Empirical statistical inference attack against PHY-layer key extraction in real environments

Traditional cryptographic secret key establishment mechanisms are facing challenges with the fast growth of high-performance computing, and can be very costly in many settings, e.g. in wireless ad-hoc networks, since they consume scarce resources such as bandwidth and battery power. As an alternative, link-signature-based (LSB) secret key extraction techniques have received many interests in recent years. It is believed that these mechanisms are secure, based on the fundamental assumption that wireless signals received at two locations separated by more than half a wavelength apart are uncorrelated. However, recently it has been observed that in some circumstances this assumption does not hold, rendering LSB key extraction mechanisms vulnerable to attacks. This paper studies empirical statistical inference attacks (SIA) to LSB key extraction, whereby an attacker infers the signature of a target link, and henceforce recovers the secret key extracted from that signature, by observing the surrounding links. Different from prior work that assumes a theoretical link-correlation model for the inference, our study does not make any assumption on link correlation. Instead, ours is taking a machine learning method for link inference based on empirically measured link data. Machine learning (ML) algorithms are developed to launch SIA under various realistic scenarios. Our experiment results show that even without making assumptions on link correlation, the proposed inference algorithms are still quite effective, and can reduce the key search space by many orders of magnitudes compared to brutal force search.