur-ing pairing, which in the worst case is 17 cm.

However, by applying a robust quantization scheme,for example Mathur et al.’s [15] as illustrated inFig. 12(b), the capabilities of a passive attacker are in-creased significantly. Such a robust scheme is also ap-plied in the pairing scheme by Mathur et al. [2] calledProxiMate. Proximate is not based on channel reci-procity; it is based on low channel diversity, which onlyprovides low correlation capabilities and, therefore, re-quires robust quantization.

Nevertheless, the success of a close eavesdropper (ap-plying the same quantization scheme) has been evalu-ated for several real-world scenarios. Our results reflectthat the key generation applying secure quantization isimmune even against naıve passive attackers. E.g., theaverage BDR for ρ|b|A→B,B→A = 0.995 is 0.12, wherebythe BDR of an potential attacker for ρ|b|A→B,A→E = 0.811is 0.48. Smarter passive attacks, maybe using ’softdecision’-information, need to be addressed in futurework.

Obviously a doppelganger attacker will be success-ful if inside the VZ because it will measure (and pro-

0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1

0.1

0.2

0.3

0.4

0.5

ρ

BDR

Simulation

(a) Jana et al. (secure)

0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1

0.1

0.2

0.3

0.4

0.5

ρ

BDR

Simulation

(b) Mathur et al. (robust)

Figure 12: Evaluation results of the applied and of a reference quan-tization scheme based on real-world measurements. The bit disagree-ment rate (BDR) after quantization versus correlation coefficient ispresented.

duce at A) a correlated version of the channel, such as0.5 < ρ < 0.75. Therefore, it is necessary that duringthe pairing procedure (phase yellow) no attacker is in-side VZ(C) and VZ(A). The effective vicinity zone ofour demonstration system has a worst case radius of ap-proximately 17 cm. On the basis of these results andassuming that the access point is not under the user’scontrol at all times, a protection of the access point’svicinity zone could be achieved using a simple case.The ’loaded’ device is protected by the user itself whocarries the device. Note that in the indoor case even anattacker inside VZ is not able to achieve a high (ρ > 0.8)correlated observation and, therefore, he is not able toattack phase blue and reproduce corresponding key ma-terial.

Regarding passive attacks we identified open researchfields: (1) What is a more appropriate evaluation met-ric than linear correlation? (2) Is it possible that dueto symmetry in buildings a high correlation occurs at acertain position at a larger distance? (3) How complexand accurate are ray tracing attacks to reproduce the keymaterial?

4.4.2. Security Analysis on Active AttackersSimulation results of an active key recovery attack

on physical-layer key generation schemes was intro-duced by Eberz et al. [4]. The attack is based on anactive channel-influencing attack through packet injec-tion. The attack’s performance was only verified for thequantization scheme by Mathur et al. [15] which is a ro-bust bit extraction scheme utilizing a guard interval and,therefore, leads to a recovery rate of 47 %. To be lesssusceptible to design, we applied the multibit quantiza-tion scheme by Jana et al. [3] which is not solely basedon dominant channel variations.

We implemented the attack on a fourth Raspberry Pi+ CC2531EMK IEEE 802.15.4 controller. We appliedthe setup for different positions, gains, and channels.

16

The proposed key recovery attack lead to a recovery rateof 0 % (also for the quantization scheme by Mathur etal.). This could be due to the different RF front end(Eberz et al. applied MicaZ hardware). Even though, anattack can recover parts of the key material (e.g., 50 %),we can avoid the attack by calculating the conditionalmin-entropy.

During the pairing process, the attacker may try tomanipulate the key generation between the A and Bactively. The attacker can fake the MAC-addresses ofspoofed packets and pretend to be A or B respectively.The idea is that an attacker transmits spoofed packets(with low and high transmission power) that lead to keymaterial being predictable due to excursions for both le-gitimate nodes A and B. However, the attacker is notable to pretend to be A in the presence of C, because itcannot intercept their secure and authenticated connec-tion. Spoofing only for B may not be identified indi-vidually, but instead the system states the channel pro-files as unauthenticated. This safe-fail, or better secure-fail, characteristic exhibits since injected packets do notcorrelate with the authenticated packets of C. There-fore, the attacker can only influence unauthenticated se-quences in a harmless manner.

Summarizing, phase yellow is secured againstMITM-attacks by our A ↔ C-correlation verifica-tion and against channel influencing attacks (as demon-strated by Eberz et al.) due to the detection of aspoofer. A DGA that applies a MITM-attacker suc-cessfully on phase blue gets challenged in the key ver-ification, which is the concluding step of the key ex-traction protocol. Therefore, once the key verificationchallenges both bit strings, an attacker has only one sin-gle chance to guess the authenticated key material forthe verification to succeed and the attack to be success-ful. Further, a potential attacker is not able to predictthe channel in advance which prevents it from coun-terfeiting a correlated channel. The unpredictability ofthe channel avoids falsely authenticated channels. Inter-estingly for our protocol a passive attacker seems to bemore dangerous than an active attacker.

4.4.3. About the Manipulability of the ChannelThe manipulability of the physical channel, e.g., due

to line-of-sight ’on/off-keying’ is easy to perform, butalso very easy to predict by the user [3]. Nevertheless,the manipulation of the channel measurement mecha-nism is still an open research topic and might be a mayordrawback. However, the manipulation in a predictableand symmetric manor needs to be fulfilled, which hasnot been possible so far.

5. Prototype Implementations: ECC vs. PHYSEC

In the majority of cases, IoT-platforms are small em-bedded devices without continuous power supply. Theselection of algorithms, therefore, is more restrictedcompared to fully grown platforms. In particular, re-source requirements such as code size, the number ofclock cycles, and power consumption are the crucialfactors.

