Enhance Physical Layer Security via Channel Randomization with Reconfigurable Antennas

  • Yanjun Pan
  • Ming LiEmail author
  • Yantian Hou
  • Ryan M. Gerdes
  • Bedri A. Cetiner
Part of the Advances in Information Security book series (ADIS, volume 74)


Secure wireless communication techniques based on physical (PHY) layer properties are promising alternatives or complements to traditional upper-layer cryptography-based solutions, due to the capability of achieving message confidentiality or integrity and authentication protection without pre-shared secrets. While many theoretical results are available, there are few practical PHY-layer security schemes, mainly because the requirement of channel advantage between the legitimate users versus the attacker’s is hard to satisfy in all cases. Recent research shows that channel randomization, which proactively and dynamically perturbs the physical channel so as to create an artificial channel advantage, is helpful to enhance certain PHY-layer security goals such as secrecy. However, a systematic study of the foundations of such an approach and its applicability is needed. In this chapter, we first survey the state-of-the-art in PHY-layer security and identify their main limitations as well as challenges. Then we examine the principles of channel randomization and explore its application to achieve in-band message integrity and authentication. Especially, we focus on preventing active signal manipulation attacks and use reconfigurable antennas to systematically randomize the channel such that it is unpredictable to the active attacker. Both theoretical and experimental results show that it is a feasible and effective approach. Other applications and future directions are discussed in the end.



This work was partly supported by NSF grants CNS-1410000, CNS-1619728, CAREER Award CNS-1564477, ONR YIP Award N00014-16-1-2650. The multifunctional reconfigurable antenna design aspect of this work performed at Utah State University is supported in part by AFOSR Grant No FA 9550-15-1-0040 DEF.


