Securing Wireless Communications of the Internet of Things from the Physical Layer, An Overview
The security of the Internet of Things (IoT) is receiving considerable interest as the low power constraints and complexity features of many IoT devices are limiting the use of conventional cryptographic techniques. This article provides an overview of recent research efforts on alternative approaches for securing IoT wireless communications at the physical layer, specifically the key topics of key generation and physical layer encryption. These schemes can be implemented and are lightweight, and thus offer practical solutions for providing effective IoT wireless security. Future research to make IoT-based physical layer security more robust and pervasive is also covered.
The Internet of Things (IoT) aims to allow ubiquitous connections between things with computing, communication, and sensing ability. IoT applications include smart cities, smart traffic, healthcare, smart home, industrial monitoring, and environment monitoring, etc. [1, 2], which have revolutionized every aspect of our life. On the other hand, many open research problems still remain to allow this technology to become widely available as proposed . For example, IoT security and privacy remains a major concern as indicated by the UK IoT government report  and agreed by many experts . To this end, research into effective IoT security remains a key objective as indicated by major sponsors such as the US National Science Foundation , the European Horizon 2020 research programs , and the UK’s Engineering and Physical Sciences Research Council .
The number of connected devices has already exceeded the world’s population and is increasing exponentially. It is predicted by numerous sources that IoT devices will number 10 billion by 2020 . For example, Cisco estimated there would be 6.58 connected devices per person by 2020, i.e., about 50 billion devices in total . With the huge amount of IoT devices, wireless communication is preferred as it allows easy installation and provides ubiquitous connection. Wireless air interfaces involved in the IoT include IEEE 802.15.4 (Zigbee), Bluetooth Low Energy (BLE), IEEE 802.11 Wi-Fi, LoRaWAN, cellular connections, ultrawide band, near field communication (NFC), radio-frequency identification (RFID), to name but a few.
While we are enjoying the benefits that wireless connection has brought, its broadcast nature makes the transmission vulnerable to passive eavesdropping and active jamming. Thus, there is a clear need to protect the data on-the-fly in the IoT as it will generally contain sensitive, private or confidential information. For example, in healthcare applications, the sensor nodes collect patients’ health information such as heart rate and blood pressure. This information is private and highly confidential, and hence a secure transmission channel is required. However, IoT systems are far from safe and many vulnerabilities exist . For example, HP reported that 70% of devices did not encrypt their communications .
The security countermeasures are mainly categorized into computational security and information-theoretic security . The former has been the main approach in protecting the communication systems where cryptographic algorithms and protocols are deployed at the upper layers of the protocol stack . For example, the transport layer security (TLS) is a well-known protocol to protect the transport link  while Wi-Fi protected access (WPA) is designed to secure the media access control (MAC) layer111IEEE 802 splits the open systems interconnection (OSI) data link layer into MAC sublayer and logical link control (LLC) sublayer. in the IEEE 802.11 systems . A classical cryptosystem comprises public key cryptography (PKC) for key distribution222Public key cryptography can also be used for encryption/decryption and digital signature, which are not discussed in this article. and symmetric encryption for data protection, as shown in Figure 1, where Alice and Bob are the legitimate users wishing to communicate securely. PKC security relies on exploiting the computational hardness of mathematical problems, such as discrete logarithm, and distributes the same session key to Alice and Bob. Symmetric encryption usually occurs in the upper layers, i.e., data link/MAC layer and above, allowing encryption of plaintext with the common session key shared between users using PKC.
Whilst classical cryptosystems have protected conventional wireless systems, there are challenges in applying these approaches in IoT. IoT devices range from well-resourced smartphones to low cost, low energy and lightweight computing embedded devices. Many low cost IoT devices cannot afford the additional silicon area, power consumption, and code space needed to perform the expensive mathematical calculations of cryptographic methodologies . In addition, IoT applications may work in a device-to-device communication mode where there is no secured public key infrastructure (PKI) for the distribution of public keys. Finally, with the development of quantum computing, the concept of PKC will be fundamentally challenged .
Conventional upper layer-based cryptography also leaves the transmission vulnerable to many passive and active attacks. For example, the MAC header is sent in plaintext and attackers can perform traffic analysis by observing the MAC header. In addition, the physical packet header is also sent in plaintext and can reveal side-channel information (SCI) such as data rate, packet length, mapping schemes, etc. . Eavesdroppers can perform various attacks based on the observed SCI, such as analysis of users’ activities and selective jamming.
Therefore, the design of a low cost and robust cryptosystem for IoT is vital. While the main security streams have focused on the upper layers, the physical layer can also be leveraged to enhance security. In fact, reusing the physical layer features can decrease additional energy cost for security. As shown in Figure 2, security enhancement at the physical layer can be twofold. Firstly, information-theoretic security, also known as physical layer security (PLS), exploits the unpredictable features of wireless channels, such as fading; therefore, the system will not be compromised no matter how powerful the attackers are [20, 21, 22, 23]. PLS transmission techniques achieve security through artificial noise , jamming , or beamforming , etc. However, many PLS transmission schemes are not practical yet because they require complex coding and/or the perfect/imperfect channel state information (CSI) of the receiver and/or eavesdroppers . On the other hand, physical layer key generation, an active branch of PLS, is implementable because the legitimate users are able to agree on the same key from the noisy channel estimation , which can be used as an alternative to PKC in many circumstances. Secondly, moving the encryption to the physical layer can protect the entire physical layer packet and thus the wireless connection is secured from many passive and active attacks.