To study the performance of the algorithm system-atically, we introduced the first embedded prototypeimplementation of the CBKE scheme (as well as theVP extension) in a 32-bit ARM Cortex-M3 processor(EFM32GG-STK3700) as well as in an 8-bit Intel MCS-51, from the 8051 familiy.

The used 32-bit development board Giant Gecko pro-vides an attractive power consumption profile and con-venient evaluation tools. This platform is also beingused in pacemakers and provides efficient energy man-agement [35].

The targeted 8-bit platform CC2531 is a true SoCsolution for IEEE 802.15.4 and ZigBee applications.By combining an industry-standard enhanced 8-bit IntelMCS-51, from the 8051 familiy, with an IEEE 802.15.4RF transceiver and providing various operating modes,the chip is suited for systems where ultra-low powerconsumption is required.

In state-of-the-art IoT-systems, (lightweight) pub-lic key cryptography (PKC) has been implementedto establish dynamic key management for resource-constrained devices. In particular, elliptic curve cryp-tography (ECC) is the most efficient algorithm amongthe established PKC algorithms. The efficient imple-mentation on embedded systems has been well investi-gated, e.g., [36]. For this manuscript, we extended theseresults by including the energy consumption of trans-mitting, listening for and receiving data using the IEEE802.15.4 communication standard (see [37, 38, 39] fora detailed discussion).

We implemented the ECDH protocol for comparison.The results of the ECDH reference implementation3 aresummarized in Table 1 and in Table 2. As highlighted inthe tables, our goal is to achieve a 128-bit security level.Note that additional costs, such as the RNG as well asthe relating statistical test, of the ECC implementationare excluded from our evaluation. Even though they arehard to realize in resource-constrained devices, they areessential requirements for both public-key protocol par-ties.

332-bit: https://github.com/kmackay/micro-ecc8-bit: https://github.com/iSECPartners/nano-ecc

17

Table 1: Approximate resource overhead of each of the PKC blocksof reference implementation on a 32-bit ARM Cortex-M3. The sourcecode of the used ECDH implementation can be found on github3.

Block name Size [Kb] # of cycles Energy [mJ]

secp128r1 5.796 8, 758, 000 31.606secp192r1 5.656 14, 916, 000 43.212secp256r1 5.918 38,774,000 100.960secp384r1 5.752 103, 412, 000 231.386

For CBKE, we implemented the scheme as discribedin Section 4.3. Note that our calculations are based onthe (experimentally verified) assumption that the com-mon channel measurements are provided due to applica-tion layer communication. We call this recycling-basedchannel measurement.

The approximate resource overhead of the computa-tion of each component of the PHYSEC scheme is givenin Table 3 and in Table 4. The results of our implemen-tations are based on input vectors of 128 RSSI valuesfor the quantization schemes and therefore on 256 bitinput for reconciliation and privacy amplification.

Putting it all together, for the establishment of an 128-bit secret key the overall energy cost of the 32-bit PHY-SEC implementation is 2.4 mJ, while ECDH requiresan energy of 101 mJ. The results show that the energyconsumption for PHYSEC is only 2.4% of ECDH. Thecode size of ECDH is 5.7 times larger than the one ofPHYSEC. The overall energy cost of the 8-bit PHY-SEC implementation is 5.4 mJ, while ECDH requires anenergy of 528.5 mJ. Here, the energy consumption forPHYSEC is only 1% of ECDH and code size of ECDHis 7.7 times larger than the one of PHYSEC. The resultsare summarized in Table 5.

Table 2: Approximate resource overhead of each of the PKC blocksof reference implementation on an 8-bit Intel MCS-51. The sourcecode of the used ECDH implementation can be found on github3.

Block name Size [Kb] # of cycles Energy [mJ]

secp128r1 7.264 263, 111, 112 80.167secp192r1 5.856 572, 444, 446 174.417secp256r1 8.749 1,734,400,000 528.45secp384r1 5.643 4, 096, 000, 000 1, 248

6. Related Work

There are three types of general key agreementschemes: trusted third party scheme, self-enforcingscheme, and key pre-distribution scheme.

Table 3: Approximate resource overhead of each of the componentblocks (quantizer, secure sketch with BCH[n, k, d], AES in CBC modefor privacy amplification) of reference implementation on a 32-bitARM Cortex-M3 GG990F1024.

Block name Size [Kb] # of cycles Energy [µJ]

Quantization 0.61 43, 000 6Reconciliation 0.876 254, 065 290Privacy amp. 0.96 5, 214 6

Σ (128-bit) 1.033 302, 297 2, 246

Table 4: Approximate resource overhead of each of the componentblocks (quantizer, secure sketch with BCH[n, k, d], AES in CBC modefor privacy amplification) of reference implementation on an 8-bit In-tel MCS-51.

Block name Size [Kb] # of cycles Energy [µJ]

Quantization 0.208 11, 876 7Reconciliation 0.771 1, 325, 556 802Privacy amp. 0.158 7, 773 5

Σ (128-bit) 1.137 1, 345, 205 5, 206

Authentication schemes which assume the existenceof a trusted third-party, either an authentication server,e.g., Kerberos [40], or certification authority, createboth security and fault intolerance bottlenecks withinthe protocols, if the central party was compromised orunavailable [41]. This is especially problematic in adhoc networks, where authentication servers (e.g., PKIor Kerberos) might not be available and organizationaland departmental management interactions should beavoided.