  1. 1.
    F. Adib, S. Kumar, O. Aryan, S. Gollakota, D. Katabi, Interference alignment by motion, in Proceedings of the 19th Annual International Conference on Mobile Computing & Networking (ACM, New York, 2013), pp. 279–290Google Scholar
  2. 2.
    S. Ahmadi, LTE-Advanced: A Practical Systems Approach to Understanding 3GPP LTE Releases 10 and 11 Radio Access Technologies (Academic, London, 2013)Google Scholar
  3. 3.
    N. Anand, S.J. Lee, E.W. Knightly, Strobe: actively securing wireless communications using zero-forcing beamforming, in INFOCOM, 2012 Proceedings IEEE (IEEE, New York, 2012), pp. 720–728Google Scholar
  4. 4.
    E. Anderson, G. Yee, C. Phillips, D. Sicker, D. Grunwald, The impact of directional antenna models on simulation accuracy, in 7th International Symposium on Modeling and Optimization in Mobile, Ad Hoc, and Wireless Networks, 2009. WiOPT 2009 (IEEE, New York, 2009), pp. 1–7Google Scholar
  5. 5.
    T. Aono, K. Higuchi, T. Ohira, B. Komiyama, H. Sasaoka, Wireless secret key generation exploiting reactance-domain scalar response of multipath fading channels. IEEE Trans. Antennas Propag. 53(11), 3776–3784 (2005)CrossRefGoogle Scholar
  6. 6.
    D. Balfanz, D.K. Smetters, P. Stewart, H.C. Wong, Talking to strangers: authentication in ad-hoc wireless networks, in NDSS (2002). CiteseerGoogle Scholar
  7. 7.
    J.T. Bernhard, Reconfigurable Antennas. Synthesis Lectures on Antennas, vol. 2(1) (Morgan & Claypool Publishers, San Rafael, 2007)Google Scholar
  8. 8.
    V. Brik, S. Banerjee, M. Gruteser, S. Oh, Wireless device identification with radiometric signatures, in Proceedings of the 14th ACM International Conference on Mobile Computing and Networking (ACM, New York, 2008), pp. 116–127Google Scholar
  9. 9.
    M. Cagalj, S. Capkun, J.P. Hubaux, Key agreement in peer-to-peer wireless networks. Proc. IEEE 94(2), 467–478 (2006)CrossRefGoogle Scholar
  10. 10.
    S. Čapkun, M. Čagalj, R. Rengaswamy, I. Tsigkogiannis, J.P. Hubaux, M. Srivastava, Integrity codes: message integrity protection and authentication over insecure channels. IEEE Trans. Dependable Secure Comput. 5(4), 208–223 (2008)CrossRefGoogle Scholar
  11. 11.
    V. Casola, A. De Benedictis, M. Albanese, A moving target defense approach for protecting resource-constrained distributed devices, in 2013 IEEE 14th International Conference on Information Reuse and Integration (IRI) (IEEE, New York, 2013), pp. 22–29Google Scholar
  12. 12.
    B.A. Cetiner, H. Jafarkhani, J.Y. Qian, H.J. Yoo, A. Grau, F. De Flaviis, Multifunctional reconfigurable mems integrated antennas for adaptive mimo systems. IEEE Commun. Mag. 42(12), 62–70 (2004)CrossRefGoogle Scholar
  13. 13.
    I. Csiszár, J. Korner, Broadcast channels with confidential messages. IEEE Trans. Inf. Theory 24(3), 339–348 (1978)MathSciNetCrossRefGoogle Scholar
  14. 14.
    S. Eberz, M. Strohmeier, M. Wilhelm, I. Martinovic, A practical man-in-the-middle attack on signal-based key generation protocols, in European Symposium on Research in Computer Security (Springer, New York, 2012), pp. 235–252Google Scholar
  15. 15.
    J. Franklin, D. McCoy, P. Tabriz, V. Neagoe, J.V. Randwyk, D. Sicker, Passive data link layer 802.11 wireless device driver fingerprinting, in USENIX Security Symposium, vol. 3 (2006), pp. 16–89Google Scholar
  16. 16.
    N. Ghose, L. Lazos, M. Li, Help: Helper-enabled in-band device pairing resistant against signal cancellation. in 26th USENIX Security Symposium, Vancouver, BC (2017), pp. 433–450Google Scholar
  17. 17.
    N. Ghose, L. Lazos, M. Li, Secure device bootstrapping without secrets resistant to signal manipulation attacks, in 2018 IEEE Symposium on Security and Privacy (SP) (IEEE, New York, 2018)Google Scholar
  18. 18.
    S. Gollakota, D. Katabi, Physical layer wireless security made fast and channel independent, in INFOCOM, 2011 Proceedings IEEE (IEEE, New York, 2011)Google Scholar
  19. 19.
    S. Gollakota, N. Ahmed, N. Zeldovich, D. Katabi, Secure in-band wireless pairing. in USENIX Security Symposium, San Francisco, CA (2011), pp. 1–16Google Scholar
