On-line Entropy Estimation for Secure Information Reconciliation

Christian Zenger, Jan Zimmer, Jan-Felix Posielek, Chris­tof Paar

Workshop on Wireless Communication Security at the Physical Layer, WiComSec-Phy 2015, Coimbra, Portugal, July 22, 2015


The random number generator (RNG) is a critical, if not in fact the most important, component in every cryptographic device. Introducingthesymmetricradiochannel, represented byestimationsoflocation-specific, reciprocal, and time-variant channel characteristics, as a common RNG is not a trivial task. In recent years, several practice-oriented protocols have been proposed, challenging the utilization of wireless communication channels to enable the computation of a shared key. However, the security claims of those protocols typically rely on channel abstractions that are not fully experimentally substantiated, and (at best) rely on statistical off-line tests. In the present paper, we investigate on-line statistical testing for channel-based key extraction schemes, which is independent from channel abstractions due to the capability to verify the entropy of the resulting key material. We demonstrate an important security breach if on-line esti- mation is not applied, e.g., if the device is in an environment with an insufficient amount of entropy. Further, we present real-world evaluation results of 10 recent protocols for the generation of keys with a verified security level of 128-bit.


tags: Channel-based key extraction, information reconciliation, on- line entropy estimation, physical layer security