For key pre-distribution schemes key material is dis-tributed among all nodes prior to deployment. A num-ber of different pre-distribution approaches exist. Thenaive solution is to distribute a master or group secretinto the nodes. This reduces the effort for key man-agement, but leads to potential successful attacks whichscale extremely well for the attacker. Once one nodeis compromised, the security posture of the entire sys-tem (maybe of the entire product batch) collapses. Stor-ing the master key in tamper resistant hardware mightreduce the risk, but also increases the cost and energyconsumption of each node [42]. The other extreme —opposite to one key for all nodes — is applying unique(transient) key pairs for each nodes and, therefore, let-ting each node carry N − 1 secret transient keys (assum-ing N is the total number of nodes). Compromising onenode does not affect other nodes. However, for a largenumber of nodes the scheme is not practical due to lim-

18

Table 5: Energy analysis of PHYSEC and ECDH (security level of128-bit) in [mJ].

Protocol Arch. Comp. Comm. Total

PHYSEC 32-bit 2, 246 0.187 2.4338-bit 5.206 0.187 5.393

ECDH 32-bit 100.960 0.064 101.0248-bit 528.45 0.064 528.514

ited amount of memory. Motivated to reduce the mem-ory effort, Eschenauer and Gligor introduced a randomkey pre-distribution scheme [43]. The main idea is toput a random set of keys from a larger key pool in eachnode to build a certain probability that each neighbor-ing node can agree on a common secret key. The pro-tocol supports initial key distribution, key revocation,and re-keying. The Eschenauer-Gligor scheme is fur-ther improved by Du et al. [44], Chan et al. [45], andTraynor et al. [46]. Du et al. introduced the idea ofusing knowledge of the spatial relations between nodesderived prior to deployment, e.g., non-uniformly spatialdistribution [44]. Chan et al. strengthened random keypre-distribution schemes, e.g., thus forcing the attackerto perform a larger scale node capture attack to extractrandom samples of the readings [45]. Traynor et al. in-troduced an unbalance version of the scheme. The un-balanced scheme reduces the number of transmissionsnecessary to establish session-keys but also reduces theeffects of node captures [46]. However, the greatest dis-advantage of all pre-distribution schemes is the miss-ing dynamic. Changes are hardly possible, e.g., addingnew nodes (without pre-distributed key material) to pre-existing networks requires rerunning the (initial) offlinekey distribution phase with all nodes.

Self-enforcing schemes classically depend on asym-metric cryptography, such as key agreement usingpublic-key certificates. However, asymmetric cryptog-raphy can be painfully difficult in embedded nodes, dueto limited computation and energy resources. Public-key algorithms, such as RSA [47] or Diffie-Hellmankey agreement [48], are often undesirable to use, be-cause they require an embedded RNG, are typically 2-3 orders of magnitude slower, their code has a compa-rably large memory footprint, and, crucially, they aremuch more energy-hungry than their symmetric coun-terparts. Implementing and using them correctly canalso be a major challenge for embedded system design-ers. Self-enforcing key establishment without a (pre-shared) authentication key is a problem, because it isusually based on a trusted environment excluding active

attackers. This could be fatal in wireless applications,because attackers’ distance is hard to predict due to highantenna gain and high transmitting power.

Unfortunately, standard approaches are not suitablefor low-resource IoT devices. We identified four IoT re-quirements, which are: (1) protection against advancedattackers, (2) low complexity for the IoT device to pairwith, (3) avoiding an additional setting, equipment orinterface on these devices, as well as (4) intuitive anduser-friendly handling a la ’The Resurrecting Duckling:Security Issues for Ad-Hoc Wireless Networks’ [7].

Several early research and development efforts haveaddressed secure (transient) pairing between devices inad hoc networks where authentication servers (e.g., PKIor Kerberos) may not be available. Some approachesfulfill a subset of the IoT requirements, but unfortu-nately not all of them.

6.1. Solutions based on Out-of-band CommunicationChannels

Pre-computed and pre-distributed keys unavoidablylead to large (sometimes unacceptably large) key man-agement. Overly loose security services, such as key di-versity by applying group- or master keys to reduce theeffort for key management, leads to attacks. Once thesymmetric key, made available to all potential commu-nication partners before deployment, is recovered, thesecurity posture of the entire system (maybe of the en-tire product batch) collapses.

Authentication schemes that assume the existence ofa trusted third party, either an authentication server orcertification authority, create both security and fault in-tolerance bottlenecks within the protocols [41], if thecentral party was compromised or unavailable.

Nowadays, the simple push button authenticationmethod WPS [49] is user-friendly, widely established,and an accepted pairing method. However, the ideais based on expensive public-key cryptography and atrusted environment, where no active attackers are takeninto consideration. Given the lifespan of some decadesof some IoT applications [50], it will be an advantage tohave alternative solutions available.

First approaches of authentication mechanisms whichdo not require prior trust are [7, 51, 52, 53, 54, 55].They are highly attractive regarding usability, but theseschemes need an additional interface for certificationvia out-of-band (OOB) communication. The resurrect-ing Duckling security policy introduced by Stajano etal. [7] is based on physical contact between two com-municating parties and, therefore, protects the key es-tablishment from MITM attacks. But due to the special-ized hardware it also reduces the addressable use cases

19

dramatically. However, the general approach motivatedseveral works (such as ours). In their paper Talking toStrangers, Balfanz et al. [51] also proposed the use ofa second, location-limited channel (such as visual oraudio) for authentication via public key cryptography.McCune et al. [52] proposed a system called Seeing-Is-Believing (SiB) for demonstrative identification of de-vices. It uses barcodes (as the fingerprint of the publickey) and camera phones to create a visual channel fortrust. Saxena et al. [53] suggest an improvement forSiB for mutual authentication by reducing the hardwarerequirements. Here the constrained device only requiresan LED. E.g., the distance-bounding protocol of Hanckeand Kuhn [54] is based on ultra-wideband pulse com-munication, but strongly conflicts with tight resourceconstraints of small embedded devices. Capkun et al.[55] introduced a new security primitive called integrityregions and an automatic key establishment approachusing it. They prevent MITM attacks through verifica-tion of presence which relies on ultasonic ranging hard-ware, such as speakers and microphones. An interest-ing work in this context is Heart-to-Heart (H2H) [35].It implements a pairing scheme between a medical in-strument and pacemakers by utilizing the characteristicof heartbeats as a secret. The approach of Miettinen etal. [56] utilizes ambient context information gatheredthrough commonly available sensor modalities like am-bient noise and luminosity.