  20. 20.
    S. Gollakota, H. Hassanieh, B. Ransford, D. Katabi, K. Fu, They can hear your heartbeats: non-invasive security for implantable medical devices. in ACM SIGCOMM Computer Communication Review, vol. 41 (ACM, New York, 2011), pp. 2–13Google Scholar
  21. 21.
    H. Hassanieh, J. Wang, D. Katabi, T. Kohno, Securing rfids by randomizing the modulation and channel, in NSDI (2015), pp. 235–249Google Scholar
  22. 22.
    Y. Hou, M. Li, J.D. Guttman, Chorus: scalable in-band trust establishment for multiple constrained devices over the insecure wireless channel, in Proceedings of the Sixth ACM Conference on Security and Privacy in Wireless and Mobile Networks (ACM, New York, 2013), pp. 167–178Google Scholar
  23. 23.
    Y. Hou, M. Li, R. Chauhan, R.M. Gerdes, K. Zeng, Message integrity protection over wireless channel by countering signal cancellation: theory and practice, in Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security (ACM, New York, 2015), pp. 261–272Google Scholar
  24. 24.
    S. Jana, S.N. Premnath, M. Clark, S.K. Kasera, N. Patwari, S.V. Krishnamurthy, On the effectiveness of secret key extraction from wireless signal strength in real environments, in Proceedings of the 15th Annual International Conference on Mobile Computing and Networking (ACM, New York, 2009), pp. 321–332Google Scholar
  25. 25.
    P.L. Kafle, A. Intarapanich, A.B. Sesay, J. McRory, R.J. Davies, Spatial correlation and capacity measurements for wideband mimo channels in indoor office environment. IEEE Trans. Wirel. Commun. 7(5), 1560–1571 (2008)CrossRefGoogle Scholar
  26. 26.
    A. Kalamandeen, A. Scannell, E. de Lara, A. Sheth, A. LaMarca, Ensemble: cooperative proximity-based authentication, in Proceedings of the 8th International Conference on Mobile Systems, Applications, and Services (ACM, New York, 2010), pp. 331–344Google Scholar
  27. 27.
    A. Kashyap, T. Basar, R. Srikant, Correlated jamming on mimo gaussian fading channels. IEEE Trans. Inf. Theory 50(9), 2119–2123 (2004)MathSciNetCrossRefGoogle Scholar
  28. 28.
    D. Kewley, R. Fink, J. Lowry, M. Dean, Dynamic approaches to thwart adversary intelligence gathering, in Proceedings of the DARPA Information Survivability Conference & Exposition II, 2001. DISCEX’01, vol. 1 (IEEE, New York, 2001), pp. 176–185Google Scholar
  29. 29.
    P. Kyritsi, D.C. Cox, R.A. Valenzuela, P.W. Wolniansky, Correlation analysis based on mimo channel measurements in an indoor environment. IEEE J. Sel. Areas Commun. 21(5), 713–720 (2003)CrossRefGoogle Scholar
  30. 30.
    L. Lai, Y. Liang, H.V. Poor, A unified framework for key agreement over wireless fading channels. IEEE Trans. Inf. Forensics Secur. 7(2), 480–490 (2012)CrossRefGoogle Scholar
  31. 31.
    S. Leung-Yan-Cheong, M. Hellman, The gaussian wire-tap channel. IEEE Trans. Inf. Theory 24(4), 451–456 (1978)MathSciNetCrossRefGoogle Scholar
  32. 32.
    Z. Li, E. Ahmed, A.M. Eltawil, B.A. Cetiner, A beam-steering reconfigurable antenna for wlan applications. IEEE Trans. Antennas Propag. 63(1), 24–32 (2015)MathSciNetCrossRefGoogle Scholar
  33. 33.
    S. Mathur, W. Trappe, N. Mandayam, C. Ye, A. Reznik, Radio-telepathy: extracting a secret key from an unauthenticated wireless channel, in Proceedings of the 14th ACM International Conference on Mobile Computing and Networking (ACM, New York, 2008), pp. 128–139Google Scholar
  34. 34.
    U.M. Maurer, Secret key agreement by public discussion from common information. IEEE Trans. Inf. Theory 39(3), 733–742 (1993)MathSciNetCrossRefGoogle Scholar
  35. 35.
    J.M. McCune, A. Perrig, M.K. Reiter, Seeing-is-believing: using camera phones for human-verifiable authentication, in 2005 IEEE symposium on Security and Privacy (IEEE, New York, 2005), pp. 110–124Google Scholar
  36. 36.
    R. Mehmood, A study of reconfigurable antennas as a solution for efficiency, robustness, and security of wireless systems. Brigham Young University (2015)Google Scholar
  37. 37.
