JOURNAL OF NETWORKS, VOL. 9, NO.

9, SEPTEMBER 2014

2299

A Physical Layer Key Negotiation Mechanism to

Secure Wireless Networks
Jikang Xia, Lan Chen, Ying Li, and Endong Tong
Institute of Microelectronics, Chinese Academy of Sciences, Beijing 100029, China
Email: {xiajikang, chenlan, liying1, tongendong}@ime.ac.cn

AbstractThe rapid technological developments in

computing technology and the proliferation of wireless
network nodes with light infrastructure, have emerged large
quantities of security requirements of informational privacy
in cyberspace. Due to the inherent nature of open medium,
diversity and variability of network topology, wireless
networks are greatly difficult to secure by traditional
methods. A physical layer key negotiation mechanism to
secure wireless networks is proposed to quickly exchange
and establish conventional cryptographic keys by exploiting
the wireless channels characteristics. The physical layer key
negotiation mechanism and its supplementary exception
handling caused by the variations in communication paths
are both described step by step. The simulation results
verify the consistency of the keys of legitimate users,
robustness and feasibility of this mechanism. Furthermore
this cross-layer security technology is an exemplary
complement to existing wireless network protocols to
improve their security and enhances the ability to resist
replay attacks, brute-force attack and eavesdropping.
Index TermsNetwork Security; Informational Privacy;
Wireless Communication; Physical Layer; Key Negotiation;
Cryptography

I.

INTRODUCTION

The rapid technological developments in computing

technology and the proliferation of wireless network
nodes with light infrastructure, have led to the emergence
of an information society capable of gathering, storing,
and disseminating increasing amounts of data embedded
the informational privacy of humans in need to secure.
Compared to mature secure wired communications,
secure wireless communications becomes a challenging
problem due to the inherent nature of open medium,
diversity and variability of network topology, and is
greatly difficult to secure by traditional methods.
In typical communication systems, security
technologies assume the channel is error free and rely
currently on cryptographic schemes implemented at the
upper layers or protocol stacks [1]. The conventional
cryptographic schemes are based on the amount of
calculation that the eavesdroppers cannot crack the
encrypted information within the limited time constraints.
However, in any real application the channels for
legitimate users and passive eavesdroppers are not error
free. With the growing of computing power, the key
system based on existing mathematical difficulties is
severely threatened. Increasing the key length is not a
2014 ACADEMY PUBLISHER
doi:10.4304/jnw.9.9.2299-2308

permanent solution to improve the security based on the

key system with big overhead over the network [2],
whereas introducing information-theoretic securities can
be fundamentally solving this problem.
Conventional security services are mainly located at
application level (as Internet) and other solutions exist for
link layer (as in Wi-Fi [3], Bluetooth [4] or ZigBee [5])
and at network layer (as in IPSEC [6]). The security
protocols tend to be layer-specific but ignore the most
fundamental of communication layersthe physical layer.
More and more attentions are driven on utilizing the
fundamentals of the physical layer to provide secure
wireless communications [7]. The multiple characteristics
of wireless channel in special (for multi-antenna system)
or frequency (for OFDM system) or time (for timevarying channel) domain serve as a powerful basis to
illume new security ideas at the physical layer. Emerging
approaches generally use the received signal strength
indicator (RSSI) [8], or the signal envelope [9] as the
channel characteristics.
The information theory security is based on Shannons
perfect secrecy theory [10] and is developed by Wyner as
the secrecy capacity of the wiretap channel [11]. There
exist channel codes guaranteeing both robustness to
transmission errors and a prescribed degree of data
confidentiality [12]. The secrecy capacity can be
achieved for certain wire tap channels using codes [13].
A space-time signal processing technique for secure
communication over wireless channels is presented in
[14]. The current theory about physical layer security is
not well established and these methods are also discussed
primarily in academia. However, cryptography is a core
technology of information security and is relatively
mature [15]. A cross-layer technology of secure
communication combined with traditional cryptographicbased protocols is inspired by literature reviews and it is
relatively practical in application.
A physical layer key negotiation mechanism is
proposed to quickly exchange and establish cryptographic
keys from the legitimate channels characteristics of
uniqueness, reciprocity and unpredictability. In a system
with time division duplex (TDD), the forward and the
reverse channels are identical by the propagation
reciprocity, while the channel to eavesdropper is
independent to that of the legitimate users due to
multipath or attenuation. The transmitted bits are
scrambled using a shared secret key based on the channel

2300

JOURNAL OF NETWORKS, VOL. 9, NO. 9, SEPTEMBER 2014

between two nodes to secure the wireless link without

key management. The keys updating mechanism
natively draws support from the characteristics of
wireless channels with time.
The main contribution of this paper is a physical layer
key negotiation mechanism for wireless networks, which
provides information theoretic security by exploiting the
characteristics of wireless channels. The rest of the paper
is organized as follows. Section II provides a description
of the system model and design issues. Section III
presents the physical layer key negotiation mechanism in
detail. The simulation and results analysis are presented
in section IV. And section V gives the conclusions.
II.

SYSTEM MODEL AND DESIGN ISSUES

A. System Model
The simplest network where problems of secrecy and
confidentiality arise is a three-terminal system
comprising a transmitter Alice, the intended (legitimate)
receiver Bob, and an unauthorized receiver, wherein the
transmitter wishes to communicate a private message to
the receiver. The unauthorized receiver is a passive
eavesdropper Eve. Eavesdropping at the physical layer
refers to hiding the very existence of a node or the fact
that communication was even taking place from an
adversary. The legitimate users (Alice and Bob) can
generate a secret key through public communication over
an insecure channel. This wireless network system is
shown as Fig. 1. A legitimate user Alice sends messages
Sk over the channel (the main channel) to another user
Bob. Bob observes the output of a discrete-time Gaussian
channel given by

yM (t) = h M (t) x(t)+n M (t)

(1)

where hM(t) denotes the main channel (zero-mean)

complex Gaussian channel function, x(t) is the modulated
signal to transmit from Alice and nM(t) denotes a zeromean complex Gaussian noise random variable.
Assume that a third party (Eve) is capable of
eavesdropping Alices transmissions. Eve observes the
output of another discrete-time channel (the wiretap
channel) given by

yW (t) = h W (t) x(t)+n W (t)

(2)

where hW(t) is the wiretap channel (zero-mean) complex

Gaussian channel function, x(t) denotes the encoded
signal to transmit from Alice and nW(t) is also a zeromean complex Gaussian noise random variable.
Meanwhile, we review the basic information theoretic
security principles of wireless communications, which is
described as follow. For a random variable X with
distribution probability PX, its Shannon entropy is
denoted by H(X) and is obtained as (3).