Additionally, various access control mechanisms andsystems have been proposed using context sensing.GPS-based, Bluetooth-based or WiFi-based Contexts-of-Interests (CoIs) are used in [57, 58] for profiling andclassification of the environment to make access con-trol decisions based on sensing the environment andfinding context-familiarities. Furthermore, the authorsclaim that light, temperature, etc. sensor readings areinteresting variables for context-aware access control aswell.

6.2. Wireless Channel Only-SolutionsResearch closely related to our work covers device

pairing mechanisms that do not require prior trust, as in-troduced by Stajano et al. [7]. Further, we assume thatdevices neither own additional OOB communicationchannels (e.g., NFC, ultrasound, or optical) nor addi-tional hardware (e.g., accelerometer or blinking LEDs);they can only communicate with compatible wireless ra-dios (e.g., Wi-Fi and ZigBee).

Research falling within this scope are Amigo [59],Ensemble [1], and ProxiMate [2]. Amigo was the firstproposal utilizing common measurements of the dy-namic characteristics of the radio environment (which

consists basically of multiple Wi-Fi access points) asproof of physical proximity. Like for WPS the rootof trust is given by the environment which can easilybe manipulated. E.g., an active attacker can include asender applying power causes/profiles over time to sig-nificantly pretend an artificial dynamical environment.Therefore the adversaries can determine the authentica-tion criteria and apply a MITM attack.

Unfortunately, the same holds for ProxiMate, here,there also is no connection between the common ran-dom source and a trustworthy root exists. Therefore,an attacker can include an own source with high trans-mission power and modulate (/convolute) an artificialstrong channel impulse response on the send informa-tion. Another point is that ProxiMate utilizes the corre-lated observation of a public energy source not only forauthentication, but also for channel-based key extrac-tion. This is an important point, because a secure quan-tizer requires high correlated measurements (ρ > 0.95).Highly correlated measurements can be achieved us-ing channel-symmetry (e.g., forward hAB and backwardhBA). Due to spatial (distance dependent) decorrelation(Jakes Doppler Spectrum [11]), the measurements hAB

of a B and hAC of a close-by positioned C (or an at-tacker) are less correlated observations (ρ < 0.7). Inaddition to further drawbacks, ProxiMate utilizes thoselow spatial correlations by applying a very robust quan-tizer. Robust quantizers are able to provide common(low-error) bit strings based on low correlated observa-tions, but they are not secure. Successful manipulationattacks were shown by Eberz et al. [4] and a securityanalysis by Zenger et al. [8] strongly discourages usingrobust schemes.

Ensemble’s and Amigo’s proposals use the Diffie-Hellman protocol to establish a secret key and RSSI val-ues from Wi-Fi packets to detect proximity. Ensembleextend Amigo by introducing a third device which hasa trusted relationship set up with the so called witness(which in our case is the access point). The approach re-quires high-end personal devices only, such as modernsmartphones and smart watches, to execute public-keycryptography (between A and B) and verify proximity(at the witness).

In contrast to Amigo and ProxiMate, our scheme doesnot rely on public (unauthenticated) radio sources thatmight be manipulatable. Further, unlike Amigo and En-semble, our scheme does not need to execute asymmet-ric cryptographic algorithms such as DHKE which in-volves discrete modular exponentiation or point multi-plication on an elliptic curve which is O(n3) in size nof the desired key. VP uses a secure sketch with lin-ear codes whose complexity is O(n). We proposed a

20

location-based pairing protocol that is applicable for vir-tually all indoor use-cases and covers all four require-ments for IoT nodes. Our solution is resistant againststrong active attackers, represents an intuitively appli-cable solution for an end user, and it works on resource-constrained devices due to low complexity and the useof the existing radio interfaces only.

In their current work, Zenger et al. [60] propose ascheme that utilizes adaptive wormholes to enable PHY-SEC protocol execution over potentially untrusted re-lays.

7. General Discussion

Physical layer security (PHYSEC) is a growing fieldof research for (at least) information theorists, telecom-munication scientists, security scientists, and cryptolo-gists. Each of them speaks a different language and hasvarying interests that tactfully have to be brought to acommon denominator — which is identified as the firstchallenge in this context.

Information theorists formalize PHYSEC systems,e.g., CBKE, which obtain perfect secrecy. The ap-proaches are usually based on theoretical and statisti-cal channel models which are derived physically assum-ing some ideal conditions, such as specific distributionsof channel parameters (later utilized as random vari-ables) or uniformly distributed scatters in the environ-ment used for spatial decorrelation assumptions.

Unfortunately, broad channel abstractions are oftennot detailed enough to generically fulfill the securityrequirements in real-world realizations, e.g., non-richmultipath fading environments or potential manipula-tions of the random source. Several works [3, 4, 5, 6]demonstrated, when PHYSEC approaches are adaptedto physical realizations, they may fail due to weak ad-versarial/channel models.

Practice-oriented approaches which are based on em-pirical models are simultaneously limited to the corre-sponding field measurements, e.g., in an indoor envi-ronment, and, therefore, also not generically applica-ble. Furthermore, on the basis of empirical evaluation,formal treatments are hard to realize, which is, how-ever, important for tangible cryptography. — A gapfilling approach between theoretic and empirical mod-els might be side-specific models based on numericalmethods such as ray-tracing method. However, in theenvironmental complexity, ray tracing is unlikely to suc-ceed.

