Scramble-Based Secret Key Generation Algorithm in Physical Layer Security

As a new way to enhance wireless communication security, secret key generation based on physical layer channel characteristics has emerged. In this paper, we propose a novel secret key generation algorithm based on wireless channel characteristics for orthogonal frequency division multiplexing (OFDM) communication systems. The mean quantization algorithm is applied to quantize the real part and imaginary part of OFDM subcarriers, respectively, which can significantly increase the length of the generated secret key in the OFDM system. To reduce the consistency between the secret keys generated by the eavesdropper and the legitimate communication nodes, a processing method by taking the subcarrier phase as initialization of a scrambling code and scrambling the quantized result is proposed. The simulation and test results show that compared with the existing research, the proposed algorithm can improve the key generation rate (KGR), reduce the key mismatch rate (KMR) and complexity, maintain high randomness, and disturb the eavesdroppers.


Introduction
Secret key generation technology is becoming increasingly popular in wireless communication devices, especially smartphones and other smart devices. It plays an increasingly important role in people's daily lives. To ensure the con dentiality and security of wireless communication, classical encryption-based techniques are used in the upper layers [1]. Unlike traditional upper-layer keys, physical layer secret key generation techniques do not require complicated hash calculations or any infrastructure for distribution or management [2].
is technique can be used in wireless communication devices with limited computing power, or even by eavesdroppers with unlimited computing power. Furthermore, in a multipath scattering environment, if the distance between the eavesdropper (Eve) and the legitimate node (Alice/Bob) is greater than half a wavelength, they will experience uncorrelated channels [3]. As a result, the eavesdropper (Eve) is unable to obtain the same as the one obtained by the legitimate node (Alice/Bob). As well as the above-given advantages, physical layer secret key generation has been gaining attention as a lightweight security tool, especially in applications such as V2X, IoT, and smart homes. e physical layer secret key generation techniques based on the randomness and reciprocity of wireless channels are gradually becoming more e ective as a complement to upper layer encryption methods.
Numerous physical layer secret key generation schemes have been proposed for orthogonal frequency division multiplexing (OFDM)-based systems. ese schemes generally used channel impulse responses (CIR), phase, or amplitude of the received signal to generate secret keys [4]. e authors of [5] proposed an OFDM subcarrier index selection (OFDM-SIS) which maximized the signal-to-noise ratio at legitimate receivers and an adaptive subcarrier interleaving scheme that reduced the correlations among subcarriers. e authors of [6] proposed channel status information (CSI) based key generation for OFDM indoor and outdoor systems. In [7], signal space diversity is used to separate the in-phase and orthogonal components of complex modulated symbols to increase diversity gain over Eve, thereby improving the con dentiality of OFDM systems. e authors of [8] studied key generation for OFDM systems with the phase variation of channel frequency response based on time-varying channels. e legitimate communication nodes in the above schemes mainly use CIR, index, or received signal strength (RSS) to generate the same random secret key. However, all these methods have some limitations [9]. For example, a faster channel probing rate will produce a higher key generation rate but may reduce temporal redundancy and randomness, while a higher quantization level will produce a higher key generation rate but a higher key mismatch rate, especially in a low signal-to-noise environment it could become more obvious. On the one hand, some of the above-mentioned literature can take into consideration the key generation rate and key mismatch rate, but the computational complexity increases as a result. On the other hand, while pursuing high performance in key generation rate and key mismatch rate, the randomness of secret keys cannot be compromised and must be maintained at a high level.
In general, most of the current secret key generation techniques are based on received signal strength (RSS) and channel state information (CSI), where channel impulse response (CIR) is one of the most commonly used CSI. e RSS is a coarse-grained channel information indicator, where only one RSS value can be obtained per packet, which imposes a limitation on the KGR. e CSI is a fine-grained channel parameter that provides detailed channel information, CSI-based systems are able to provide high KGR, and CIR has been shown to be ideal for a key generation [10]. In addition, RSS is vulnerable to predictable channel attacks in some cases, but there is experimental evidence that CSI is immune to predictable channel attacks [11]. To further improve the key generation rate of the secret key generation method as well as to reduce the key mismatch rate while maintaining the key randomness. We choose to use the real and imaginary parts of CIR to generate secret keys. In addition, in order to enhance the confidentiality of the key, the phase is used to quantize the initial value of the scrambled code and to facilitate subsequent quantization. In this paper, a novel key generation algorithm for the OFDM system is proposed. e work in this paper is summarized as follows: (1) Generates initial secret keys by comparing the imaginary and real parts of each subcarrier with the mean of the real and imaginary parts of the entire OFDM block, respectively. It can increase the key generation rate by a large amount compared with it based on the magnitude of CIR. (2) After the initial secret key generation, the entire OFDM block is divided into multiple subblocks. e mean phase of the subcarriers within each subblock is used as an initial value and a scrambling sequence is generated with it. en, the secret key is scrambled with that sequence, which can effectively reduce the key leakage at the eavesdropper and improve the confidentiality of the key.
(3) We analyze the proposed algorithm's reliability and security by using results derived from informationtheoretic security theory. Simulation results show that the algorithm can significantly improve the key generation rate, further reduce key mismatch rate both in high and low SNR environments, also it passes the NIST randomness test. Finally, its computational complexity is analyzed and compared with existing algorithms.