H(X)= Ex log PX ( x)

(3)

where E is the expected value of the finite set , x.

Given another random variable Y such that (X,Y) has

2014 ACADEMY PUBLISHER

joint distribution PXY, their conditional entropy of X

given Y is formulated as (4).

H(X|Y)= Ex, y log PX |Y ( x | y)

(4)

In Alices transmission, Sk can be considered as a

random variable from an arbitrary set such that SXY
forms a Markov chain. For random variables X and Y
with joint distribution PXY, their (Shannon) mutual
information is denoted by I(X;Y) and is defined as:

I(X;Y) = Ex , y log

PX ( x) PY ( y)
PXY ( x, y)

(5)

The equivocation of the source (the confidential

messages to be sent) at the output of the wiretap channel
(what Eve receives) is defined as:

1
= H (S k | Z n )
k

(6)

The secret capacity CS of this setup is defined as the

maximum transmission rate at =1. More detailed
derivation can be acquired from [12].

CS

Alice

Sk

Encoder

xn

max[ I (S ; Y ) I (S; Z )]
hM
Main
Channel

yM

Decoder

hW
Wiretap yW
Channel

(7)

Zn

Bob

Eve

Figure 1. The wiretap channel model

B. Characteristics of Wireless Channels

It is widely known that wireless channel characteristics
depend heavily on the location, the environment, and the
movement of the transmitter and the receiver. According
to the propagation principle of wireless channels [16], the
characteristics of legitimate channels are reciprocity,
uniqueness and unpredictability. The reciprocity and
uniqueness of wireless channel indicate that the transfer
function between transmitter and receiver is the same and
unique. In a short period of time (less than the channel
coherence time), at the same carrier frequency the
wireless channel function from Alice to Bob is the same
as that from Bob to Alice. These two channel functions
are the same as (8).

h AB (t)=h BA (t)

(8)

The channel characteristic is uniqueness and locationrelated. As shown in Fig. 2, the distance between the
legitimate users Alice and Bob is R. Alice sends the more
than half wavelength (/2) from the enough information
to Bob. The eavesdropper Eve located at from legitimate
users, the channel characteristic measured by the
eavesdropper is the same. When the distance between the
legitimate users and the eavesdropper is more than the
half carries wavelength, the channel characteristics of
them are different. Eve observes the output of an

JOURNAL OF NETWORKS, VOL. 9, NO. 9, SEPTEMBER 2014

2301

independent discrete-time wiretap channel. Eves channel

function is different from Bobs as (9).

h AB (t) h AE (t)

(9)

Due to the variations of channel environment,

multipath effect, Doppler Effect and rapid signal
attenuation, the measurement of wireless signal by
receivers is random and unpredictable.
Therefore, this papers basic principle of informationtheoretic security calls for the combination of
cryptographic schemes with key negotiation mechanism
that exploit the reciprocity, uniqueness and
unpredictability of the communication channels to
guarantee that the sent messages cannot be decrypted by
an eavesdropper during the transmission. And our
scenario is TDD based wireless network applications with
mobile terminals moving at walking speed, so both the
main and the wiretap channels are quasi-static channels
and the channel characteristic varies slowly with time.
Consequently, the channel function can be essentially
constant during the transmission of an entire frame.
Eve
>/2

Alice

Bob

Figure 2. The spatial location of Alice, Bob and Eve

C. Physical Layer Security

The physical layer security is based on the observation
that the channel experienced in both directions are similar,
whereas the channel properties experienced by an
eavesdropper non co-located with either side of the
transmission would exhibit significant differences with
the channels experienced by the intended users [17]. The
secure physical layer system relies on the unpredictable
path loss (channel gain) of given wireless transmission
link to prevent unauthorized access to the information or
message data transmitted. According to the principle of
reciprocity, the measurement of channel characteristics at
the same time is the same. The channel characteristics are
variable over time. So, at different time or in different
locations, the eavesdroppers measurement is different
from the legitimate users. The path loss can generally be
characterized by the distance of the reception node from
the transmission node in relation to a path loss exponent.
By extracting the same channel characteristic of
communicating, the both communication parties can
independently generate the same key from the same
channel characteristics. The eavesdropper cannot
generate or predict the same keys which provide secure
communications for the legitimate users.
An approach of security at the physical layer is to rely
on the channel variations of the wireless environment and
seeks to use the unique space, time and frequency
properties of wireless channels as the secret information
between transmitters and receivers. Secrecy extraction