Recently, a new hybrid approach considers how we can deploy cryptosystems directly into the physical layer and integrates information-theoretical security and computational security schemes, which are constructed by physical layer key generation and physical layer encryption (PLE), as shown in Figure 3. Alice and Bob carry out wireless transmission over the noisy channel using pilot signals. They are able to exploit common information of wireless channels and agree on the same cryptographic key through the key generation protocol consisted of channel probing, quantization, information reconciliation, and privacy amplification. The key is then fed to the PLE, which performs encryption operations at the modulation stages of the physical layer, and protects the IoT wireless transmission. Their integration offers a good example of how information-theoretic security schemes and computational security schemes can work together to protect IoT systems. Security countermeasures from the physical layer are lightweight and offer protection to the wireless transmission, and therefore are advantageous over conventional upper layer encryption-based security primitives.
There have been survey papers on the PLS transmission  and key generation [29, 27] to protect IoT. However, PLS transmission is limited in practical implementation and a survey on integration of key generation and encryption has never been reported. This article aims to provide an overview on the recent progress of this promising hybrid physical layer cryptosystem, with a focus on the practical implementation and algorithm prototyping.
The rest of this article is organized as follows. The wireless technologies used in IoT are introduced in Section II. We then describe the physical layer key generation in Section III and PLE in Section IV. Finally, we propose some future research directions in Section V that make securing IoT from the physical layer more robust and pervasive. Section VI concludes the article.
Ii Wireless Technologies for IoT and Their Security Countermeasures
IoT aims to connect everything together and wireless communication is seen as the best option in order to avoid installation costs while enabling ubiquitous connection. IoT devices are normally tiny, embedded, and battery-powered, and thus communicate with each other through various low-power wireless communication technologies. This section introduces several popular wireless technologies, including IEEE 802.15.4 (Zigbee), BLE, IEEE 802.11, and LoRaWAN.
IEEE 802.15.4 defines the physical and MAC layer protocols while Zigbee is based on IEEE 802.15.4 and includes high layer protocols. It runs at an unlicensed industrial, scientific and medical (ISM) 2.4 GHz frequency and uses direct sequence spread spectrum (DSSS) as the physical layer modulation. IEEE 802.15.4 is energy efficient and supports a data rate of up to 250 kbps, which is quite suitable for applications with limited data exchange requirements. It has been used extensively in wireless sensor networks (WSNs), especially in industrial applications.
BLE, also known as Bluetooth Smart, was standardized in 2010 as Bluetooth Core Specification Version 4.0. BLE runs at 2.4 GHz frequency and uses frequency hopping spread spectrum (FHSS) to combat frequency interference. It supports short range communications (50 to 100 m) and a data rate of 1 Mbps. In addition, BLE consumes extremely low energy and can run for months on standard coin-cell batteries. It is suited for IoT applications such as wearable devices and it is predicted by the Bluetooth special interest group that more than 90% smartphones will support BLE by 2018 .
IEEE 802.11 families are the most popular wireless local area network (WLAN) standards working at 2.4/5 GHz. They include IEEE 802.11a/b/g/n and are supported almost by all smartphones, laptops, tablets, etc. IEEE 802.11 can be used in the smart home applications to provide large amounts of data transfer and as most houses are already covered by IEEE 802.11, installation costs can be avoided. Whilst legacy IEEE 802.11 standards may not be suitable for many lightweight IoT applications, IEEE 802.11ah was recently announced by the Wi-Fi alliance which has been developed explicitly for IoT. It works at sub 1 GHz bands and can cover large range communications. In addition, 802.11ah adopts narrower bandwidth and implements energy efficient protocols to extend the sensors’ battery life. It is also optimized to support large groups of stations or sensors that cooperate to share the signals.
LoRaWAN is an emerging low power wide area network (WAN) technology with the first specification released in June, 2015 . It also runs at sub 1 GHz and employs chirp spread spectrum. It supports long range coverage ( km), millions of users, and low power consumption (up to ten years), and therefore is extremely suitable for low cost IoT devices.
IEEE 802.15.4, Bluetooth, and IEEE 802.11 systems usually handle the security at the data link/MAC layer. For example, an AES block cipher is used to protect the link layer of IEEE 802.15.4 and Bluetooth systems. In IEEE 802.11 systems, an MAC layer encryption scheme named WPA has been designed and implemented using AES. LoRa implements the security countermeasures by encryption at network and application layers.
A summary and comparison of the wireless technologies for the IoT is given in Table I.
|Technique||Frequency||Range||Data Rate||Security Countermeasure||Applications|
|IEEE 802.15.4 (Zigbee)||2.4 GHz||10 to 100 m||250 kps||AES in MAC layer||WSN, industrial, environment, and healthcare monitoring|
|BLE||2.4 GHz||50 to 150 m||1 Mbps||AES in link layer||Wearable devices, smartphones|
|IEEE 802.11 a/b/g/n||2.4 or 5 GHz||50 m||100 Mbps||WPA in MAC layer (with AES implemented)||Smart home, entertainment|
|IEEE 802.11 ah||sub 1 GHz||1 km||150 Kbps||Smart city, smart grid, smart home, healthcare,|
|LoRaWAN||sub 1 GHz||15 km||0.3 kbps to 50 kbps||Encryption at network and application layer||Machine-to-machine, smart city, and industrial applications|
Iii Physical Layer Key Generation
Key generation from the randomness of wireless channels has been receiving much research interest , as it is well-suited for establishing cryptographic keys as an alternative to PKC in IoT applications . As shown in Figure 3, firstly, key generation exploits unpredictable but characteristic features of the wireless channel, and is thus information-theoretically secure [33, 34]. Secondly, it can be carried out between a pair of users with no aid from a third user, while a secured PKI is always required for PKC. Finally, key generation is lightweight and uses limited resources as all of the operations are not complicated and thus meets the low computation capacity of IoT devices. Zenger et al. implemented their key generation scheme in a 32-bit ARM Cortex M3 processor (EFM32GG-STK3700) and an 8-bit Intel MCS-51 and showed the resource and energy consumption to be very low . The authors also implemented a lightweight PKC, elliptic curves Diffie-Hellman key generation (ECDH), as a comparison. As shown in Table II, taking the implementation in 32-bit ARM processor as an example, the ECDH requires 5.73 times more code, 128.26 times more cycles, and consumes 41.52 times more energy, than that of the key generation protocol, respectively. Therefore, key generation from wireless channels is extremely suitable for low cost IoT devices.
|Code Size (kb)||Cycles||Computation (mJ)||Communication (mJ)||Total (mJ)|
|Key generation||ARM Cortex-M3||32-bit||1.033||302,297||2.246||0.187||2.433|
|Key generation||Intel MCS-51||8-bit||1.137||1,345,205||5.206||0.187||5.393|
Key generation works well in a dynamic wireless communication system, and is built on three principles.
