CN109417469B - MIMO system secure pairing method - Google Patents

MIMO system secure pairing method Download PDF

Info

Publication number
CN109417469B
CN109417469B CN201580083630.2A CN201580083630A CN109417469B CN 109417469 B CN109417469 B CN 109417469B CN 201580083630 A CN201580083630 A CN 201580083630A CN 109417469 B CN109417469 B CN 109417469B
Authority
CN
China
Prior art keywords
key
pilot sequence
channel
mimo device
sequence
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201580083630.2A
Other languages
Chinese (zh)
Other versions
CN109417469A (en
Inventor
斯特凡诺·托马辛
英马尔·兰德
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Publication of CN109417469A publication Critical patent/CN109417469A/en
Application granted granted Critical
Publication of CN109417469B publication Critical patent/CN109417469B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0875Generation of secret information including derivation or calculation of cryptographic keys or passwords based on channel impulse response [CIR]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Radio Transmission System (AREA)

Abstract

A first MIMO device for channel estimation and verification, the first MIMO device comprising: a transmitter for transmitting a first pilot sequence; a receiver for receiving a second pilot sequence; a channel estimator for estimating a first channel based on the received second pilot sequence; a key generator for generating a first key based on the estimated first channel; a key confirmation unit to determine whether the first key corresponds to a second key of a second MIMO device.