2014 ACADEMY PUBLISHER

technique is a particularly promising direction for using

the physical layer to enhance security as the basic step,
namely the probing of the wireless medium in order to
obtain the channel estimation, is also a fundamental step
at general communication, i.e., channel state information
[18] estimation is already performed in the physical layer
of most wireless systems. Information-theoretic security
characterizes the fundamental ability of the physical layer
to provide security.
D. Encryption in Networks
In a typical wireless networks system, a session key is
distributed among the transmitting and receiving
communication devices. The session key is then used by
the transmitter to perform encryption at an upper layer of
the Open Systems Interconnection (OSI) model [19],
such as the application and transport layers. The OSI
model defines a networking framework to implement
protocols in seven layers. Control is passed from one
layer to the next, starting at the application layer in one
station, and proceeding to the bottom layer, over the
channel to the next station and back up the hierarchy. The
layers are stacked this way: Application, Presentation,
Session, Transport, Network, Data Link, and Physical.
Nowadays the cryptographic software and hardware to
perform encryption are widely available.
Cryptography is the core technology of information
security, encryption during data transmission can ensure
the confidentiality and integrity. In the existing
cryptography [20], encryption is the process of encoding
information in such a way that only authorized parties can
read it. In an encryption scheme, the message or
information (referred to as plaintext) is encrypted using
an encryption algorithm, turning it into an unreadable
cipher text. An authorized party is able to decode the
cipher text using a decryption algorithm, which usually
requires a secret decryption key. And the most frequently
used and most secure encryption algorithm is Advanced
Encryption Standard (AES) [21] which has been adopted
by the United States (US) governments National Institute
of Standards and Technology (NIST) for its symmetrickey encryption standard. AES is popular in the field of
communications and networks, and remains the preferred
encryption standard for governments, banks and high
security systems around the world. That can be concluded
the encryption algorithms on networks are relatively
mature.
However, to prevent security violations, cryptography
methods are unceasingly seeking to generate larger and
more complex randomly chosen keys and codes as the
basis for encryption. The complexity of the encryption
scheme is directly proportional to the expense of the
system required to support the encryption scheme. Thus,
it is desired to provide physical layer security to
supplement and support conventional higher layer
encryption techniques. And an encryption algorithm can
randomly generate keys from the physical layer. An
exemplary embodiment of the method of providing
physical layer security relies upon the channel
characteristics of a given wireless communication link to

2302

JOURNAL OF NETWORKS, VOL. 9, NO. 9, SEPTEMBER 2014

induce unknown errors in the channel data received by an

eavesdropper.
Based on the above, a cross-layer technology of secure
communication combined with traditional encryption
method is a wise move and will be introduced in Section
III. It is possible to ensure information-theoretic security
if the key is used as a one-time pad, which requires high
rate of the keys generation.
III.

KEY NEGOTIATION MECHANISM

A. Frame Structure
The key of the physical layer used by the legitimate
transmitter and receiver is extracted from the
characteristics of the same wireless channel. Before
introducing the mechanism, the ameliorative structure of
the physical frame is formatted as shown in Table I.
The frame structure of the current communication
protocol is usually composed of header and payload. In
order to extract the characteristics of the channel, the
customized secure physical layer frame is ameliorated
and consists of four parts: header, RSSI, sequence
number and payload. The header still allows a receiving
device to synchronize and derive the channel estimation.
RSSI is measured by the RF (radio frequency) part of
receivers and used to help the receiver calculate channel
gains. One of the disadvantages of wireless networks is
the initial data exchange in a non-secure radio channel or
anyway by sharing a common known cryptographic key.
At the moment, sequence number (No.) is introduced and
used to prevent replay attacks, which is 0 at initialization
of the mechanism. In the subsequent communication
process the receiving node de-frames the sequence
number, adds one (No.+1), and then sends the frame. The
payload (PSDU) carries the MAC (Medium Access
Control) layer frame of variable length.
B. Keys Generation from Physical Layer Seeds
The flow of physical layer key generation is described
in Fig. 3. The key is generated in receivers, and used to
encrypt information in transmitters.
Firstly, the seeds are described which is provided for
keys generation from the physical layer extraction. The
seed consists of the measured value of channel gains and
the pseudo random number. The channel gain (path loss)
is the difference value between transmitting power and
the receiving power (RSSI). There are some measuring
errors and finite word length effects of quantization in the
actual measurement [22]. And traditional channel
quantization based methods for keys generation usually
suffer from the quantization error which may decrease the
consistency of keys of legitimate users. Quantization,
which is a kind of projection from real numbers to
integers, is expected to extract the same parameters
between legitimate users but different parameters for
eavesdroppers. An approximate treatment of the
quantized fixed bit-width channel gain is needed to
guarantee the gains estimated by both communication
parties Alice and Bob is equal.
Secondly, because the physical frame is unencrypted in
the initialization phase of the physical layer key
2014 ACADEMY PUBLISHER

generation in following part C, in order to further

strengthen the security in the initialization, an m-bit
pseudo-random number (PN) is introduced and combined
with high Li bit (low i bits are truncated) channel gain to
generate the physical layer encryption and decryption
keys used for the upper layers. For convenience the m-bit
pseudo-random numbers generated by the method of shift
registers [23] beforehand is stored in a pool. Setting a
volume M of the pool is sensible to reduce the memory
cost. As (10) the sequence number of each frame divided
by M is the remainder n. The pseudo-random numbers is
selected the n th number from the pool with overlap based
on the remainder n. Finally, the seed of physical layer
keys can be expressed as (11). For example, the quantized
measured gain is 10-bit, and the approximate treated is 8bit to ensure the gains estimated by Alice and Bob is
equal gA[7:0] = gB[7:0]. Besides the 8-bit pseudo-random
number based on the sequence number (n) can be selected
from the pool as Table II.

n No.(mod M )

(10)

seed = {gain [L: L-i], PN (n)}

(11)

Thirdly, the key length used in the cipher determines

the practical feasibility of performing a brute-force attack,
with longer keys exponentially more difficult to crack
than shorter ones. According to Landauer limit [24], a
128-bit symmetric key is computationally secure against
brute-force attack. The physical seed becomes an upper
layer 128-bit key by this way to maintain its randomness
and enhance security. The seed and the upper layer
protocols key can be mixed by exclusive OR (XOR)
operations without altering the bit-width of the original
key in existing protocols. And another advisable method
is spreading the seeds by popular hash functions [25] or
linear mapping for bit-width extension.
TABLE I.

FORMAT OF THE S ECURE P HYSICAL LAYER F RAME

Header
RSSI Sequence number
Payload
Non-encrypted part Encrypted part by upper layers
Measure the receiving
signal and get RSSI

De-Frame and get the

sequence number (No.)