Channel reciprocity means the channel responses of the forward and backward links are the same, which is the basis for key generation. When two users measure the same channel parameters at the same frequency in a time-division duplex (TDD) mode, the measurements at Alice and Bob are impacted by the non-simultaneous sampling and noise. However, a high correlation between channel measurements of Alice and Bob can still be maintained and eligible for key generation in a slow fading channel, as demonstrated in many practical experiments [36, 37, 38, 39].
Temporal variation indicates that there is randomness residing in the dynamic channel333In the urban area, the interference may be chaotic, because of the densely deployed access points . The interference will impact the channel measurements accuracy but will not affect randomness nature of the wireless link between users. In addition, the statistical features of the channel may be deterministic [41, 42], but key generation is exploiting the instantaneous channel variation, which is random in nature., which ensures the extracted keys are random. A random key will make the cryptographic applications robust against attacks such as brute force.
Spatial decorrelation implies that when located a half-wavelength away from the legitimate users, the eavesdropper experiences an uncorrelated channel compared to that between Alice or Bob, guaranteeing the security of the key generation. When the system works at 2.4 GHz, a half-wavelength is about 6 cm, which is quite short.
Key generation involves channel probing, quantization, information reconciliation, and privacy amplification, as shown in Figure 3. Without loss of generality, Alice is selected as the initiator of the key generation process.
In the channel probing step, the randomness residing in the temporal [36, 37, 43], frequency [45, 46, 43, 47], and spatial [48, 49, 50, 51] domains can be extracted by measuring the channel parameters such as the received signal strength (RSS) and CSI, etc. In particular, at time Alice sends a public pilot signal to Bob who will measure the channel parameter as . Then, at time , Bob also sends a public pilot signal to Alice who will measure the same channel parameter and store it as . Alice and Bob will repeat the above channel sampling until they get enough measurements to generate a full set of keys444The key length is determined by the cryptographic applications. For example, the key length of AES can be 128-bit, 192-bit, or 256-bit.. It is worth noting that in this step, users adopt a public pilot signal to measure the channel but do not try to exchange message secretly. It is possible that some of the probe packets are not successful because of the poor channel condition, which results in a mismatch between the pairing of the measurements of Alice and Bob. This can be solved by exchanging and comparing the timestamps of the measurements, and keeping the records with the common timestamps. In TDD mode, the common timestamp does not necessarily indicate the timestamps with the exact same value, but their difference should be the sampling delay . For example, Alice will send her recorded timstamps to Bob, who will compare his timestamps and keep the common ones. Bob will then send his censored timestamps to Alice and she will also only keep the common ones, which will finally enable Alice and Bob to have the paired measurements. The exchange does not reveal any useful information to eavesdroppers.
In the second step, both Alice and Bob will convert the analog measurements into binary sequences using quantization schemes. Mean and standard deviation-based quantizer  (Algorithm 1) and cumulative distribution functions (CDF)-based quantizer  (Algorithm 2) are two popular quantizers. In Algorithm 1, is the mean value of , is the standard deviation of , is used to adjust the threshold, and is the number of the channel measurements. The design of quantizer relies on the selection of threshold and quantization level (QL). CDF-based quantization is able to obtain the same proportion of 0s and 1s as it can adaptively adjust the threshold, which is at the cost of increased complexity. The computational complexity of calculating the mean and variance is . When calculating CDF, one key step is sorting the measurements, whose complexity is , which requires more computation than the calculation of the mean and variance. A performance comparison of quantization schemes is reported in .
In practical measurements, due to the half-duplex nature of the most commercial hardware platforms and the independent hardware noise, channel measurements of Alice and Bob, i.e., and , will not be identical, thus resulting in a disagreement between and . In the information reconciliation stage, Alice and Bob will leverage the error correction code (ECC) to reach an agreement, which is achieved via public discussion by exchanging information such as the syndrome. Secure sketch  is a popular key reconciliation technique and is given as an example in Algorithm 3. A comprehensive survey on information reconciliation techniques can be found in . Finally, privacy amplification is employed to eliminate the information revealed to eavesdroppers, which can be implemented using hash functions .
Due to its lightweight feature, this form of key generation has strong potential to provide the security for IoT. It has been applied in many wireless technologies, such as IEEE 802.11, IEEE 802.15.4, Bluetooth, etc., with many prototypes/implementations reported, see .
IEEE 802.11 is the most popular technique for the key generation implementation as the technique is widely adopted in our daily life. The work in  is one of the first and important papers that implemented key generation protocol. The authors generated keys from the peak of channel impulse response (CIR) using an 802.11 compatible field-programmable gate array (FPGA)-based platform, and also from RSS with a commercial Wi-Fi network interface card (NIC). However, the key generation rate is rather limited, i.e., about 1 bps, since the authors only extracted keys from coarse-grained channel parameter. Orthogonal frequency-division multiplexing (OFDM) is employed by IEEE 802.11a/g/n/ah, which can provide fine-grained CSI in both time and frequency domain and significantly improve the key generation performance [43, 45].