System Model and the Proposed Algorithm
2.1. System Model. As shown in Figure 1, the channel model is assumed to be a Rayleigh fading channel with N exponentially fading taps. e communication system model is assumed to be SISO-OFDM with time-division duplexing (TDD). e legitimate nodes are Alice and Bob who try to communicate securely with each other by using CIR to generate secret keys in the presence of a passive eavesdropper (Eve). In addition, the CIR between Alice and Bob is denoted as h AB (t 1 ) ∈ C 1×N , the CIR between Bob and Alice is denoted as h BA (t 2 ) ∈ C 1×N , and the CIR between Alice and Eve is denoted as h AE (t 3 ) ∈ C 1×N , when the interval time between t 1 and t 2 are shorter than the coherence time τ(|t 1 − t 2 | < τ), according to the characteristic of short-time reciprocity of wireless channels [12], the radio channels experienced by both are closely correlated between h AB (t 1 ) and h BA (t 2 ), i.e., h AB (t 1 ) ≈ h BA (t 2 ). Furthermore, we consider an eavesdropper, who tracks the legitimate nodes involved in secret key extraction. It could eavesdrop on all open discussions in the key generation process and the secret key generation algorithm with the corresponding key generation parameters. Because of the differences in location and environment, it is assumed that the distance between Alice/Bob and Eve is greater than or equal to half a wavelength. Hence the wireless channels experienced by both are uncorrelated in the multipath fading environment, resulting in independent observations at the legitimate nodes and the eavesdropper.
Taking Alice as the transmitter, the frequency domain OFDM symbols (pilots) can be expressed as � [a 1 , a 2 , ..., a M ] T ∈ C M×1 , where M denotes the number of the pilots. e pilots are processed first, then sent to Bob and Eve through the wireless channel. In the frequency domain, the received signal y i ∈ C M×1 of Bob or Eve can be written as follows: where the subscripts i � b, e { } denote the receiver`s parameters for Bob or Eve, and the vectors Z f i denote the Fourier transform of the additive white Gaussian noise (AWGN) with mean 0 and variance of σ 2 , Furthermore, H f i ∈ C M×M is the channel frequency response diagonal matrix.

Proposed Algorithms.
In this section, we present the detailed steps of the proposed Real and Imaginary partsbased Scrambled Key Generation (RISKG) algorithm. Among them, we use the real and imaginary parts of CSI to generate the initial secret key, and it is proved that the real and imaginary parts always have better performance than the amplitude and phase in generating the secret key. In addition, we use the mean phase of the subblock for quantization as a scrambling code initialization in order to enhance the key confidentiality, since the phase has a higher amount of mutual information between the channel of Alice to Bob and Bob to Alice compared to the amplitude and is easier to quantize [10]. e specific steps of the algorithm are as follows: (1) During the coherence time τ of the channel, Alice and Bob send the pilots a � [a 1 , a 2 , ..., to each other for channel estimation. Taking the example of Alice sending pilots a to Bob, the channel estimate at Bob/ Eve can be expressed in the frequency domain as e diagonal matrix Η f i obtained at Bob/Eve is converted into a row vector h i , and the procedure can be described as (2) (5) Extract the mean phase θ j for each subblock h j i : where C1 denotes the mean phase quantization of all the elements within each subblock, When the length of the m-sequence is greater than 31, the calculation is performed as follows: p(n + 31) � (p(n + 3) + p(n))mod 2, q(n + 31) � (q(n + 3) + q(n + 2) + q(n + 1) + q(n))mod 2.
e Gold sequence C3 of length M is generated as a scrambled sequence as follows: where N c � 1600. e Gold sequence C3 is used to scramble the real initial key KeyR i and the imaginary initial key  Figure 2 to generate the final secret key K [14]. e final secret key K can be given as