Channel gain = Last

transmitting power - RSSI

Calculate the
remainder n as (10)

Quantize the channel gain

(low i bits are truncated)

Selecte the PN from

the pool based on n

Combine the quantized channel gain

and the PN to get a seed as (11)
The seed XOR the protocols
key is the final key

Figure 3. The flow of the physical layer key generation

C. Keys Negotiation Mechanism

The approach for security at the physical layer is to
rely on the channel variations of the wireless environment.
Channel gains are obtained from the transmitting power
and RSSI as the indicator of channel characteristics.
Automatic Repeat reQuest (ARQ) [26] is introduced by a

JOURNAL OF NETWORKS, VOL. 9, NO. 9, SEPTEMBER 2014

pair of data frame and ACK (acknowledgement) frame

which is an error-control method for data transmission
that uses acknowledgements (messages sent by the
receiver indicating that it has correctly received a data
frame) and timeouts (specified periods of time allowed to
elapse before an acknowledgment is to be received) to
achieve reliable data transmission over an unreliable
channel. If the sender does not receive an ACK before the
timeout, it usually re-transmits the frame until the sender
receives an acknowledgment frame or exceeds a
predefined number of re-transmissions. It is guaranteed
that the time interval of ARQ is less than the channel
coherence time, and the reciprocity still holds.
The physical layer key negotiation mechanism for
secure wireless networks between Alice and Bob is
presented as follow. In Fig. 4, P A represents the Alices
transmitting power; r B represents the measured RSSI
value by Bob; gA represents the channel gain calculated
from Alices PA and rB; key A={gA[L:Li],PN(No.)}
represents the Alices physical layer key which consists
of the channel gains and the pseudo random number;
E(key,{No., PSDU}) represents the encryption of
sequence number and PSDU by the physical layer key; k
indicates the number of times of key confirmation in step
3 (at initialization k=0), K max is the maximum time Alice
and Bob attempting to confirm their keys. The physical
frame header in each frame is fixed, so the following
description eliminates it.
The Pool of 8-bit Pseudo-random Number

TABLE II.
n
0
1
2
3
4
5

PN(n)
01010111
10101110
01011011
10110110
01101011
11010110

n
6
7
8
9
10
11

PN(n)
10101011
01010001
10100010
01000011
10000110
00001011

n
12
13
14
15
16

PN(n)
00010110
00101100
01011000
10110000
01100111

Distance=R

Alice
k=k+1

Bob
{0,PSDU0}

(0)

PA0

(1)

rA1
gA=PA0-rB0
PA2

(2) No

k>Kmax?

rB0,{1,ACK}
rA1,E(keyA,{2,ACK})

rB0
PB1
rB2
gB=PB1-rA1

rA3
rB2,{3,NACK}
No
PB3
gA=PA2-rB2

keyB=keyA?

Yes
Failure,Quit!

Yes

(3)

rA3
gA=PA2-rB2

(4)

PA4

rB2,E(keyB,{3,PSDU3})

rA3,E(keyA,{4,PSDU4})

PB3
rB4
gB=PB3-rA3

Figure 4. The normal flow of the physical layer key negotiation

mechanism

The description of the key negotiation mechanism is

presented step by step in the light of Fig. 4.
Step 1: Alice transmits the physical frame unencrypted
with sequence number and payload PSDU0 to Bob at any

2014 ACADEMY PUBLISHER

2303

power PA0. Bob receives this physical frame, measures

the RF signal strength RSSI and obtains the value r B0.
Step 2: Bob transmits the physical frame unencrypted
with sequence number, ACK message and rB0 to Alice at
any power PB1. Alice receives this physical frame,
measures the RF signal strength RSSI and obtains the
value r A1. According to the last transmitting power P A0
and RSSI value r B0 fed back by Bob, the wireless channel
gain is calculated gA = P A0rB0 and is the seed of secure
communication key.
Step 3: Alice transmits the physical frame encrypted
by keyA with sequence number, ACK message and rA1 at
any power PA2. Bob receives this physical frame,
measures the RF signal strength RSSI and obtains the
value rB2 . According to the last transmitting power PB1
and RSSI value rA1 fed back by Alice, the wireless
channel gain is calculated gB = P B1rA1 and is the seed of
secure communication key. Combined with the pseudorandom number selected from the pool based on the
sequence number, the payload is decrypted by keyB and is
ACK message for key confirmation. The specific flow of
physical layer key negotiation is: If keyA = keyB then Bob
gets ACK message and achieves confirmation of both the
physical layer keys, otherwise Bob transmits the physical
frame unencrypted with sequence number, NACK
(Negative Acknowledgement) message and r B2 to Alice at
any power PB3. NACK message is used to inform Alice
confirm the physical layer key again from step 1. If the
attempting time exceeds the maximum Kmax, Alice and
Bob exits this physical layer key negotiation mechanism
and returns to primary communication.
Step 4: Bob transmits the physical frame encrypted by
keyB with sequence number, payload PSDU3 and rB2 to
Alice at any power PB3. Alice receives this physical frame,
measures the RF signal strength RSSI and obtains the
value r A3. According to the last transmitting power P A2
and RSSI value r B2 fed back by Bob, the wireless channel
gain is calculated gA = P A2rB2 and is the seed of secure
communication key to decrypt the payload PSDU3.
Step 5: Alice transmits the physical frame encrypted
by keyA with sequence number, payload PSDU4 and rA3
at any power PA4 . Bob receives this physical frame,
measures the RF signal strength RSSI and obtains the
value rB4 . According to the last transmitting power PB3
and RSSI value rA3 fed back by Alice, the wireless
channel gain is calculated gB = P B3rA3 and is the seed of
physical layer key to decrypt the payload PSDU4.
The subsequent communication flow is iterating step 4
and step 5.
The first two steps of this mechanism is the
initialization phase of physical layer key generation. To
guarantee the measurement time interval is short, the
quick response ACK message of ARQ is introduced. The
third step is the physical layer key confirmation by
decrypting the payload ACK message to determine the
keys of both sides to be verified correctly. The
subsequent secure communication is repeating step 4 and
5 base on the physical layer key. This mechanism applies
to wireless networks of TDD communication systems.