A key generation system using wearable devices with IEEE 802.15.4 is implemented in . Channel measurements are carried out along with data transmission, in other words, no dedicated transmission is incurred for key generation. This avoids the additional energy burden required by key generation, which can significantly save power consumption as the radio transmission is always the dominant . In addition, a low cost filter is employed to improve the signal cross-correlation, which helps the system reach an agreement as high as 99.8% . Since there is not much data transmission required by wearable devices, the system takes about half an hour to generate 128-bit keys. The duration is acceptable as it still meets the requirement. For example, Wi-Fi recommends to refresh the session key every hour.
Key generation has also been applied in Bluetooth systems . The authors implemented their system in two Google Nexus One smartphones and sampled RSS with experiments in indoor and outdoor environments. Random frequency hopping was employed to combat the interference from other wireless networks running at the ISM bands. It has also been demonstrated by experiments that Bluetooth-based key generation can be carried out using much lower transmit power (3 dBm) with a performance comparable to that of Wi-Fi-based system, which is desirable for IoT devices.
Iv Physical Layer Encryption
Modern communication systems employ a layered protocol stack to organize communication functions and most of the current security methodologies are applied at the MAC layer and above. The physical layer is the lowest layer of the protocol stack and was designed originally to modulate data for transmission but without any security considerations. This section introduces some recent ongoing encryption schemes implemented at the physical layer, which protects the entire physical layer packet. PLE schemes are lightweight as they do not introduce additional complexity, therefore are quite suitable for IoT applications.
The data payload undergoes several physical layer modulation stages, such as channel coding, mapping, inverse fast Fourier transform (IFFT) operation (for OFDM systems), etc. PLE can be applied by encrypting the data flow in these physical layer modulation stages. Some PLE schemes applicable for OFDM systems are shown in Figure 4, including XOR encryption , phase encryption [59, 60, 58], and OFDM subcarriers encryption [61, 62, 63, 64, 65, 66, 67]. The user first generates the encryption information using the output of stream cipher or chaotic mapping. Based on the adopted encryption scheme, the encryption information is used to calculate phase rotation, dummy subcarrier locations, or subcarrier scrambling/interleaving permutation, etc., which is then used to protect the corresponding modulation stage. The detailed calculation step will shown in Section IV-B. The seed for the stream cipher or the initial state of the chaotic map can be shared between legitimate users using the key generation discussed in the last section.
The entire packet is protected. The encryption of the physical layer payload, i.e., the MAC layer packet, will secure the MAC layer content, including the MAC header. In addition, the protection of the physical layer header can prevent eavesdroppers from carrying out functions of synchronization and channel estimation, significantly increasing the processing overheads for the eavesdropper .
Iv-B Algorithm Prototype
The PLE design is determined by the wireless technologies which employ different physical layer modulations. In this section, we introduce several PLE prototypes based on the modulation stage that they have encrypted.
XOR encryption is the most straightforward and lightweight scheme and can be implemented in hardware in a very efficient manner. As XOR is a bitwise operation, it usually happens before coding, as shown in Figure 4. This scheme is applicable to all the wireless technologies as the data passed from the MAC layer is always in binary form. However, it is implemented at the beginning of modulation stages and does not randomize the physical layer waveform, which results in a weaker protection .
Phase encryption can also be applied as long as phase-shift keying or quadrature amplitude modulation is used [59, 60, 58]. As shown in Figure 4, phase encryption occurs after symbol mapping and the constellation symbols are not in binary values any more. The encrypted constellation symbols can be denoted as
where is the constellation symbols, is the rotation angle, and is the random noise. is generated according to the key sequence and then used to rotate the constellation symbols. In order to create a denser encrypted constellation, more key bits are required to generate rotation angles, which increases the key-to-data ratio555Key-to-data ratio is defined as the number of key bits needed to encrypt one bit plaintext, which is a key metric of PLE.. Random noise, , can be deliberately added to the rotated symbols to make it even more difficult for the eavesdroppers to demodulate the ciphertext [59, 60]. The implementation of this technique is also efficient because the main resource is a multiplier and related control circuits.
The OFDM technique modulates data onto multiple orthogonal subcarriers/frequencies and can significantly increase the data rate, providing an additional domain to protect the data. The parallel input data can be scrambled in frequency domain before IFFT operation [61, 62, 63], which can be given as
where is the frequency scrambling matrix, or the IFFT output data can be scrambled in the time domain  and written as
where is the time scrambling matrix. Scramble-based schemes can bring a large search space. However, it may result in a high computational complexity as matrix operations are required, which may not be suitable for low cost devices .
Different from above OFDM schemes that scramble all the data subcarriers, the work in [65, 66] interleaves only part of the subcarriers. In particular, the scheme in  selects a subset of the subcarriers whose phase is larger than the threshold, and then interleaves their real and imaginary components of the symbols. The method in  selects a subcarrier subset based on the CSI, and then interleaves these subcarriers according to the descending order of their channel amplitudes. Encryption usually involves mathematical operations, e.g., XOR operation, between the plaintext and key sequence, but here the concept applies more generally to the data manipulation according to the common secret information. In addition, the authors use channel information as encryption information directly without resorting to stream ciphers, which requires a careful design of the interleaving pattern because of the channel estimation errors at transmitters and receivers.
While the standard OFDM systems use all the data subcarriers for data transmission, some subcarriers can also be reserved to transmit dummy data, i.e., rubbish information, for obfuscation . Due to the introduction of dummy subcarriers, there is a trade-off between the security and data rate, but it has been demonstrated in  that it is worthwhile as there are many subcarriers and the data rate is usually only slightly reduced. In addition, the preambles are encrypted in  so the entire packet is protected.
The above schemes protect different physical layer modulation stages, which lead to distinctions on the security level, complexity, etc. For example, XOR and phase encryption are easier to implement but provide less strong protection. On the other hand, scrambling-based schemes may require matrix operations, including matrix multiplication and inversion, which result in a higher computation complexity. A detailed comparison in terms of search space to the brute force attack, key rate, and complexity of the above schemes can be found in .