Description

MIMO system secure pairing method
Technical Field
The present invention relates to a first MIMO device, a second MIMO device, a system and a method for channel estimation.
The invention also relates to a computer readable storage medium having stored a program code comprising instructions for executing the method.
Background
In order to secure the security of the communication system, it has recently been proposed to adopt a physical layer security technique: by appropriately encoding the transmitted signal, the intended receiver can fully decode the signal without revealing any information of the message to the eavesdropping device. This technique exploits the random nature of the noise affecting the physical layer transmission, as well as the specific characteristics of the channel between users. When the terminal can obtain a plurality of antennas, a multiple-input-multiple-output-multiple-eavesdropping (mimo-eavesdropping, abbreviated as mimo) channel can be obtained, and the availability of the multiple channels further increases the security potential of communication. To make all techniques work reasonably, all Channel State Information (CSI) between the legitimate receivers is needed.
For example, by beamforming the signal to a legitimate receiver, the eavesdropper will (most likely) see a poor channel to the transmitter, and the resulting signal-to-noise ratio (SNR) gap between the legitimate receiver and the eavesdropper will become large. Since the spectral efficiency of the secret message transmission is related to this SNR gap, it is especially important to properly design the beamforming according to the CSI. It is noted that complete privacy can be achieved if the channel to the eavesdropper is known. When an eavesdropper cannot obtain CSI, and its data is still available, the eavesdropper's likelihood of obtaining information of the transmitted message can be evaluated.
To obtain CSI when channel reciprocity is available, the receiver may send a pilot signal during the training phase and the transmitter will estimate the channel. However, pilot pollution attacks have been outlined in the literature, whose principle is as follows: assuming a scenario where Alice aims at beamforming to Bob and Eve aims at obtaining some secret message information. All users are equipped with N antennas. Let H be the N x N channel matrix describing the complex number of the channels between Alice and Bob, and let G1 and G2 be the matrices of Alice-Eve and Bob-Eve channels, respectively. The pilot symbols are well known, so when Bob transmits a pilot, Eve may also transmit the same pilot. The channel estimated by Alice is then the sum of the channels between Bob and Eve, i.e., channel H + G1. Thus, under such an attack, Eve is able to modify the channel estimate and gain advantages. When Alice re-beamforms, she will transmit on channel H + G1. Accordingly, the transmit beam portion flows to G1, Eve is also able to receive some information intended for Bob only. Thus, the transmission will no longer be secure.
Practical applications of physical layer security techniques have only recently begun to increase. The special problem of pilot pollution of secure massive MIMO has also been explored in the literature only over the last few years.
A number of solutions have been proposed in the literature to detect pilot pollution attacks, but these have high complexity and/or cannot reliably prevent pilot pollution attacks.
Disclosure of Invention
It is an object of the present invention to provide an apparatus, system and method for channel estimation that solves one or more of the above mentioned problems in the prior art.
A first aspect of the present invention provides a first MIMO device for channel estimation and verification, the first MIMO device comprising:
a transmitter for transmitting a first pilot sequence;
a receiver for receiving a second pilot sequence;
a channel estimator for estimating a first channel based on the received second pilot sequence;
a key generator for generating a first key based on the estimated first channel;
a key confirmation unit to determine whether the first key corresponds to a second key of a second MIMO device.
A first MIMO device according to the first aspect is capable of interacting with another MIMO device, e.g. a second MIMO device as described below, to estimate and verify the channel by interacting with a pilot sequence and then securely checking whether the first and second keys (based on channel estimation) are consistent. The comparison is not disclosed to avoid revealing the channel to the eavesdropper and to prevent the eavesdropper from spoofing message interactions. Instead, the two devices extract the secret key from the estimation result, and then check whether the keys are consistent through a key confirmation procedure. After completion of the acknowledgement procedure, the first MIMO device will be able to detect that an eavesdropper is attempting to modify the channel.
The estimation and verification of the channel between two devices is also referred to as device pairing.
In a first implementation form of the first MIMO device according to the first aspect, the key confirmation unit is configured to:
generating a random number;
encrypting the random number with the first key to obtain a first bit sequence;
transmitting the first bit sequence;
receiving a second bit sequence;
decrypting the second bit sequence using the first key;
determining that the first key corresponds to the second key if the decrypted second bit sequence matches the mapping of the random number.
Thus, the key confirmation unit can securely determine with the second MIMO device whether the first key of the first MIMO device corresponds to the second key of the second MIMO device. Since the first key is generated from the channel estimation of the first MIMO device and the second key is generated by the second MIMO device based on the channel estimation of the second MIMO device, it can be determined whether the first MIMO device and the second MIMO device estimate the same channel. Therefore, the first MIMO device according to the first implementation is capable of performing secure channel authentication.
In one embodiment, the mapping is a reversible, unequal function. The mapping may be, for example, a random function known to both the first MIMO device and the second MIMO device.
In a second implementation form of the first MIMO device according to the first aspect, the key confirmation unit is configured to: determining that the first key corresponds to the second key if at least a predetermined portion of bits in the first key and the second key are the same.
This has the advantage that the key comparison can be performed more quickly. For example, the predetermined portion may be a fixed first portion of bits in the first and second keys. If the first part of the key corresponds, the entire key may be considered to correspond. In addition, in the second implementation, the security level and/or robustness of the authentication procedure is improved.
In a third implementation form of the MIMO device according to the first aspect, the first MIMO device is configured to select the first pilot sequence from a set of first pilot sequences, and the transmitter is configured to transmit an index of the selected first pilot sequence after transmitting the first pilot sequence.
An advantage of allowing the first MIMO device to select the first pilot sequence from a set of first pilot sequences is that it increases the difficulty of an eavesdropper launching an attack. The eavesdropper cannot "cover" the channel with the same pilot sequence as the first MIMO device because the eavesdropper cannot know in advance which pilot sequence the first MIMO device will use.