We believe, that establishing a PHYSEC communityby bringing all fields together and building better mod-

els suitable for formal treatments are important mile-stones for future work. The future development of PHY-SEC might be similar to the history from provably se-cure cryptography to side-channel attack resistant cryp-tographic realizations.

8. Conclusion

Recent work has documented the effectiveness ofnon-cryptographic authentication schemes for securinginteractions between advanced personal devices that donot know each other a priory and have no trusted re-lationship. However, these approaches require eitheradditional communication interfaces or are restrictedto weak attacker models. In the present paper, wefirst tested the (de-) correlation behavior of forwardand backward radio channels for three parties and thenevaluated these random sources regarding attacker- andlocation-based authentication possibilities. We foundthat exploiting location-based channel randomness is avery suitable technique for device pairing. Using onlywireless channel measurements from the existing radiointerfaces, we devised a novel authenticated key estab-lishment architecture and demonstrated the practicalityof our VP protocol based on embedded prototype im-plementation and experimental results. These findingsextend those of Varshavsky et al. [59], Kalamandeenet al. [1], and Mathur et al. [2] by adding environmentindependency and security against strong active attack-ers as well as redistribution of the computational com-plexity in favor of a resource-constrained device. Thepresented protocol is generic and can be adopted eas-ily to apply other key establishment schemes. This pa-per, therefore, indicates that the benefit gained from cor-related channels (location-based entropy sources) be-tween three parties may address a wide range of wire-less security applications. Most notably, this is the firstwork, to our knowledge, that fulfills the complete setof real-world requirements for ubiquitous environmentsand devices, which are: (1) MITM-resistance, (2) lowcomplexity, (3) no additional setting, equipment or in-terface, and (4) intuitive and user-friendly handling ala ’The Resurrecting Duckling: Security Issues for Ad-Hoc Wireless Networks’ [7].

9. Acknowledgments

This work was in part supported by BMBF within theprojects PROPHYLAXE (Grant 16KIS0010). Thanksto Jurgen Forster and Dominik Schug for creating andediting figures; the members of the EMSEC Group,

21

and the PROPHYLAXE team for feedback on drafts.Many thanks to Kevin Ramm for his help with SDRimplementation of our measurement systems. Specialthanks as well to the engineers of the PHYSEC GmbH(www.physec.de) for sharing PHYSEC know-howand for the help with embedded-device implementationof our cryptographic algorithms. Finally, the authorswould like to thank the anonymous reviewers of this pa-per for their helpful comments and suggestions.

References

[1] A. Kalamandeen, A. Scannell, E. de Lara, A. Sheth,A. LaMarca, Ensemble: cooperative proximity-based authenti-cation, in: Proceedings of the 8th international conference onMobile systems, applications, and services, ACM, 2010, pp.331–344.

[2] S. Mathur, R. D. Miller, A. Varshavsky, W. Trappe, N. B.Mandayam, Proximate: proximity-based secure pairing usingambient wireless signals, in: A. K. Agrawala, M. D. Corner,D. Wetherall (Eds.), Proceedings of the 9th InternationalConference on Mobile Systems, Applications, and Services(MobiSys 2011), Bethesda, MD, USA, June 28 - July 01, 2011,ACM, 2011, pp. 211–224. doi:10.1145/1999995.2000016.URL http://doi.acm.org/10.1145/1999995.2000016

[3] S. Jana, S. N. Premnath, M. Clark, S. K. Kasera, N. Patwari,S. V. Krishnamurthy, On the effectiveness of secret key ex-traction from wireless signal strength in real environments,in: K. G. Shin, Y. Zhang, R. Bagrodia, R. Govindan (Eds.),Proceedings of the 15th Annual International Conference onMobile Computing and Networking, MOBICOM 2009, Bei-jing, China, September 20-25, 2009, ACM, 2009, pp. 321–332.doi:10.1145/1614320.1614356.URL http://doi.acm.org/10.1145/1614320.1614356

[4] S. Eberz, M. Strohmeier, M. Wilhelm, I. Martinovic, A practicalman-in-the-middle attack on signal-based key generation pro-tocols, in: S. Foresti, M. Yung, F. Martinelli (Eds.), ComputerSecurity - ESORICS 2012 - 17th European Symposium onResearch in Computer Security, Pisa, Italy, September 10-12,2012. Proceedings, Vol. 7459 of Lecture Notes in ComputerScience, Springer, 2012, pp. 235–252. doi:10.1007/978-3-642-33167-1-14.URL http://dx.doi.org/10.1007/978-3-642-33167-1-14

[5] M. Edman, A. Kiayias, Q. Tang, B. Yener, On the securityof key extraction from measuring physical quantities, CoRRabs/1311.4591.URL http://arxiv.org/abs/1311.4591

[6] D. Steinmetzer, M. Schulz, M. Hollick, Lockpicking physicallayer key exchange: weak adversary models invite the thief,in: Proceedings of the 8th ACM Conference on Security& Privacy in Wireless and Mobile Networks, New York,NY, USA, June 22-26, 2015, ACM, 2015, pp. 1:1–1:11.doi:10.1145/2766498.2766514.URL http://doi.acm.org/10.1145/2766498.2766514

[7] F. Stajano, R. J. Anderson, The resurrecting duckling: Secu-rity issues for ad-hoc wireless networks, in: Security Protocols,7th International Workshop, Cambridge, UK, April 19-21, 1999,

Proceedings, 1999, pp. 172–194. doi:10.1007/10720107-24.URL http://dx.doi.org/10.1007/10720107-24

[8] C. T. Zenger, J. Zimmer, C. Paar, Security analysis of quantiza-tion schemes for channel-based key extraction, in: Workshopon Wireless Communication Security at the Physical Layer,WiComSec-Phy, Coimbra, Portugal, July 22, 2015.