Iv-C Practical Implementation
To the best of the authors’ knowledge, there has been only one paper which has implemented a physical layer phase encryption IEEE 802.15.4 transceiver and RC4 to generate the key sequence . The work in  first validated the design using FPGA technology and then implemented the system in application-specific integrated circuit (ASIC) using UMC 0.18 complementary metal-oxide-semiconductor (CMOS) technology. The security enhancement, including the RC4 and phase encryption/decryption, results in a 26% increase on the gate counts compared to a standard 802.15.4 transceiver, which is a reasonable overheard for security.
V Future Work Suggestions
Although there have been prototypes/demonstrations of the above physical layer-based security countermeasures, research is still needed to make these schemes more robust and pervasive. In this section, we suggest some future research directions in securing the IoT from the physical layer.
V-a Physical Layer Key Generation
Most current commercial platforms work in half-duplex mode, and the keying nodes have to measure the channel alternately in different time instances. Key generation in this setting is only applicable to slow fading channels in order to get a highly correlated measurements between users. Therefore, key generation in fast fading channels is very challenging, which limits its application, e.g. in vehicular communications. Work in  and  designed key generation systems with the maximum vehicle speed tested as 20 mph and 50 mph, respectively, but their key generation rates are limited, e.g., 5 bit/s in . In addition, work in  tested their algorithms in indoor environment only. There is also some simulation work, e.g., [72, 73]. Their performance in the practical fast fading channels remains unknown. This topic is thus still require more efforts, e.g., by using full-duplex hardware .
Efficient group and pairwise key generation are essential to assist secure broadcast and unicast transmission in a large scale IoT network. A fusion center broadcasts signals to the network users, which requires a pre-establishment of a common session key. The devices may also exchange unicast packets between each other, and private keys between pairs of users are required. In ad hoc IoT, many users may join and leave the network frequently, therefore robust and efficient schemes to update the session key and private keys are required. There have been several group key generation protocols reported, e.g., a time-slotted round-trip phase-based scheme , RSS-based protocols for star and chain topologies , and group key generation for mesh topology . However, the scalability (with the size of the group) and efficiency of the above protocols are limited and more research effort is required.
Although key generation is able to achieve information-theoretic security, in practice the security performance requires special attention. For example, when there is a strong line-of-sight, the spatial decorrelation may not hold any more, which makes the system vulnerable to passive eavesdropping [39, 78]. Key generation is also subject to active attacks [79, 80], which will result in less efficient or even unsuccessful key generation. It is thereof very important to design key generation techniques secure from passive eavesdropping and robust to active jamming. In addition, the majority of the research focuses on the indoor and/or mobile channels, while in an outdoor or static environment, the channel randomness is rather limited. A less random key will expose the cryptographic systems to brute force attack and should be always avoided.
V-B Physical Layer Encryption
PLE applies encryption at the physical layer, and entails additional operations and hardware resources. No hardware implementation for PLE schemes has been reported except for those in . The additional operations will introduce latency in the critical path and may not meet the timing requirements of the current MAC protocol. Therefore, a cross-layer design between the physical and MAC layer is necessary.
The keys generated are usually fed to a stream cipher to produce pseudo random numbers to encrypt plaintext. In scenarios where keys can be generated fast or only very small amount of data exchange is required, the keys generated can be used to encrypt the data directly, rather than be used as the seed for stream cipher. Key generation and PLE is then integrated as a one-time pad scheme to offer perfect Shannon secrecy, which can provide strongest protection ever. However, the practical security performance and implementation requires further investigation.
This article has provided an overview on securing wireless communications of IoT applications from the physical layer. We have introduced two security techniques, namely, physical layer key generation and physical layer encryption. For each, we have discussed their features and applications by a special consideration of IoT devices’ low power and low cost features. The remaining challenges of how to make these schemes more robust and pervasive have also been proposed. Unlike previous work, this article has focused on practical prototypes/implementations, thus offering insights for their applications in the IoT to enhance wireless security.
-  L. Atzori, A. Iera, and G. Morabito, “The Internet of Things: A survey,” Computer Networks, vol. 54, no. 15, pp. 2787–2805, 2010.
-  A. Al-Fuqaha, M. Guizani, M. Mohammadi, M. Aledhari, and M. Ayyash, “Internet of Things: A survey on enabling technologies, protocols, and applications,” IEEE Commun. Surveys Tuts., vol. 17, no. 4, pp. 2347–2376, Fourth Quarter 2015.
-  J. A. Stankovic, “Research directions for the internet of things,” IEEE Internet Things J., vol. 1, no. 1, pp. 3–9, 2014.
-  M. Walport, “The Internet of Things: Making the most of the second digital revolution, A report by the UK government chief scientific adviser,” Tech. Rep., December 2014, https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/409774/14-1230-internet-of-things-review.pdf, Accessed on 22 June 2017.
-  “The Internet of Things: Five critical questions,” McKinsey Global Institute, August 2015, http://www.mckinsey.com/industries/high-tech/our-insights/the-internet-of-things-five-critical-questions, Accessed on 22 June 2017.
-  “A partnership to secure and protect the emerging Internet of Things,” National Science Foundation, August 2015, http://nsf.gov/news/news_summ.jsp?cntn_id=136104&org=NSF, Accessed on 22 June 2017.
-  European Research Cluster on the Internet of Things, http://www.internet-of-things-research.eu/, Accessed on 22 June 2017.
-  “New Internet of Things research hub announced,” The Engineering and Physical Sciences Research Council, January 2016, https://www.epsrc.ac.uk/newsevents/news/iotresearchhub/ , Accessed on 22 June 2017.
-  A. Nordrum, “The Internet of fewer things,” September 2016, http://spectrum.ieee.org/telecom/internet/the-internet-of-fewer-things, Accessed on 22 June 2017.