In addition, the first MIMO device may be configured to receive an index of the selected second pilot sequence, and the channel estimator may be further configured to estimate the first channel based on the received index.
This has the advantage that the second MIMO device can select a pilot sequence from a set of pilot sequences such that an eavesdropper cannot cover the pilot sequence sent by the second MIMO device.
In a fourth implementation form of the first MIMO device according to the first aspect,
the receiver is configured to receive another second pilot sequence;
the channel estimator is configured to estimate another first channel based on the received another second pilot sequence;
the key generator is configured to generate another first key based on a difference between the estimated first channel and the estimated another first channel;
the key confirmation unit is configured to determine whether the another first key corresponds to another second key of the second MIMO device.
This provides an efficient way of safe channel tracking, in which only the variation of the channel is estimated. In particular, the data signal may be treated as a pilot sequence (once the data is decoded).
A second aspect of the present invention is directed to a second MIMO device for channel estimation and verification by a first MIMO device, the MIMO device comprising:
a receiver for receiving a first pilot sequence;
a transmitter for transmitting a second pilot sequence;
a channel estimator for estimating a second channel based on the received first pilot sequence;
a key generator for generating a second key based on the estimated second channel;
a key confirmation response unit to communicate with the first MIMO device such that the first device determines whether the second key corresponds to the first key of the first MIMO device.
The second MIMO device is to enable the first MIMO device to determine whether the first key of the first MIMO device corresponds to the second key of the second MIMO device. Thus, the second MIMO device enables the first MIMO device to verify whether the channel estimation is correct without eavesdropper interference.
The second MIMO device may have a relatively "passive" role in channel estimation, i.e. the second MIMO device may be used to respond to requests from the first MIMO device.
Note that key confirmation may be performed such that after key confirmation, the first MIMO device knows whether the keys correspond, but the second MIMO device does not know whether the keys correspond.
The MIMO device may be configured such that it is a first MIMO device according to the first aspect and a second MIMO device according to the second aspect. In other words, the MIMO device may include features of the first MIMO device and the second MIMO device. Thus, the MIMO device can simultaneously serve as an initiator of channel estimation and verification and a response unit of channel estimation and verification.
In a first implementation form of the second MIMO device according to the second aspect, the key confirmation response unit is configured to:
receiving a first bit sequence;
decrypting the first bit sequence using the second key;
encrypting the decrypted mapping of the first bit sequence with the second key to obtain a second bit sequence;
and transmitting the second bit sequence.
Thus, the second MIMO device may assist the key confirmation unit of the first MIMO device in key confirmation.
In a second implementation form of the second MIMO device according to the second aspect, the transmitter is configured to transmit the second pilot sequence after receiving the first pilot sequence, and the second MIMO device is configured to: selecting the second pilot sequence from a set of candidate sequences based on the estimated second channel.
This has the advantage that the second pilot sequence can be used to know the channel that the second MIMO device obtained by receiving and evaluating the first pilot sequence from the first MIMO device.
In a third implementation form of the second MIMO device according to the second aspect,
the receiver is configured to receive another first pilot sequence;
the channel estimator is configured to estimate a further second channel based on the received further first pilot sequence;
the key generator is used for generating another second key based on the difference value between the estimated original second channel and the estimated another second channel;
the key confirmation response unit is configured to communicate with the first MIMO device to determine whether the another second key corresponds to another first key of the first MIMO device.
In a fourth implementation form of the second MIMO device according to the first or second aspect, the key generator is configured to generate the first and/or second key by performing the stages of priority extraction, information coordination, and privacy enhancement based on the estimated second channel.
This represents an extremely efficient way of generating the first and/or second key. In particular, keys may be generated such that the same key may be generated for similar channel estimates. This has the advantage that the channel verification can be successful even if the first and second MIMO devices have slightly different channel estimates, e.g. due to measurement errors.
In another implementation form of the MIMO device according to the second aspect, the second MIMO device is configured to select the second pilot sequence from a set of second pilot sequences, and the transmitter is configured to transmit an index of the selected second pilot sequence after transmitting the second pilot sequence.
Additionally, a second MIMO device may be operative to receive an index of the selected first pilot sequence, and the channel estimator may be further operative to estimate the second channel based on the received index.
A third aspect of the present invention is directed to a system comprising a first MIMO device according to any of the first aspect or the first aspect implementation forms and a second MIMO device according to any of the second aspect or the second aspect implementation forms, preferably the first MIMO device and the second MIMO device are configured to use the same mapping function.
The system according to the third aspect may comprise a first MIMO device and a second MIMO device, wherein:
a transmitter of the first MIMO device is used for transmitting a first pilot sequence to the second MIMO device;
the receiver of the first MIMO device is used for receiving a second pilot sequence sent by the second MIMO device;
the channel estimator of the first MIMO device is used for estimating a first channel based on the received second pilot sequence; the channel estimator of the second MIMO device is used for estimating a second channel based on the received first pilot sequence;
a key generator of the first MIMO device is used for generating a first key based on the estimated first channel; a key generator of the second MIMO device to generate a second key based on the estimated second channel;
the key confirmation response unit of the second MIMO device is configured to communicate with the first MIMO device to determine whether another second key corresponds to another first key of the first MIMO device.
The mapping function may be predefined at the first and second MIMO devices and may also be allocated to the devices using a secure communication channel, e.g. an encrypted channel.
A fourth aspect of the present invention is directed to a method for channel estimation and verification, the method comprising:
transmitting a first pilot sequence;