Security Analysis
In this section, we analyze quantitative measurements of security. e metric of security is usually based on information theory, in which one of the metrics is the amount of mutual information between the key generated at the legitimate node and eavesdropper.
Since the distance between Eve and Bob is assumed to be smaller than the distance between Eve and Alice, only the mutual information between Alice to Bob and the mutual information between Alice to Eve is taken into consideration. Equation (13) can be used to calculate the Pearson correlation coefficient of the channel fading coefficient at two locations separated by d [15].
where J 0 (·) is the first kind of Bessel function, k is the wavenumber. As shown in Figure 3 that is the image of the function. At the p-th subcarrier, the fading coefficients of the Alice to Bob and Alice to Eve channels are determined as h bp and h ep . In addition, the correlation coefficient between h bp and h ep is shown in equation (13) where H d (·) is the entropy. e real and imaginary parts of the Alice to Bob and Alice to Eve channel coefficients are related to the parameter ρ. Alternatively, the covariance matrix can be shown as follows: After introducing equation (12), equation (11) Figure 2: Key arrangement.
When ρ approaches 0, the amount of mutual information I(h bp ; h ep ) approaches 0. In the worst-case situation, Eve and Bob are separated by half a wavelength. Half a wavelength is 5 cm when the frequency band is assumed to be 3 GHz.
where c is the speed of light. As shown in Figure 4, at this time we can obtain the correlation coefficient ρ ≈ 0.09 and the amount of mutual information I(h bp ; h ep ) ≈ 0.01(bit).

Simulation Performance Analysis
In this section, numerical results are given to illustrate the performance of the RISKG algorithm. e RISKG algorithm is compared with three algorithms including the conventional key generation (CKG) algorithm, index-based key generation (IKG) algorithm, and joint key generation (JKG) algorithm. e CKG algorithm generates the key by comparing each subcarrier amplitude with the mean of the subcarrier amplitudes within the entire OFDM block [6]; the IKG algorithm divides the whole OFDM block into subblocks, which generates the corresponding secret keys according to the index positions of the strongest and second strongest subcarriers within the subblocks; the JKG algorithm combines CKG and IKG to generate the corresponding secret keys [16].
We assume that there are N � 9 pathways in the Rayleigh fading channel between any two communication nodes, where the exponentially fading power delay distribution is taken into consideration [17]. To make a fair comparison with the other above-mentioned three algorithms, the parameters related to the simulation performance analysis of all algorithms are uniformly set (according to Table 1).
In addition, the effects of nonideal channel reciprocity and nonideal channel estimation due to noise, interference, and synchronization errors are considered [18]. Due to the influence of the channel estimation, the channel between Alice and Bob can be expressed as H b/a is modeled as an independent complex Gaussian noise with mean 0 and variance σ 2 a/b � e × 10 − SNR dB /10 , it should be emphasized that the error variance value of the estimated channel depends on the quality of the adopted estimator, which is highly affected by the length of the training sequence and its power. us, we use a similar scale e ∈ 0.01, 0.001, 0.0001 { } referred to all secret key generation algorithms [19].

Performance Metrics.
e key generation rate (KGR) describes the ratio of the number of secret keys generated to the number of channel characteristics in each measurement, and a higher bit rate indicates that a long secret key can be generated in a shorter period. When the key generation rate is faster, the keys are updated more frequently and the communication system is more secure. When the probing speed is given, the key generation rate is calculated as follows: where L is the number of secret keys, M is the number of channel characteristics. e key mismatch rate (KMR) is mainly used to measure the mismatch between legitimate communication nodes, which is calculated as follows: where K A and K B denote the secret keys generated at Alice and Bob's, respectively. e key leakage rate (KLR) is used to measure the matching rate of keys between legitimate communication nodes and eavesdroppers, which is calculated as follows: where K B and K E denote the secret keys generated at Bob and Eve, respectively. Lower KLG indicates less information has been leaked and better performance. Randomness is a measure of the security strength of the secret keys generated by Alice and Bob that determines whether the key generation scheme is secure or not. At present, most of the tests for secret key randomness in physical layer secret key research use the randomness test standard issued by the National Institute of Standards and Technology (NIST). e test items include: frequency, block frequency, cumulative sums, runs, longest run, rank, discrete Fourier transform, nonperiodic template matchings, overlapping template matchings, universal statistical, approximate entropy, random excursions, random excursions variant, serial, linear complexity [20]. Due to the limitation of the final key length, the key sequence generated by the RISKG algorithm meets 7 of 15 test items, and only 7 of them are selected for testing. Figure 5 shows KGR versus SNR for the RISKG, CKG, IKG, and JKG algorithms at Bob or Eve under the nonideal channel situation and imperfect channel estimation (e ∈ 0.01, 0.001, 0.0001 { }). It can be seen from the figure that as e decreases, the KGR of all algorithms increases to some extent. As the SNR rises, the KGR of all algorithms rises to some extent, gradually approaching the highest KGR in the ideal state at around 40 dB. e RISKG algorithm proposed in this paper greatly surpasses the other three algorithms in the performance of KGR, under the same SNR and e. It can also be seen that Eve's KGR for different SNR cases is smaller than that of any algorithm used on Bob with all algorithms. Figure 6 shows KMR versus SNR of RISKG, CKG, IKG, and JKG algorithms at Bob and Eve in the case of nonideal channels and imperfect channel estimation (e ∈ 0.01, 0.001, 0.0001 { }). It can be seen from the figure that the KMR of all algorithms decreases as e decreases. Simultaneously the KMR of all algorithms decreases as SNR increases. e proposed RISKG algorithm outperforms the other three algorithms. Due to the uncorrelation of the channel, there is a significant gap between the KMR on Eve and Bob compared to all cases on Bob, and it becomes more obvious as the SNR increases.

