June 24, 2021

SpywareNews.com

Dedicated Forum to help removing adware, malware, spyware, ransomware, trojans, viruses and more!

Technical Report: Man-in-the-Middle Attack Resistant Secret Key Generation via Channel Randomization. (arXiv:2106.02731v1 [cs.CR])

Physical-layer based key generation schemes exploit the channel reciprocity
for secret key extraction, which can achieve information-theoretic secrecy
against eavesdroppers. Such methods, although practical, have been shown to be
vulnerable against man-in-the-middle (MitM) attacks, where an active adversary,
Mallory, can influence and infer part of the secret key generated between Alice
and Bob by injecting her own packet upon observing highly correlated
channel/RSS measurements from Alice and Bob. As all the channels remain stable
within the channel coherence time, Mallory’s injected packets cause Alice and
Bob to measure similar RSS, which allows Mallory to successfully predict the
derived key bits. To defend against such a MitM attack, we propose to utilize a
reconfigurable antenna at one of the legitimate transceivers to proactively
randomize the channel state across different channel probing rounds. The
randomization of the antenna mode at every probing round breaks the temporal
correlation of the channels from the adversary to the legitimate devices, while
preserving the reciprocity of the channel between the latter. This prevents key
injection from the adversary without affecting Alice and Bob’s ability to
measure common randomness. We theoretically analyze the security of the
protocol and conduct extensive simulations and real-world experiments to
evaluate its performance. Our results show that our approach eliminates the
advantage of an active MitM attack by driving down the probability of
successfully guessing bits of the secret key to a random guess.