receiving a second pilot sequence;
estimating a first channel based on the received second pilot sequence;
generating a first key based on the estimated first channel;
and communicating with a second MIMO device to determine whether the first key corresponds to a second key of the second MIMO device.
The method according to the fourth aspect of the present invention may be performed by the first MIMO device according to the first aspect of the present invention. Further features or implementations of the method according to the fourth aspect of the invention are capable of performing the functions of the first MIMO device according to the first aspect of the invention and its different implementations described above.
A fifth aspect of the present invention is directed to a method for channel estimation and verification by a first MIMO device, the method comprising:
receiving a first pilot sequence;
transmitting a second pilot frequency sequence;
estimating a second channel based on the received first pilot sequence;
generating a second key based on the estimated second channel;
and communicate with the first MIMO device to determine whether the second key corresponds to the first key of the first MIMO device.
The method according to the fifth aspect of the invention may be performed by a second MIMO device according to the second aspect of the invention. Further features or implementations of the method according to the fifth aspect of the invention enable performing the functions of the second MIMO device according to the second aspect of the invention and its different implementations described above.
A sixth aspect of the present invention is directed to a method for channel estimation and verification by a first MIMO device and a second MIMO device, the method comprising:
the first MIMO equipment sends a first pilot frequency sequence;
the second MIMO device receives the first pilot sequence; estimating a second channel based on the received first pilot sequence; generating a second key based on the estimated second channel;
the second MIMO device sends a second pilot sequence;
the first MIMO device receives the second pilot sequence; estimating a first channel based on the received second pilot sequence; generating a first key based on the estimated first channel;
the first MIMO device and the second MIMO device communicate to determine whether the first key corresponds to the second key.
A seventh aspect of the present invention is directed to a computer readable storage medium storing program code including instructions to perform the method of any one of the fourth, fifth, sixth aspects or implementations thereof.
Drawings
In order to more clearly illustrate the technical features of the embodiments of the present invention, the drawings used in the description of the embodiments will be briefly described below. The drawings in the following description are only some embodiments of the invention, which can be modified without departing from the scope of protection of the invention as defined in the claims.
Fig. 1 is a block diagram illustrating a first MIMO apparatus according to an embodiment of the present invention;
fig. 2 is a block diagram depicting a second MIMO device, in accordance with another embodiment of the present invention;
FIG. 3 is a block diagram of a system provided by an embodiment of the invention;
fig. 4 is a flow chart of a method for channel estimation according to another embodiment of the present invention;
fig. 5 is a flowchart of a method for a first MIMO device to safely estimate a channel according to another embodiment of the present invention;
fig. 6 is a flowchart of a method for use by a first MIMO device and a second MIMO device in accordance with another embodiment of the present invention;
FIG. 7 is a block diagram of a system provided by another embodiment of the invention;
fig. 8 is a flow chart of a method for secure channel estimation according to another embodiment of the present invention;
fig. 9 is a flowchart of a method for security key verification according to another embodiment of the present invention.
Detailed Description
Fig. 1 shows a first MIMO device 100 for channel estimation and verification, comprising: a transmitter 110, a receiver 120, a channel estimator 130, a key generator 140, and a key confirmation unit 150.
The transmitter 110 is configured to transmit a first pilot sequence. The first pilot sequence may be a predetermined pilot sequence or a pilot sequence selected by the transmitter from a set of pilot sequences.
The receiver 120 is configured to receive a second pilot sequence. The transmitter 110 and the receiver 120 may be used to transmit and receive the first and second pilot sequences using the same antenna.
The channel estimator 130 is configured to estimate the first channel based on the received second pilot sequence. For example, the channel estimator 130 may be configured to estimate a channel matrix based on the received second pilot sequence.
The key generator 140 is configured to generate a first key based on the estimated first channel. Preferably, the key estimation is done such that slightly different first channel estimates may each generate the same first key. The length of the first key may be, for example, 128 bits or 256 bits. The key generator 140 may interact with the second MIMO device through the transmitter 110 and the receiver 120.
The key confirmation unit 150 is configured to determine whether the first key corresponds to a second key of the second MIMO device. The key confirmation unit 150 may be used to communicate with a second MIMO device, e.g., via the transmitter 110 and the receiver 120. Preferably, the key confirmation unit is used for communication such that an eavesdropper cannot recognize the first and/or second key.
Fig. 2 shows a second MIMO device 200 for channel estimation and verification by a first MIMO device, comprising: a receiver 210, a transmitter 220, a channel estimator 230, a key generator 240, and a key confirmation response unit 250.
The receiver 210 is configured to receive a first pilot sequence, for example, a pilot sequence transmitted by a first MIMO device as shown in fig. 1.
The transmitter 220 is configured to transmit a second pilot sequence. The second pilot sequence may be a predetermined second pilot sequence or a pilot sequence selected by the second MIMO device 200 from a set of pilot sequences.
The channel estimator 230 is configured to estimate the second channel based on the received first pilot sequence. The channel estimator 230 may be configured similarly or the same as the channel estimator 130 of the first MIMO device 100.
The key generator 240 is configured to generate a second key based on the estimated second channel. The key generator 240 may be configured similarly or the same as the key generator 140 of the first MIMO device 100.
The key confirmation response unit 250 is configured to communicate with the first MIMO device 100, so that the first MIMO device 100 determines whether the second key corresponds to the first key of the first MIMO device 100.
Fig. 3 shows a system 300 that includes a first MIMO device 100, e.g., the MIMO device of fig. 1, and a second MIMO device 200, e.g., the MIMO device of fig. 2. Wherein the first MIMO device 100 and the second MIMO device 200 are arranged to use the same mapping function.
The second MIMO device 200 is arranged to transmit pilot sequences to the first MIMO device 100 such that the first MIMO device 100 estimates the first channel 310. The first MIMO device 100 is arranged to transmit pilot sequences to the second MIMO device 200 such that the second MIMO device 200 estimates the second channel 320.