Simulation Performance.
In addition, Figure 7 shows the KLG vs. SNR of keys generated at Eve using the RISKG algorithm, the IKG algorithm, and the RISKG algorithm without scrambling for e � 0.001. From the three sets of data in Figure 7, the KLR is reduced by scrambling, which makes Eve steal less useful information. And RISKG algorithm also reduces the KLG at Eve compared to the IKG algorithm, which improves the security of the communication system. e randomness test results of the keys generated by the RISKG algorithm are shown in Table 2. e generated final secret key sequence is checked for randomness using the NIST statistical test suite in this paper. e NIST statistical test suite consists of 15 different test items, each test is given a P-value (P-value is a probability value between 0 and 1). If the P-value of each test is more than 0.01, the randomness tests are regarded to be passed. e 7 test items are randomly picked secret keys generated by the RISKG algorithm when the SNR is 10 dB, which tested under e ∈ 0.01, 0.001, 0.0001 { } respectively are shown in Table 2.

Computational Complexity.
To fairly compare the complexity of the three algorithms, we uniformly assume that the key generation is performed for the diagonal matrix H f i ∈ C M×M in the coherent time τ and the size of the subblock is uniformly assumed to be l. For the RISKG algorithm, a total of (3 − 1/l)M − 2 addition calculations, M/l + 2 multiplication calculations, 7M + 3200 bitwise exclusive-OR calculations and 3M comparisons are performed. Taken together, the RISKG algorithm has complexity O(M), which implies that the proposed algorithm has linear complexity with respect to the length of key generation. For the IKG algorithm, because of its multiplication by the interleaving matrix R ∈ C M×M , it performs  Table 3.  Figure 7: KLR versus SNR performance at eve for the RISKG algorithm, the IKG algorithm, and the RISKG algorithm without scrambling.

Conclusions
Taking the short-time reciprocity of the time-division duplex communication, this paper proposes a novel key generation algorithm under the OFDM system and Rayleigh fading channel by using the CIR of the wireless channel and gives the specific implementation steps of the algorithm. e algorithm first obtains the CIR of the wireless channel at the legitimate communicate node by the pilots. Moreover, the keys for the real and imaginary parts of each subcarrier are generated independently and arranged in front-to-back order to enhance the key generation rate, with the initial key being generated by comparing the mean value when generating the key for the corresponding subcarrier. Finally, to make it more difficult for Eve to obtain the secret key based on the CIR trend and improve secret key confidentiality, the mean phase of subcarriers within each subblock is used as the scrambling initialization to scramble the generated initial secret key that enhances security and lowers the KLR at Eve.
In the security analysis section, the security is analyzed by information theory, and the results show that the proposed algorithm has high security in theory. In terms of simulation performance, compared with the CKG algorithm, IKG algorithm, and JKG algorithm, the RISKG algorithm significantly improves the performance in both KGR and KMR. Unlike the JKG algorithm, which enhances KGR by sacrificing a specific performance of KMR, the RISKG algorithm improves KGR without worsen KMR. Advanced the NIST statistical test suite is used to evaluate the randomness of the final key generated. e computational complexity of the algorithm is also analyzed. In summary, the secret key generated by the proposed algorithm can be used to encrypt and secure wireless communications.
Data Availability e numerical simulation data used to support the findings of this study are available from the corresponding author upon request.

Conflicts of Interest
e authors declare that there are no conflicts of interest.