Physical Layer Authentication with Dynamic Key Updates for the Internet of Things

Abstract

Recently, the security issue in Internet of Things (IoT) has attracted attention due to the dramatic increase of IoT devices. For secure communications with IoT devices, the first step is to find out whether the device to be communicated is a legitimate one or a malicious one. This process is called authentication, which typically relies on a cryptography based mechanism at the upper layer. However, the cryptography-based upper layer authentication has limitations such as key distribution and management problems, high complexity, high energy consumption, and large signaling overhead as the connecting devices increases, and thus may not be suitable for hardware limited IoT devices and sensors. To solve this problem, the physical layer (PHY) authentication is being investigated. Unlike upper layer authentication, PHY authentication utilizes the unique physical properties, making it suitable for hardware-constrained IoT devices and sensors by distributed, simple, and fast procedures. In this paper, we propose a novel PHY challenge-response authentication mechanism (PHY-CRAM) with a dynamic key update strategy for potential application of massive IoT connections. For this, we use the reciprocity and randomness characteristics of the channel. Conventional PHY-CRAM is fully unsecured once the key is exposed to a malicious intruder, whereas the proposed scheme automatically updates the secret key for the next channel use based on the current channel gains. In this way, the following impersonation attacks using the previously exposed secret key become nearly useless. Furthermore, the intruder is hard to estimate the updated key because the physical channel typically changes quickly over time. Through multi-carrier transmission simulations, the proposed scheme is evaluated by authentication performance (e.g., receiver operating characteristic (ROC) curve), compared to the conventional PHY-CRAM. The results show that the proposed scheme has a better authentication performance, compared to the conventional scheme under the secret key leakage scenario. In the situation where the authentication key is 80% leaked, the SNR is 6dB, and the detection probability is 0.99999, the conventional method has a false alarm probability of 0.8785 while the proposed method has a good performance of 0.0397. To the next, we performed the novel PHY-CRAM system model in real environment using universal software radio peripheral (USRP) equipment. Due to the limitation in estimating the channel phase, we performed the experiment after assuming that the channel phase is shared. We flipped the key using the channel gain in real environment. The experimental results are shown in Chapter 3. From the captured channel gains in the experiments, the cumulative distribution functions of the test statistic of Alice and Eve shows a very wide gaps, which can be easily distinguished by a proper threshold.