The first MIMO device 100 may be, for example, an access node of a communication network and the second MIMO device 200 may be a mobile device connected to the access node. Alternatively, the second MIMO device 200 may be an access node of a communication network and the first MIMO device 100 may be a mobile device connected to the access node.
Fig. 4 illustrates a method 400 for channel estimation and verification.
The method comprises a first step 410 of transmitting a first pilot sequence and a second step 420 of receiving a second pilot sequence. Preferably, the method comprises a further step (not shown in fig. 4), wherein the receiver opens the reception channel to receive the second pilot sequence after the transmitter receives the first pilot sequence. In other words, it is assumed that the second pilot sequence is received only after the first pilot sequence is transmitted.
The third step 430 includes: a first channel is estimated based on the received second pilot sequence.
In a fourth step 440, a first key is generated based on the estimated first channel. Key generation may be performed using one of the known methods for generating keys corresponding to estimated transmit or receive channels, which may be identified by a channel matrix, for example.
In a fifth step 450, a communication is made with the second MIMO device to determine whether the first key corresponds to a second key of the second MIMO device. The communication may include: encryption information is transmitted to and received from a second MIMO device.
The method of fig. 4 presents a simple way to detect pilot pollution attacks, which are the main threats in physical layer security applications. In contrast to other methods, the method in fig. 4 relies only on pairings based on keys and binary mapping, and does not rely on signal processing methods that are prone to errors due to noise and interference.
The application of the method comprises the following steps: (i) communication between a base station and a mobile terminal equipped with multiple antennas; (ii) the use of multiple antennas makes WiFi transmission more secure. In particular, the application of this method in massive MIMO is also considered to be a relevant application, since beamforming plays an important role in the presence of a large number of antennas.
Fig. 5 illustrates a method 500 for channel estimation and verification by the first MIMO device 100. The method may be performed by a second MIMO device, such as second MIMO device 200 shown in fig. 2.
The method comprises a first step 510 of receiving a first pilot sequence. In an initial step (not shown in fig. 5) before the first step 510, the receive channel may be opened. The method starts when a first pilot sequence is received.
In a second step 520, a second pilot sequence is sent; in a third step 530, a second channel is estimated based on the received first pilot sequence. The second pilot sequence may be transmitted based on the received first pilot sequence. To this end, the third step 530 may be performed before the second step 520.
In a fourth step 540, a second key is generated based on the estimated second channel.
In a fifth step 550, communication is performed with the first MIMO device 100 to determine whether the second key corresponds to the first key of the first MIMO device 100. Here, the communication is preferably a response to a command received from the first MIMO device 100.
Fig. 6 illustrates a method 600 for channel estimation and verification by a first MIMO device and a second MIMO device.
The first step 610 includes: the first MIMO device 100 transmits a first pilot sequence.
The second step 620 includes: the second MIMO device 200 receiving the first pilot sequence; estimating a second channel based on the received first pilot sequence; generating a second key based on the estimated second channel.
The third step 630 includes: the second MIMO device 200 transmits a second pilot sequence.
The fourth step 640 includes: the first MIMO device 100 receiving the second pilot sequence; estimating a first channel based on the received second pilot sequence; a first key is generated based on the estimated first channel.
The fifth step 650 includes: the first MIMO device 100 and the second MIMO device 200 communicate to determine whether the first key corresponds to the second key.
Fig. 7 is a system 700 that includes a first device ("Alice") shown at legend number 710, a second device ("Bob") shown at legend number 720, and a eavesdropping device ("Eve") shown at legend number 730. The channel 712 between Alice and Bob is represented by a channel matrix H. The channel 732 between Alice and Eve is represented by the channel matrix G1. The channel 734 between Eve and Bob is represented by the channel matrix G2.
Fig. 8 is a flow diagram of another method 800 for secure channel estimation. In connection with the scenario in fig. 7, there are two pilot transmission phases: first, Alice sends pilots to Bob (step 810), and second, Bob sends pilots to Alice (step 820), which are all considered to be known.
Based on the received pilots, Alice and Bob estimate the channel. Notably, if Eve initiated a pilot pollution attack, the channels estimated by Alice and Bob will be different because one estimate is H + G1 and the other estimate is H + G2. It is also worth noting that Eve does not know H, and therefore cannot make H + G1 and H + G2 equal. To check the consistency between the two channels without revealing the channel to Eve (who can subsequently benefit from knowing the channel), Alice and Bob extract the secret key from the estimated channel in step 830 (specific secret key extraction procedure, see Bloch 2011, physical layer security, j.barros, cambridge university press). With this technique, two people obtain a bit sequence (key) from the channel estimation. The key generated by Alice is denoted by a and the key generated by Bob is denoted by b. Let M be the length (in number of bits) of the extracted key.
If no attack is present, the two bit sequences are identical despite the presence of noise that affects the estimation. In case an attack occurs, which has modified the channel such that the difference between the channel estimates is larger than the noise level, the two bit sequences (keys) of Alice and Bob will be different.
Therefore, in step 840, the key validation process is used to check whether the two extracted keys are consistent. If the extracted keys are not consistent, the pairing fails (step 850). If the extracted keys are consistent, the pairing is successful (step 860).
FIG. 9 is a flow diagram of an example method 900 for confirming whether Alice and Bob's secret keys correspond. Alice generates a sequence of M random bits, denoted by r, which is xored with a secret key a (bitwise modulo sum), resulting in x ═ a + r, i.e., Alice performs a padding encoding of the random bits. In step 910, the coded bit x is transmitted through the channel. In step 920, Bob detects these coded bits and decrypts them with the key b extracted by Bob, so as to obtain a random bit sequence generated by Alice: r ═ x + b (sum of two moduli). Bob then maps the decrypted bits to another sequence of M bits by applying a reversible, unequal function h (. -), resulting in a mapped value h (r'). Bob pads the mapped value once with its own key and sends an encrypted message y ═ h (r') + b to Alice in step 930. In step 940, Alice decrypts the message by removing one padding, z ═ y + a, and checks in step 950 whether the received message is the correct mapping value of its randomly generated bits, i.e., Alice checks h (r) is equal to z. If the two mapping values are equal, Alice concludes that there is no pilot pollution attack, and the pairing is successful.