2304

JOURNAL OF NETWORKS, VOL. 9, NO. 9, SEPTEMBER 2014

D. Exception Handling
The above flow applies to the situation the users
locations and obstacles in the communication path are not
changed that means the gains measured by Alice and Bob
is equal gA = gB in the communication processing. If the
distance or obstacles between Alice and Bob is changed,
causing the channel gain variation cannot be correctly
used to decrypt the received frame, the flow is upgraded
by adding a NACK step to notify communication parties
to update their keys and resent the physical frame
between step 4 and 5 in Fig. 4. The period of transmitting
a frame is generally very short (in milliseconds), so any
variation of position or obstacles can be summarized in
the following two situations.
After Alice sends a frame to Bob, namely, after the nth step the channel function h (t) is changed. The
exception handling of first situation is presented step by
step in the light of Fig. 5.
h(t)=g

Alice
(n)

PAn

Bob
rAn-1,E(keyAn-1,{n,PSDUn})
h(t)=g'

(n+1)

rAn+1
gAn+1=PAn-rBn

(n+2)

PAn+2

(n+3)
(n+4)
(n+5)
(n+6)

rBn
gBn=PBn-1-rAn-1

rBn,E(keyBn,{n+1,PSDUn+1})

rAn+1,E(keyAn+1,{n+2,PSDUn+2})

rBn+2
g'Bn+2=PBn+1-rAn+1

rAn+3
rBn+2,E(key'Bn+2,{n+3,NACK})
g'An+3=PAn+2-rBn+2
PAn+4

rAn+3,E(key'An+3,{n+4,PSDUn+2})

PBn+1

PBn+3

rBn+4
g'Bn+4=PBn+3-rAn+3

rAn+5
rBn+4,E(key'Bn+4,{n+5,PSDUn+5})
PBn+5
g'An+5=PAn+4-rBn+4
PAn+6

rAn+5,E(key'An+5,{n+6,PSDUn+6})

rBn+6
g'Bn+6=PBn+5-rAn+5

before variation and it can be used to decrypt the Bobs

payload.
Step n+2: Alice transmits the physical frame encrypted
by keyAn+1 with sequence number, payload PSDUn+2 and
rAn+1 at any power PAn+2.
Bob receives this physical frame, measures the RF
signal strength RSSI and obtains the value r Bn+2.
According to the last transmitting power PBn+1 and RSSI
value r An+1 fed back by Alice, the wireless channel gain is
calculated g'Bn+2=P Bn+1rAn+1 . The estimated channel gain
from communicating parties is not equal g'Bn+2 gAn+1 and
Bob cannot decrypt its current payload PSDUn+2 due to
the variation of positions. Bob wants Alice to resend the
payload PSDUn+2 and to update its key.
Step n+3: Bob transmits the physical frame encrypted
by key'Bn+2 with sequence number, NACK message and
rBn+2 to Alice at any power PBn+3. Alice receives this
physical frame, measures the RF signal strength RSSI and
obtains the value r An+3 . According to the last transmitting
power PAn+2 and RSSI value r Bn+2 fed back by Bob, the
new channel gain is calculated g'An+3=P An+2r Bn+2 and is
the seed of secure communication key to decrypt the
payload. At this step Alices key has been updated and
confirmed, can be used to decrypt the payload NACK
message by which Alice understands Bobs intention.
Step n+4: Alice transmits the physical frame encrypted
by key'An+3 with sequence number, payload PSDUn+2 and
rAn+3 at any power P An+4. Bob receives this physical frame,
measures the RF signal strength RSSI and obtains the
value r Bn+4 . According to the last transmitting power P Bn+3
and RSSI value r An+3 fed back by Alice, the wireless
channel gain is calculated g'Bn+4=P Bn+3rAn+3 and is the
seed of secure communication key to decrypt the payload
PSDUn+2 .
Step n+5: Bob transmits the physical frame encrypted
by new key'Bn+4 to Alice at power PBn+5.
The subsequent communication flow is iterating step
n+5 and step n+6.
h(t)=g

Figure 5. The flow of dealing with the variation of channel function

h(t) after Alice sends a frame to Bob

Step n: Alice transmits the physical frame encrypted

by keyAn-1 with sequence number, payload PSDUn and
rAn-1 at any power PAn. Bob receives this physical frame,
measures the RF signal strength RSSI and obtains the
value r Bn. According to the last transmitting power P Bn-1
and RSSI value r An-1 fed back by Alice, the wireless
channel gain is calculated gBn= P Bn-1rAn-1 and is the seed
of secure communication key to decrypt the payload
PSDUn. At this moment the distance between Alice and
Bob is changed from R to R'.
Step n+1: Bob transmits the physical frame encrypted
by keyBn with sequence number, payload PSDUn+1 and rBn
to Alice at any power PBn+1 . Alice receives this physical
frame, measures the RF signal strength RSSI and obtains
the value r An+1. According to the last transmitting power
PAn and RSSI value r Bn fed back by Bob, the wireless
channel gain is calculated gAn+1 = P AnrBn and is the seed
of secure communication key to decrypt the payload
PSDUn+1 . At this step the Alices key is the old key
2014 ACADEMY PUBLISHER

(n)

Alice
Bob
rAn
rBn-1,E(keyBn-1,{n,PSDUn})
PBn
gAn=PAn-1-rBn-1
h(t)=g'

(n+1)
(n+2)
(n+3)
(n+4)
(n+5)
(n+6)

PAn+1

rAn,E(keyAn,{n+1,PSDUn+1})

rBn+1
gBn+1=PBn-rAn

rAn+2
rBn+1,E(keyBn+1,{n+2,PSDUn+2})
g'An+2=PAn+1-rBn+1
PAn+3

rAn+2,E(key'An+2,{n+3,NACK})

rBn+3
g'Bn+3=PBn+2-rAn+2

rAn+4
rBn+3,E(key'Bn+3,{n+4,PSDUn+2})
g'An+4=PAn+3-rBn+3
PAn+5

rAn+4,E(key'An+4,{n+5,PSDUn+5})

