Statistical Inference Attack Against PHY-layer Key Extraction and Countermeasures

The formal theoretical analysis on channel correlations in both real indoor and outdoor environments are provided in this paper. Moreover, this paper studies empirical statistical inference attacks (SIA) against LSB key extraction, whereby an adversary infers the signature of a target link. Consequently, the secret key extracted from that signature has been recovered by observing the surrounding links. Prior work assumes theoretical link-correlation models for the inference, in contrast, our study does not make any assumption on link correlation. Instead, we take machine learning (ML) methods for link inference based on empirically measured link signatures. ML algorithms have been developed to launch SIAs under various realistic scenarios. Our experimental results have shown that the proposed inference algorithms are still quite effective even without making assumptions on link correlation. In addition, our inference algorithms can reduce the key search space by many orders of magnitudes compared to brute force search. We further propose a countermeasure against the statistical inference attacks, FBCH (forward-backward cooperative key extraction protocol with helpers). In the FBCH, helpers (other trusted wireless nodes) are introduced to provide more randomness in the key extraction. Our experiment results verify the effectiveness of the proposed protocol.