If the mapping is the same mapping and the first and second keys agree, the second device will send back r' ═ r, revealing the original sequence to Eve. Eve can simply calculate x + r ═ a, resulting in a, meaning that Eve knows some information about the channel and can use that information to promote its own attack. Therefore, the mapping is preferably a random mapping, preventing Eve from knowing the information of the sequence r when Bob transmits.
The following points are noteworthy: first, when Alice and Bob estimate the same channel, the extracted keys are the same and the entire procedure helps the pairing to succeed. Conversely, if the keys extracted by Alice and Bob do not correspond to each other, decryption by Bob may generate another message, thereby generating another mapping value, resulting in a failure of the pairing process. Second, Eve does not know channel H in this process. Third, if Eve attacks the stage after the training stage, Eve cannot learn the secret key, and thus cannot break the pairing process.
The channel reciprocity between Alice and Bob is important. However, this is not only relevant for pilot pollution detection, but also for the upcoming use of channel estimation by Alice, i.e. the beamforming of the private message to Bob. If the channels are different due to hardware damage, the channel estimates that Alice will use after the pairing process will not be correct. In fact, Alice will use the channel estimate to beamform the signal to Bob, but if the channel estimate is incorrect, the signal will not reach Bob, nor will Bob be able to decode the private information. Thus, assumptions of moderate hardware damage are relevant to the use of this estimate. When specifically considering the robustness of the method to (moderate) mismatches, it is worth noting that channel H is used to extract the secret key, whereas the secret key extraction procedure available in the prior art document includes the fact that Alice and Bob have different channel estimates. Therefore, the scheme can be considered robust against hardware damage. However, the damage may reduce the degree of defense against attacks for the following reasons: the higher the noise level or the greater the degree of impairment, the fewer bits that can be extracted from the channel and, therefore, the shorter the secret key.
Some variations of the general method will be described below.
Pilot sequence selection
The pilot sequence transmitted by the first MIMO device may be randomly selected from a set of (a large number of) sequences. After transmitting the pilot sequence to the second MIMO device, the first MIMO device will transmit another data packet indicating the pilot sequence index. Thereafter, the second MIMO device randomly selects another pilot sequence from a set (large) of sequences and transmits it to the first MIMO device. After transmitting the pilot sequence to the first MIMO device, the second MIMO device will transmit another data packet indicating the selected second pilot sequence index.
This scheme makes it easier to detect an attack initiated by the third device, since the third device does not know the pilot sequence in advance and thus cannot "cover" the pilot sequence.
Using private keys
The extracted first and/or second keys may also be used for encrypting data transmissions or for selecting secret keys, i.e. the first and second keys may also be used for conventional security purposes. In particular, the first and/or second MIMO device may be configured to encrypt the message with the first and/or second key and to transmit the encrypted message.
Channel tracking
After initial channel estimation and verification, channel variations may be tracked. This tracking can be continued, allowing for continued key verification as follows:
the data signal may be used as a pilot (once the data is decoded). This data-directed channel estimation avoids the use of pilots. Pilots may still be exchanged between terminals (e.g., to simplify channel estimation for data-directed approaches).
The first MIMO device and the second MIMO device may calculate a difference between the newly estimated channel and a previously estimated channel.
And the two carry out secret key extraction on the calculated channel difference value.
Both perform key verification on the two extracted keys as described above.
Integrated secret key extraction and key verification
The two steps of first secret key extraction and key verification may be partially integrated. The above-described method for secret key extraction provides for a first MIMO device to transmit a bit sequence to a second MIMO device so that the second MIMO device can correct a certain amount of difference between a key of the first MIMO device and a key of the second MIMO device. Then, through the key verification process, it is checked whether the obtained keys are actually the same.
An alternative provides that the first MIMO device sends a bit sequence to the second MIMO device so that the first MIMO device can detect errors instead of correcting them. With these bits, the second MIMO device can directly perform the key verification step by determining whether the number of differences between the two sequences is greater than a threshold. Generally, the number of bits required to detect an error is less than the number of bits required to correct the error. In practice, this represents an advantage (also simplifying the algorithm).
Key validation process
The key confirmation procedure may be performed by, for example, the key confirmation unit of the first MIMO device and the key confirmation response unit of the second MIMO device as follows:
a. the first MIMO device generates a sequence of M random bits, denoted by r, which is xored with a secret key (bitwise modulo sum), resulting in x ═ a + r.
b. The bits x are sent over the channel and the second MIMO device decrypts them with its own extracted key b.
c. The second MIMO device maps the decrypted bits to another sequence of M bits by applying a reversible, unequal function h (. -) to obtain a mapping value h (r').
d. The second MIMO device xors the mapped bits with its own key and sends an encryption message y ═ h (r') + b to the first MIMO device.
e. The first MIMO device decrypts the message by removing the one-time pad, z ═ y + a, and checks if the received message is the correct mapped value of its randomly generated bits, i.e. detects if h (r) is equal to z.
f. If the check passes, the pairing is successful.
In summary, physical layer security makes it possible to achieve efficient encrypted transmission by utilizing the characteristics of a wireless channel. Correct Channel State Information (CSI) is important in methods for physical layer security, especially in the case of devices equipped with multiple antennas. In the channel acquisition phase, an attacker can launch pilot pollution attack to implement wrong CSI, so that information can be acquired in subsequent transmission.
The invention allows the safe pairing process to be carried out between two devices equipped with a plurality of antennas by preventing an attacker from launching pilot frequency pollution attack, thereby ensuring that the channel estimation obtained by the two legal devices is consistent, obtaining correct CSI and further ensuring the subsequent transmission to be safe.
All of the above description is only an embodiment of the present invention, and the scope of protection of the present invention is not limited thereto. Any changes or substitutions may be readily made by those skilled in the art. Therefore, the protection scope of the present invention should be defined by the claims.