PBn+2

PBn+4

rBn+5
g'Bn+5=PBn+4-rAn+4

rAn+6
rBn+5,E(key'Bn+5,{n+6,PSDUn+6})
g'An+6=PAn+5-rBn+5

PBn+6

Figure 6. The flow of dealing with the variation of channel function

h(t) after Bob sends a frame to Alice

JOURNAL OF NETWORKS, VOL. 9, NO. 9, SEPTEMBER 2014

1
0.9
0.8
0.7
0.6

0.3

SIMLATION AND RESULTS A NALYSIS

A. Probability of Successful Decryption

The consistency of the keys of legitimate users Alice
and Bob generated by this mechanism is the pivotal factor
of the probability of successful decryption and simulated
with 100000 physical layer frames in additive white
Gaussian noise (AWGN) channel and is evaluated with
the probability of successful (PS) decryption by these
keys. The pseudo-random number of the physical layer
frame is free from outside influence. So the consistency
of the keys is mainly constituted by the channel gains
consistency which is relevant to the transmitting power
and the number of bits of quantizing the channel gains. In
Fig. 7 the more transmitting power is, the more accurate
channel gain estimation is. Because SNR is proportional
to the transmitting power, big SNR weakens the noise
disturbance and is conducive to channel estimation.
Increasing the transmitting power makes the channel gain
estimation precise along with the quantized number of
bits increasing. And the ability to resist eavesdropping is
correspondingly enhanced by the randomness of seed
increasing exponentially. For instance, the quantized
channel gain is N-bit, and the randomness of seed of
physical layer key is 2N. However, increasing the
quantized number of bits of the channel gains makes the
inconsistency of legitimate users physical layer keys and
reduces the probability of successful decryption. The less
consistency keys are, the lower successful rate is. The
error between the actual value and the estimated is caused
by the finite word length effect in quantizing process. The
high consistency of the keys ensures the least number of
times of legitimate users attempting to confirm the keys.
So there is a tradeoff to make the keys negotiation
mechanism quick and secure between the transmitting

2014 ACADEMY PUBLISHER

0.2
0.1
0
15
10

Tx power(dB) 5
0

11

10

Precise

Figure 7. The probability of successful (PS) decryption at different

quantizing precise and transmitting power
1
Bob@4-bit
Bob@6-bit
Bob@8-bit
Eve

0.9
0.8
0.7
0.6

PER

After all the detail illustration of the physical layer key

negotiation mechanism and its supplementary exception
handling, we could conclude that the significant factors
impacting the mechanisms performance are the
transmitting power (Tx power) and the quantized number
of bits (Precise) of channel gains. Therefore, a simulation
platform for the physical layer key negotiation
mechanism of secure communication is built by Matlab
tool and implemented in full digital by Verilog HDL
(hardware description language) [27] to evaluate the
probability of successful decryption by the keys,
robustness and feasibility of this mechanism.

0.5
0.4

0.5
0.4
0.3
0.2
0.1
0
0

10
SNR(dB)

15

20

Figure 8. The PER of Bob and Eve at different SNR, where Bobs
quantized channel gains are 4-bit, 6bit and 8bit
1
Bob@0dB power
Bob@3dB power
Bob@7dB power
Bob@10dB power
Eve

0.9
0.8
0.7
0.6
PER

IV.

power (Tx power) and the quantized number of bits

(Precise) of channel gains. It is necessary to emphasize
particularly on one side (speed or security) of this
mechanism in different practical application scenarios.

PS

The above flow applies to these situations in which the

transceivers locations and obstacles in communication
paths are changed in the communication processing. If the
distance between Alice and Bob is changed, the similar
method to deal with the variation of channel gain is by
inserting a NACK step between step 4 and 5 in Fig. 4 to
notify communication parties update keys and resent the
physical frame. The mechanism of solving the variation
of channel function after Bob sends a frame to Alice is
similar as shown in Fig. 6. Due to the limited space, we
do not give the detailed description in here.

2305

0.5
0.4
0.3
0.2
0.1
0
0

5
Precise

10

Figure 9. The PER of Bob and Eve at different precise, where SNR =
15dB; Alices transmitting power are 0dB, 3dB, 7dB and 10dB

2306

JOURNAL OF NETWORKS, VOL. 9, NO. 9, SEPTEMBER 2014

Figure 10. The waveform of the secure communication of Alice and Bob with the physical layer key negotiation mechanism by Modelsim

B. Robustness of This Mechanism

The robustness of this mechanism is simulated and
defined by the Packet Error Rate (PER) at different SNR
(signal to noise ratio) where the key consistency refers to
the same bits of the key generated by two communication
parties. For the evaluation of the key consistency, a
wireless network system as Fig. 1 is built by Matlab (m
file). Only if the receivers key is the same as the physical
layer negotiation key, the receiver will be able to decrypt
and decode the correct frame from Alice. As Fig. 8 shows,
with Bobs quantized number of bits of the channel gains
increasing (4-bit6-bit8-bit), the inconsistency of
legitimate users physical layer keys results in PER. And
with the SNR increasing, the PER of legitimate user Bob
at whichever the quantized number of bits is, is rapidly
decreasing indicates Bob has better robustness than
eavesdropper Eve. As Fig. 9 shows, this mechanism is
simulated at SNR = 15dB and coherence with the
depiction in part A: Increasing the transmitting power can
make the quantized number of bits increase at the same
PER. The simulation results verify the robustness of the
proposed mechanism and shows that in a typical indoor
environment (SNR>15dB), the PER of legitimate users is
lower than 5%. The legitimate users decrypting error
probability tends to zero, while the PER of eavesdropper
Eve tends to one. Practically, it means null or negligibly
eavesdropping probability and the eavesdropper is
impossible to crack the key generated from this secure
channel.
C. Feasibility of Mechanism
This physical layer key generation and negotiation
mechanism was implemented in full digital, coded in
Verilog HDL and passed functional verification by
Modelsim
tool.
To demonstrate this secure
intercommunication clearly, the length of physical layer
frame shrink to 32 bits. The transmitting physical layer
frame consists of header (8h00), 8-bit quantized RSSI, 8bit sequence number and 8-bit payload. RSSI is emulated
by random fluctuation so that the extracted key can be
updated. In order to ease of understanding, the payload of
Alice is fixed at 8ha1 and Bobs is 8hb0. The seed of
the key consists of 8-bit channel gain and 8-bit pseudorandom number chose from the pool. An AES IP
(Intellectual Property) module is integrated in this design

