Kerra: An Internet of Things Wireless Key Generation Resistant to Replay Attacks

Wireless key generation is a promising security solution for Internet of Things (IoT) networks to share identical secret keys between communication pairs, whose foundation is wireless channel randomness and reciprocity. Its security, however, affects not only the generated keys but more importantly, the security of the IoT networks. So far, a number of major attacks threatening the wireless key generation have been studied in the literature, but not the replay attack. In this article, we reveal the replay attack can penetrate conventional defense measures and invade the wireless key generation through both analysis and experiments, which can deteriorate the channel measurement correlation and result in a high key disagreement rate (KDR). We propose a wireless key generation approach named Kerra where we integrate a synchronized time measurement to defend against the replay attack on it. On a real IoT testbed composed of long-range (LoRa) nodes, we implement the proposed Kerra and evaluate it in terms of both key generation performance and replay attack defense. Experimental results demonstrate first the impact of the replay attack on both channel measurement correlation and KDR, then the effects of quantization and preprocessing on KDR under replay attacks, and finally, the effectiveness of the proposed Kerra whose KDRs under replay attacks are maintained to a similar level as without attacks.