[9] W. Trappe, The challenges facing physical layer security,IEEE Communications Magazine 53 (6) (2015) 16–20.doi:10.1109/MCOM.2015.7120011.URL http://dx.doi.org/10.1109/MCOM.2015.7120011

[10] W. Trappe, R. E. Howard, R. S. Moore, Low-energy security:Limits and opportunities in the internet of things, IEEE Security& Privacy 13 (1) (2015) 14–21.

[11] J. E. Hershey, A. A. Hassan, R. Yarlagadda, Unconventionalcryptographic keying variable management, IEEE Transactionson Communications 43 (1) (1995) 3–6. doi:10.1109/26.385951.URL http://dx.doi.org/10.1109/26.385951

[12] M. A. Tope, J. C. McEachen, Unconditionally secure com-munications over fading channels, in: Military Communica-tions Conference, 2001. MILCOM 2001. Communications forNetwork-Centric Operations: Creating the Information Force.IEEE, Vol. 1, IEEE, 2001, pp. 54–58.

[13] T. Aono, K. Higuchi, T. Ohira, B. Komiyama, H. Sasaoka, Wire-less secret key generation exploiting reactance-domain scalar re-sponse of multipath fading channels, Antennas and Propagation,IEEE Transactions on 53 (11) (2005) 3776–3784.

[14] B. Azimi-Sadjadi, A. Kiayias, A. Mercado, B. Yener, Robustkey generation from signal envelopes in wireless networks,in: P. Ning, S. D. C. di Vimercati, P. F. Syverson (Eds.),Proceedings of the 2007 ACM Conference on Computerand Communications Security, CCS 2007, Alexandria, Vir-ginia, USA, October 28-31, 2007, ACM, 2007, pp. 401–410.doi:10.1145/1315245.1315295.URL http://doi.acm.org/10.1145/1315245.1315295

[15] S. Mathur, W. Trappe, N. B. Mandayam, C. Ye, A. Reznik,Radio-telepathy: extracting a secret key from an unau-thenticated wireless channel, in: J. J. Garcia-Luna-Aceves,R. Sivakumar, P. Steenkiste (Eds.), Proceedings of the 14thAnnual International Conference on Mobile Computing andNetworking, MOBICOM 2008, San Francisco, California,USA, September 14-19, 2008, ACM, 2008, pp. 128–139.doi:10.1145/1409944.1409960.URL http://doi.acm.org/10.1145/1409944.1409960

[16] C. T. Zenger, J. Zimmer, M. Pietersz, J. Posielek, C. Paar,Exploiting the physical environment for securing the internetof things, in: A. Somayaji, P. C. van Oorschot, M. Mannan,R. Bohme (Eds.), Proceedings of the 2015 New SecurityParadigms Workshop, NSPW 2015, Twente, The Nether-lands, September 8-11, 2015, ACM, 2015, pp. 44–58.doi:10.1145/2841113.2841117.URL http://doi.acm.org/10.1145/2841113.2841117

[17] C. Ye, S. Mathur, A. Reznik, Y. Shah, W. Trappe, N. B.Mandayam, Information-theoretically secret key genera-tion for fading wireless channels, IEEE Transactions onInformation Forensics and Security 5 (2) (2010) 240–254.doi:10.1109/TIFS.2010.2043187.URL http://dx.doi.org/10.1109/TIFS.2010.2043187

[18] J. Zhang, S. K. Kasera, N. Patwari, Mobility assisted secret keygeneration using wireless link signatures, in: INFOCOM 2010.29th IEEE International Conference on Computer Communica-

22

tions, Joint Conference of the IEEE Computer and Communica-tions Societies, 15-19 March 2010, San Diego, CA, USA, IEEE,2010, pp. 261–265. doi:10.1109/INFCOM.2010.5462231.URL http://dx.doi.org/10.1109/INFCOM.2010.5462231

[19] Q. Wang, H. Su, K. Ren, K. Kim, Fast and scalable secretkey generation exploiting channel phase randomness in wire-less networks, in: INFOCOM 2011. 30th IEEE InternationalConference on Computer Communications, Joint Conferenceof the IEEE Computer and Communications Societies, 10-15April 2011, Shanghai, China, IEEE, 2011, pp. 1422–1430.doi:10.1109/INFCOM.2011.5934929.URL http://dx.doi.org/10.1109/INFCOM.2011.5934929

[20] M. Wilhelm, I. Martinovic, J. B. Schmitt, Secret keys fromentangled sensor motes: implementation and analysis, in:S. Wetzel, C. Nita-Rotaru, F. Stajano (Eds.), Proceedings of theThird ACM Conference on Wireless Network Security, WISEC2010, Hoboken, New Jersey, USA, March 22-24, 2010, ACM,2010, pp. 139–144. doi:10.1145/1741866.1741889.URL http://doi.acm.org/10.1145/1741866.1741889

[21] C. T. Zenger, M.-J. Chur, J.-F. Posielek, G. Wunder, C. Paar, Anovel key generating architecture for wireless low-resource de-vices, in: International Workshop on Secure Internet of Things(SIoT), Vol. 3, 2014, pp. 74–89.

[22] C. T. Zenger, M. Pietersz, C. Paar, Preventing relay attacksand providing perfect forward secrecy using physec on 8-bit uc,2016.

[23] G. S. Smith, A direct derivation of a single-antenna reciprocityrelation for the time domain, Antennas and Propagation, IEEETransactions on 52 (6) (2004) 1568–1577.

