Channel Model and Sounding Method Effects on Wireless Secret Key Rates Brett T. Walkenhorst, Andrew D. Harper, Robert J. Baxley Georgia Tech Research Institute Georgia Institute of Technology Atlanta, GA 30332 brett@gatech.edu; andrewharper@gatech.edu; baxley@gatech.edu Abstract—Ensuring data privacy of wireless communication systems has been a challenging problem for various reasons. The simplicity of eavesdropping on wireless transmissions makes the barrier to entry lower for wireless than for wired systems. Due to size and power constraints, wireless systems are sometimes unable to implement the complex cryptographic algorithms that can ensure the privacy of their data, leaving them with weaker schemes that are more easily exploited. However, the wireless security problem has one distinct advantage over the wired problem in that the channel seen by the eavesdropper is not usually correlated with the channel seen by the intended receiver. Recent research in the community has suggested that the randomness inherent in the wireless channel may be exploited to create secret keys dynamically, making simple wireless cryptographic schemes extremely strong and in some applications providing perfect secrecy. In this paper, we present some information theory bounds on key lengths for various wireless channel models and discuss the impact such physical channel- derived dynamic re-keying would have on various applications. We also present some thoughts on proving out the concepts in actual systems. Keywords: secrecy capacity, cryptography, wireless secrecy I. INTRODUCTION Recent studies have demonstrated the ability of a transmitter/receiver pair (Alice/Bob) to generate secret keys derived from the physical layer channel [1]-[9]. By creating keys in real-time, perfect secrecy (information-theoretically secure) and/or near-perfect secrecy (computationally secure) can be established with a pair of low-cost transceivers. Initial studies demonstrated the potential for secret communication leveraging differences in the Alice-Bob channel and the Alice- Eve channel using Information Theory [1]-[2]. For simplicity in proving the concepts, many of these early studies assumed a binary symmetric channel with fixed probabilities. More recent papers have investigated key lengths and key rates available in a Jakes’ model, which is applicable to a fixed- to-mobile wireless channel model [3] and Rayleigh/Rician fading channels [4]. The work of [3] concluded that the optimal strategy for a given number of channel samples is one that minimizes the channel sounding time. In this paper, we generalize their approach in three significant ways and thereby generate slightly different conclusions. First, we examine the effects of system delays on the number of key bits generated as well as the channel sounding strategies employed. Second, we incorporate correlation effects for arbitrarily long time periods rather than assuming zero correlation outside the coherence interval. Third, we explore the effects of differing correlation functions on the key generation rates available. Specifically, we consider three distinct channel models (Jakes, Gaussian, and Sinc) using two basic methods of sounding the channel (simultaneous sounding and time division duplex (TDD) with/without delay). Channel sounding is the process of transmitting a known sequence from one node so the other node can estimate the channel response. The results of our analysis demonstrate secret key generation rates available for some of these combinations and draw conclusions about the available secret rates relative to non-secret rates in typical wireless channels. We will conclude with some discussion of implementation of this key generation in hardware systems. This paper is outlined as follows. In Section II, we briefly introduce the information theory construct for computing key lengths; section III discusses sounding strategies; and section IV describes the channel models we employ. Simulation results are given in Section V with discussion of results in Section VI and conclusions in VII. II. SECRET KEY LENGTHS In the wireless eavesdropping channel, we assume that Alice, the intended transmitter, is attempting to communicate with Bob, while a third party, Eve, is attempting to eavesdrop. The signal that Bob sees when Alice transmits   is given by         (1) the signal Alice sees when Bob transmits is given by         (2) and the signal Eve sees when Alice transmits is given by         (3) Although Eve may be interested in Bob’s transmissions, the problem is symmetric and it is sufficient to analyze Eve’s ability to correctly decode Alice’s transmissions. In our system model, we introduce the possibility that Bob transmits to enable both Alice and Bob to estimate their channel so they can agree upon a key. The system model described above is depicted graphically in Figure 1. We assume that     at any given time. While this assumption may be skewed somewhat by variations in the 978-1-4673-2709-1/12/$31.00 ©2012 IEEE 597