    Y. Pan, Y. Hou, M. Li, R.M. Gerdes, K. Zeng, M.A. Towfiq, B.A. Cetiner, Message integrity protection over wireless channel: countering signal cancellation via channel randomization, in IEEE Transactions on Dependable and Secure Computing (2017)Google Scholar
  38. 38.
    T. Perkovic, M. Cagalj, T. Mastelic, N. Saxena, D. Begusic, Secure initialization of multiple constrained wireless devices for an unaided user. IEEE Trans. Mob. Comput. 11(2), 337–351 (2012)CrossRefGoogle Scholar
  39. 39.
    C. Pöpper, N.O. Tippenhauer, B. Danev, S. Capkun, Investigation of signal and message manipulations on the wireless channel, in European Symposium on Research in Computer Security (Springer, New York, 2011), pp. 40–59Google Scholar
  40. 40.
    M. Schulz, A. Loch, M. Hollick, Practical known-plaintext attacks against physical layer security in wireless mimo systems, in NDSS (2014)Google Scholar
  41. 41.
    S. Shafiee, S. Ulukus, Capacity of multiple access channels with correlated jamming, in Military Communications Conference, 2005, MILCOM 2005 (IEEE, New York, 2005), pp. 218–224Google Scholar
  42. 42.
    S. Shafiee, S. Ulukus, Mutual information games in multiuser channels with correlated jamming. IEEE Trans. Inf. Theory 55(10), 4598–4607 (2009)MathSciNetCrossRefGoogle Scholar
  43. 43.
    N.O. Tippenhauer, L. Malisa, A. Ranganathan, S. Capkun, On limitations of friendly jamming for confidentiality, in 2013 IEEE Symposium on Security and Privacy (SP) (IEEE, New York, 2013), pp. 160–173CrossRefGoogle Scholar
  44. 44.
    A. Varshavsky, A. Scannell, A. LaMarca, E. De Lara, Amigo: proximity-based authentication of mobile devices, in International Conference on Ubiquitous Computing (Springer, New York, 2007), pp. 253–270Google Scholar
  45. 45.
    T.D. Vo-Huu, E.O. Blass, G. Noubir, Counter-jamming using mixed mechanical and software interference cancellation, in Proceedings of the Sixth ACM Conference on Security and Privacy in Wireless and Mobile Networks (ACM, New York, 2013), pp. 31–42Google Scholar
  46. 46.
    Q. Wang, H. Su, K. Ren, K. Kim, Fast and scalable secret key generation exploiting channel phase randomness in wireless networks, in INFOCOM, 2011 Proceedings IEEE (IEEE, New York, 2011), pp. 1422–1430Google Scholar
  47. 47.
    A.D. Wyner, The wire-tap channel. Bell Labs Tech. J. 54(8), 1355–1387 (1975)MathSciNetCrossRefGoogle Scholar
  48. 48.
    Q. Yan, H. Zeng, T. Jiang, M. Li, W. Lou, Y.T. Hou, Jamming resilient communication using mimo interference cancellation. IEEE Trans. Inf. Forensics Secur. 11(7), 1486–1499 (2016)CrossRefGoogle Scholar
  49. 49.
    C. Ye, S. Mathur, A. Reznik, Y. Shah, W. Trappe, N.B. Mandayam, Information-theoretically secret key generation for fading wireless channels. IEEE Trans. Inf. Forensics Secur. 5(2), 240–254 (2010)CrossRefGoogle Scholar
  50. 50.
    X. Yuan, Z. Li, D. Rodrigo, H.S. Mopidevi, O. Kaynar, L. Jofre, B.A. Cetiner, A parasitic layer-based reconfigurable antenna design by multi-objective optimization. IEEE Trans. Antennas Propag. 60(6), 2690–2701 (2012)MathSciNetCrossRefGoogle Scholar
  51. 51.
    K. Zeng, K. Govindan, P. Mohapatra, Non-cryptographic authentication and identification in wireless networks [security and privacy in emerging wireless networks]. IEEE Wirel. Commun. 17(5), 56–62 (2010)CrossRefGoogle Scholar
  52. 52.
    Y. Zheng, M. Schulz, W. Lou, Y.T. Hou, M. Hollick, Profiling the strength of physical-layer security: a study in orthogonal blinding, in Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks (ACM, New York, 2016), pp. 21–30Google Scholar

Copyright information

© This is a U.S. government work and not under copyright protection in the U.S.; foreign copyright protection may apply 2019

Authors and Affiliations

  • Yanjun Pan
    • 1
  • Ming Li
    • 1
    Email author
  • Yantian Hou
    • 2
  • Ryan M. Gerdes
    • 3
  • Bedri A. Cetiner
    • 4
  1. 1.The University of ArizonaTucsonUSA
  2. 2.Boise State UniversityBoiseUSA
  3. 3.Virginia TechArlingtonUSA
  4. 4.Utah State UniversityLoganUSA

Personalised recommendations