[24] J. WC Jr, Microwave mobile communications (1974).[25] S. T. Ali, V. Sivaraman, D. Ostry, Zero reconciliation secret

key generation for body-worn health monitoring devices,in: M. Krunz, L. Lazos, R. D. Pietro, W. Trappe (Eds.),Proceedings of the Fifth ACM Conference on Security andPrivacy in Wireless and Mobile Networks, WISEC 2012,Tucson, AZ, USA, April 16-18, 2012, ACM, 2012, pp. 39–50.doi:10.1145/2185448.2185455.URL http://doi.acm.org/10.1145/2185448.2185455

[26] E. Biglieri, A. R. Calderbank, A. G. Constantinides, A. Gold-smith, A. Paulraj, MIMO Wireless Communications, Cam-bridge University Press, 2010.URL http://www.cambridge.org/gb/knowledge/isbn/item4026955/?site_locale=en_GB

[27] M. Edman, A. Kiayias, B. Yener, On passive inference attacksagainst physical-layer key extraction?, in: E. Kirda, S. Hand(Eds.), Proceedings of the Fourth European Workshop onSystem Security, EUROSEC’11, April 10, 2011, Salzburg,Austria, ACM, 2011, p. 8. doi:10.1145/1972551.1972559.URL http://doi.acm.org/10.1145/1972551.1972559

[28] S. Capkun, M. Cagalj, Integrity regions: authenticationthrough presence in wireless networks, in: Proceedings ofthe 2006 ACM Workshop on Wireless Security, Los Ange-les, California, USA, September 29, 2006, 2006, pp. 1–10.doi:10.1145/1161289.1161291.URL http://doi.acm.org/10.1145/1161289.1161291

[29] Y. Dodis, L. Reyzin, A. Smith, Fuzzy extractors: How to gen-erate strong keys from biometrics and other noisy data, in:C. Cachin, J. Camenisch (Eds.), Advances in Cryptology - EU-ROCRYPT 2004, International Conference on the Theory and

Applications of Cryptographic Techniques, Interlaken, Switzer-land, May 2-6, 2004, Proceedings, Vol. 3027 of Lecture Notesin Computer Science, Springer, 2004, pp. 523–540.

[30] Y. Dodis, R. Gennaro, J. Hstad, H. Krawczyk, T. Rabin, Ran-domness extraction and key derivation using the cbc, cascadeand HMAC modes, in: Advances in Cryptology - CRYPTO2004, 24th Annual International CryptologyConference, SantaBarbara, California, USA, August 15-19, 2004, Proceedings,2004, pp. 494–510.

[31] E. Barker, J. Kelsey, Nist draft special publication 800-90b rec-ommendation for the entropy sources used for random bit gen-eration, TBA.

[32] C. T. Zenger, J. Zimmer, J.-F. Posielek, C. Paar, On-line entropyestimation for secure information reconciliation, in: Workshopon Wireless Communication Security at the Physical Layer,WiComSec-Phy, Coimbra, Portugal, July 22, 2015.

[33] S. N. Premnath, S. Jana, J. Croft, P. L. Gowda, M. Clark,S. K. Kasera, N. Patwari, S. V. Krishnamurthy, Secretkey extraction from wireless signal strength in real environ-ments, IEEE Trans. Mob. Comput. 12 (5) (2013) 917–930.doi:10.1109/TMC.2012.63.URL http://doi.ieeecomputersociety.org/10.1109/TMC.2012.63

[34] R. Guillaume, A. Mueller, C. T. Zenger, C. Paar, A. Czyl-wik, Fair comparison and evaluation of quantization schemesfor phy-based key generation, OFDM 2014.

[35] M. Rostami, A. Juels, F. Koushanfar, Heart-to-heart (H2H):authentication for implanted medical devices, in: A. Sadeghi,V. D. Gligor, M. Yung (Eds.), 2013 ACM SIGSAC Conferenceon Computer and Communications Security, CCS’13, Berlin,Germany, November 4-8, 2013, ACM, 2013, pp. 1099–1112.doi:10.1145/2508859.2516658.URL http://doi.acm.org/10.1145/2508859.2516658

[36] A. Liu, P. Ning, Tinyecc: A configurable library for ellipticcurve cryptography in wireless sensor networks., in: IPSN,2008, pp. 245–256.

[37] D. Galindo, R. Roman, J. Lopez, On the energy cost of au-thenticated key agreement in wireless sensor networks, WirelessCommunications and Mobile Computing 12 (1) (2012) 133–143. doi:10.1002/wcm.894.URL http://dx.doi.org/10.1002/wcm.894

[38] J. Großschadl, A. Szekely, S. Tillich, The energy cost ofcryptographic key establishment in wireless sensor networks,in: Proceedings of the 2007 ACM Symposium on Informa-tion, Computer and Communications Security, ASIACCS2007, Singapore, March 20-22, 2007, 2007, pp. 380–382.doi:10.1145/1229285.1229334.URL http://doi.acm.org/10.1145/1229285.1229334

[39] G. de Meulenaer, F. Gosset, F. Standaert, O. Pereira, On theenergy cost of communication and cryptography in wirelesssensor networks, in: IEEE International Conference on Wirelessand Mobile Computing, Networking and Communications,WiMob 2008, Avignon, France, 12-14 October 2008, Proceed-ings, 2008, pp. 580–585. doi:10.1109/WiMob.2008.16.URL http://dx.doi.org/10.1109/WiMob.2008.16

[40] J. G. Steiner, B. C. Neuman, J. I. Schiller, Kerberos: An authen-tication service for open network systems, in: Proceedings ofthe USENIX Winter Conference. Dallas, Texas, USA, January1988, 1988, pp. 191–202.

[41] A. Levi, M. U. alayan, The problem of trusted third party inauthentication and digital signature protocols 1.

[42] R. Anderson, M. Kuhn, Tamper resistance-a cautionary note,

23

in: Proceedings of the second Usenix workshop on electroniccommerce, Vol. 2, 1996, pp. 1–11.