Claims (11)

1. A first MIMO device for channel estimation and verification, the first MIMO device comprising:
a transmitter for randomly selecting and transmitting a first pilot sequence from a set of first pilot sequences, transmitting an index of the selected first pilot sequence;
a receiver for receiving a second pilot sequence and an index of the selected second pilot sequence, wherein the second pilot sequence is randomly selected from a set of pilot sequences;
a channel estimator for estimating a first channel based on the received second pilot sequence and an index of the selected second pilot sequence;
a key generator for generating a first key based on the estimated first channel;
a key confirmation unit to determine whether the first key corresponds to a second key of a second MIMO device;
wherein the key confirmation unit is configured to:
generating a random number; encrypting the random number with the first key to obtain a first bit sequence; transmitting the first bit sequence; receiving a second bit sequence; decrypting the second bit sequence using the first key; determining that the first key corresponds to the second key if the decrypted second bit sequence matches the mapping of the random number;
or, the key confirmation unit is configured to: determining that the first key corresponds to the second key if at least a predetermined portion of bits in the first key and the second key are the same.
2. The first MIMO device of claim 1,
the receiver is configured to receive another second pilot sequence;
the channel estimator is configured to estimate another first channel based on the received another second pilot sequence;
the key generator is configured to generate another first key based on a difference between the estimated first channel and the estimated another first channel;
the key confirmation unit is configured to determine whether the another first key corresponds to another second key of the second MIMO device.
3. A second MIMO device for use in channel estimation and verification by a first MIMO device, the MIMO device comprising:
a receiver for receiving a first pilot sequence and an index of the selected first pilot sequence, wherein the first pilot sequence is randomly selected from a set of pilot sequences;
a transmitter for transmitting a second pilot sequence and an index of the selected second pilot sequence, wherein the second pilot sequence is randomly selected from a set of pilot sequences;
a channel estimator for estimating a second channel based on the received first pilot sequence and an index of the selected first pilot sequence;
a key generator for generating a second key based on the estimated second channel;
a key confirmation response unit configured to communicate with the first MIMO device so that the first MIMO device determines whether the second key corresponds to a first key of the first MIMO device;
wherein the transmitter is configured to transmit the second pilot sequence after receiving the first pilot sequence, and the second MIMO device is configured to randomly select the second pilot sequence from a set of candidate sequences based on the estimated second channel;
wherein determining whether the second key corresponds to the first key of the first MIMO device comprises:
generating a random number; encrypting the random number with the first key to obtain a first bit sequence; transmitting the first bit sequence; receiving a second bit sequence; decrypting the second bit sequence using the first key; determining that the first key corresponds to the second key if the decrypted second bit sequence matches the mapping of the random number;
or, if at least a predetermined portion of bits in the first key and the second key are the same, determining that the first key corresponds to the second key.
4. The second MIMO device of claim 3, wherein the key confirmation response unit is configured to:
receiving a first bit sequence;
decrypting the first bit sequence using the second key;
encrypting the decrypted mapping of the first bit sequence with the second key to obtain a second bit sequence;
and transmitting the second bit sequence.
5. The second MIMO device of claim 3 or 4,
the receiver is configured to receive another first pilot sequence;
the channel estimator is configured to estimate a further second channel based on the received further first pilot sequence;
the key generator is used for generating another first key based on the difference value between the estimated original second channel and the estimated another second channel;
the key confirmation response unit is configured to communicate with the first MIMO device to determine whether the another second key corresponds to another first key of the first MIMO device.
6. MIMO device according to any of the previous claims 3 or 4, wherein the key generator is configured to generate the first and/or second keys by performing the stages of priority extraction, information coordination and privacy enhancement based on the estimated second channel.
7. A system comprising a first MIMO device according to any one of claims 1 to 2 and a second MIMO device according to any one of claims 3 to 5, wherein the first and second MIMO devices are arranged to use the same mapping function.
8. A method for channel estimation and verification, the method comprising:
randomly selecting and transmitting a first pilot sequence from a set of first pilot sequences;
transmitting an index of the selected first pilot sequence;
receiving a second pilot sequence and an index of the selected second pilot sequence, wherein the second pilot sequence is randomly selected from a group of pilot sequences;
estimating a first channel based on the received second pilot sequence and an index of the selected second pilot sequence;
generating a first key based on the estimated first channel;
communicating with a second MIMO device to determine whether the first key corresponds to a second key of the second MIMO device;
wherein determining whether the first key corresponds to a second key of a second MIMO device comprises
Generating a random number; encrypting the random number with the first key to obtain a first bit sequence; transmitting the first bit sequence; receiving a second bit sequence; decrypting the second bit sequence using the first key; determining that the first key corresponds to the second key if the decrypted second bit sequence matches the mapping of the random number;
or, if at least a predetermined portion of bits in the first key and the second key are the same, determining that the first key corresponds to the second key.
9. A method for channel estimation and verification by a first MIMO device, the method comprising:
receiving a first pilot sequence and an index of the selected first pilot sequence, wherein the first pilot sequence is randomly selected from a group of pilot sequences;
transmitting a second pilot sequence and an index of the selected second pilot sequence, wherein the second pilot sequence is randomly selected from a group of pilot sequences;
estimating a second channel based on the received first pilot sequence and an index of the selected first pilot sequence;
generating a second key based on the estimated second channel;
communicating with the first MIMO device to determine whether the second key corresponds to a first key of the first MIMO device;
wherein the second pilot sequence is transmitted after receiving the first pilot sequence, the second pilot sequence being randomly selected from a set of candidate sequences based on the estimated second channel;
wherein the content of the first and second substances,
wherein determining whether the second key corresponds to the first key of the first MIMO device comprises:
generating a random number; encrypting the random number with the first key to obtain a first bit sequence; transmitting the first bit sequence; receiving a second bit sequence; decrypting the second bit sequence using the first key; determining that the first key corresponds to the second key if the decrypted second bit sequence matches the mapping of the random number;
or, if at least a predetermined portion of bits in the first key and the second key are the same, determining that the first key corresponds to the second key.
10. A method for channel estimation and verification by a first MIMO device and a second MIMO device, the method comprising:
the first MIMO equipment randomly selects and transmits a first pilot sequence from a group of first pilot sequences, and transmits an index of the selected first pilot sequence;
the second MIMO device receives the first pilot sequence and an index of the selected first pilot sequence; estimating a second channel based on the received first pilot sequence and an index of the selected first pilot sequence; generating a second key based on the estimated second channel;
the second MIMO device sends a second pilot sequence and an index of the selected second pilot sequence, wherein the second pilot sequence is randomly selected from a group of pilot sequences;
the first MIMO device receives the second pilot sequence and an index of the selected second pilot sequence; estimating a first channel based on the received second pilot sequence and an index of the selected second pilot sequence; generating a first key based on the estimated first channel;
the communicating between the first MIMO device and the second MIMO device to determine whether the first key corresponds to the second key specifically includes: generating a random number; encrypting the random number with the first key to obtain a first bit sequence; transmitting the first bit sequence; receiving a second bit sequence; decrypting the second bit sequence using the first key; determining that the first key corresponds to the second key if the decrypted second bit sequence matches the mapping of the random number; or, if at least predetermined portions of bits in the first key and the second key are the same, determining that the first key corresponds to the second key;
wherein the second pilot sequence is transmitted after receiving the first pilot sequence, the second pilot sequence being randomly selected from a set of candidate sequences based on the estimated second channel.
11. A computer-readable storage medium storing program code, the program code comprising instructions to perform the method according to any one of claims 8 to 10.
CN201580083630.2A 2015-10-16 2015-10-16 MIMO system secure pairing method Active CN109417469B (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2015/074037 WO2017063716A1 (en) 2015-10-16 2015-10-16 Secure paring method for mimo systems