-  D. Evans, “Internet of things research study,” Cisco, Tech. Rep., April 2011, http://www.cisco.com/c/dam/en_us/about/ac79/docs/innov/IoT_IBSG_0411FINAL.pdf, Accessed on 22 June 2017.
-  A. Grau, “How to build a safer Internet of Things,” February 2015, http://spectrum.ieee.org/telecom/security/how-to-build-a-safer-internet-of-things, Accessed on 22 June 2017.
-  “Internet of things research study,” HP, Tech. Rep., November 2015, https://www.hpe.com/h20195/v2/GetPDF.aspx/4AA5-4759ENN.pdf, Accessed on 22 June 2017.
-  Y. Zou, J. Zhu, X. Wang, and L. Hanzo, “A survey on wireless security: Technical challenges, recent advances, and future trends,” Proc. IEEE, vol. 104, no. 9, pp. 1727–1765, September 2016.
-  J. Granjal, E. Monteiro, and J. Sa Silva, “Security for the Internet of Things: A survey of existing protocols and open research issues,” IEEE Commun. Surveys Tuts., vol. 17, no. 3, pp. 1294–1312, Third Quarter 2015.
-  T. Dieks and E. Rescorla, “The Transport layer security (TLS) protocol,” Internet Requests for Comments, RFC Editor, RFC 5246, August 2008. [Online]. Available: http://www.rfc-editor.org/rfc/rfc5246.txt
-  “Wireless lan medium access control (mac) and physical layer (phy) specifications: Amendment 6: Medium access control (mac) security enhancements,” IEEE, Tech. Rep. 802.11i, July 2004.
-  W. Trappe, R. Howard, and R. S. Moore, “Low-energy security: Limits and opportunities in the Internet of Things,” IEEE Security Privacy, vol. 13, no. 1, pp. 14–21, January/February 2015.
-  C. Cheng, R. Lu, A. Petzoldt, and T. Takagi, “Securing the Internet of Things in a quantum world,” IEEE Commun. Mag., vol. 55, no. 2, pp. 116–120, February 2017.
-  H. Rahbari and M. Krunz, “Secrecy beyond encryption: obfuscating transmission signatures in wireless communications,” IEEE Commun. Mag., vol. 53, no. 12, pp. 54–60, December 2015.
-  X. Zhou, L. Song, and Y. Zhang, Eds., Physical layer security in wireless communications. CRC Press, 2013.
-  B. He, X. Zhou, and T. D. Abhayapala, “Wireless physical layer security with imperfect channel state information: A survey,” ZTE Communications, vol. 11, no. 3, p. 11â19, September 2013.
-  A. Mukherjee, S. Fakoorian, J. Huang, and A. Swindlehurst, “Principles of physical layer security in multiuser wireless networks: A survey,” IEEE Commun. Surveys Tuts., vol. 16, no. 3, pp. 1550–1573, Third Quarter 2014.
-  Y. Liu, H.-H. Chen, and L. Wang, “Physical layer security for next generation wireless networks: Theories, technologies, and challenges,” IEEE Commun. Surveys Tuts., vol. 19, no. 1, pp. 347 – 376, 2017.
-  S. Goel and R. Negi, “Guaranteeing secrecy using artificial noise,” IEEE Trans. Wireless Commun., vol. 7, no. 6, 2008.
-  S. Ma, M. Hempel, Y. L. Yang, and H. Sharif, “An approach to secure wireless communications using randomized eigenvector-based jamming signals,” in Proc. 6th Int. Wireless Communications and Mobile Computing Conf., Caen, France, July 2010, pp. 1172–1176.
-  A. Mukherjee and A. L. Swindlehurst, “Robust beamforming for security in mimo wiretap channels with imperfect csi,” IEEE Trans. Signal Processing, vol. 59, no. 1, pp. 351–361, 2011.
-  J. Zhang, T. Q. Duong, A. Marshall, and R. Woods, “Key generation from wireless channels: A review,” IEEE Access, vol. 4, pp. 614–626, March 2016.
-  A. Mukherjee, “Physical-layer security in the Internet of Things: Sensing and communication confidentiality under resource constraints,” Proc. IEEE, vol. 103, no. 10, pp. 1747–1761, October 2015.
-  K. Zeng, “Physical layer key generation in wireless networks: challenges and opportunities,” IEEE Communications Magazine, vol. 53, no. 6, pp. 33–39, 2015.
-  S. Janiak, “Three ways Bluetooth® smart technology enables innovation for the Internet of Things,” January 2015, http://blog.bluetooth.com/three-ways-bluetooth-smart-technology-enables-innovation-for-the-internet-of-things/, Accessed on 22 June 2017.
-  “LoRa Alliance,” https://www.lora-alliance.org/, Accessed on 22 June 2017.
-  C. T. Zenger, M.-J. Chur, J.-F. Posielek, C. Paar, and G. Wunder, “A novel key generating architecture for wireless low-resource devices,” in Proc. Int. Workshop Secure Internet of Things (SIoT), Wroclaw, Poland, September 2014, pp. 26–34.
-  R. Ahlswede and I. Csiszar, “Common randomness in information theory and cryptography – Part I: secret sharing,” IEEE Trans. Inf. Theory, vol. 39, no. 4, pp. 1121–1132, 1993.
-  U. M. Maurer, “Secret key agreement by public discussion from common information,” IEEE Trans. Inf. Theory, vol. 39, no. 3, pp. 733–742, 1993.
-  C. T. Zenger, M. Pietersz, J. Zimmer, J.-F. Posielek, T. Lenze, and C. Paar, “Authenticated key establishment for low-resource devices exploiting correlated random channels,” Computer Networks, vol. 109, pp. 105–123, 2016.
-  S. Mathur, W. Trappe, N. Mandayam, C. Ye, and A. Reznik, “Radio-telepathy: Extracting a secret key from an unauthenticated wireless channel,” in Proc. 14th Annu. Int. Conf. Mobile Computing Networking (MobiCom), San Francisco, California, USA, September 2008, pp. 128–139.
-  S. Jana, S. N. Premnath, M. Clark, S. K. Kasera, N. Patwari, and S. V. Krishnamurthy, “On the effectiveness of secret key extraction from wireless signal strength in real environments,” in Proc. 15th Annu. Int. Conf. Mobile Computing and Networking (MobiCom), Beijing, China, September 2009, pp. 321–332.
-  J. Zhang, R. Woods, T. Q. Duong, A. Marshall, and Y. Ding, “Experimental study on channel reciprocity in wireless key generation,” in Proc. 17th IEEE Int. Workshop Signal Process. Advances in Wireless Commun. (SPAWC), Edinburgh, UK, July 2016, pp. 1–5.
-  J. Zhang, R. Woods, T. Q. Duong, A. Marshall, Y. Ding, Y. Huang, and Q. Xu, “Experimental study on key generation for physical layer security in wireless communications,” IEEE Access, vol. 4, pp. 4464–4477, September 2016.
-  S. Kajita, T. Amano, H. Yamaguchi, T. Higashino, and M. Takai, “Wi-fi channel selection based on urban interference measurement,” in Proc. 13th Int. Conf. on Mobile and Ubiquitous Systems: Computing, Networking and Services, Hiroshima, Japan, November/December 2016, pp. 143–150.
-  E. Chin, D. Chieng, V. Teh, M. Natkaniec, K. Loziak, and J. Gozdecki, “Wireless link prediction and triggering using modified ornstein–uhlenbeck jump diffusion process,” Wireless Networks, vol. 20, no. 3, pp. 379–396, 2014.
-  J. A. Santana, E. Macías, Á. Suárez, D. Marrero, and V. Mena, “Adaptive estimation of wifi rssi and its impact over advanced wireless services,” Mobile Networks and Applications, pp. 1–13, 2016.
-  J. Zhang, A. Marshall, R. Woods, and T. Q. Duong, “Efficient key generation by exploiting randomness from channel responses of individual OFDM subcarriers,” IEEE Trans. Commun., vol. 64, no. 6, pp. 2578–2588, June 2016.
-  J. Zhang, B. He, T. Q. Duong, and R. Woods, “On the key generation from correlated wireless channels,” IEEE Commun. Lett., vol. 21, no. 4, pp. 961–964, 2017.
-  H. Liu, Y. Wang, J. Yang, and Y. Chen, “Fast and practical secret key extraction by exploiting channel response,” in Proc. 32nd IEEE Int. Conf. Comput. Commun. (INFOCOM), Turin, Italy, April 2013, pp. 3048–3056.
-  W. Xi, X. Li, C. Qian, J. Han, S. Tang, J. Zhao, and K. Zhao, “KEEP: Fast secret key extraction protocol for D2D communication,” in Proc. 22nd IEEE Int. Symp. of Quality of Service (IWQoS), Hong Kong, May 2014, pp. 350–359.
-  Y. Peng, P. Wang, W. Xiang, and Y. Li, “Secret key generation based on estimated channel state information for tdd-ofdm systems over fading channels,” IEEE Trans. Wireless Commun., 2017.
-  K. Zeng, D. Wu, A. Chan, and P. Mohapatra, “Exploiting multiple-antenna diversity for shared secret key generation in wireless networks,” in Proc. 29th IEEE Int. Conf. Comput. Commun. (INFOCOM), San Diego, California, USA, March 2010, pp. 1–9.
-  J. W. Wallace and R. K. Sharma, “Automatic secret keys from reciprocal MIMO wireless channels: Measurement and analysis,” IEEE Trans. Inf. Forensics Security, vol. 5, no. 3, pp. 381–392, 2010.
-  C. Chen and M. A. Jensen, “Secret key establishment using temporally and spatially correlated wireless channel coefficients,” IEEE Trans. Mobile Comput., vol. 10, no. 2, pp. 205–215, 2011.
-  E. A. Jorswieck, A. Wolf, and S. Engelmann, “Secret key generation from reciprocal spatially correlated MIMO channels,” in Proc. IEEE GLOBECOM Workshop Trusted Commun. with Physical Layer Security (TCPLS), Atlanta, Georgia, USA, December 2013, pp. 1245–1250.
-  N. Patwari, J. Croft, S. Jana, and S. K. Kasera, “High-rate uncorrelated bit extraction for shared secret key generation from channel measurements,” IEEE Trans. Mobile Comput., vol. 9, no. 1, pp. 17–30, January 2010.
-  C. T. Zenger, J. Zimmer, and C. Paar, “Security analysis of quantization schemes for channel-based key extraction,” in Proc. 12th EAI Int. Conf. Mobile and Ubiquitous Systems: Computing, Networking and Services, Coimbra, Portugal, July 2015, pp. 267–272.
-  Y. Dodis, R. Ostrovsky, L. Reyzin, and A. Smith, “Fuzzy extractors: How to generate strong keys from biometrics and other noisy data,” SIAM J. Comput., vol. 38, no. 1, pp. 97–139, 2008.
-  C. Huth, R. Guillaume, T. Strohm, P. Duplys, I. A. Samuel, and T. Güneysu, “Information reconciliation schemes in physical-layer security: A survey,” Computer Networks, vol. 109, pp. 84–104, 2016.
-  S. Ali, V. Sivaraman, and D. Ostry, “Eliminating reconciliation cost in secret key generation for body-worn health monitoring devices,” IEEE Trans. Mobile Comput., vol. 13, no. 12, pp. 2763–2776, December 2014.
-  S. N. Premnath, P. L. Gowda, S. K. Kasera, N. Patwari, and R. Ricci, “Secret key extraction using Bluetooth wireless signal strength measurements,” in Proc. 11th Annu. IEEE Int. Conf. Sensing, Commun. Networking (SECON), Singapore, June 2014, pp. 293–301.
-  F. Huo and G. Gong, “XOR encryption versus phase encryption, An in-depth analysis,” IEEE Trans. Electromagn. Compat., vol. 57, no. 4, pp. 903–911, August 2015.
-  D. Reilly and G. Kanter, “Noise-enhanced encryption for physical layer security in an OFDM radio,” in Proc. IEEE Radio and Wireless Symp. (RWS), San Diego, CA, USA, January 2009, pp. 344–347.
-  R. Ma, L. Dai, Z. Wang, and J. Wang, “Secure communication in TDS-OFDM system using constellation rotation and noise insertion,” IEEE Trans. Consum. Electron., vol. 56, no. 3, pp. 1328–1332, 2010.
-  M. A. Khan, M. Asim, V. Jeoti, and R. S. Manzoor, “On secure OFDM system: Chaos based constellation scrambling,” in Proc. Int. Conf. on Intelligent and Advanced Syst. (ICIAS), Kuala Lumpur, Malaysia, November 2007, pp. 484–488.
-  D. Tseng and J. Chiu, “An OFDM speech scrambler without residual intelligibility,” in Proc. IEEE Region 10 Conf. (TENCON), Taipei, October 2007, pp. 1–4.
-  L. Zhang, X. Xin, B. Liu, and Y. Wang, “Secure OFDM-PON based on chaos scrambling,” IEEE Photon. Technol. Lett., vol. 23, no. 14, pp. 998–1000, 2011.
-  H. Li, X. Wang, and W. Hou, “Secure transmission in OFDM systems by using time domain scrambling,” in Proc. 77th IEEE Veh. Technology Conf. (VTC Spring), Dresden, Germany, June 2013, pp. 1–5.
-  H. Li, X. Wang, and Y. Zou, “Dynamic subcarrier coordinate interleaving for eavesdropping prevention in OFDM systems,” IEEE Commun. Lett., vol. 18, no. 6, pp. 1059–1062, June 2014.
-  H. Li, X. Wang, and J.-Y. Chouinard, “Eavesdropping-resilient OFDM system using sorted subcarrier interleaving,” IEEE Trans. Wireless Commun., vol. 14, no. 2, pp. 1155–1165, February 2015.
-  J. Zhang, A. Marshall, R. Woods, and T. Q. Duong, “Design of an OFDM physical layer encryption scheme,” IEEE Trans. Veh. Technol., vol. 66, no. 3, pp. 2114–2127, 2017.
-  A. K. Nain, J. Bandaru, M. A. Zubair, and R. Pachamuthu, “A secure phase-encrypted ieee 802.15.4 transceiver design,” IEEE Trans. Computers, vol. 66, no. 8, pp. 1421 – 1427, August 2017.
-  J. Wan, A. B. Lopez, and M. A. Al Faruque, “Exploiting wireless channel randomness to generate keys for automotive cyber-physical system security,” in Proc. 7th International Conference on Cyber-Physical Systems, Vienna, Austria, April 2016, p. 13.
-  X. Zhu, F. Xu, E. Novak, C. C. Tan, Q. Li, and G. Chen, “Using wireless link dynamics to extract a secret key in vehicular scenarios,” IEEE Trans. Mobile Comput., vol. 16, no. 7, pp. 2065–2078, April 2017.
-  X. Li, J. Liu, Q. Yao, and J. Ma, “Efficient and consistent key extraction based on received signal strength for vehicular ad hoc networks,” IEEE Access, vol. 5, pp. 5281–5291, 2017.
-  A. M. Abdelgader and L. Wu, “A secret key extraction technique applied in vehicular networks,” in Proc. IEEE 17th Int. Conf. Computational Science and Engineering, Chengdu, China, December 2014, pp. 1396–1403.
-  A. M. S. Abdelgader, S. Feng, and L. Wu, “Exploiting the randomness inherent of the channel for secret key sharing in vehicular communications,” International Journal of Intelligent Transportation Systems Research, pp. 1–12, 2017.
-  H. Vogt, K. Ramm, and A. Sezgin, “Practical secret-key generation by full-duplex nodes with residual self-interference,” in Proc. 20th Int. ITG Workshop on Smart Antennas, Munich, Germany, March 2016, pp. 344–347.
-  Q. Wang, H. Su, K. Ren, and K. Kim, “Fast and scalable secret key generation exploiting channel phase randomness in wireless networks,” in Proc. 30th IEEE Int. Conf. Comput. Commun. (INFOCOM), Shanghai, China, April 2011, pp. 1422–1430.
-  H. Liu, J. Yang, Y. Wang, Y. J. Chen, and C. E. Koksal, “Group secret key generation via received signal strength: Protocols, achievable rates, and implementation,” IEEE Trans. Mobile Comput., vol. 13, no. 12, pp. 2820–2835, 2014.
-  C. D. T. Thai, J. Lee, and T. Q. Quek, “Secret group key generation in physical layer for mesh topology,” in Proc. IEEE Global Communications Conference (GLOBECOM), San Diego, CA, USA, December 2015, pp. 1–6.
-  C. Zenger, H. Vogt, J. Zimmer, A. Sezgin, and C. Paar, “The passive eavesdropper affects my channel: Secret-key rates under real-world conditions,” in Proc. IEEE GLOBECOM Workshop Trusted Commun. with Physical Layer Security (TCPLS), Washington DC, USA, December 2016, pp. 1–6.
-  M. Zafer, D. Agrawal, and M. Srivatsa, “Limitations of generating a secret key using wireless fading under active adversary,” IEEE/ACM Trans. Netw., vol. 20, no. 5, pp. 1440–1451, October 2012.
-  R. Jin and K. Zeng, “Physical layer key agreement under signal injection attacks,” in Proc. IEEE Conf. Commun. and Network Security (CNS), Florence, Italy, September 2015, pp. 254–262.