[43] L. Eschenauer, V. D. Gligor, A key-management scheme fordistributed sensor networks, in: Proceedings of the 9th ACMConference on Computer and Communications Security, CCS2002, Washington, DC, USA, November 18-22, 2002, 2002,pp. 41–47. doi:10.1145/586110.586117.URL http://doi.acm.org/10.1145/586110.586117

[44] W. Du, J. Deng, Y. S. Han, S. Chen, P. K. Varshney, A keymanagement scheme for wireless sensor networks using de-ployment knowledge, in: Proceedings IEEE INFOCOM 2004,The 23rd Annual Joint Conference of the IEEE Computer andCommunications Societies, Hong Kong, China, March 7-11,2004, IEEE, 2004.URL http://www.ieee-infocom.org/2004/Papers/13_1.PDF

[45] H. Chan, A. Perrig, D. X. Song, Random key predistributionschemes for sensor networks, in: 2003 IEEE Symposium on Se-curity and Privacy (S&P 2003), 11-14 May 2003, Berkeley, CA,USA, 2003, p. 197. doi:10.1109/SECPRI.2003.1199337.URL http://dx.doi.org/10.1109/SECPRI.2003.1199337

[46] P. Traynor, H. Choi, G. Cao, S. Zhu, T. L. Porta, Estab-lishing pair-wise keys in heterogeneous sensor networks,in: INFOCOM 2006. 25th IEEE International Confer-ence on Computer Communications, Joint Conference ofthe IEEE Computer and Communications Societies, 23-29 April 2006, Barcelona, Catalunya, Spain, IEEE, 2006.doi:10.1109/INFOCOM.2006.260.URL http://dx.doi.org/10.1109/INFOCOM.2006.260

[47] R. L. Rivest, A. Shamir, L. M. Adleman, A method for obtain-ing digital signatures and public-key cryptosystems, Commun.ACM 21 (2) (1978) 120–126. doi:10.1145/359340.359342.URL http://doi.acm.org/10.1145/359340.359342

[48] W. Diffie, M. E. Hellman, New directions in cryptography, IEEETransactions on Information Theory 22 (6) (1976) 644–654.doi:10.1109/TIT.1976.1055638.URL http://doi.ieeecomputersociety.org/10.1109/TIT.1976.1055638

[49] W. Alliance, Wi-fi simple configuration technical specificationversion 2.0.2.

[50] D. Evans, The internet of things: how the next evolution of theinternet is changing everything, CISCO white paper 1.

[51] D. Balfanz, D. K. Smetters, P. Stewart, H. C. Wong, Talkingto strangers: Authentication in ad-hoc wireless networks, in:Proceedings of the Network and Distributed System SecuritySymposium, NDSS 2002, San Diego, California, USA, TheInternet Society, 2002.URL http://www.isoc.org/isoc/conferences/ndss/02/proceedings/papers/balfan.pdf

[52] J. M. McCune, A. Perrig, M. K. Reiter, Seeing-is-believing:Using camera phones for human-verifiable authentication, in:2005 IEEE Symposium on Security and Privacy (S&P 2005),8-11 May 2005, Oakland, CA, USA, 2005, pp. 110–124.doi:10.1109/SP.2005.19.URL http://doi.ieeecomputersociety.org/10.1109/SP.2005.19

[53] N. Saxena, J. Ekberg, K. Kostiainen, N. Asokan, Secure de-vice pairing based on a visual channel, IACR Cryptology ePrintArchive 2006 (2006) 50.URL http://eprint.iacr.org/2006/050

[54] G. P. Hancke, M. G. Kuhn, An RFID distance bounding pro-

tocol, in: First International Conference on Security and Pri-vacy for Emerging Areas in Communications Networks, Se-cureComm 2005, Athens, Greece, 5-9 September, 2005, 2005,pp. 67–73. doi:10.1109/SECURECOMM.2005.56.URL http://doi.ieeecomputersociety.org/10.1109/SECURECOMM.2005.56

[55] S. Capkun, M. Cagalj, G. Karame, N. O. Tippenhauer, In-tegrity regions: Authentication through presence in wireless net-works, IEEE Trans. Mob. Comput. 9 (11) (2010) 1608–1621.doi:10.1109/TMC.2010.127.URL http://doi.ieeecomputersociety.org/10.1109/TMC.2010.127

[56] M. Miettinen, N. Asokan, T. D. Nguyen, A. Sadeghi, M. Sob-hani, Context-based zero-interaction pairing and key evolutionfor advanced personal devices, in: Proceedings of the 2014ACM SIGSAC Conference on Computer and CommunicationsSecurity, Scottsdale, AZ, USA, November 3-7, 2014, 2014, pp.880–891. doi:10.1145/2660267.2660334.URL http://doi.acm.org/10.1145/2660267.2660334

[57] M. Miettinen, S. Heuser, W. Kronz, A. Sadeghi, N. Asokan,Conxsense - context sensing for adaptive usable access control,CoRR abs/1308.2903.URL http://arxiv.org/abs/1308.2903

[58] M. Miettinen, S. Heuser, W. Kronz, A. Sadeghi, N. Asokan,Conxsense: automated context classification for context-awareaccess control, in: 9th ACM Symposium on Information,Computer and Communications Security, ASIA CCS ’14,Kyoto, Japan - June 03 - 06, 2014, 2014, pp. 293–304.doi:10.1145/2590296.2590337.URL http://doi.acm.org/10.1145/2590296.2590337

[59] A. Varshavsky, A. Scannell, A. LaMarca, E. De Lara, Amigo:Proximity-based authentication of mobile devices, Springer,2007.

[60] C. T. Zenger, J. Zimmer, M. Pietersz, B. Driessen, C. Paar, Con-structive and destructive aspects of adaptive wormholes for the5g tactile internet, 2016.

24