Publications (2)

Publication Number Publication Date
CN109417469A CN109417469A (en) 2019-03-01
CN109417469B true CN109417469B (en) 2021-09-07

Family

ID=54364273

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201580083630.2A Active CN109417469B (en) 2015-10-16 2015-10-16 MIMO system secure pairing method

Country Status (2)

Country Link
CN (1) CN109417469B (en)
WO (1) WO2017063716A1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10447725B1 (en) 2017-01-24 2019-10-15 Apple Inc. Secure ranging wireless communication
CN111953362B (en) * 2020-07-16 2022-01-14 深圳安吉尔饮水产业集团有限公司 Communication method, communication device, communication transceiver and readable storage medium
WO2022234454A1 (en) * 2021-05-03 2022-11-10 Lenovo (Singapore) Pte. Ltd. Key establishment using wireless channel information

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1891007A (en) * 2003-12-12 2007-01-03 艾利森电话股份有限公司 Method and apparatus for allocating a pilot signal adapted to the channel characteristics
CN1993924A (en) * 2004-08-04 2007-07-04 松下电器产业株式会社 Radio communication device, radio communication system, and radio communication method
CN101288260A (en) * 2005-01-27 2008-10-15 美商内数位科技公司 Method and system for deriving an encryption key using jointrandomness not shared by others
CN101433010A (en) * 2006-04-18 2009-05-13 交互数字技术公司 Method and system for securing wireless communications
CN102869013A (en) * 2012-08-29 2013-01-09 北京邮电大学 Secure communication system based on wireless channel characteristic
CN103167490A (en) * 2013-04-12 2013-06-19 中国人民解放军信息工程大学 Method, device and system for distributing wireless secret key
CN103460639A (en) * 2010-11-03 2013-12-18 华为技术有限公司 System and method for securing wireless communications

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1847060A4 (en) * 2005-01-27 2011-09-14 Interdigital Tech Corp Method and system for deriving an encryption key using joint randomness not shared by others
US8325697B2 (en) * 2009-10-13 2012-12-04 Qualcomm Incorporated Methods and apparatus for selecting and transmitting pilots
US8331488B2 (en) * 2009-10-13 2012-12-11 Qualcomm Incorporated Methods and apparatus for communicating information using non-coherent and coherent modulation
US9380458B2 (en) * 2013-07-31 2016-06-28 Huawei Technologies Co., Ltd. Method for detecting eavesdroppers in a wireless communication system
CN107437984B (en) * 2016-05-27 2020-11-10 华为技术有限公司 Information transmission method and device
CN107018576B (en) * 2017-03-28 2019-10-11 西安电子科技大学 Accidental access method based on grid chart

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1891007A (en) * 2003-12-12 2007-01-03 艾利森电话股份有限公司 Method and apparatus for allocating a pilot signal adapted to the channel characteristics
CN1993924A (en) * 2004-08-04 2007-07-04 松下电器产业株式会社 Radio communication device, radio communication system, and radio communication method
CN101288260A (en) * 2005-01-27 2008-10-15 美商内数位科技公司 Method and system for deriving an encryption key using jointrandomness not shared by others
CN101433010A (en) * 2006-04-18 2009-05-13 交互数字技术公司 Method and system for securing wireless communications
CN103460639A (en) * 2010-11-03 2013-12-18 华为技术有限公司 System and method for securing wireless communications
CN102869013A (en) * 2012-08-29 2013-01-09 北京邮电大学 Secure communication system based on wireless channel characteristic
CN103167490A (en) * 2013-04-12 2013-06-19 中国人民解放军信息工程大学 Method, device and system for distributing wireless secret key

Also Published As

Publication number Publication date
WO2017063716A1 (en) 2017-04-20
CN109417469A (en) 2019-03-01

Similar Documents

Publication Publication Date Title
Shakiba-Herfeh et al. Physical layer security: Authentication, integrity, and confidentiality
CN106411521B (en) Identity authentication method, device and system for quantum key distribution process
JP4734344B2 (en) Method and system for deriving encryption key using joint randomness (JRNSO) not shared with others
Verma et al. Physical layer authentication via fingerprint embedding using software-defined radios
KR20180123091A (en) Methods and architectures for secure ranging
KR100776936B1 (en) Watermarks/signatures for wireless communications
US20070036353A1 (en) Authentication and encryption methods using shared secret randomness in a joint channel
EP2827552A2 (en) Apparatus and method for transmitting secure data in wireless communication system
WO2016133724A1 (en) Method, apparatus, and system for identity authentication
CN111566990A (en) Secure key agreement with untrusted devices
JP7192122B2 (en) Systems and methods for authenticating connections between user devices and vehicles
KR20130069860A (en) System and method for securing wireless communications
JP2017517720A (en) Method and system for optimizing radio navigation signal authentication
CN103888938A (en) PKI private key protection method of dynamically generated key based on parameters
US10396986B2 (en) Method for generating a secret between users of a network, and users of the network which are configured for this purpose
WO2010132695A1 (en) System and method for securely identifying and authenticating devices in a symmetric encryption system
US7942324B2 (en) Method for communicating between a reader and a wireless identification marker, associated reader and marker
US20220345306A1 (en) Symmetric Encryption Key Generation Using Wireless Physical Layer Information Without Sharing Any Information Pertinent To The Key
CN109417469B (en) MIMO system secure pairing method
US10735963B1 (en) Wireless communication method for secure side-channel signaling and authentication at the physical layer
CN116017451A (en) IPv6 terminal identity authentication method utilizing 5G NR physical layer information
CN101496340B (en) Method for establishing a secret key between two nodes in a communication network
JP2008217497A (en) Radio communication system communication device, and radio communication method
Wang et al. Deep learning based adaptive physical layer key distribution
CN118339851A (en) Method for verifying identity of electronic equipment and related equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant