On the Colluding Attack to Compromise Physical Layer Key Generation Through a Large-Scale Fading Estimation

Physical layer key generation is the lightweight key exchange attracting considerable researches in recent years. Most of the researches focus on the key agreement and the security to defend against active attacks. However, the passive attacks have not been widely investigated, as a spatial decorrelation assumption is commonly made to exclude the scenario that eavesdroppers can obtain correlated channel characteristics when they locate at more than a half carrier wavelength to legitimate users. We challenge the assumption by demonstrating that the changing large-scale fading in a mobile-to-fixed (M2F) channel leaks key information to the eavesdroppers. We propose the colluding-side-channel attack (colluding-SCA) to develop physical layer key inference experiments. We validate our claim by showing the theoretical analysis and experimental results. While the changing large-scale fading in a M2F channel leaks key information, a fixed-to-fixed (F2F) channel can defend against the colluding-SCA as large-scale fading does not change in such channel. We conclude that if a channel has large-scale fading variance that contributes to the physical layer key entropy, the eavesdroppers will have a higher key inference capacity. Signal pre-processing is widely investigated for its implementation on physical layer key generation to improve the key agreement. We extend our research to demonstrate that signal pre-processing can further increase the key inference capacity of eavesdroppers, with a moving window average (MWA) method as the research object to validate the claim.