2014 ACADEMY PUBLISHER

for encryption and decryption with this negotiated 128-bit

physical layer keys. In the simulation waveform of Fig.
10, wireless network nodes (Alice and Bob) use this
mechanism to secure communication. First, Alice sends
an unencrypted frame to Bob. Then Bob receives it and
responds with RSSI immediately. At this moment, Alice
gets the channel gain, generates a physical layer key and
sends an encrypted frame by this key. After Bob receives
the encrypted frame and decrypts ACK message
successfully, the physical layer key confirmation is
achieved. Therefore the simulation of implementation
verifies the feasibility and demonstrates that this simple
realized method just takes three steps to quickly exchange
and establish the cross-layer cryptographic keys with the
key negotiation mechanism. And the keys can be used as
a one-time pad because the rate of the keys generation is
quite high.
D. Advantages of This Mechanism
An information-theoretically secure cryptosystem
cannot be broken even when the adversary has unlimited
computing power. The adversary simply does not have
enough information to break the encryption, so these
cryptosystems
are
considered
cryptanalytically
unbreakable. Compared with conventional cryptography,
the advantages of this mechanism with respect to
conventional secure methods can be important.
Firstly, this mechanism solves the challenges of vast
key distribution and updating with the node increasing
exponentially. The key distribution and updating does not
rely on other trusted third parties to guarantee the secrecy
of the key distribution, because the key is generated and
updated by the wireless channel which is everywhere.
Secondly, the management frames and the command
frames (generally communication protocols encrypt the
data frames only) are also encrypted by this physical
layer keys because the method proposed is from bottom
to top.
Thirdly, the physical layer key is provided for the
upper layers encryption, so it is a cross-layer security
technology and an exemplary complement to existing
wireless network protocols (like IEEE 802.11 or 802.15)
to improve the security.
Fourthly, introducing this mechanism framework does
not affect the current wireless communication systems.

JOURNAL OF NETWORKS, VOL. 9, NO. 9, SEPTEMBER 2014

V.

2307

CONCLUSIONS

In this paper, a physical layer key negotiation

mechanism to secure wireless networks is proposed. The
wireless networks applied this mechanism can quickly
exchange the keys and establish the security protocol by
exploiting the legitimate channels characteristics of
uniqueness, reciprocity and unpredictability. The
formulating seeds of physical layer keys are extracted
from the channel gain with ACK/NACK pairs. The key
negotiation mechanism and its supplementary exception
handling are both described in detail. The simulation
results verify the consistency of the keys of legitimate
users, robustness and feasibility of this mechanism.
Furthermore this cross-layer security technology is an
exemplary complement to a wide variety of existing
wireless network protocols (like IEEE 802.11 or 802.15)
to improve the security and does not affect the upper
layers of wireless networks.
ACKNOWLEDGMENT
The authors are grateful to three referees for
suggestions that have helped to improve the original
version of this article. This work was supported in part by
Strategic Priority Research Program of Chinese Academy
of Sciences under Grant No. XDA06040400 and the
National Science & Technology Major Projects of China
under Grant No. 2012ZX03005.
REFERENCES
[1] M. Bloch, J. Barros, M. Rodrigues, and S. W. McLaughlin,
Wireless Information-Theoretic Security, Information
Theory, IEEE Transactions on, vol. 54, no. 6, pp. 2515
2534, June 2008.
[2] A. Perrig, and J. D. Tygar, Secure Broadcast
Communication in Wired and Wireless Networks, Norwell,
Massachusetts: Kluwer Academic Publishers, 2003.
[3] IEEE Std. 802.11-1999/8802-11 (ISO/IEC 880211:1999), IEEE Standard for Information Technology,
LAN/MAN-Specific Requirements Part 11: Wireless LAN
Medium Access Control (MAC) and Physical Layer (PHY)
Specifications, 1999.
[4] IEEE Std. 802.15.1-2002, IEEE Standard for
Information Technology, Telecommunications and
Information Exchange Between Systems, Local and
Metropolitan Area Networks: Specific Requirements, Part
15.1: Wireless Medium Access Control (MAC) and
Physical Layer (PHY) Specifications for Wireless Personal
Area Networks, 2002.
[5] IEEE Std. 802.15.4-2003, IEEE Standards for
Information Technology Part 15.4: Wireless Medium
Access Control (MAC) and Physical Layer (PHY)
Specifications for Low-Rate Wireless Personal Area
Networks (LRWPANs), 2003.
[6] S. Kent and K. Seo, Security architecture for the Internet
protocol, Internet Engineering Task Force, RFC 4301,
2005.
[7] R. Liu, and W. Trappe, Securing Wireless Communications
at the Physical Layer, Springer Publishing Company, 2009.
[8] T. Aono, K. Higuchi, T. Ohira, B. Komiyama, and H.
Sasaoka, Wireless secret key generation exploiting
reactance-domain scalar response of multi path fading

2014 ACADEMY PUBLISHER

[9]

[10]
[11]
[12]
[13]

[14]
[15]
[16]
[17]

[18]

[19]

[20]
[21]
[22]
[23]
[24]

[25]

[26]
[27]

channels, IEEE Transactions on Antennas and

Propagation, vol. 53, no. 11, pp. 37763784, Nov. 2005.
B. Azimi-Sadjadi, A. Kiayias, A. Mercado, and B. Yener,
Robust key generation from signal envelopes in wireless
networks, in Proceeding of the 14th ACM Conference on
Computer and Communications Security, Alexandria, VA,
pp. 401410, 2007.
C. E. Shannon, Communication theory of secrecy
systems, Bell system technical journal, vol. 28, no. 4, pp.
656715, 1949.
A. D. Wyner, The wire-tap channel, Bell System
Technical Journal, vol. 54, pp. 13551387, 1975.
I. Csiszr, and J. Korner, Broadcast channels with
confidential messages, Information Theory, IEEE
Transactions on, vol. 24, no. 3, pp. 339348, 1978.
A. Thangaraj, S. Dihidar, A. R. Calderbank, S. W.
McLaughlin, and J. M. Merolla, Applications of LDPC
codes to the wiretap channel, Information Theory, IEEE
Transactions on, vol. 53, no. 8, pp. 29332945, 2007.
A. O. Hero, Secure space-time communication,
Information Theory, IEEE Transactions on, vol. 49, no. 12,
pp. 32353249, 2003.
C. Kaufman, R. Perlman, M. Speciner, Network security:
private communication in a public world, second edition,
Prentice Hall Press, NJ, 2002.
D. Tse, Fundamentals of wireless communication,
Cambridge university press, 2005.
A. Mukherjee, S. A. A. Fakoorian, J. Huang, and A. L.
Swindlehurst, Principles of physical layer security in
multiuser wireless networks: A survey, Computing
Research Repository (CoRR), vol. abs/1011.3754, 2010.
[Online]. Available: http://arxiv.org/abs/1011.3754
T. L. Marzetta, and B. M. Hochwald. Fast transfer of
channel state information in wireless systems, Signal
Processing, IEEE Transactions on, vol. 54, no. 4, pp.
12681278, 2006.
H. Zimmermann, OSI reference model--The ISO model
of architecture for open systems interconnection,
Communications, IEEE Transactions on, vol. 28, no. 4, pp.
425432, 1980.
O. Goldreich, Foundations of Cryptography: Volume 2,
Basic Applications, vol. 2, Cambridge university press,
2009.
J. Daemen, and V. Rijmen, Rijndael, the advanced
encryption standard, Dr. Dobbs Journal, vol. 26, no. 3,
pp. 137139, 2001.
C. A. Fuchs, and K. Jacobs, Information-tradeoff relations
for finite-strength quantum measurements, Physical
Review A, vol. 63, no. 6, pp. 062305, May, 2001.
S. W. Golomb, L. R. Welch, R. M. Goldstein, and A. W.
Hales, Shift register sequences, Laguna Hills: Aegean Park
Press, 1982.
C. H. Bennett, Notes on Landauers principle, reversible
computation, and Maxwells Demon, Studies in History
and Philosophy of Science Part B: Studies In History and
Philosophy of Modern Physics, vol. 34, no. 3, pp. 501510,
2003.
J. S. Coron, Y. Dodis, C. Malinaud, and P. Puniya,
Merkle-Damgrd revisited: How to construct a hash
function, in Advances in CryptologyCRYPTO 2005,
Springer Berlin Heidelberg, pp. 430448, 2005.
S. Lin, D. Costello, and M. Miller, Automatic-repeatrequest error-control schemes, Communications Magazine,
IEEE, vol. 22, no. 12, pp. 517, 1984.
D. E. Thomas, and P. R. Moorby, The Verilog Hardware
Description Language, vol. 2, Springer, 2002.

2308

Jikang Xia was born in Yunnan Province, China, in 1986. He

received the B.S. degree in Electrical Engineering from
Southeast University, Nanjing, China, in 2009. He is currently
pursuing the M.S. and Ph.D. degree with the Institute of
Microelectronics, Chinese Academy of Sciences (IMECAS),
Beijing, China. His research interests include wireless networks,
network security, cryptograph, and wireless communication
system.
Lan Chen was born in Sichuan Province, China, in 1968. She
received the B.S. degree from the Department of Computer
Science, Sichuan University, Sichuan, China, in 1988, the M.S.
degree from the Institute of China Aerospace Science and
Technology Corporation, Xian, Shanxi, China, in 1991, and the
Ph.D. degree from the Institute of Computing Technology,
Chinese Academy of Sciences (ICTCAS), Beijing, China, in
2000.
She is a professor at the Institute of Microelectronics, CAS,
where she also leads the Common Technology Research
Department and the Electronic Design Automation Center of
CAS. She is in the expert group of several national key projects
including National Science and Technology Major Project of
the Ministry of Science and Technology of China. She has
contributed to several premier achievements including 65/45nm
DFM technology, Loogson, 802.11a/b/g, eFlash IP, Zigbee,

2014 ACADEMY PUBLISHER

JOURNAL OF NETWORKS, VOL. 9, NO. 9, SEPTEMBER 2014

WiMax chips and Body Area Networks (BAN) with over 40

journal and refereed international conference papers and over
100 patents applications in the area of microelectronics. Her
research interests include design for manufacture (DFM),
advanced EDA technology, Wireless Sensor Network and IoT
key technologies.
Ying Li was born in Tianjin Province, China, in 1982. She
received the B.S. degree in microelectronics from Nankai
University in 2005, and the M.S. degree and Ph.D. degree in
circuit design and methodology from Peking University in 2008
and 2010, respectively. She is currently an associate professor
of the Institute of Microelectronics, CAS. Her current research
interest includes internet of things, wireless sensor networks,
underwater communication system, and secure embedded
system design.
Endong Tong was born in Shandong Province, China, in 1986.
He received the B.S. degree from Shandong University, the M.S.
degree and Ph.D. degree from the Institute of Acoustics,
Chinese Academy of Sciences (China). Now, he is a research
associate working at EDA center, Institute of Microelectronics,
Chinese Academy of Sciences. His research interests include
service computing, low power communication system and
Sensor Network.